Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/yDyYv0Kc1rcKFpHpvT8mACBtk9I.roa
File:                     yDyYv0Kc1rcKFpHpvT8mACBtk9I.roa (raw, json)
Hash identifier:          ywZgMA7fkTLJulBk8Edp1KCYsjR9jBb4pKBuLjMab9M=
Subject key identifier:   C8:3C:98:BF:42:9C:D6:B7:0A:16:91:E9:BD:3F:26:00:20:6D:93:D2
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       018CC3B73F79112A0D8ABBC570417546A229
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/yDyYv0Kc1rcKFpHpvT8mACBtk9I.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208410
IP address blocks:        37.32.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3f:79:11:2a:0d:8a:bb:c5:70:41:75:46:a2:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c83c98bf429cd6b70a1691e9bd3f2600206d93d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f7:1d:88:a3:1d:b9:36:56:50:54:89:e8:ca:
                    01:16:26:de:db:b3:6b:e7:ee:94:68:41:f0:13:b6:
                    37:fa:32:ef:98:d8:94:a0:84:44:e5:70:a0:89:f0:
                    f7:ef:0f:59:27:9a:4e:55:42:6d:75:31:7c:64:27:
                    c2:b1:e3:f6:59:28:96:81:c6:fe:7b:d5:e6:a7:4f:
                    67:3a:dd:50:86:99:95:31:21:08:64:1a:49:22:8f:
                    c6:1b:bb:02:0d:23:a8:1b:21:64:bc:05:53:05:51:
                    ec:0e:d6:8b:ef:31:c3:01:b6:ce:d8:2b:ea:54:58:
                    bb:10:0b:99:ac:bd:6a:93:e3:85:4d:05:61:a8:be:
                    37:ec:19:5f:f2:98:f8:ba:8c:59:de:ea:3f:de:72:
                    ba:87:00:0e:d1:22:53:88:09:af:da:9d:ad:2b:e2:
                    3d:10:22:c4:f5:01:16:25:77:d2:a8:c6:3f:ac:b1:
                    88:95:8c:b5:b2:26:e6:f3:2f:a0:9f:79:f0:27:cb:
                    36:0d:cd:b4:24:11:f3:4f:77:12:4a:c7:9f:60:f6:
                    48:b2:1a:f2:e8:8d:c4:d7:96:7a:c4:e0:52:86:6c:
                    ca:e2:ea:a5:d1:05:4c:ec:37:eb:21:38:b3:db:2e:
                    6a:33:ec:db:99:65:f0:89:9e:d6:c9:3f:cc:99:a7:
                    d1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:3C:98:BF:42:9C:D6:B7:0A:16:91:E9:BD:3F:26:00:20:6D:93:D2
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/yDyYv0Kc1rcKFpHpvT8mACBtk9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:52:f6:da:aa:37:ef:95:a2:63:93:45:3c:b2:87:9e:f7:99:
         b9:c9:14:92:7f:50:ac:0e:d2:ad:38:ba:d6:65:00:8f:c2:1d:
         7d:25:ba:86:9d:ca:83:f5:a2:78:14:b7:a9:de:14:b4:1e:72:
         db:92:42:ff:4d:2d:fd:a5:81:5f:a5:ee:11:56:87:27:8e:77:
         aa:cd:56:7a:f2:27:09:24:66:47:66:e7:9d:36:7d:f6:f4:ac:
         66:bb:a9:a2:fa:52:45:a7:c1:dd:18:9f:13:3a:62:52:65:b1:
         d3:85:62:a1:f3:5e:47:c1:af:9c:a2:4a:6a:bd:be:da:d5:67:
         48:eb:ff:11:41:9b:16:20:70:95:41:00:d6:3f:39:c0:fb:e2:
         84:85:00:d7:8b:d6:fe:9d:ba:67:fa:67:6d:3c:6e:b5:96:7b:
         8a:6e:24:2d:08:2b:50:b4:66:b9:33:c7:c1:de:55:dd:8b:9c:
         69:3b:95:d4:9c:8c:60:84:e1:ce:59:99:54:c2:dc:ab:85:f9:
         5e:ff:23:df:06:1d:f9:1b:cb:be:d1:6c:12:b6:a3:03:9b:3a:
         b9:2b:96:2d:5d:89:76:3a:af:e5:c2:b4:fb:ca:2e:f9:a8:2a:
         37:9a:45:76:65:03:e2:42:76:bf:b2:21:9d:5f:72:26:63:30:
         70:20:de:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtz95ESoNirvFcEF1RqIpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODNjOThiZjQyOWNkNmI3MGExNjkxZTliZDNmMjYwMDIwNmQ5M2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/cdiKMduTZWUFSJ6MoBFibe27Nr
5+6UaEHwE7Y3+jLvmNiUoIRE5XCgifD37w9ZJ5pOVUJtdTF8ZCfCseP2WSiWgcb+
e9Xmp09nOt1QhpmVMSEIZBpJIo/GG7sCDSOoGyFkvAVTBVHsDtaL7zHDAbbO2Cvq
VFi7EAuZrL1qk+OFTQVhqL437Blf8pj4uoxZ3uo/3nK6hwAO0SJTiAmv2p2tK+I9
ECLE9QEWJXfSqMY/rLGIlYy1sibm8y+gn3nwJ8s2Dc20JBHzT3cSSsefYPZIshry
6I3E15Z6xOBShmzK4uql0QVM7DfrITiz2y5qM+zbmWXwiZ7WyT/MmafRKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMg8mL9CnNa3ChaR6b0/JgAgbZPSMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEveUR5WXYwS2MxcmNLRnBIcHZUOG1BQ0J0azlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBOMA0G
CSqGSIb3DQEBCwUAA4IBAQBqUvbaqjfvlaJjk0U8soee95m5yRSSf1CsDtKtOLrW
ZQCPwh19JbqGncqD9aJ4FLep3hS0HnLbkkL/TS39pYFfpe4RVocnjneqzVZ68icJ
JGZHZuedNn329Kxmu6mi+lJFp8HdGJ8TOmJSZbHThWKh815Hwa+cokpqvb7a1WdI
6/8RQZsWIHCVQQDWPznA++KEhQDXi9b+nbpn+mdtPG61lnuKbiQtCCtQtGa5M8fB
3lXdi5xpO5XUnIxghOHOWZlUwtyrhfle/yPfBh35G8u+0WwStqMDmzq5K5YtXYl2
Oq/lwrT7yi75qCo3mkV2ZQPiQna/siGdX3ImYzBwIN6v
-----END CERTIFICATE-----
Generated at Sat Nov 23 04:45:05 2024 by rpki-client on console-ams.rpki-client.org