Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/AweC4TZ6Q3w8SJTuVpY9GUWB7rE.roa
File:                     AweC4TZ6Q3w8SJTuVpY9GUWB7rE.roa (raw, json)
Hash identifier:          gZDqCt5kGzt933ghNjEBJDGxrgDHNf17K0Ifs8yxXLU=
Subject key identifier:   03:07:82:E1:36:7A:43:7C:3C:48:94:EE:56:96:3D:19:45:81:EE:B1
Certificate issuer:       /CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
Certificate serial:       018CC4939032D53AA49EB747EE9EC2D73AC2
Authority key identifier: BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/AweC4TZ6Q3w8SJTuVpY9GUWB7rE.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        194.140.230.0/24 maxlen: 24
                          2001:67c:144::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:90:32:d5:3a:a4:9e:b7:47:ee:9e:c2:d7:3a:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=030782e1367a437c3c4894ee56963d194581eeb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:07:70:ee:62:72:36:9d:07:9d:f1:2b:1d:db:
                    a5:e7:94:29:bb:16:9d:6c:65:c8:e2:19:d3:3d:97:
                    72:6e:7c:70:bb:3b:66:b3:6a:e5:cf:3b:86:f1:53:
                    6c:e1:9d:81:de:55:82:c4:66:b3:37:a8:af:dc:6c:
                    a6:79:73:a2:f3:44:a6:ec:1f:3f:94:43:82:08:1b:
                    3e:5c:8f:5d:f8:1c:6d:fc:6f:e0:53:7f:ee:1c:d9:
                    49:fa:29:df:89:85:a2:01:a5:6c:2c:be:ac:f6:db:
                    da:84:97:12:22:ca:66:7f:aa:15:9d:4c:f9:04:b4:
                    14:7a:76:ee:63:18:c6:4b:40:a4:b9:13:4f:ed:0e:
                    f1:e6:d1:fb:88:8b:e4:f4:9f:12:e1:d0:32:53:06:
                    f2:80:23:54:a3:e6:50:d9:1f:cf:84:46:0c:7b:c8:
                    dc:5b:e0:a7:22:77:ed:2b:7b:99:24:e9:06:60:08:
                    70:a5:0a:ee:f5:bd:36:0b:da:91:c9:d3:e3:5a:b8:
                    00:ab:be:eb:31:0f:56:f5:4a:d0:51:0f:38:89:60:
                    43:7d:39:28:10:c6:30:e0:b4:49:24:84:b9:b1:de:
                    fd:49:c3:39:6c:3f:c1:90:9b:32:aa:0b:52:52:44:
                    5d:f1:fc:d8:8d:2f:ef:71:91:ef:cf:41:7b:cf:d6:
                    25:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:07:82:E1:36:7A:43:7C:3C:48:94:EE:56:96:3D:19:45:81:EE:B1
            X509v3 Authority Key Identifier:
                keyid:BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/AweC4TZ6Q3w8SJTuVpY9GUWB7rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.230.0/24
                IPv6:
                  2001:67c:144::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:ea:62:cc:46:72:25:cc:08:22:64:ff:89:87:68:22:c3:b2:
         63:8e:15:85:3b:d6:14:e8:eb:81:0b:b2:2a:14:d8:f6:07:17:
         1b:d9:e0:3b:5a:ec:09:1a:f9:11:22:eb:e9:53:40:bb:08:c2:
         9b:60:17:45:40:45:c7:63:8d:4a:cb:7b:30:01:3d:ed:db:9e:
         9b:4d:56:6b:61:0e:6b:c0:c5:e7:60:df:bf:8f:46:a5:c5:4e:
         3b:ca:c3:6b:22:ea:c5:36:7e:23:33:b3:66:31:81:71:c3:2b:
         45:60:79:cd:8f:37:7b:4a:df:76:3e:bf:55:df:05:cf:56:da:
         79:dc:b9:3a:5f:27:2c:c2:4a:70:57:29:ee:16:7b:3b:9e:5d:
         4c:b7:4d:ec:08:c8:36:3d:56:a5:60:b8:20:a3:0f:97:6c:2f:
         94:66:cb:61:9d:13:36:79:30:89:93:95:c7:0b:1f:b3:18:ed:
         6e:97:b6:35:6b:c3:1c:88:ca:2f:aa:c4:46:43:62:ee:54:c8:
         c4:a7:63:1e:cf:f4:81:ee:22:b6:ff:7f:68:76:f0:9f:f5:39:
         30:14:65:dc:ab:12:b7:63:83:85:bd:90:ca:2f:03:da:8b:f9:
         32:be:f7:20:8e:03:f8:89:e2:1f:6d:c9:25:02:55:19:c6:1d:
         3c:9c:6d:70
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk5Ay1TqknrdH7p7C1zrCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjdhMGEwNDhiNjhlY2NmYTRkNDllYWI0ZjE2ZGM3OTJj
MGQzMTgwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzA3ODJlMTM2N2E0MzdjM2M0ODk0ZWU1Njk2M2QxOTQ1ODFlZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Qdw7mJyNp0HnfErHdul55Qpuxad
bGXI4hnTPZdybnxwuztms2rlzzuG8VNs4Z2B3lWCxGazN6iv3GymeXOi80Sm7B8/
lEOCCBs+XI9d+Bxt/G/gU3/uHNlJ+infiYWiAaVsLL6s9tvahJcSIspmf6oVnUz5
BLQUenbuYxjGS0CkuRNP7Q7x5tH7iIvk9J8S4dAyUwbygCNUo+ZQ2R/PhEYMe8jc
W+CnInftK3uZJOkGYAhwpQru9b02C9qRydPjWrgAq77rMQ9W9UrQUQ84iWBDfTko
EMYw4LRJJIS5sd79ScM5bD/BkJsyqgtSUkRd8fzYjS/vcZHvz0F7z9YlHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAMHguE2ekN8PEiU7laWPRlFge6xMB8GA1UdIwQY
MBaAFL33oKBIto7M+k1J6rTxbceSwNMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgt
MzUxNjE5MWE5ZDY4LzEvQXdlQzRUWjZRM3c4U0pUdVZwWTlHVVdCN3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgtMzUxNjE5MWE5ZDY4
LzEvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwozmMA8E
AgACMAkDBwAgAQZ8AUQwDQYJKoZIhvcNAQELBQADggEBAL/qYsxGciXMCCJk/4mH
aCLDsmOOFYU71hTo64ELsioU2PYHFxvZ4Dta7Aka+REi6+lTQLsIwptgF0VARcdj
jUrLezABPe3bnptNVmthDmvAxedg37+PRqXFTjvKw2si6sU2fiMzs2YxgXHDK0Vg
ec2PN3tK33Y+v1XfBc9W2nncuTpfJyzCSnBXKe4WezueXUy3TewIyDY9VqVguCCj
D5dsL5Rmy2GdEzZ5MImTlccLH7MY7W6XtjVrwxyIyi+qxEZDYu5UyMSnYx7P9IHu
Irb/f2h28J/1OTAUZdyrErdjg4W9kMovA9qL+TK+9yCOA/iJ4h9tySUCVRnGHTyc
bXA=
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:15:14 2024 by rpki-client on console-ams.rpki-client.org