Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/eXxS2MOYsQth0g5NefODqu0XrR8.roa
File:                     eXxS2MOYsQth0g5NefODqu0XrR8.roa (raw, json)
Hash identifier:          6jgBOWEPNekuagg/ZV86JaTYz7mQM7xRx+d+7b211Ao=
Subject key identifier:   79:7C:52:D8:C3:98:B1:0B:61:D2:0E:4D:79:F3:83:AA:ED:17:AD:1F
Certificate issuer:       /CN=19193cd0cfb9395989358e0396312cfbb1c88ffe
Certificate serial:       018CC500463CD5BD39C8FC0B4029C1B6387F
Authority key identifier: 19:19:3C:D0:CF:B9:39:59:89:35:8E:03:96:31:2C:FB:B1:C8:8F:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GRk80M-5OVmJNY4DljEs-7HIj_4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/eXxS2MOYsQth0g5NefODqu0XrR8.roa
Signing time:             Mon 01 Jan 2024 12:29:38 +0000
ROA not before:           Mon 01 Jan 2024 12:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211612
IP address blocks:        37.19.204.0/24 maxlen: 24
                          37.19.208.0/24 maxlen: 24
                          37.19.219.0/24 maxlen: 24
                          2a02:6ea0:e500::/40 maxlen: 40
                          2a02:6ea0:e400::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/GRk80M-5OVmJNY4DljEs-7HIj_4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/GRk80M-5OVmJNY4DljEs-7HIj_4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GRk80M-5OVmJNY4DljEs-7HIj_4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:52:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:46:3c:d5:bd:39:c8:fc:0b:40:29:c1:b6:38:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19193cd0cfb9395989358e0396312cfbb1c88ffe
        Validity
            Not Before: Jan  1 12:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=797c52d8c398b10b61d20e4d79f383aaed17ad1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0c:41:56:fc:f7:c2:c6:27:35:6d:2d:ea:99:
                    2e:e6:9d:75:55:02:69:a2:3f:01:ed:59:52:75:8b:
                    62:3b:b6:d4:52:5e:7d:e6:dd:8f:cb:3d:81:f2:5a:
                    68:41:80:64:00:b1:cd:b2:8d:73:27:3c:76:c5:99:
                    c3:92:97:58:08:50:e9:c7:5f:a1:e7:56:8e:07:99:
                    3b:51:38:ad:34:1a:34:0f:ab:fc:2d:04:50:c7:94:
                    77:72:4b:f5:39:a1:cc:35:73:47:9c:e7:88:26:ce:
                    67:0f:87:6f:43:c2:86:7c:76:2d:fe:d1:40:fa:83:
                    25:81:63:45:a9:6b:46:a3:b2:40:b1:a4:c9:8f:2a:
                    43:76:b7:81:03:9f:d4:cd:a8:93:1d:1d:e7:3d:1d:
                    c3:a3:b8:64:98:4f:99:eb:f6:a8:eb:04:ce:15:a3:
                    d2:17:84:67:43:fa:b0:ee:d6:18:9b:4d:b6:c8:72:
                    a8:96:b6:e0:a4:1d:65:f5:e8:11:71:d4:95:dd:7d:
                    45:23:d1:d3:2f:3b:8c:9f:b1:4f:c6:6e:03:ea:66:
                    39:27:10:e6:af:d3:30:9c:4a:ae:32:c0:4b:74:5a:
                    d4:e7:0d:fa:78:cc:25:9f:05:0b:1a:40:77:8f:74:
                    e4:40:5e:14:42:65:b5:ab:cf:1a:db:ba:0b:4f:b6:
                    57:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:7C:52:D8:C3:98:B1:0B:61:D2:0E:4D:79:F3:83:AA:ED:17:AD:1F
            X509v3 Authority Key Identifier:
                keyid:19:19:3C:D0:CF:B9:39:59:89:35:8E:03:96:31:2C:FB:B1:C8:8F:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GRk80M-5OVmJNY4DljEs-7HIj_4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/eXxS2MOYsQth0g5NefODqu0XrR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/0d68d4-adb3-4ff9-b78a-4ef9d07c4405/1/GRk80M-5OVmJNY4DljEs-7HIj_4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.19.204.0/24
                  37.19.208.0/24
                  37.19.219.0/24
                IPv6:
                  2a02:6ea0:e400::/39

    Signature Algorithm: sha256WithRSAEncryption
         9e:d1:11:1b:00:4f:2e:04:9d:03:0c:96:21:7b:35:7f:6f:ac:
         e1:2b:07:ff:25:74:b6:76:9b:f8:c6:84:ac:fd:a0:5f:65:d5:
         a2:77:ab:f4:c4:2f:bf:4c:29:fe:45:3a:97:7c:23:05:2f:39:
         89:3e:a0:4c:8f:1f:71:eb:7d:67:31:a8:24:b2:f4:eb:ab:41:
         e5:62:30:45:03:5f:03:f7:d3:06:46:03:ca:3e:e5:6b:d1:7d:
         9b:d3:11:ae:6a:6e:2f:6c:98:b9:46:e6:a3:4f:b4:4a:d0:6b:
         c9:0c:b7:df:45:dc:f2:9c:23:9f:ed:b6:dd:4c:8a:a5:e2:82:
         cd:74:9d:7a:50:d5:6a:6c:6a:b6:f1:d4:12:f4:a8:d6:38:a8:
         7a:bd:99:a2:7d:9a:c4:e1:1b:3b:72:7a:dd:38:5c:53:21:d6:
         74:95:8a:83:34:82:7b:31:6d:46:e1:85:1a:de:34:61:0e:67:
         fa:28:13:e3:6a:8c:d5:8a:4a:c0:e8:48:10:c9:65:48:f0:43:
         f3:e5:06:14:c4:05:c3:91:06:d2:5d:db:0a:4d:cb:2b:f4:fc:
         2f:a8:67:94:cc:33:a6:b2:a2:3a:5d:37:22:02:c2:54:41:2f:
         2c:93:0c:5d:72:0f:20:14:6a:55:4d:dd:b0:83:ec:2a:be:7e:
         0f:ab:7e:2a
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzFAEY81b05yPwLQCnBtjh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MTkzY2QwY2ZiOTM5NTk4OTM1OGUwMzk2MzEyY2ZiYjFj
ODhmZmUwHhcNMjQwMTAxMTIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTdjNTJkOGMzOThiMTBiNjFkMjBlNGQ3OWYzODNhYWVkMTdhZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnAxBVvz3wsYnNW0t6pku5p11VQJp
oj8B7VlSdYtiO7bUUl595t2Pyz2B8lpoQYBkALHNso1zJzx2xZnDkpdYCFDpx1+h
51aOB5k7UTitNBo0D6v8LQRQx5R3ckv1OaHMNXNHnOeIJs5nD4dvQ8KGfHYt/tFA
+oMlgWNFqWtGo7JAsaTJjypDdreBA5/UzaiTHR3nPR3Do7hkmE+Z6/ao6wTOFaPS
F4RnQ/qw7tYYm022yHKolrbgpB1l9egRcdSV3X1FI9HTLzuMn7FPxm4D6mY5JxDm
r9MwnEquMsBLdFrU5w36eMwlnwULGkB3j3TkQF4UQmW1q88a27oLT7ZXcwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFHl8UtjDmLELYdIOTXnzg6rtF60fMB8GA1UdIwQY
MBaAFBkZPNDPuTlZiTWOA5YxLPuxyI/+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1JrODBNLTVPVm1KTlk0RGxqRXMtN0hJal80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8wZDY4ZDQtYWRiMy00ZmY5LWI3OGEt
NGVmOWQwN2M0NDA1LzEvZVh4UzJNT1lzUXRoMGc1TmVmT0RxdTBYclI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8wZDY4ZDQtYWRiMy00ZmY5LWI3OGEtNGVmOWQwN2M0NDA1
LzEvR1JrODBNLTVPVm1KTlk0RGxqRXMtN0hJal80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQAJRPMAwQA
JRPQAwQAJRPbMA4EAgACMAgDBgEqAm6g5DANBgkqhkiG9w0BAQsFAAOCAQEAntER
GwBPLgSdAwyWIXs1f2+s4SsH/yV0tnab+MaErP2gX2XVoner9MQvv0wp/kU6l3wj
BS85iT6gTI8fcet9ZzGoJLL066tB5WIwRQNfA/fTBkYDyj7la9F9m9MRrmpuL2yY
uUbmo0+0StBryQy330Xc8pwjn+223UyKpeKCzXSdelDVamxqtvHUEvSo1jioer2Z
on2axOEbO3J63ThcUyHWdJWKgzSCezFtRuGFGt40YQ5n+igT42qM1YpKwOhIEMll
SPBD8+UGFMQFw5EG0l3bCk3LK/T8L6hnlMwzprKiOl03IgLCVEEvLJMMXXIPIBRq
VU3dsIPsKr5+D6t+Kg==
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:25:44 2024 by rpki-client on console-fra.rpki-client.org