Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/506f2a-7246-4190-96ff-738c0bf8ea98/1/HtTkzCCVSPuYoECQ2y8k2YBEpe0.roa
File:                     HtTkzCCVSPuYoECQ2y8k2YBEpe0.roa (raw, json)
Hash identifier:          Qff+CIaNo8njCQx3jCm8+ol4dSGKrVA9tmKJXSZKsWU=
Subject key identifier:   1E:D4:E4:CC:20:95:48:FB:98:A0:40:90:DB:2F:24:D9:80:44:A5:ED
Certificate issuer:       /CN=1571e6684306b748156c2ae3f420bb366b2efcee
Certificate serial:       018CC8018FC1010AA14590320AECE0275C41
Authority key identifier: 15:71:E6:68:43:06:B7:48:15:6C:2A:E3:F4:20:BB:36:6B:2E:FC:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FXHmaEMGt0gVbCrj9CC7Nmsu_O4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/506f2a-7246-4190-96ff-738c0bf8ea98/1/HtTkzCCVSPuYoECQ2y8k2YBEpe0.roa
Signing time:             Tue 02 Jan 2024 02:29:54 +0000
ROA not before:           Tue 02 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207646
IP address blocks:        194.31.224.0/24 maxlen: 24
                          194.31.226.0/24 maxlen: 24
                          2a0f:aa40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/506f2a-7246-4190-96ff-738c0bf8ea98/1/FXHmaEMGt0gVbCrj9CC7Nmsu_O4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/506f2a-7246-4190-96ff-738c0bf8ea98/1/FXHmaEMGt0gVbCrj9CC7Nmsu_O4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FXHmaEMGt0gVbCrj9CC7Nmsu_O4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8f:c1:01:0a:a1:45:90:32:0a:ec:e0:27:5c:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1571e6684306b748156c2ae3f420bb366b2efcee
        Validity
            Not Before: Jan  2 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ed4e4cc209548fb98a04090db2f24d98044a5ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8f:66:04:cc:c3:ca:a1:fa:b3:2e:15:ef:0a:
                    ab:f7:d2:ce:d0:10:da:d6:c2:95:50:4f:42:be:16:
                    cb:a0:d1:87:7e:19:05:c6:70:50:86:5e:36:26:a7:
                    9b:8a:c4:55:0c:56:cd:cf:71:78:43:a6:9f:d4:23:
                    14:4e:5d:4f:3c:12:20:6c:1a:a8:6d:c8:6c:1c:bb:
                    04:b6:82:ba:a0:4c:da:37:70:0a:65:44:90:c4:65:
                    51:81:0d:64:74:fa:a7:3c:43:6d:27:c8:5b:27:90:
                    76:07:16:be:9c:9b:49:b7:cf:76:19:7d:3a:d8:14:
                    d4:94:55:27:85:d8:41:4f:f7:f3:9b:7a:bf:34:92:
                    a3:d3:a0:cb:47:b3:bb:1e:3c:c5:0b:c9:38:3c:a0:
                    c3:b1:f1:b8:e8:9b:60:03:96:65:d1:4a:14:56:a3:
                    2f:f8:81:0e:84:b0:b7:1c:cc:91:e3:1c:7a:ca:a3:
                    c2:6c:c3:d2:f6:10:fe:b6:8a:3c:75:7a:6b:b1:b6:
                    ac:3a:27:cc:b0:80:69:2a:8b:db:c1:d5:87:0a:5b:
                    59:e8:cb:3a:78:71:ae:b2:00:e2:87:6a:4d:5e:54:
                    da:80:07:ba:08:5d:10:b0:24:a0:ca:22:b6:ee:03:
                    73:55:07:53:7f:16:a6:bd:d3:9b:0c:d4:92:61:09:
                    10:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:D4:E4:CC:20:95:48:FB:98:A0:40:90:DB:2F:24:D9:80:44:A5:ED
            X509v3 Authority Key Identifier:
