Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/AW3dhXNVs50cBvkPzCPTgmD2y0c.roa
File:                     AW3dhXNVs50cBvkPzCPTgmD2y0c.roa (raw, json)
Hash identifier:          oErXPV5YpSKxcrWkPBWjb7Mdkqpsbm2ifNvFOTrGnjE=
Subject key identifier:   01:6D:DD:85:73:55:B3:9D:1C:06:F9:0F:CC:23:D3:82:60:F6:CB:47
Certificate issuer:       /CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
Certificate serial:       018CC4252F9B9A7E277FF2D7D59DD6843043
Authority key identifier: 30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/AW3dhXNVs50cBvkPzCPTgmD2y0c.roa
Signing time:             Mon 01 Jan 2024 08:30:20 +0000
ROA not before:           Mon 01 Jan 2024 08:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197033
IP address blocks:        217.119.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:2f:9b:9a:7e:27:7f:f2:d7:d5:9d:d6:84:30:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307d887c02e07c9e474d1f8e21049caa6ce3fbd3
        Validity
            Not Before: Jan  1 08:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=016ddd857355b39d1c06f90fcc23d38260f6cb47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c8:71:ce:ee:5b:92:cd:19:e6:c0:37:0c:73:
                    27:a5:e7:d8:aa:25:be:98:09:3d:7a:c9:83:1b:83:
                    9a:73:d2:27:bc:1f:c1:a8:3e:09:85:be:dc:87:39:
                    4d:78:75:d7:25:c1:7a:d3:3e:7e:fe:4c:c1:30:dd:
                    dc:07:e1:c3:fd:ed:30:03:de:77:db:c4:d7:f1:13:
                    ea:00:7e:58:f4:02:a8:78:80:39:86:99:4b:74:bf:
                    f6:28:78:bb:05:82:87:57:c4:28:e6:9a:46:b2:e2:
                    b3:9f:54:40:04:d2:66:1b:85:6c:1c:bf:4a:c7:62:
                    32:69:36:fb:75:19:b7:22:87:47:f0:13:b3:f5:58:
                    31:d4:32:ab:4b:26:77:d8:22:46:6e:a6:ef:04:36:
                    7e:7f:c5:dd:be:6a:bc:1d:7e:58:75:75:c4:69:24:
                    58:6b:80:cb:e4:35:5f:03:56:bd:51:98:a5:d0:9d:
                    b2:d8:2e:ba:8c:f0:06:cc:37:c3:97:55:4a:1b:40:
                    bd:1d:6a:84:bb:74:35:c6:ef:4b:14:0e:9e:e7:03:
                    cd:85:e5:2a:54:63:55:07:1c:4e:e8:3b:5b:4c:88:
                    76:a4:d7:49:04:a0:b2:9d:95:54:3b:a1:6e:88:f4:
                    f4:92:94:15:8c:0a:e9:bf:33:9c:50:a1:0f:ca:20:
                    14:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:6D:DD:85:73:55:B3:9D:1C:06:F9:0F:CC:23:D3:82:60:F6:CB:47
            X509v3 Authority Key Identifier:
                keyid:30:7D:88:7C:02:E0:7C:9E:47:4D:1F:8E:21:04:9C:AA:6C:E3:FB:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH2IfALgfJ5HTR-OIQScqmzj-9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/AW3dhXNVs50cBvkPzCPTgmD2y0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b20d83-612c-4b62-97a3-1a5e5f191bfa/1/MH2IfALgfJ5HTR-OIQScqmzj-9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.119.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:26:0a:1e:32:23:07:82:96:2a:f5:6c:34:5c:04:f1:1d:dd:
