Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/o1ljTRS147z3hIgolebPg1jjQtc.roa
File:                     o1ljTRS147z3hIgolebPg1jjQtc.roa (raw, json)
Hash identifier:          vj7xVw469j4Rg+R6g8AR2LT5yTG0Vj+aaBqIfKbTIxQ=
Subject key identifier:   A3:59:63:4D:14:B5:E3:BC:F7:84:88:28:95:E6:CF:83:58:E3:42:D7
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       018CCB291D512033F74FCE215EC6535645C6
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/o1ljTRS147z3hIgolebPg1jjQtc.roa
Signing time:             Tue 02 Jan 2024 17:11:58 +0000
ROA not before:           Tue 02 Jan 2024 17:11:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201409
IP address blocks:        194.87.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Oct 2024 22:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cb:29:1d:51:20:33:f7:4f:ce:21:5e:c6:53:56:45:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 17:11:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a359634d14b5e3bcf784882895e6cf8358e342d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b4:2c:47:3f:99:31:97:9e:cd:8a:a7:c5:d0:
                    5f:89:0a:f5:70:dc:ea:5c:38:ce:66:bd:db:6c:ba:
                    15:91:83:b9:6e:01:29:0c:f8:9b:4b:dd:8f:db:2b:
                    c1:aa:50:2b:96:71:06:8d:46:83:b5:b6:b3:d4:75:
                    40:4a:de:50:b9:b0:0b:98:78:5c:85:30:0b:38:68:
                    2b:c6:ee:6a:56:46:0f:28:1f:8b:cd:9f:2d:f3:53:
                    73:38:3d:12:63:52:45:97:31:04:1a:0b:62:fe:b9:
                    96:d0:be:6c:a1:86:3a:91:01:53:02:5c:02:cc:c7:
                    1f:de:00:ac:d8:44:84:1a:d7:2a:27:0a:bb:20:e1:
                    28:e2:df:00:dd:4e:a8:d7:9d:fc:50:35:7b:69:95:
                    75:7c:13:5d:4e:42:6e:3e:38:a8:73:d4:a6:ec:96:
                    3f:10:c9:23:ba:b4:64:fd:1b:1a:e0:0d:ae:cc:30:
                    d9:af:83:f7:20:29:ea:d6:2a:02:d0:4d:47:e0:80:
                    35:ee:ed:f1:2e:ef:2b:64:22:5c:a2:f0:8a:29:b9:
                    36:f2:05:96:99:57:b5:88:52:85:e9:85:c9:73:d8:
                    fb:7b:d6:fa:18:32:64:5b:25:bc:eb:e3:a2:d0:e6:
                    1f:1f:93:99:50:7e:13:df:35:41:91:ca:4d:83:08:
                    cb:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:59:63:4D:14:B5:E3:BC:F7:84:88:28:95:E6:CF:83:58:E3:42:D7
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/o1ljTRS147z3hIgolebPg1jjQtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.87.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:89:41:eb:80:32:a2:37:cc:6f:8c:2d:4c:38:3e:57:77:5c:
         33:40:3f:28:1d:08:bc:36:d3:53:16:2a:6e:6d:d2:dd:4a:79:
         45:68:1f:45:8d:96:e2:ad:37:47:d7:b1:e1:7b:11:03:37:ba:
         67:93:63:b2:b8:b0:91:72:ec:94:50:a7:c7:90:a2:b9:83:3b:
         6e:8e:ba:d6:e0:dc:aa:b1:50:96:23:43:07:2b:61:28:97:a2:
         97:b3:b5:0e:3c:cc:5d:f9:27:bb:a0:90:55:56:93:58:6c:4f:
         85:9f:d7:93:10:ec:84:6e:f1:80:ee:94:78:7d:16:a4:e6:f7:
         d2:0c:ff:bb:3f:1d:08:66:57:8f:a5:78:3b:c6:0d:44:98:49:
         d1:76:69:01:80:37:9a:97:e3:f0:2a:84:cb:24:58:ad:5f:a9:
         37:59:0a:28:21:b3:c4:35:d4:06:ee:fb:37:a8:9a:98:5d:eb:
         a0:ba:6c:ec:19:7d:d8:a4:ce:ce:75:a4:f3:79:a5:fe:d2:d7:
         5b:f0:b3:55:93:25:f0:dd:22:ab:2f:1e:84:ef:9c:87:74:f3:
         d2:cd:ae:4c:5c:f0:97:4d:17:8b:0f:f6:f2:be:3a:0e:23:a4:
         18:d7:1c:e1:00:79:97:4a:84:25:d7:c5:83:1d:96:5e:a6:0a:
         b9:03:33:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzLKR1RIDP3T84hXsZTVkXGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTAyMTcxMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzU5NjM0ZDE0YjVlM2JjZjc4NDg4Mjg5NWU2Y2Y4MzU4ZTM0MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7QsRz+ZMZeezYqnxdBfiQr1cNzq
XDjOZr3bbLoVkYO5bgEpDPibS92P2yvBqlArlnEGjUaDtbaz1HVASt5QubALmHhc
hTALOGgrxu5qVkYPKB+LzZ8t81NzOD0SY1JFlzEEGgti/rmW0L5soYY6kQFTAlwC
zMcf3gCs2ESEGtcqJwq7IOEo4t8A3U6o1538UDV7aZV1fBNdTkJuPjioc9Sm7JY/
EMkjurRk/Rsa4A2uzDDZr4P3ICnq1ioC0E1H4IA17u3xLu8rZCJcovCKKbk28gWW
mVe1iFKF6YXJc9j7e9b6GDJkWyW86+Oi0OYfH5OZUH4T3zVBkcpNgwjLMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNZY00UteO894SIKJXmz4NY40LXMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbzFsalRSUzE0N3ozaElnb2xlYlBnMWpqUXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlcOMA0G
CSqGSIb3DQEBCwUAA4IBAQBtiUHrgDKiN8xvjC1MOD5Xd1wzQD8oHQi8NtNTFipu
bdLdSnlFaB9FjZbirTdH17HhexEDN7pnk2OyuLCRcuyUUKfHkKK5gztujrrW4Nyq
sVCWI0MHK2Eol6KXs7UOPMxd+Se7oJBVVpNYbE+Fn9eTEOyEbvGA7pR4fRak5vfS
DP+7Px0IZlePpXg7xg1EmEnRdmkBgDeal+PwKoTLJFitX6k3WQooIbPENdQG7vs3
qJqYXeugumzsGX3YpM7OdaTzeaX+0tdb8LNVkyXw3SKrLx6E75yHdPPSza5MXPCX
TReLD/byvjoOI6QY1xzhAHmXSoQl18WDHZZepgq5AzPe
-----END CERTIFICATE-----
Generated at Tue Oct 15 03:48:47 2024 by rpki-client on console-ams.rpki-client.org