Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/PB9OuHZLFVpDlsU7oqsvb6hwaVM.roa
File:                     PB9OuHZLFVpDlsU7oqsvb6hwaVM.roa (raw, json)
Hash identifier:          WVvsXGYJnvl0ohR1lDEtZxqII64XjZaTGbAmKTcwTro=
Subject key identifier:   3C:1F:4E:B8:76:4B:15:5A:43:96:C5:3B:A2:AB:2F:6F:A8:70:69:53
Certificate issuer:       /CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
Certificate serial:       018CC49390A616FE5B471B8CFEBA2EA2B657
Authority key identifier: BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/PB9OuHZLFVpDlsU7oqsvb6hwaVM.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        194.140.230.0/24 maxlen: 24
                          2001:67c:144::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:90:a6:16:fe:5b:47:1b:8c:fe:ba:2e:a2:b6:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdf7a0a048b68eccfa4d49eab4f16dc792c0d318
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c1f4eb8764b155a4396c53ba2ab2f6fa8706953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b9:ec:32:f9:1d:2b:88:a2:3e:08:3f:99:f3:
                    2e:24:23:ee:07:63:5b:cc:0e:b8:c7:b8:4c:ea:3c:
                    4f:14:6b:b4:ea:7c:09:63:84:2f:cd:0f:2e:d1:33:
                    83:cc:e6:56:5e:96:19:93:97:9a:5b:9d:9a:d1:65:
                    ad:3e:9e:54:e2:5b:d7:f1:40:6e:45:d6:1d:84:64:
                    00:69:52:a6:fa:aa:2c:c6:78:8d:e9:85:87:a5:07:
                    51:9b:3e:b5:e3:55:48:5f:93:5b:f9:02:17:08:c7:
                    2d:7d:6e:11:cb:61:d2:0e:5b:6b:0f:19:12:9d:10:
                    31:83:5a:fd:cb:c4:8e:91:1b:38:c6:5b:7b:81:8d:
                    24:ab:9a:00:99:e7:d1:12:14:39:b2:fc:2d:58:e5:
                    ef:49:08:99:2d:74:24:62:8c:3b:7b:af:0e:e8:ad:
                    7e:a1:10:5b:c8:ff:e2:61:45:36:71:fe:52:ab:16:
                    40:4d:4d:e4:86:b1:8b:08:66:33:d0:38:72:84:e8:
                    2a:b5:96:84:0e:74:20:b0:4d:53:74:be:79:4d:0b:
                    4c:a2:a7:d0:6c:50:42:05:88:6e:b0:2d:10:4a:17:
                    c6:ce:e3:ed:5f:52:0a:70:b2:0a:f2:17:b8:2d:92:
                    67:86:f7:15:db:36:0f:3e:54:9f:ba:cb:78:7c:9d:
                    29:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:1F:4E:B8:76:4B:15:5A:43:96:C5:3B:A2:AB:2F:6F:A8:70:69:53
            X509v3 Authority Key Identifier:
                keyid:BD:F7:A0:A0:48:B6:8E:CC:FA:4D:49:EA:B4:F1:6D:C7:92:C0:D3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfegoEi2jsz6TUnqtPFtx5LA0xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/PB9OuHZLFVpDlsU7oqsvb6hwaVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/e16cb6-b454-48d6-bdc8-3516191a9d68/1/vfegoEi2jsz6TUnqtPFtx5LA0xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.230.0/24