         1b:b8:31:ae:ae:55:b6:fa:fd:b1:4a:1c:3a:72:73:70:2b:f1:
         fe:f9:64:77:77:7d:e9:30:9f:17:fb:6a:46:f3:cf:c8:13:11:
         6e:71:ae:78:54:03:78:c2:b1:60:b0:cf:57:08:3d:e9:1d:dc:
         64:69:ac:f7:ae:43:c8:7b:26:37:11:30:3e:f8:44:15:c2:7b:
         d0:e7:06:01:ed:75:3f:1e:ca:3f:39:ac:e3:ed:97:53:63:cc:
         44:a2:ef:11:a8:16:d3:51:bc:c0:3b:b2:13:fc:b6:70:bd:82:
         47:5d:53:8f:cd:5b:62:b9:38:5c:7d:af:db:d8:0a:a4:00:09:
         f5:86:3b:16:16:1e:0f:bc:71:f2:a3:9a:2d:e6:2b:99:d0:23:
         4d:9f:25:12:11:7b:7a:7b:9d:18:0a:53:ac:6b:e1:a5:7c:96:
         36:95:0a:55:a3:14:07:7d:28:00:4a:1f:70:10:17:7c:61:3a:
         ed:29:1a:13:a1:a2:37:2b:61:c5:2c:40:84:11:6e:97:15:94:
         14:b3:03:5e:3c:3d:95:48:bf:20:0b:cf:5c:08:05:15:14:82:
         6c:2c:45:8e:57:8f:d0:fc:51:67:87:11:11:c5:19:12:fa:24:
         5c:07:b0:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJS+bmn4nf/LX1Z3WhDBDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Q4ODdjMDJlMDdjOWU0NzRkMWY4ZTIxMDQ5Y2FhNmNl
M2ZiZDMwHhcNMjQwMTAxMDgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTZkZGQ4NTczNTViMzlkMWMwNmY5MGZjYzIzZDM4MjYwZjZjYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8hxzu5bks0Z5sA3DHMnpefYqiW+
mAk9esmDG4Oac9InvB/BqD4Jhb7chzlNeHXXJcF60z5+/kzBMN3cB+HD/e0wA953
28TX8RPqAH5Y9AKoeIA5hplLdL/2KHi7BYKHV8Qo5ppGsuKzn1RABNJmG4VsHL9K
x2IyaTb7dRm3IodH8BOz9Vgx1DKrSyZ32CJGbqbvBDZ+f8Xdvmq8HX5YdXXEaSRY
a4DL5DVfA1a9UZil0J2y2C66jPAGzDfDl1VKG0C9HWqEu3Q1xu9LFA6e5wPNheUq
VGNVBxxO6DtbTIh2pNdJBKCynZVUO6FuiPT0kpQVjArpvzOcUKEPyiAULQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFt3YVzVbOdHAb5D8wj04Jg9stHMB8GA1UdIwQY
MBaAFDB9iHwC4HyeR00fjiEEnKps4/vTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMt
MWE1ZTVmMTkxYmZhLzEvQVczZGhYTlZzNTBjQnZrUHpDUFRnbUQyeTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMjBkODMtNjEyYy00YjYyLTk3YTMtMWE1ZTVmMTkxYmZh
LzEvTUgySWZBTGdmSjVIVFItT0lRU2NxbXpqLTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2Xe5MA0G
CSqGSIb3DQEBCwUAA4IBAQAxJgoeMiMHgpYq9Ww0XATxHd0buDGurlW2+v2xShw6
cnNwK/H++WR3d33pMJ8X+2pG88/IExFuca54VAN4wrFgsM9XCD3pHdxkaaz3rkPI
eyY3ETA++EQVwnvQ5wYB7XU/Hso/Oazj7ZdTY8xEou8RqBbTUbzAO7IT/LZwvYJH
XVOPzVtiuThcfa/b2AqkAAn1hjsWFh4PvHHyo5ot5iuZ0CNNnyUSEXt6e50YClOs
a+GlfJY2lQpVoxQHfSgASh9wEBd8YTrtKRoToaI3K2HFLECEEW6XFZQUswNePD2V
SL8gC89cCAUVFIJsLEWOV4/Q/FFnhxERxRkS+iRcB7D9
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:40:04 2024 by rpki-client on console-ams.rpki-client.org