Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/3TJqI4oDyJHNMiCuW6J1wjUsQ4o.roa
File:                     3TJqI4oDyJHNMiCuW6J1wjUsQ4o.roa (raw, json)
Hash identifier:          rq4la79IT12Xu2XmaqvYbl9UH4wem1ByWBvHSNF5ZlE=
Subject key identifier:   DD:32:6A:23:8A:03:C8:91:CD:32:20:AE:5B:A2:75:C2:35:2C:43:8A
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0AB7B73C897D53EB6299661A985F
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/3TJqI4oDyJHNMiCuW6J1wjUsQ4o.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56534
IP address blocks:        37.139.44.0/22 maxlen: 22
                          37.139.44.0/24 maxlen: 24
                          37.139.39.0/24 maxlen: 24
                          37.139.45.0/24 maxlen: 24
                          37.139.46.0/24 maxlen: 24
                          37.139.36.0/22 maxlen: 22
                          37.139.36.0/24 maxlen: 24
                          37.139.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0a:b7:b7:3c:89:7d:53:eb:62:99:66:1a:98:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd326a238a03c891cd3220ae5ba275c2352c438a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:89:7f:1b:12:89:35:8f:94:73:4a:00:3a:2c:
                    92:b8:6e:4d:14:6b:2c:db:7e:f2:e7:1a:2e:bc:0e:
                    e0:b6:53:b0:ab:ab:5b:8e:73:31:23:24:8d:9a:23:
                    08:39:c1:16:e2:55:7b:27:ff:f2:38:e8:50:31:f2:
                    4f:03:bf:fe:08:47:7a:d6:37:3f:7d:2c:43:04:79:
                    61:cb:e8:05:f1:b1:51:5d:bb:0c:f4:ed:74:c7:fb:
                    f8:ea:d4:3d:db:c5:bb:a2:e1:91:c7:2d:39:e8:70:
                    6b:3b:01:a8:bb:62:b7:66:c5:68:38:33:63:af:03:
                    d7:e2:f0:3a:04:4f:ea:77:23:1a:25:82:0f:bb:5c:
                    45:c3:d1:b1:a2:5b:1f:4c:db:a7:d9:20:98:34:e2:
                    e7:b4:78:f0:46:96:29:4b:26:2c:27:4c:1b:bd:ef:
                    85:fb:bf:e8:32:07:fd:c9:53:18:57:7a:d1:88:df:
                    64:48:b5:a0:30:13:ae:e1:58:b6:65:45:5a:4e:22:
                    e9:1c:85:72:03:f7:9e:f1:29:03:9a:42:bf:fd:03:
                    41:e9:7e:d5:0b:16:e4:0f:8a:92:22:ee:54:45:2d:
                    a1:7d:07:de:dd:5c:94:f6:d6:cd:59:4c:f0:11:02:
                    0e:10:11:6f:a3:13:2b:ad:b9:03:85:1d:bf:a9:6d:
                    10:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:32:6A:23:8A:03:C8:91:CD:32:20:AE:5B:A2:75:C2:35:2C:43:8A
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/3TJqI4oDyJHNMiCuW6J1wjUsQ4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.36.0/22
                  37.139.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:be:31:57:42:ce:b7:59:fb:f3:ef:c1:ac:0c:be:d2:d0:33:
         cd:c6:16:24:10:cf:30:2d:78:8e:2a:b1:b9:83:dd:ac:38:6b:
         57:8c:fc:20:4a:b6:16:d3:93:14:ec:86:7f:9d:c5:ce:11:40:
         87:d3:a3:ee:83:8c:6e:dd:9d:f0:95:ec:f8:a7:99:40:a2:69:
         2e:1f:ed:65:ba:29:ba:c3:a9:a2:d6:81:7b:2c:6e:9d:8e:97:
         5e:fa:14:2a:89:28:8c:59:d9:c0:a0:43:9b:9d:81:0f:ec:d8:
         90:80:2d:5d:40:74:04:ac:71:6c:16:1d:73:6a:1e:ef:20:5c:
         a4:01:9f:53:ba:18:f7:7d:63:d5:5f:64:55:d4:22:ba:b8:29:
         1a:e4:ce:36:21:2e:df:70:04:f2:4d:b7:b7:dd:d1:0d:ff:ad:
         7b:2f:0f:1c:fa:3f:71:56:17:0b:1c:ad:4c:ae:b1:cd:f7:34:
         0c:33:45:61:44:2b:28:bf:a2:7e:ef:c0:c1:8f:bd:40:c7:7d:
         25:42:97:43:dd:be:df:a1:96:23:3b:09:0f:d0:3b:78:89:40:
         31:82:92:91:77:aa:59:c2:13:86:35:7a:24:a0:5b:68:d0:83:
         93:c5:48:e4:a5:85:ec:4c:ec:d8:2d:4d:ef:70:79:ce:2a:43:
         8d:9f:3d:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbgq3tzyJfVPrYplmGphfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDMyNmEyMzhhMDNjODkxY2QzMjIwYWU1YmEyNzVjMjM1MmM0MzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYl/GxKJNY+Uc0oAOiySuG5NFGss
237y5xouvA7gtlOwq6tbjnMxIySNmiMIOcEW4lV7J//yOOhQMfJPA7/+CEd61jc/
fSxDBHlhy+gF8bFRXbsM9O10x/v46tQ928W7ouGRxy056HBrOwGou2K3ZsVoODNj
rwPX4vA6BE/qdyMaJYIPu1xFw9GxolsfTNun2SCYNOLntHjwRpYpSyYsJ0wbve+F
+7/oMgf9yVMYV3rRiN9kSLWgMBOu4Vi2ZUVaTiLpHIVyA/ee8SkDmkK//QNB6X7V
CxbkD4qSIu5URS2hfQfe3VyU9tbNWUzwEQIOEBFvoxMrrbkDhR2/qW0QLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN0yaiOKA8iRzTIgrluidcI1LEOKMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvM1RKcUk0b0R5SkhOTWlDdVc2SjF3alVzUTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCJYskAwQC
JYssMA0GCSqGSIb3DQEBCwUAA4IBAQB5vjFXQs63Wfvz78GsDL7S0DPNxhYkEM8w
LXiOKrG5g92sOGtXjPwgSrYW05MU7IZ/ncXOEUCH06Pug4xu3Z3wlez4p5lAomku
H+1luim6w6mi1oF7LG6djpde+hQqiSiMWdnAoEObnYEP7NiQgC1dQHQErHFsFh1z
ah7vIFykAZ9Tuhj3fWPVX2RV1CK6uCka5M42IS7fcATyTbe33dEN/617Lw8c+j9x
VhcLHK1MrrHN9zQMM0VhRCsov6J+78DBj71Ax30lQpdD3b7foZYjOwkP0Dt4iUAx
gpKRd6pZwhOGNXokoFto0IOTxUjkpYXsTOzYLU3vcHnOKkONnz1D
-----END CERTIFICATE-----
Generated at Sun May 12 20:13:25 2024 by rpki-client on console-fra.rpki-client.org