Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/1QwLR1UctK3PB4J_sy5g4kgL3WQ.roa
File:                     1QwLR1UctK3PB4J_sy5g4kgL3WQ.roa (raw, json)
Hash identifier:          duwpz/NwxPr47Bu2I8mL85e5TLeFWtBs3LSRmBnblAQ=
Subject key identifier:   D5:0C:0B:47:55:1C:B4:AD:CF:07:82:7F:B3:2E:60:E2:48:0B:DD:64
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       018CC492416A186DA4DBC5004B1CF0097FBD
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/1QwLR1UctK3PB4J_sy5g4kgL3WQ.roa
Signing time:             Mon 01 Jan 2024 10:29:28 +0000
ROA not before:           Mon 01 Jan 2024 10:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397237
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:41:6a:18:6d:a4:db:c5:00:4b:1c:f0:09:7f:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 10:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d50c0b47551cb4adcf07827fb32e60e2480bdd64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fe:20:f7:a4:cd:67:5e:fa:31:08:82:f3:a4:
                    0a:a2:82:97:1d:e9:18:61:23:39:3d:95:62:43:8f:
                    bf:8d:09:a1:f2:c4:dd:4c:21:31:b1:59:76:61:65:
                    9e:51:b2:b6:9e:6b:86:d3:de:43:0c:72:39:e8:43:
                    54:1d:d4:a1:b4:86:2b:88:18:68:f9:56:42:69:83:
                    5b:2a:28:77:4d:90:b3:92:66:83:3f:1c:8d:44:24:
                    4f:5b:e0:50:0f:e9:39:cb:f7:8c:44:c0:9e:4d:44:
                    6b:3a:79:3a:71:fe:d9:66:c4:8c:5b:20:ec:8a:2d:
                    8c:f5:7c:27:ac:4c:17:1b:39:40:64:c1:ea:59:18:
                    6e:45:d3:f6:db:33:8a:c2:3b:c7:e9:eb:e0:65:fb:
                    08:e2:0c:23:f3:0f:f9:ca:21:09:a8:5d:bd:57:5f:
                    38:28:3d:8d:5c:88:13:6b:1c:54:97:a2:69:df:25:
                    f0:f9:d2:9a:0c:68:e5:d6:ae:0d:8b:e0:03:aa:b8:
                    bd:05:af:a6:ca:5f:cd:8d:55:3b:b2:ed:e2:f5:39:
                    67:8f:c7:8a:0b:c5:4a:54:22:01:a8:45:8e:bd:bc:
                    01:3a:be:18:45:59:bf:7a:dc:cb:89:5a:13:16:85:
                    eb:7c:0a:f0:55:fe:a2:73:e7:1c:c2:c9:60:10:e1:
                    7a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:0C:0B:47:55:1C:B4:AD:CF:07:82:7F:B3:2E:60:E2:48:0B:DD:64
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/1QwLR1UctK3PB4J_sy5g4kgL3WQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:35:b3:88:41:20:69:f7:70:86:b2:bd:da:18:2f:39:84:da:
         b6:0f:fc:2c:20:aa:0c:c1:73:64:71:cc:47:5e:2d:dd:38:11:
         09:8d:7d:23:80:1a:36:ac:98:45:69:6e:4d:91:69:4d:48:1a:
         ff:38:93:58:52:bc:ce:4e:19:5a:b6:44:aa:c5:48:75:4b:99:
         d1:14:fa:41:41:41:69:3a:ec:2a:05:fd:3e:cb:07:a3:3e:b5:
         e9:67:61:6f:80:3f:e7:21:78:e9:3b:f3:ac:43:8c:1a:45:37:
         93:3d:61:48:95:16:00:bd:02:b5:cb:9e:0b:8d:71:44:93:01:
         98:fe:3d:0c:02:db:45:26:59:78:6a:66:49:f4:1a:7c:f9:15:
         ff:a7:38:f3:b7:b1:c9:f7:7b:2b:d4:6e:f0:bb:bf:b9:9e:76:
         8d:8e:77:87:96:57:21:65:f4:72:6f:61:71:b4:f3:0a:52:60:
         34:ca:94:7f:d4:ab:6b:08:e8:80:32:19:46:08:4e:af:e4:24:
         f7:f9:45:74:38:be:f8:14:c0:88:e7:01:e7:77:84:cc:6a:1e:
         49:94:01:0d:c6:9e:db:c7:46:b1:ed:9e:f2:47:65:e7:f1:51:
         69:ad:69:2f:45:f6:ee:a9:fc:f4:a4:35:e8:d2:10:f3:7d:1b:
         69:0b:f5:40
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkkFqGG2k28UASxzwCX+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjQwMTAxMTAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTBjMGI0NzU1MWNiNGFkY2YwNzgyN2ZiMzJlNjBlMjQ4MGJkZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2f4g96TNZ176MQiC86QKooKXHekY
YSM5PZViQ4+/jQmh8sTdTCExsVl2YWWeUbK2nmuG095DDHI56ENUHdShtIYriBho
+VZCaYNbKih3TZCzkmaDPxyNRCRPW+BQD+k5y/eMRMCeTURrOnk6cf7ZZsSMWyDs
ii2M9XwnrEwXGzlAZMHqWRhuRdP22zOKwjvH6evgZfsI4gwj8w/5yiEJqF29V184
KD2NXIgTaxxUl6Jp3yXw+dKaDGjl1q4Ni+ADqri9Ba+myl/NjVU7su3i9Tlnj8eK
C8VKVCIBqEWOvbwBOr4YRVm/etzLiVoTFoXrfArwVf6ic+ccwslgEOF61wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNUMC0dVHLStzweCf7MuYOJIC91kMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvMVF3TFIxVWN0SzNQQjRKX3N5NWc0a2dMM1dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQBpNbOIQSBp93CGsr3a
GC85hNq2D/wsIKoMwXNkccxHXi3dOBEJjX0jgBo2rJhFaW5NkWlNSBr/OJNYUrzO
ThlatkSqxUh1S5nRFPpBQUFpOuwqBf0+ywejPrXpZ2FvgD/nIXjpO/OsQ4waRTeT
PWFIlRYAvQK1y54LjXFEkwGY/j0MAttFJll4amZJ9Bp8+RX/pzjzt7HJ93sr1G7w
u7+5nnaNjneHllchZfRyb2FxtPMKUmA0ypR/1KtrCOiAMhlGCE6v5CT3+UV0OL74
FMCI5wHnd4TMah5JlAENxp7bx0ax7Z7yR2Xn8VFprWkvRfbuqfz0pDXo0hDzfRtp
C/VA
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:46:05 2024 by rpki-client on console-fra.rpki-client.org