                IPv6:
                  2001:67c:144::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:80:09:df:b4:c2:fa:03:5d:7e:69:88:3e:b0:ae:d1:fd:a2:
         96:9f:5e:19:c2:45:25:81:dc:2b:35:59:60:bf:76:2e:08:1f:
         fd:8a:ba:b8:e6:cb:85:b6:fe:74:a5:30:38:eb:37:30:ea:19:
         6e:75:83:d9:f0:5e:3f:83:6b:fd:eb:48:4d:34:58:4f:b2:0f:
         f2:bc:44:3e:18:ae:b5:48:e2:f7:14:2d:76:e3:1c:4d:75:d0:
         70:47:50:d8:34:c1:c2:4c:98:51:da:93:19:a2:00:48:83:04:
         82:6d:cd:be:19:eb:c3:3f:d9:41:27:b9:93:a8:0d:47:80:0b:
         42:9d:b6:fa:e0:45:bc:7f:dd:3b:ff:e2:ae:7a:0e:41:ab:46:
         6d:0b:8d:23:42:2e:c9:15:c3:dc:be:43:a3:f4:f7:9e:82:0e:
         9c:fb:69:11:40:14:3d:c8:8b:a2:68:0c:52:2a:77:47:36:a8:
         4f:7d:ea:56:0d:d9:33:6f:f5:20:3b:67:07:35:a1:80:c9:35:
         9d:8e:4c:fc:14:64:d4:aa:d7:4c:5f:2d:72:fb:57:b2:2f:c6:
         ad:3e:8a:5d:70:0d:14:a6:3a:43:75:43:d0:fe:f3:1e:42:74:
         26:3b:94:8e:aa:c1:24:9a:af:15:0b:52:b0:c3:84:17:4a:23:
         67:de:d9:f5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEk5CmFv5bRxuM/rouorZXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZjdhMGEwNDhiNjhlY2NmYTRkNDllYWI0ZjE2ZGM3OTJj
MGQzMTgwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzFmNGViODc2NGIxNTVhNDM5NmM1M2JhMmFiMmY2ZmE4NzA2OTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7nsMvkdK4iiPgg/mfMuJCPuB2Nb
zA64x7hM6jxPFGu06nwJY4QvzQ8u0TODzOZWXpYZk5eaW52a0WWtPp5U4lvX8UBu
RdYdhGQAaVKm+qosxniN6YWHpQdRmz6141VIX5Nb+QIXCMctfW4Ry2HSDltrDxkS
nRAxg1r9y8SOkRs4xlt7gY0kq5oAmefREhQ5svwtWOXvSQiZLXQkYow7e68O6K1+
oRBbyP/iYUU2cf5SqxZATU3khrGLCGYz0DhyhOgqtZaEDnQgsE1TdL55TQtMoqfQ
bFBCBYhusC0QShfGzuPtX1IKcLIK8he4LZJnhvcV2zYPPlSfust4fJ0p3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDwfTrh2SxVaQ5bFO6KrL2+ocGlTMB8GA1UdIwQY
MBaAFL33oKBIto7M+k1J6rTxbceSwNMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgt
MzUxNjE5MWE5ZDY4LzEvUEI5T3VIWkxGVnBEbHNVN29xc3ZiNmh3YVZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9lMTZjYjYtYjQ1NC00OGQ2LWJkYzgtMzUxNjE5MWE5ZDY4
LzEvdmZlZ29FaTJqc3o2VFVucXRQRnR4NUxBMHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwozmMA8E
AgACMAkDBwAgAQZ8AUQwDQYJKoZIhvcNAQELBQADggEBAJOACd+0wvoDXX5piD6w
rtH9opafXhnCRSWB3Cs1WWC/di4IH/2Kurjmy4W2/nSlMDjrNzDqGW51g9nwXj+D
a/3rSE00WE+yD/K8RD4YrrVI4vcULXbjHE110HBHUNg0wcJMmFHakxmiAEiDBIJt
zb4Z68M/2UEnuZOoDUeAC0KdtvrgRbx/3Tv/4q56DkGrRm0LjSNCLskVw9y+Q6P0
956CDpz7aRFAFD3Ii6JoDFIqd0c2qE996lYN2TNv9SA7Zwc1oYDJNZ2OTPwUZNSq
10xfLXL7V7Ivxq0+il1wDRSmOkN1Q9D+8x5CdCY7lI6qwSSarxULUrDDhBdKI2fe
2fU=
-----END CERTIFICATE-----