Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/31f8a0-7e95-4fe2-8809-f78bdb6f60c2/1/dCNGQg0bSZ9_K-8kAfOnfNKrpEs.roa
File:                     dCNGQg0bSZ9_K-8kAfOnfNKrpEs.roa (raw, json)
Hash identifier:          47XR4OCRwYI+DIU6u4Q6vkF75ZolnntzGy9YGIp2f4M=
Subject key identifier:   74:23:46:42:0D:1B:49:9F:7F:2B:EF:24:01:F3:A7:7C:D2:AB:A4:4B
Certificate issuer:       /CN=80ebaf2cba8359438e434123dda7a5a396f5f519
Certificate serial:       018CC79433710004E25D1467AB20FAFF110E
Authority key identifier: 80:EB:AF:2C:BA:83:59:43:8E:43:41:23:DD:A7:A5:A3:96:F5:F5:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gOuvLLqDWUOOQ0Ej3aelo5b19Rk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/31f8a0-7e95-4fe2-8809-f78bdb6f60c2/1/dCNGQg0bSZ9_K-8kAfOnfNKrpEs.roa
Signing time:             Tue 02 Jan 2024 00:30:27 +0000
ROA not before:           Tue 02 Jan 2024 00:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        37.205.2.0/24 maxlen: 24
                          37.205.1.0/24 maxlen: 24
                          37.205.0.0/24 maxlen: 24
                          37.205.4.0/24 maxlen: 24
                          37.205.3.0/24 maxlen: 24
                          37.205.7.0/24 maxlen: 24
                          37.205.6.0/24 maxlen: 24
                          37.205.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/31f8a0-7e95-4fe2-8809-f78bdb6f60c2/1/gOuvLLqDWUOOQ0Ej3aelo5b19Rk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/31f8a0-7e95-4fe2-8809-f78bdb6f60c2/1/gOuvLLqDWUOOQ0Ej3aelo5b19Rk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gOuvLLqDWUOOQ0Ej3aelo5b19Rk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:33:71:00:04:e2:5d:14:67:ab:20:fa:ff:11:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80ebaf2cba8359438e434123dda7a5a396f5f519
        Validity
            Not Before: Jan  2 00:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=742346420d1b499f7f2bef2401f3a77cd2aba44b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:13:1e:f1:7e:88:1f:e8:59:ac:bf:d3:73:38:
                    f4:cc:a8:15:9b:5b:e2:1e:bc:ca:38:58:a0:45:e3:
                    40:2c:84:aa:df:f6:56:2c:39:df:4c:75:97:5d:de:
                    01:d4:12:70:5b:01:7e:ba:1b:06:19:93:58:a1:2d:
                    f2:1a:92:ba:4c:0a:92:15:38:8a:ee:48:cd:a5:cd:
                    6d:9b:bb:4d:b9:b8:82:90:5d:9f:a7:4a:42:77:4e:
                    4e:8d:53:ed:c3:2c:eb:24:d5:4a:16:4f:0d:35:64:
                    ed:24:3c:72:59:0a:b7:f9:c8:98:b5:62:88:49:cb:
                    e8:33:af:9a:6b:e4:58:cb:60:c1:77:2c:c4:82:7a:
                    15:9d:63:f1:85:bf:3d:e4:a1:71:cc:5d:95:3c:27:
                    9a:6e:23:2f:ea:4f:62:00:a1:58:59:95:d2:4c:2d:
                    c8:14:d3:bc:33:5d:ac:a7:6e:3c:74:57:7b:36:34:
                    7f:24:d0:1a:72:d7:a1:d8:78:60:17:f7:06:a6:04:
                    51:94:a6:a5:41:35:f5:ad:1c:31:37:93:6b:c3:3d:
                    75:81:8e:0c:19:ef:11:5c:8d:5f:9f:75:13:3b:74:
                    12:5e:85:42:b7:5d:65:78:5b:32:68:35:03:91:0a:
                    c6:a4:ae:36:4f:2b:0b:89:20:26:9c:23:60:d4:5a:
                    9f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:23:46:42:0D:1B:49:9F:7F:2B:EF:24:01:F3:A7:7C:D2:AB:A4:4B
