Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/2c9320-38d9-4604-ad92-1c7b2b91d308/1/1uxJD8KELh-D0ffEaYlyMBQasGM.roa
File:                     1uxJD8KELh-D0ffEaYlyMBQasGM.roa (raw, json)
Hash identifier:          0JZPM+Sn7Z2/OK5RBBiWN+uTdw0T/g/kXIZdHtuFSbw=
Subject key identifier:   D6:EC:49:0F:C2:84:2E:1F:83:D1:F7:C4:69:89:72:30:14:1A:B0:63
Certificate issuer:       /CN=c1233861207a230564ef36f11e0157344731e3f9
Certificate serial:       018CC5003CF60C6A52F69E8A1B598F7CDF20
Authority key identifier: C1:23:38:61:20:7A:23:05:64:EF:36:F1:1E:01:57:34:47:31:E3:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wSM4YSB6IwVk7zbxHgFXNEcx4_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/2c9320-38d9-4604-ad92-1c7b2b91d308/1/1uxJD8KELh-D0ffEaYlyMBQasGM.roa
Signing time:             Mon 01 Jan 2024 12:29:36 +0000
ROA not before:           Mon 01 Jan 2024 12:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        46.228.131.0/24 maxlen: 24
                          46.228.136.0/23 maxlen: 24
                          46.228.135.0/24 maxlen: 24
                          46.228.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/2c9320-38d9-4604-ad92-1c7b2b91d308/1/wSM4YSB6IwVk7zbxHgFXNEcx4_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/2c9320-38d9-4604-ad92-1c7b2b91d308/1/wSM4YSB6IwVk7zbxHgFXNEcx4_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wSM4YSB6IwVk7zbxHgFXNEcx4_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3c:f6:0c:6a:52:f6:9e:8a:1b:59:8f:7c:df:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1233861207a230564ef36f11e0157344731e3f9
        Validity
            Not Before: Jan  1 12:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6ec490fc2842e1f83d1f7c469897230141ab063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a3:de:a4:53:a1:75:40:1b:c0:c8:6f:90:5d:
                    57:7b:3f:0b:a8:69:e2:6d:4a:19:e6:70:d8:f1:66:
                    1c:dd:8d:ef:b1:e1:b2:64:9a:c3:86:2e:ce:08:d2:
                    b7:03:1b:9e:69:b3:d1:7d:5c:f3:e0:05:f5:a5:74:
                    e3:53:4e:5d:0e:2e:04:06:14:b1:d6:a3:97:71:30:
                    c3:7f:a5:8f:5d:8d:de:e8:6d:f7:09:1e:d0:b0:f6:
                    6a:cd:4f:44:db:7a:20:5f:57:a2:f0:a2:4c:c0:46:
                    37:4f:07:e3:a6:2b:9e:26:db:b3:6c:93:da:a4:8e:
                    32:17:e1:38:f6:e7:7e:51:25:8d:5a:1c:b3:50:b2:
                    ee:d2:ed:ca:48:fc:70:de:ff:c7:d2:8f:cc:c7:73:
                    7b:13:0d:b5:32:2d:b0:90:af:85:af:c1:f1:1b:f3:
                    68:da:48:c6:9b:d3:84:3d:c6:cb:78:fe:e2:1e:f3:
                    9e:cd:3a:35:29:db:b6:5e:02:fd:7c:cf:84:f5:01:
                    0e:ce:bd:08:38:9e:46:23:54:21:b5:50:ee:dd:82:
                    e9:45:84:6c:f0:9f:d4:eb:fb:89:48:f3:18:f5:57:
                    d4:5f:5e:70:b5:fb:92:a2:ce:59:3e:2c:b8:c8:0f:
                    95:75:02:a9:34:8d:8f:98:81:57:4e:a9:c7:60:71:
                    f9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:EC:49:0F:C2:84:2E:1F:83:D1:F7:C4:69:89:72:30:14:1A:B0:63
            X509v3 Authority Key Identifier:
