Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/HKGtF43rQ9pNZkcJDyxpPfRgN6o.roa
File:                     HKGtF43rQ9pNZkcJDyxpPfRgN6o.roa (raw, json)
Hash identifier:          sBhMqwBlMDrCb9jKaiflGzO23UnCb66CkZM60roAEMI=
Subject key identifier:   1C:A1:AD:17:8D:EB:43:DA:4D:66:47:09:0F:2C:69:3D:F4:60:37:AA
Certificate issuer:       /CN=a0606b8aad553f0948c7a894d68671870eb82cb0
Certificate serial:       018CC2DB386085CB74924FA8F0EE13EC6C45
Authority key identifier: A0:60:6B:8A:AD:55:3F:09:48:C7:A8:94:D6:86:71:87:0E:B8:2C:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oGBriq1VPwlIx6iU1oZxhw64LLA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/HKGtF43rQ9pNZkcJDyxpPfRgN6o.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2259
IP address blocks:        147.100.144.0/23 maxlen: 23
                          147.100.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/oGBriq1VPwlIx6iU1oZxhw64LLA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/oGBriq1VPwlIx6iU1oZxhw64LLA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oGBriq1VPwlIx6iU1oZxhw64LLA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:38:60:85:cb:74:92:4f:a8:f0:ee:13:ec:6c:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0606b8aad553f0948c7a894d68671870eb82cb0
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ca1ad178deb43da4d6647090f2c693df46037aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ca:68:44:50:83:4e:de:4d:6e:4f:c9:db:40:
                    a4:26:3e:7d:7d:d3:e3:78:e4:6b:f7:65:f5:15:2f:
                    b3:44:d0:94:5c:42:49:d6:db:7d:4f:68:02:4a:f8:
                    1b:b9:5d:7a:66:6a:03:30:09:15:75:f1:18:20:37:
                    2a:e9:8b:43:08:23:2b:8a:05:7c:48:53:61:d4:f8:
                    6b:cc:00:a1:eb:c4:89:74:13:7a:ca:8f:e1:bc:d1:
                    6f:45:65:f6:ad:7a:8e:21:f1:32:9e:38:cf:d3:a5:
                    1b:8c:5d:72:f9:5b:7f:06:79:ed:06:b8:7f:e4:7d:
                    33:5f:b1:24:98:02:11:22:d7:e4:54:a5:a8:41:3d:
                    9e:3c:41:ba:72:cf:b9:51:5b:ba:26:2a:80:fa:3d:
                    ce:cb:42:91:13:27:bb:ca:f7:4d:d2:f1:24:c0:7a:
                    52:74:ed:36:82:11:cf:51:79:d3:51:57:40:f8:f0:
                    c4:68:74:f8:b9:a7:31:2d:e3:6e:b2:af:6c:a5:ef:
                    aa:c3:8f:70:48:c5:18:50:a8:51:26:fc:ac:db:02:
                    6d:21:9c:6e:9a:2d:4b:21:9d:51:30:b7:39:bc:bf:
                    f0:77:99:b9:72:3b:93:7a:d6:e4:28:ad:89:cd:49:
                    41:42:62:54:65:dd:3b:8c:8e:50:19:b4:79:ca:27:
                    97:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A1:AD:17:8D:EB:43:DA:4D:66:47:09:0F:2C:69:3D:F4:60:37:AA
            X509v3 Authority Key Identifier:
                keyid:A0:60:6B:8A:AD:55:3F:09:48:C7:A8:94:D6:86:71:87:0E:B8:2C:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oGBriq1VPwlIx6iU1oZxhw64LLA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/HKGtF43rQ9pNZkcJDyxpPfRgN6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9e2dfd-f2e9-416d-8f1f-bb3431fe0285/1/oGBriq1VPwlIx6iU1oZxhw64LLA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.100.144.0/23