            X509v3 Authority Key Identifier:
                keyid:80:EB:AF:2C:BA:83:59:43:8E:43:41:23:DD:A7:A5:A3:96:F5:F5:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gOuvLLqDWUOOQ0Ej3aelo5b19Rk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/31f8a0-7e95-4fe2-8809-f78bdb6f60c2/1/dCNGQg0bSZ9_K-8kAfOnfNKrpEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/31f8a0-7e95-4fe2-8809-f78bdb6f60c2/1/gOuvLLqDWUOOQ0Ej3aelo5b19Rk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.205.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         18:6c:14:56:d4:a1:96:c2:1c:2f:c6:45:11:1b:f9:6d:87:4f:
         bb:d9:6f:25:64:18:8a:45:7e:5e:47:69:a8:76:4c:25:83:bd:
         5c:8b:e5:6f:33:e5:49:81:0d:3c:24:96:0d:94:13:fb:84:49:
         91:21:22:aa:e7:a8:7a:d3:b7:2f:52:d4:00:4f:a2:b3:38:7a:
         ec:5d:4e:90:7f:1b:3a:c0:c5:1c:bb:f6:ae:f6:ef:f6:82:f5:
         d0:94:b5:91:14:ab:f5:4d:09:0d:48:7b:f1:42:ef:67:cd:e5:
         ce:98:15:0b:16:e1:4c:be:64:13:ff:af:0b:3a:a2:2a:33:57:
         a4:a1:57:78:3a:3a:b6:18:7c:83:ad:39:ed:ab:0b:0a:6a:03:
         d2:5b:cd:aa:42:55:e8:e8:af:1f:46:9d:d8:df:4c:c2:80:1a:
         04:d0:6f:6d:e6:48:b2:72:db:e1:0e:5b:08:76:66:79:bf:fc:
         60:c2:b5:5f:05:08:b2:8b:a5:cf:9c:b5:95:6f:18:50:07:7c:
         ff:2f:44:99:ce:89:14:ad:74:7a:70:20:75:f3:3c:a6:ec:55:
         57:9f:37:74:33:43:76:f5:a6:da:be:9f:5a:2d:13:de:dc:3f:
         8a:d9:ce:af:db:9c:b3:aa:fc:31:59:3d:08:46:7a:d0:8d:6f:
         89:ea:b1:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlDNxAATiXRRnqyD6/xEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZWJhZjJjYmE4MzU5NDM4ZTQzNDEyM2RkYTdhNWEzOTZm
NWY1MTkwHhcNMjQwMTAyMDAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDIzNDY0MjBkMWI0OTlmN2YyYmVmMjQwMWYzYTc3Y2QyYWJhNDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhMe8X6IH+hZrL/Tczj0zKgVm1vi
HrzKOFigReNALISq3/ZWLDnfTHWXXd4B1BJwWwF+uhsGGZNYoS3yGpK6TAqSFTiK
7kjNpc1tm7tNubiCkF2fp0pCd05OjVPtwyzrJNVKFk8NNWTtJDxyWQq3+ciYtWKI
ScvoM6+aa+RYy2DBdyzEgnoVnWPxhb895KFxzF2VPCeabiMv6k9iAKFYWZXSTC3I
FNO8M12sp248dFd7NjR/JNAacteh2HhgF/cGpgRRlKalQTX1rRwxN5Nrwz11gY4M
Ge8RXI1fn3UTO3QSXoVCt11leFsyaDUDkQrGpK42TysLiSAmnCNg1FqfbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQjRkING0mffyvvJAHzp3zSq6RLMB8GA1UdIwQY
MBaAFIDrryy6g1lDjkNBI92npaOW9fUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ091dkxMcURXVU9PUTBFajNhZWxvNWIxOVJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMWY4YTAtN2U5NS00ZmUyLTg4MDkt
Zjc4YmRiNmY2MGMyLzEvZENOR1FnMGJTWjlfSy04a0FmT25mTktycEVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMWY4YTAtN2U5NS00ZmUyLTg4MDktZjc4YmRiNmY2MGMy
LzEvZ091dkxMcURXVU9PUTBFajNhZWxvNWIxOVJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJc0AMA0G
CSqGSIb3DQEBCwUAA4IBAQAYbBRW1KGWwhwvxkURG/lth0+72W8lZBiKRX5eR2mo
dkwlg71ci+VvM+VJgQ08JJYNlBP7hEmRISKq56h607cvUtQAT6KzOHrsXU6Qfxs6
wMUcu/au9u/2gvXQlLWRFKv1TQkNSHvxQu9nzeXOmBULFuFMvmQT/68LOqIqM1ek
oVd4Ojq2GHyDrTntqwsKagPSW82qQlXo6K8fRp3Y30zCgBoE0G9t5kiyctvhDlsI
dmZ5v/xgwrVfBQiyi6XPnLWVbxhQB3z/L0SZzokUrXR6cCB18zym7FVXnzd0M0N2
9abavp9aLRPe3D+K2c6v25yzqvwxWT0IRnrQjW+J6rF0
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:45:59 2024 by rpki-client on console-ams.rpki-client.org