                keyid:C1:23:38:61:20:7A:23:05:64:EF:36:F1:1E:01:57:34:47:31:E3:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wSM4YSB6IwVk7zbxHgFXNEcx4_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2c9320-38d9-4604-ad92-1c7b2b91d308/1/1uxJD8KELh-D0ffEaYlyMBQasGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/2c9320-38d9-4604-ad92-1c7b2b91d308/1/wSM4YSB6IwVk7zbxHgFXNEcx4_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.228.131.0/24
                  46.228.135.0-46.228.137.255
                  46.228.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:f3:9a:50:d0:9a:ea:d5:4a:c4:3d:cc:bd:6a:63:f6:cf:06:
         43:92:46:27:ab:20:fe:c9:2d:37:49:4c:c6:9d:9c:af:74:21:
         a0:1b:24:dc:08:10:a5:10:12:a5:0f:c7:96:7a:d0:94:ba:39:
         a5:96:3f:e6:6d:10:52:3a:69:15:61:b9:87:dd:66:d5:4b:4f:
         84:39:70:8c:dd:e8:86:55:10:a8:22:d9:92:69:1c:e6:dd:87:
         ab:12:a3:60:25:8d:83:b2:9c:bb:c6:df:f8:ae:44:48:69:bc:
         31:f8:af:38:3d:08:a2:1a:38:88:35:b6:c7:bd:b1:77:fe:a3:
         ab:c9:74:17:02:0f:47:ab:3a:77:12:22:5e:74:0f:57:e0:f0:
         10:e7:bc:bb:af:f7:69:85:ec:50:af:45:c8:8e:3a:a7:38:2c:
         16:c1:64:c8:e2:65:05:69:66:2d:03:0a:5f:b8:60:91:27:61:
         18:b7:00:c3:bf:bc:a0:a3:0c:5a:bc:75:c0:ba:20:9d:c1:06:
         1b:7b:33:8d:ba:fd:68:44:6f:08:2c:c8:72:5f:28:b1:55:39:
         06:93:f3:0e:30:84:44:87:2f:b6:b6:f5:e0:85:f7:1b:36:ca:
         76:37:21:c5:f5:a8:c9:94:ea:e0:9c:bd:f3:e2:23:7d:6e:8d:
         4d:98:f2:1a
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzFADz2DGpS9p6KG1mPfN8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMjMzODYxMjA3YTIzMDU2NGVmMzZmMTFlMDE1NzM0NDcz
MWUzZjkwHhcNMjQwMTAxMTIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmVjNDkwZmMyODQyZTFmODNkMWY3YzQ2OTg5NzIzMDE0MWFiMDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKPepFOhdUAbwMhvkF1Xez8LqGni
bUoZ5nDY8WYc3Y3vseGyZJrDhi7OCNK3AxueabPRfVzz4AX1pXTjU05dDi4EBhSx
1qOXcTDDf6WPXY3e6G33CR7QsPZqzU9E23ogX1ei8KJMwEY3TwfjpiueJtuzbJPa
pI4yF+E49ud+USWNWhyzULLu0u3KSPxw3v/H0o/Mx3N7Ew21Mi2wkK+Fr8HxG/No
2kjGm9OEPcbLeP7iHvOezTo1Kdu2XgL9fM+E9QEOzr0IOJ5GI1QhtVDu3YLpRYRs
8J/U6/uJSPMY9VfUX15wtfuSos5ZPiy4yA+VdQKpNI2PmIFXTqnHYHH55QIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNbsSQ/ChC4fg9H3xGmJcjAUGrBjMB8GA1UdIwQY
MBaAFMEjOGEgeiMFZO828R4BVzRHMeP5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1NNNFlTQjZJd1ZrN3pieEhnRlhORWN4NF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC8yYzkzMjAtMzhkOS00NjA0LWFkOTIt
MWM3YjJiOTFkMzA4LzEvMXV4SkQ4S0VMaC1EMGZmRWFZbHlNQlFhc0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC8yYzkzMjAtMzhkOS00NjA0LWFkOTItMWM3YjJiOTFkMzA4
LzEvd1NNNFlTQjZJd1ZrN3pieEhnRlhORWN4NF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQALuSDMAwD
BAAu5IcDBAEu5IgDBAAu5IwwDQYJKoZIhvcNAQELBQADggEBAIbzmlDQmurVSsQ9
zL1qY/bPBkOSRierIP7JLTdJTMadnK90IaAbJNwIEKUQEqUPx5Z60JS6OaWWP+Zt
EFI6aRVhuYfdZtVLT4Q5cIzd6IZVEKgi2ZJpHObdh6sSo2AljYOynLvG3/iuREhp
vDH4rzg9CKIaOIg1tse9sXf+o6vJdBcCD0erOncSIl50D1fg8BDnvLuv92mF7FCv
RciOOqc4LBbBZMjiZQVpZi0DCl+4YJEnYRi3AMO/vKCjDFq8dcC6IJ3BBht7M426
/WhEbwgsyHJfKLFVOQaT8w4whESHL7a29eCF9xs2ynY3IcX1qMmU6uCcvfPiI31u
jU2Y8ho=
-----END CERTIFICATE-----
Generated at Mon Nov 25 01:45:48 2024 by rpki-client on console-fra.rpki-client.org