Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/b816b9-91b0-46da-8e58-91488a34fcc8/1/Odr74CN_IA7I-5ZEpMJ0BMFo070.roa
File:                     Odr74CN_IA7I-5ZEpMJ0BMFo070.roa (raw, json)
Hash identifier:          7h6Fph4qLa+Ev6+Xo2km7tCVhElEyMnVWPPfeaiHMDc=
Subject key identifier:   39:DA:FB:E0:23:7F:20:0E:C8:FB:96:44:A4:C2:74:04:C1:68:D3:BD
Certificate issuer:       /CN=bc9c405f142e53eb67b1c49923ab795e84328c9b
Certificate serial:       018CC8DFA42F1A8EA305D6E29B64DCED3EFB
Authority key identifier: BC:9C:40:5F:14:2E:53:EB:67:B1:C4:99:23:AB:79:5E:84:32:8C:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vJxAXxQuU-tnscSZI6t5XoQyjJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/b816b9-91b0-46da-8e58-91488a34fcc8/1/Odr74CN_IA7I-5ZEpMJ0BMFo070.roa
Signing time:             Tue 02 Jan 2024 06:32:28 +0000
ROA not before:           Tue 02 Jan 2024 06:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50289
IP address blocks:        62.78.32.0/19 maxlen: 24
                          185.142.64.0/22 maxlen: 24
                          37.123.216.0/21 maxlen: 24
                          2a03:a400::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/b816b9-91b0-46da-8e58-91488a34fcc8/1/vJxAXxQuU-tnscSZI6t5XoQyjJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/b816b9-91b0-46da-8e58-91488a34fcc8/1/vJxAXxQuU-tnscSZI6t5XoQyjJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vJxAXxQuU-tnscSZI6t5XoQyjJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a4:2f:1a:8e:a3:05:d6:e2:9b:64:dc:ed:3e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc9c405f142e53eb67b1c49923ab795e84328c9b
        Validity
            Not Before: Jan  2 06:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39dafbe0237f200ec8fb9644a4c27404c168d3bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9e:de:b1:36:80:33:00:af:b7:83:41:43:a8:
                    29:8b:82:b5:f5:b7:90:74:5a:f9:e2:ad:95:96:e6:
                    60:c8:57:77:4b:2f:9c:18:d9:38:9c:59:a2:e8:d5:
                    bd:0f:19:cd:c6:36:d2:46:71:94:67:d7:31:1e:4f:
                    5f:2b:f4:79:60:9e:6c:e2:70:55:a9:71:59:c0:77:
                    ad:31:2a:1a:8a:96:c2:7e:66:5a:c4:af:fe:b0:15:
                    52:74:56:bd:f8:62:5a:77:4b:d0:f2:ac:a4:54:d5:
                    04:9d:6f:c5:d2:e2:6f:a8:c9:6c:10:97:c2:34:0a:
                    96:bb:08:3e:be:45:7a:40:99:33:6a:c5:c1:de:e2:
                    7c:a2:c0:44:ee:6e:f1:59:ac:90:60:41:5d:07:4b:
                    db:62:ba:a1:21:82:d4:38:a0:71:68:ed:3d:00:7a:
                    26:70:f1:eb:9a:a0:8e:ad:39:e5:b9:c3:b9:4e:4b:
                    a1:cb:b9:d3:b7:73:9e:4d:e5:0e:db:99:0e:56:a6:
                    a6:cc:38:99:fa:6c:ba:88:50:9c:54:4b:c3:a9:8f:
                    c3:3d:67:85:bf:37:39:09:83:8b:ae:c9:d1:cd:88:
                    8d:3c:a3:72:2d:b2:47:0d:00:10:17:a4:4d:24:d7:
                    bc:72:be:c4:1b:e0:ba:ea:a2:22:0b:60:2a:9e:43:
                    ab:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:DA:FB:E0:23:7F:20:0E:C8:FB:96:44:A4:C2:74:04:C1:68:D3:BD
            X509v3 Authority Key Identifier:
                keyid:BC:9C:40:5F:14:2E:53:EB:67:B1:C4:99:23:AB:79:5E:84:32:8C:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vJxAXxQuU-tnscSZI6t5XoQyjJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/b816b9-91b0-46da-8e58-91488a34fcc8/1/Odr74CN_IA7I-5ZEpMJ0BMFo070.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/b816b9-91b0-46da-8e58-91488a34fcc8/1/vJxAXxQuU-tnscSZI6t5XoQyjJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.123.216.0/21
                  62.78.32.0/19
                  185.142.64.0/22
                IPv6:
                  2a03:a400::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:98:45:79:52:b1:90:e8:73:01:ba:b8:15:5c:ae:6a:a9:8b:
         9c:26:c4:4c:83:a1:8d:fc:f9:a8:fa:cd:25:5c:27:38:8f:86:
         8a:55:37:32:8a:56:21:12:04:64:7a:d2:91:62:be:14:6b:a0:
         ba:50:ec:fe:e3:56:74:06:62:f1:07:6c:b0:d1:68:0e:7b:e4:
         29:77:f6:06:f1:80:30:7d:c4:18:d0:aa:e9:85:4a:49:2d:48:
         44:4c:68:f6:51:30:8b:b8:4f:2c:53:f5:bc:46:b5:43:30:37:
         c5:d4:56:70:46:39:c1:7b:fd:fe:10:ec:e8:36:25:bb:09:be:
         8d:b8:6e:6e:79:e0:4b:9c:41:1e:c3:06:63:37:6d:44:b8:ca:
         b7:36:73:7c:c3:b8:cb:78:97:58:17:3c:87:d6:59:27:f7:4f:
         ba:71:97:be:d0:f1:00:74:0e:17:ab:5d:71:a6:d7:ba:1f:48:
         8c:62:23:d5:fa:36:2e:9f:3f:a3:0e:08:02:bc:e6:69:77:11:
         91:64:f2:d0:fa:4d:b4:66:01:13:88:1c:4f:8b:1e:be:a5:68:
         56:da:a2:12:0b:63:7f:4b:fd:d7:dc:dc:2a:01:04:ca:0b:7a:
         7c:2b:e4:db:78:76:b8:91:ff:b1:f6:a7:56:15:be:a1:ae:a6:
         87:25:1e:fe
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzI36QvGo6jBdbim2Tc7T77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjOWM0MDVmMTQyZTUzZWI2N2IxYzQ5OTIzYWI3OTVlODQz
MjhjOWIwHhcNMjQwMTAyMDYzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWRhZmJlMDIzN2YyMDBlYzhmYjk2NDRhNGMyNzQwNGMxNjhkM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop7esTaAMwCvt4NBQ6gpi4K19beQ
dFr54q2VluZgyFd3Sy+cGNk4nFmi6NW9DxnNxjbSRnGUZ9cxHk9fK/R5YJ5s4nBV
qXFZwHetMSoaipbCfmZaxK/+sBVSdFa9+GJad0vQ8qykVNUEnW/F0uJvqMlsEJfC
NAqWuwg+vkV6QJkzasXB3uJ8osBE7m7xWayQYEFdB0vbYrqhIYLUOKBxaO09AHom
cPHrmqCOrTnlucO5Tkuhy7nTt3OeTeUO25kOVqamzDiZ+my6iFCcVEvDqY/DPWeF
vzc5CYOLrsnRzYiNPKNyLbJHDQAQF6RNJNe8cr7EG+C66qIiC2AqnkOr9wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDna++AjfyAOyPuWRKTCdATBaNO9MB8GA1UdIwQY
MBaAFLycQF8ULlPrZ7HEmSOreV6EMoybMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkp4QVh4UXVVLXRuc2NTWkk2dDVYb1F5akpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9iODE2YjktOTFiMC00NmRhLThlNTgt
OTE0ODhhMzRmY2M4LzEvT2RyNzRDTl9JQTdJLTVaRXBNSjBCTUZvMDcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9iODE2YjktOTFiMC00NmRhLThlNTgtOTE0ODhhMzRmY2M4
LzEvdkp4QVh4UXVVLXRuc2NTWkk2dDVYb1F5akpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJXvYAwQF
Pk4gAwQCuY5AMA0EAgACMAcDBQAqA6QAMA0GCSqGSIb3DQEBCwUAA4IBAQAUmEV5
UrGQ6HMBurgVXK5qqYucJsRMg6GN/Pmo+s0lXCc4j4aKVTcyilYhEgRketKRYr4U
a6C6UOz+41Z0BmLxB2yw0WgOe+Qpd/YG8YAwfcQY0KrphUpJLUhETGj2UTCLuE8s
U/W8RrVDMDfF1FZwRjnBe/3+EOzoNiW7Cb6NuG5ueeBLnEEewwZjN21EuMq3NnN8
w7jLeJdYFzyH1lkn90+6cZe+0PEAdA4Xq11xpte6H0iMYiPV+jYunz+jDggCvOZp
dxGRZPLQ+k20ZgETiBxPix6+pWhW2qISC2N/S/3X3NwqAQTKC3p8K+TbeHa4kf+x
9qdWFb6hrqaHJR7+
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:51:18 2024 by rpki-client on console-fra.rpki-client.org