                  147.100.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:22:6c:60:c6:09:75:d5:69:73:f8:5f:2a:8e:bc:83:bb:3a:
         0d:70:eb:f2:b4:6e:6a:f5:b0:3a:f1:7e:7b:35:74:3e:ef:97:
         d5:f0:2e:b3:38:d0:b5:42:b3:ae:c3:57:10:d1:b4:c9:dc:79:
         54:2d:df:fa:d7:35:c2:9e:84:f2:e4:8d:f1:ca:80:72:df:f1:
         b8:13:e0:2f:51:33:f6:a5:5a:0c:27:2b:e3:e2:70:c0:6a:78:
         e2:eb:63:ad:8d:9b:c0:83:b6:ed:3e:c2:6b:ae:66:60:72:44:
         7c:45:07:17:0b:91:45:0a:f7:55:af:31:46:be:40:ab:92:0a:
         00:65:f1:70:3b:2b:eb:fe:7f:b7:dc:f2:4b:17:9a:15:cf:be:
         b5:6f:db:f0:19:fe:d6:a1:24:59:c4:de:fa:1a:9e:c1:91:55:
         73:d2:f4:87:74:63:d1:f3:46:09:b1:5c:cc:8e:53:59:e1:1e:
         3e:b1:68:f7:2a:64:7d:ef:42:83:77:98:c9:79:d5:e7:89:02:
         37:18:02:41:71:f3:59:fd:86:cb:8a:8e:57:9b:7e:ce:67:51:
         ec:b2:65:48:6b:2e:e8:d0:bc:3c:33:94:db:9a:44:9f:d8:49:
         f6:e2:70:71:6a:ed:ea:09:f2:f4:4d:3b:b7:76:82:5c:04:f0:
         a8:32:ec:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2zhghct0kk+o8O4T7GxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNjA2YjhhYWQ1NTNmMDk0OGM3YTg5NGQ2ODY3MTg3MGVi
ODJjYjAwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2ExYWQxNzhkZWI0M2RhNGQ2NjQ3MDkwZjJjNjkzZGY0NjAzN2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmspoRFCDTt5Nbk/J20CkJj59fdPj
eORr92X1FS+zRNCUXEJJ1tt9T2gCSvgbuV16ZmoDMAkVdfEYIDcq6YtDCCMrigV8
SFNh1PhrzACh68SJdBN6yo/hvNFvRWX2rXqOIfEynjjP06UbjF1y+Vt/BnntBrh/
5H0zX7EkmAIRItfkVKWoQT2ePEG6cs+5UVu6JiqA+j3Oy0KREye7yvdN0vEkwHpS
dO02ghHPUXnTUVdA+PDEaHT4uacxLeNusq9spe+qw49wSMUYUKhRJvys2wJtIZxu
mi1LIZ1RMLc5vL/wd5m5cjuTetbkKK2JzUlBQmJUZd07jI5QGbR5yieXcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFByhrReN60PaTWZHCQ8saT30YDeqMB8GA1UdIwQY
MBaAFKBga4qtVT8JSMeolNaGcYcOuCywMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0dCcmlxMVZQd2xJeDZpVTFvWnhodzY0TExBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85ZTJkZmQtZjJlOS00MTZkLThmMWYt
YmIzNDMxZmUwMjg1LzEvSEtHdEY0M3JROXBOWmtjSkR5eHBQZlJnTjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85ZTJkZmQtZjJlOS00MTZkLThmMWYtYmIzNDMxZmUwMjg1
LzEvb0dCcmlxMVZQd2xJeDZpVTFvWnhodzY0TExBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBk2SQAwQA
k2S8MA0GCSqGSIb3DQEBCwUAA4IBAQCFImxgxgl11Wlz+F8qjryDuzoNcOvytG5q
9bA68X57NXQ+75fV8C6zONC1QrOuw1cQ0bTJ3HlULd/61zXCnoTy5I3xyoBy3/G4
E+AvUTP2pVoMJyvj4nDAanji62OtjZvAg7btPsJrrmZgckR8RQcXC5FFCvdVrzFG
vkCrkgoAZfFwOyvr/n+33PJLF5oVz761b9vwGf7WoSRZxN76Gp7BkVVz0vSHdGPR
80YJsVzMjlNZ4R4+sWj3KmR970KDd5jJedXniQI3GAJBcfNZ/YbLio5Xm37OZ1Hs
smVIay7o0Lw8M5TbmkSf2En24nBxau3qCfL0TTu3doJcBPCoMuwk
-----END CERTIFICATE-----
Generated at Sat Nov 23 12:06:04 2024 by rpki-client on console-fra.rpki-client.org