Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/Hk8XpTmh5JAxcOPxWA0BNww-HiY.roa
File:                     Hk8XpTmh5JAxcOPxWA0BNww-HiY.roa (raw, json)
Hash identifier:          53mPaoMvf+Ky8W9T7oEqF1qPddb1lcszNaHnkS2beVs=
Subject key identifier:   1E:4F:17:A5:39:A1:E4:90:31:70:E3:F1:58:0D:01:37:0C:3E:1E:26
Certificate issuer:       /CN=d5089bce08c55daa57b4f3a3c9070fb391853ccf
Certificate serial:       018D87E9133F988AB44954C3C09E2B3FCAA8
Authority key identifier: D5:08:9B:CE:08:C5:5D:AA:57:B4:F3:A3:C9:07:0F:B3:91:85:3C:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QibzgjFXapXtPOjyQcPs5GFPM8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/Hk8XpTmh5JAxcOPxWA0BNww-HiY.roa
Signing time:             Thu 08 Feb 2024 08:50:15 +0000
ROA not before:           Thu 08 Feb 2024 08:50:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213306
IP address blocks:        109.94.102.0/23 maxlen: 23
                          109.94.102.0/24 maxlen: 24
                          109.94.103.0/24 maxlen: 24
                          185.56.223.0/24 maxlen: 24
                          193.201.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/1QibzgjFXapXtPOjyQcPs5GFPM8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/1QibzgjFXapXtPOjyQcPs5GFPM8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1QibzgjFXapXtPOjyQcPs5GFPM8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:87:e9:13:3f:98:8a:b4:49:54:c3:c0:9e:2b:3f:ca:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5089bce08c55daa57b4f3a3c9070fb391853ccf
        Validity
            Not Before: Feb  8 08:50:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e4f17a539a1e4903170e3f1580d01370c3e1e26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:70:ab:19:b0:f0:1c:c9:22:86:d3:5e:c7:b5:
                    fb:91:a3:57:06:a2:5f:9d:99:c2:8b:09:88:02:8a:
                    92:ed:6e:6b:89:41:e1:66:99:c3:ee:91:df:e5:c9:
                    1a:00:86:26:98:8c:0e:b3:88:85:65:e9:f6:4d:36:
                    83:d0:70:44:07:ef:28:11:e4:cc:ab:3a:2d:a9:a4:
                    c1:bb:d7:03:04:6e:30:8c:6f:2a:52:3a:ce:cc:f6:
                    85:eb:b7:61:fb:40:17:ad:97:f9:c2:9f:27:28:b8:
                    96:b9:46:af:ea:63:f0:39:64:1c:c2:b8:7c:d5:d8:
                    8e:8b:37:0d:aa:25:27:d4:1e:c1:82:38:d2:a9:09:
                    bd:4e:b3:a7:2b:aa:72:e3:55:ca:b9:24:db:fb:45:
                    66:cd:e9:e9:4c:ec:b3:a5:7d:fd:02:7f:b2:f5:10:
                    e9:e6:77:6c:5a:d5:69:91:e3:73:3c:7d:1f:ec:ef:
                    d9:5f:00:89:05:08:75:76:86:cf:5c:0d:12:00:fc:
                    1d:ed:6a:31:86:bf:d3:45:26:8e:56:fa:31:cd:54:
                    b0:e0:a2:99:e0:df:eb:fa:a2:06:4d:87:ee:6c:41:
                    45:4b:88:31:87:33:98:9d:d2:73:4d:0f:7a:61:a6:
                    8a:69:58:98:21:7f:f9:db:63:5f:5b:da:59:33:7c:
                    ff:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:4F:17:A5:39:A1:E4:90:31:70:E3:F1:58:0D:01:37:0C:3E:1E:26
            X509v3 Authority Key Identifier:
                keyid:D5:08:9B:CE:08:C5:5D:AA:57:B4:F3:A3:C9:07:0F:B3:91:85:3C:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QibzgjFXapXtPOjyQcPs5GFPM8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/Hk8XpTmh5JAxcOPxWA0BNww-HiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/02fde7-d326-43de-8520-6d71fe13d61d/1/1QibzgjFXapXtPOjyQcPs5GFPM8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.94.102.0/23
                  185.56.223.0/24
                  193.201.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:8c:60:56:5b:cd:73:ef:77:98:88:e0:f5:53:8b:b2:f0:9c:
         e2:f3:46:89:ac:4e:96:33:7c:c6:fd:2c:4c:ac:82:c5:bb:56:
         ee:28:1b:e1:b9:f4:1d:66:7d:7f:d1:1c:58:62:dd:6a:70:e4:
         6f:e2:3f:c7:40:e7:2c:5e:a8:51:09:8c:71:02:8f:f8:7e:f1:
         59:cb:51:28:38:c3:8d:27:38:2e:45:50:89:11:2f:6d:2b:87:
         80:ae:16:4d:f8:cf:e3:0f:a5:d1:f5:a7:8b:d9:7e:bf:bd:fa:
         8d:e1:03:57:8b:33:26:05:6a:ff:34:d2:aa:f6:dc:7d:c6:76:
         c7:59:3b:62:2c:b7:7b:c1:4b:14:86:5f:5d:aa:4f:42:00:b4:
         b2:c7:af:8a:04:1d:a3:73:d1:8f:7d:1f:ba:a7:a9:4f:db:b6:
         b7:21:9d:92:56:35:26:9c:53:43:2a:48:4f:fb:40:68:a3:fe:
         60:c6:d3:9d:79:61:6f:ca:95:a3:79:8e:67:c4:bd:2e:25:b6:
         e1:c2:9b:e5:38:04:e6:7e:2c:f7:77:dc:ad:ef:08:2a:5b:cf:
         f5:d4:8f:3b:e3:12:18:e7:a2:01:e5:e1:34:88:98:67:e1:1e:
         e9:0c:29:12:bb:3b:5c:ce:de:d6:00:f9:6d:4b:89:7c:06:ab:
         3c:f0:e3:a9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2H6RM/mIq0SVTDwJ4rP8qoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDg5YmNlMDhjNTVkYWE1N2I0ZjNhM2M5MDcwZmIzOTE4
NTNjY2YwHhcNMjQwMjA4MDg1MDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTRmMTdhNTM5YTFlNDkwMzE3MGUzZjE1ODBkMDEzNzBjM2UxZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3CrGbDwHMkihtNex7X7kaNXBqJf
nZnCiwmIAoqS7W5riUHhZpnD7pHf5ckaAIYmmIwOs4iFZen2TTaD0HBEB+8oEeTM
qzotqaTBu9cDBG4wjG8qUjrOzPaF67dh+0AXrZf5wp8nKLiWuUav6mPwOWQcwrh8
1diOizcNqiUn1B7BgjjSqQm9TrOnK6py41XKuSTb+0VmzenpTOyzpX39An+y9RDp
5ndsWtVpkeNzPH0f7O/ZXwCJBQh1dobPXA0SAPwd7Woxhr/TRSaOVvoxzVSw4KKZ
4N/r+qIGTYfubEFFS4gxhzOYndJzTQ96YaaKaViYIX/522NfW9pZM3z/UQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB5PF6U5oeSQMXDj8VgNATcMPh4mMB8GA1UdIwQY
MBaAFNUIm84IxV2qV7Tzo8kHD7ORhTzPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFpYnpnakZYYXBYdFBPanlRY1BzNUdGUE04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy8wMmZkZTctZDMyNi00M2RlLTg1MjAt
NmQ3MWZlMTNkNjFkLzEvSGs4WHBUbWg1SkF4Y09QeFdBMEJOd3ctSGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy8wMmZkZTctZDMyNi00M2RlLTg1MjAtNmQ3MWZlMTNkNjFk
LzEvMVFpYnpnakZYYXBYdFBPanlRY1BzNUdGUE04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBbV5mAwQA
uTjfAwQAwcnPMA0GCSqGSIb3DQEBCwUAA4IBAQCFjGBWW81z73eYiOD1U4uy8Jzi
80aJrE6WM3zG/SxMrILFu1buKBvhufQdZn1/0RxYYt1qcORv4j/HQOcsXqhRCYxx
Ao/4fvFZy1EoOMONJzguRVCJES9tK4eArhZN+M/jD6XR9aeL2X6/vfqN4QNXizMm
BWr/NNKq9tx9xnbHWTtiLLd7wUsUhl9dqk9CALSyx6+KBB2jc9GPfR+6p6lP27a3
IZ2SVjUmnFNDKkhP+0Boo/5gxtOdeWFvypWjeY5nxL0uJbbhwpvlOATmfiz3d9yt
7wgqW8/11I874xIY56IB5eE0iJhn4R7pDCkSuztczt7WAPltS4l8Bqs88OOp
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:14:30 2024 by rpki-client on console-fra.rpki-client.org