Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/Hpwv1MCu60jinYmYYv3bmXxalzI.roa
File:                     Hpwv1MCu60jinYmYYv3bmXxalzI.roa (raw, json)
Hash identifier:          gEefqIQkRfRlUj/6gzjsjEE2fEPWnXw9ASl2BktiGG0=
Subject key identifier:   1E:9C:2F:D4:C0:AE:EB:48:E2:9D:89:98:62:FD:DB:99:7C:5A:97:32
Certificate issuer:       /CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
Certificate serial:       0191EA94141E8DE880721CE79748932C9915
Authority key identifier: 64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/Hpwv1MCu60jinYmYYv3bmXxalzI.roa
Signing time:             Fri 13 Sep 2024 08:50:58 +0000
ROA not before:           Fri 13 Sep 2024 08:50:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215423
IP address blocks:        37.122.152.0/24 maxlen: 24
                          176.106.227.0/24 maxlen: 24
                          176.106.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:ea:94:14:1e:8d:e8:80:72:1c:e7:97:48:93:2c:99:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
        Validity
            Not Before: Sep 13 08:50:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e9c2fd4c0aeeb48e29d899862fddb997c5a9732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c4:22:2a:c9:ac:9f:58:7d:94:91:1c:9e:72:
                    77:96:2a:45:57:14:c9:6d:d6:78:fb:3d:7c:58:7e:
                    2a:50:d4:83:b2:40:a3:60:5f:5a:34:0b:ef:96:9e:
                    db:ea:ec:d0:41:b0:d0:b5:17:4b:1e:a3:d5:45:99:
                    07:57:f7:d5:2a:70:1b:3e:c8:f2:d1:71:43:73:96:
                    7e:71:d9:4a:c3:d3:53:a6:1a:3c:e0:bc:9f:75:59:
                    0f:a1:c2:e6:ff:fb:13:c9:f9:b6:d5:1f:1b:1f:23:
                    93:54:6d:f5:c9:56:63:97:7d:4a:01:e4:5c:61:08:
                    02:22:75:dc:e2:fe:c9:5b:71:76:1e:ca:e5:29:2a:
                    6f:57:68:99:ee:73:54:b3:b5:d1:3a:02:45:ed:0b:
                    fe:88:83:04:d4:de:80:40:5f:11:d7:34:3c:79:5e:
                    c1:f7:21:0f:2e:67:03:97:eb:05:a6:23:8e:58:df:
                    dc:bb:4e:4d:ba:3f:a5:6c:68:d8:fe:3e:60:ce:84:
                    14:4e:21:6c:0d:e1:b3:9c:ae:a3:73:ec:bc:6c:f9:
                    8b:8a:ed:5f:78:9d:db:0f:5f:15:08:21:8d:de:cf:
                    94:5a:ad:fe:38:81:92:bc:ef:08:8e:01:63:d0:e8:
                    66:cd:a9:88:5c:42:bb:f8:a4:b6:19:b0:8d:48:ac:
                    ca:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:9C:2F:D4:C0:AE:EB:48:E2:9D:89:98:62:FD:DB:99:7C:5A:97:32
            X509v3 Authority Key Identifier:
                keyid:64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/Hpwv1MCu60jinYmYYv3bmXxalzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.152.0/24
                  176.106.227.0-176.106.228.255

    Signature Algorithm: sha256WithRSAEncryption
         95:8f:8c:70:0e:76:cd:9c:d5:81:38:12:bf:c1:91:eb:e7:0d:
         3b:73:f5:17:fa:c1:0e:71:91:5d:3c:91:f2:1c:f5:ca:cd:5c:
         4c:20:59:9a:db:58:93:84:bd:c0:55:9f:b7:de:57:f8:90:a1:
         3a:d2:04:5c:0d:2d:57:fe:85:96:46:69:16:27:c0:3d:c5:f5:
         33:59:39:7e:48:ac:3a:d3:aa:44:3a:ec:ee:2b:6f:76:f7:9f:
         f0:55:2b:37:af:2e:3a:c1:98:dc:47:b2:d4:26:b0:78:16:2e:
         a4:50:57:c8:a2:37:d0:88:2b:88:3b:6d:f7:15:29:00:1f:fa:
         6c:f7:8d:92:24:4f:82:da:37:cc:9b:e1:11:dd:ab:db:9d:2c:
         e4:cb:55:8c:96:b3:9c:b4:e7:2b:b7:e4:06:0d:19:c4:7c:c7:
         d5:6f:9a:8d:9b:78:06:f2:6d:70:17:56:ff:35:42:9d:e4:b8:
         96:0c:f0:02:5a:3b:bd:81:fa:46:cc:6e:30:55:fa:76:57:f2:
         4a:3a:78:8a:27:d7:5c:de:32:fe:8f:66:7d:1e:df:97:69:ae:
         af:6f:2d:f6:c8:9f:a6:a9:37:a6:a6:64:4a:f9:53:c3:c6:3a:
         e1:9e:ce:5f:9b:4a:fc:df:2b:a6:44:29:82:74:a2:c7:b6:42:
         e5:21:f0:5c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZHqlBQejeiAchznl0iTLJkVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDE3MWY5M2NjMWNhNzE2ZmM4MDZlMzZhNTU4NTJjZGY0
ZjFjMWMwHhcNMjQwOTEzMDg1MDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTljMmZkNGMwYWVlYjQ4ZTI5ZDg5OTg2MmZkZGI5OTdjNWE5NzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncQiKsmsn1h9lJEcnnJ3lipFVxTJ
bdZ4+z18WH4qUNSDskCjYF9aNAvvlp7b6uzQQbDQtRdLHqPVRZkHV/fVKnAbPsjy
0XFDc5Z+cdlKw9NTpho84LyfdVkPocLm//sTyfm21R8bHyOTVG31yVZjl31KAeRc
YQgCInXc4v7JW3F2HsrlKSpvV2iZ7nNUs7XROgJF7Qv+iIME1N6AQF8R1zQ8eV7B
9yEPLmcDl+sFpiOOWN/cu05Nuj+lbGjY/j5gzoQUTiFsDeGznK6jc+y8bPmLiu1f
eJ3bD18VCCGN3s+UWq3+OIGSvO8IjgFj0OhmzamIXEK7+KS2GbCNSKzKlQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFB6cL9TArutI4p2JmGL925l8WpcyMB8GA1UdIwQY
MBaAFGTRcfk8wcpxb8gG42pVhSzfTxwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAt
YTQ2MzVkZjQ3ZDcwLzEvSHB3djFNQ3U2MGppblltWVl2M2JtWHhhbHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAtYTQ2MzVkZjQ3ZDcw
LzEvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAJXqYMAwD
BACwauMDBACwauQwDQYJKoZIhvcNAQELBQADggEBAJWPjHAOds2c1YE4Er/Bkevn
DTtz9Rf6wQ5xkV08kfIc9crNXEwgWZrbWJOEvcBVn7feV/iQoTrSBFwNLVf+hZZG
aRYnwD3F9TNZOX5IrDrTqkQ67O4rb3b3n/BVKzevLjrBmNxHstQmsHgWLqRQV8ii
N9CIK4g7bfcVKQAf+mz3jZIkT4LaN8yb4RHdq9udLOTLVYyWs5y05yu35AYNGcR8
x9Vvmo2beAbybXAXVv81Qp3kuJYM8AJaO72B+kbMbjBV+nZX8ko6eIon11zeMv6P
Zn0e35dprq9vLfbIn6apN6amZEr5U8PGOuGezl+bSvzfK6ZEKYJ0ose2QuUh8Fw=
-----END CERTIFICATE-----