                keyid:15:71:E6:68:43:06:B7:48:15:6C:2A:E3:F4:20:BB:36:6B:2E:FC:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FXHmaEMGt0gVbCrj9CC7Nmsu_O4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/506f2a-7246-4190-96ff-738c0bf8ea98/1/HtTkzCCVSPuYoECQ2y8k2YBEpe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/506f2a-7246-4190-96ff-738c0bf8ea98/1/FXHmaEMGt0gVbCrj9CC7Nmsu_O4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.224.0/24
                  194.31.226.0/24
                IPv6:
                  2a0f:aa40::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:a9:93:fc:19:97:ed:ae:68:24:08:c5:c8:ee:35:6d:df:07:
         b2:4c:27:d5:17:8d:ca:7c:22:9f:58:d1:c3:7b:5f:d5:81:7f:
         f9:7e:63:60:3c:4a:11:5a:d2:0d:09:95:a2:c2:c9:76:ee:b7:
         33:07:52:0e:14:62:78:e5:36:af:98:eb:38:a2:ee:4d:69:67:
         9d:31:5d:c4:6e:16:31:b1:74:89:91:b2:4b:74:83:3c:51:4f:
         a4:c0:85:fd:f4:57:a6:83:26:d3:37:db:99:cf:dc:a1:4d:2c:
         dd:4d:11:e6:8c:b2:71:63:e1:e7:5c:b7:d5:a3:4a:2c:bb:10:
         00:9f:58:9e:cd:0c:57:ea:b3:3f:be:1f:80:a5:31:92:49:7f:
         30:35:96:ca:86:be:ee:48:66:88:d1:1e:33:13:e2:b7:9e:fa:
         28:fc:05:c8:44:23:58:95:4f:d6:52:77:eb:76:61:4a:41:14:
         a9:cd:19:db:df:90:0a:a1:45:45:e3:53:94:bb:8e:24:0f:1c:
         2c:1b:80:de:24:d8:37:c9:33:e4:4f:99:7a:64:5e:42:bb:b4:
         2b:7b:1f:ab:9c:73:ce:71:9d:87:da:18:71:e7:c5:b3:ff:f3:
         cb:80:a2:19:fe:71:98:06:b3:6a:34:29:19:c2:0d:cb:e4:2a:
         7a:41:33:f4
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIAY/BAQqhRZAyCuzgJ1xBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1NzFlNjY4NDMwNmI3NDgxNTZjMmFlM2Y0MjBiYjM2NmIy
ZWZjZWUwHhcNMjQwMTAyMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWQ0ZTRjYzIwOTU0OGZiOThhMDQwOTBkYjJmMjRkOTgwNDRhNWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk49mBMzDyqH6sy4V7wqr99LO0BDa
1sKVUE9CvhbLoNGHfhkFxnBQhl42JqebisRVDFbNz3F4Q6af1CMUTl1PPBIgbBqo
bchsHLsEtoK6oEzaN3AKZUSQxGVRgQ1kdPqnPENtJ8hbJ5B2Bxa+nJtJt892GX06
2BTUlFUnhdhBT/fzm3q/NJKj06DLR7O7HjzFC8k4PKDDsfG46JtgA5Zl0UoUVqMv
+IEOhLC3HMyR4xx6yqPCbMPS9hD+too8dXprsbasOifMsIBpKovbwdWHCltZ6Ms6
eHGusgDih2pNXlTagAe6CF0QsCSgyiK27gNzVQdTfxamvdObDNSSYQkQbwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFB7U5MwglUj7mKBAkNsvJNmARKXtMB8GA1UdIwQY
MBaAFBVx5mhDBrdIFWwq4/QguzZrLvzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlhIbWFFTUd0MGdWYkNyajlDQzdObXN1X080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC81MDZmMmEtNzI0Ni00MTkwLTk2ZmYt
NzM4YzBiZjhlYTk4LzEvSHRUa3pDQ1ZTUHVZb0VDUTJ5OGsyWUJFcGUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC81MDZmMmEtNzI0Ni00MTkwLTk2ZmYtNzM4YzBiZjhlYTk4
LzEvRlhIbWFFTUd0MGdWYkNyajlDQzdObXN1X080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwh/gAwQA
wh/iMA0EAgACMAcDBQMqD6pAMA0GCSqGSIb3DQEBCwUAA4IBAQCDqZP8GZftrmgk
CMXI7jVt3weyTCfVF43KfCKfWNHDe1/VgX/5fmNgPEoRWtINCZWiwsl27rczB1IO
FGJ45TavmOs4ou5NaWedMV3EbhYxsXSJkbJLdIM8UU+kwIX99FemgybTN9uZz9yh
TSzdTRHmjLJxY+HnXLfVo0osuxAAn1iezQxX6rM/vh+ApTGSSX8wNZbKhr7uSGaI
0R4zE+K3nvoo/AXIRCNYlU/WUnfrdmFKQRSpzRnb35AKoUVF41OUu44kDxwsG4De
JNg3yTPkT5l6ZF5Cu7Qrex+rnHPOcZ2H2hhx58Wz//PLgKIZ/nGYBrNqNCkZwg3L
5Cp6QTP0
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:28:02 2024 by rpki-client on console-ams.rpki-client.org