Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/8540db-f901-433b-81bb-97d55f391561/1/AZAWI7Jm47jMnUaUcaPRfCagUas.roa
File:                     AZAWI7Jm47jMnUaUcaPRfCagUas.roa (raw, json)
Hash identifier:          geacct04dXn/RmslkR2/z9rdBGicSaFYFRLYjMo34CM=
Subject key identifier:   01:90:16:23:B2:66:E3:B8:CC:9D:46:94:71:A3:D1:7C:26:A0:51:AB
Certificate issuer:       /CN=219527c224f00a28b2f4cb4e1312d748d5ca5169
Certificate serial:       018CC94E5A82F867EF24BAF0E0CA9ED47501
Authority key identifier: 21:95:27:C2:24:F0:0A:28:B2:F4:CB:4E:13:12:D7:48:D5:CA:51:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IZUnwiTwCiiy9MtOExLXSNXKUWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/8540db-f901-433b-81bb-97d55f391561/1/AZAWI7Jm47jMnUaUcaPRfCagUas.roa
Signing time:             Tue 02 Jan 2024 08:33:24 +0000
ROA not before:           Tue 02 Jan 2024 08:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208092
IP address blocks:        193.9.156.0/23 maxlen: 23
                          193.16.40.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/8540db-f901-433b-81bb-97d55f391561/1/IZUnwiTwCiiy9MtOExLXSNXKUWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/8540db-f901-433b-81bb-97d55f391561/1/IZUnwiTwCiiy9MtOExLXSNXKUWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IZUnwiTwCiiy9MtOExLXSNXKUWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:5a:82:f8:67:ef:24:ba:f0:e0:ca:9e:d4:75:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=219527c224f00a28b2f4cb4e1312d748d5ca5169
        Validity
            Not Before: Jan  2 08:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01901623b266e3b8cc9d469471a3d17c26a051ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7b:17:04:91:c2:66:85:0d:07:d9:d0:27:30:
                    94:8e:83:35:b0:b8:66:e5:b6:8a:5b:dd:0b:3c:02:
                    73:47:8f:79:01:6b:79:7d:43:d9:4d:db:48:04:a6:
                    74:8a:b4:60:cb:42:17:b6:05:46:4f:8c:77:d1:e3:
                    97:37:b2:dc:51:94:9a:6f:8c:5f:a9:7d:b1:4f:f1:
                    9e:19:0c:db:9c:47:2e:d2:82:a7:d1:d4:32:80:eb:
                    f9:72:6e:4c:9a:f1:51:f9:11:ff:b7:d2:a8:94:63:
                    af:77:93:53:c7:e4:7a:15:c7:ee:fe:7e:c1:0b:ef:
                    aa:5b:27:31:c3:e8:ce:9f:fd:6f:bd:88:9c:3a:a8:
                    b7:a1:fc:1f:af:c4:f1:08:48:b2:81:96:e3:bf:cf:
                    bc:e1:d2:15:7a:a0:04:9f:a8:29:84:91:a9:6d:c3:
                    4c:7b:92:7e:6e:c5:37:f5:c8:f1:d0:f4:82:7f:43:
                    2d:db:61:b5:c6:ad:21:e8:a8:fc:93:96:cc:94:75:
                    10:7f:01:f4:53:bb:70:af:b0:34:2b:e3:b1:53:f6:
                    0d:8a:c7:84:20:0b:bb:72:bd:45:11:47:92:9d:34:
                    ee:45:24:d7:13:18:55:dd:d2:ca:b3:4a:94:8e:c5:
                    e2:63:28:77:75:15:38:c3:86:9c:a1:28:1f:e8:7c:
                    19:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:90:16:23:B2:66:E3:B8:CC:9D:46:94:71:A3:D1:7C:26:A0:51:AB
            X509v3 Authority Key Identifier:
                keyid:21:95:27:C2:24:F0:0A:28:B2:F4:CB:4E:13:12:D7:48:D5:CA:51:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IZUnwiTwCiiy9MtOExLXSNXKUWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8540db-f901-433b-81bb-97d55f391561/1/AZAWI7Jm47jMnUaUcaPRfCagUas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/8540db-f901-433b-81bb-97d55f391561/1/IZUnwiTwCiiy9MtOExLXSNXKUWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.9.156.0/23
                  193.16.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:e6:72:e9:8b:26:6d:b7:ea:73:a7:1b:f5:99:d6:58:66:5d:
         ca:47:cd:30:00:d1:96:b5:89:27:b0:cc:fd:a4:f8:15:c2:1d:
         57:12:09:81:14:e0:73:8c:fa:80:c3:e0:4d:14:76:23:f7:4d:
         09:ea:aa:8f:d3:54:e1:a9:73:51:67:43:2c:32:a7:24:38:d6:
         bd:e8:0f:f9:9f:6c:37:f3:f0:f4:be:ad:58:85:28:f2:19:1d:
         51:fa:88:1d:84:01:0f:49:3f:cc:8a:6d:d7:74:12:f2:d9:a0:
         6d:18:c2:2f:e4:49:cc:86:58:82:f3:46:d6:c2:16:e2:c7:b0:
         76:43:88:2f:2b:8c:0b:15:f3:66:0a:df:2d:42:0c:45:bb:af:
         b3:c9:3b:fd:cb:f1:c4:2d:71:c1:52:5b:4a:43:33:28:33:40:
         3e:16:00:e1:e9:91:d5:44:bb:d3:40:b6:51:df:13:cf:59:df:
         7b:41:9e:1e:85:99:d8:12:cf:0f:31:4a:75:44:dc:49:d3:a6:
         5a:1a:68:84:5b:d0:31:03:cf:03:1a:fd:f6:88:b6:91:25:d8:
         54:18:b3:0b:f8:02:5b:84:97:76:86:3b:ef:ef:8a:60:14:c8:
         b8:e0:f9:52:2f:3d:a7:58:bf:a5:44:26:b2:4e:d3:c7:d7:f7:
         f4:45:19:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTlqC+GfvJLrw4Mqe1HUBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxOTUyN2MyMjRmMDBhMjhiMmY0Y2I0ZTEzMTJkNzQ4ZDVj
YTUxNjkwHhcNMjQwMTAyMDgzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTkwMTYyM2IyNjZlM2I4Y2M5ZDQ2OTQ3MWEzZDE3YzI2YTA1MWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonsXBJHCZoUNB9nQJzCUjoM1sLhm
5baKW90LPAJzR495AWt5fUPZTdtIBKZ0irRgy0IXtgVGT4x30eOXN7LcUZSab4xf
qX2xT/GeGQzbnEcu0oKn0dQygOv5cm5MmvFR+RH/t9KolGOvd5NTx+R6Fcfu/n7B
C++qWycxw+jOn/1vvYicOqi3ofwfr8TxCEiygZbjv8+84dIVeqAEn6gphJGpbcNM
e5J+bsU39cjx0PSCf0Mt22G1xq0h6Kj8k5bMlHUQfwH0U7twr7A0K+OxU/YNiseE
IAu7cr1FEUeSnTTuRSTXExhV3dLKs0qUjsXiYyh3dRU4w4acoSgf6HwZhwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAGQFiOyZuO4zJ1GlHGj0XwmoFGrMB8GA1UdIwQY
MBaAFCGVJ8Ik8AoosvTLThMS10jVylFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVpVbndpVHdDaWl5OU10T0V4TFhTTlhLVVdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84NTQwZGItZjkwMS00MzNiLTgxYmIt
OTdkNTVmMzkxNTYxLzEvQVpBV0k3Sm00N2pNblVhVWNhUFJmQ2FnVWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84NTQwZGItZjkwMS00MzNiLTgxYmItOTdkNTVmMzkxNTYx
LzEvSVpVbndpVHdDaWl5OU10T0V4TFhTTlhLVVdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwQmcAwQB
wRAoMA0GCSqGSIb3DQEBCwUAA4IBAQAG5nLpiyZtt+pzpxv1mdZYZl3KR80wANGW
tYknsMz9pPgVwh1XEgmBFOBzjPqAw+BNFHYj900J6qqP01ThqXNRZ0MsMqckONa9
6A/5n2w38/D0vq1YhSjyGR1R+ogdhAEPST/Mim3XdBLy2aBtGMIv5EnMhliC80bW
whbix7B2Q4gvK4wLFfNmCt8tQgxFu6+zyTv9y/HELXHBUltKQzMoM0A+FgDh6ZHV
RLvTQLZR3xPPWd97QZ4ehZnYEs8PMUp1RNxJ06ZaGmiEW9AxA88DGv32iLaRJdhU
GLML+AJbhJd2hjvv74pgFMi44PlSLz2nWL+lRCayTtPH1/f0RRnc
-----END CERTIFICATE-----
Generated at Tue Nov 26 17:35:33 2024 by rpki-client on console-fra.rpki-client.org