Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/43DuKtgbG447gxcZF5p5U1kh87I.roa
File:                     43DuKtgbG447gxcZF5p5U1kh87I.roa (raw, json)
Hash identifier:          bR6TXVkCgdJnLrIjSeIx3oDz4U12ORRIGTNa6twixqk=
Subject key identifier:   E3:70:EE:2A:D8:1B:1B:8E:3B:83:17:19:17:9A:79:53:59:21:F3:B2
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       018CC492421F52ECF5110CEF220FC40EA102
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/43DuKtgbG447gxcZF5p5U1kh87I.roa
Signing time:             Mon 01 Jan 2024 10:29:28 +0000
ROA not before:           Mon 01 Jan 2024 10:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397240
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:42:1f:52:ec:f5:11:0c:ef:22:0f:c4:0e:a1:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 10:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e370ee2ad81b1b8e3b831719179a79535921f3b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b3:22:9c:8d:ca:46:56:66:7b:4b:30:b1:0e:
                    8c:e1:6b:0d:1c:7d:5f:44:c7:4f:a5:88:95:0d:63:
                    23:91:da:25:18:9d:72:25:ad:7c:ee:ad:e2:2c:8d:
                    bf:e6:90:d9:be:ba:4c:c1:ed:82:17:e2:1c:e0:a5:
                    93:59:04:3b:9e:9d:e1:0b:a0:22:9b:d9:bd:c5:06:
                    af:0c:c4:23:f4:c2:bc:db:a4:45:cd:57:37:60:af:
                    fe:f9:dd:80:db:1d:f2:a9:3a:6c:60:92:0d:19:51:
                    ff:bc:24:25:cd:97:b4:cb:cc:14:ce:52:66:32:98:
                    8d:a1:3b:ea:91:8c:14:49:2a:10:0f:ba:e4:21:c9:
                    8b:4a:3f:46:b7:ff:a7:76:f2:66:cf:82:8b:6d:b7:
                    15:a6:e0:18:63:02:bc:c1:9f:ca:a2:02:cd:92:04:
                    6a:e2:85:7c:72:03:59:bb:9a:da:b8:8b:2c:b6:c0:
                    d3:a5:71:17:c5:db:1a:0e:d2:97:29:84:c8:10:de:
                    f7:b9:64:55:94:f2:e1:6d:93:0b:5e:85:95:ba:b0:
                    26:7c:41:6f:19:6f:86:8d:b6:bb:93:c4:21:c5:27:
                    b9:cc:9f:ad:8e:2e:3a:7d:fa:67:7e:9c:f7:a2:24:
                    4c:ed:2b:0e:9b:9a:d3:c0:69:86:fd:f5:ab:77:f2:
                    d7:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:70:EE:2A:D8:1B:1B:8E:3B:83:17:19:17:9A:79:53:59:21:F3:B2
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/43DuKtgbG447gxcZF5p5U1kh87I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:10:b1:72:45:f2:a3:33:67:d2:0d:05:e6:a4:be:2e:8e:37:
         90:51:f2:29:43:22:3e:8e:d5:e4:13:46:aa:c3:45:d7:c1:73:
         22:e9:25:3f:dc:27:73:a1:2b:ef:d0:69:1d:29:05:74:70:97:
         ec:6c:f2:7d:eb:a4:56:a3:4f:55:39:bd:c6:cb:45:44:64:b1:
         53:40:f6:4c:68:80:71:d0:25:58:a9:ea:e3:08:28:ae:c6:ec:
         8f:f9:c6:56:99:e6:49:d4:ec:a7:f7:89:a7:b2:ca:36:8d:08:
         44:f0:85:a6:0a:40:34:71:24:2e:80:ba:95:93:a6:4a:5d:ca:
         44:e8:ae:70:05:74:25:e2:13:3b:9f:67:d9:02:66:5d:48:dd:
         68:c8:fa:10:e0:44:86:c2:35:8a:df:65:f2:e9:4c:bd:e2:12:
         2d:81:19:7b:3d:03:02:02:d0:e2:25:11:e1:c3:6d:8a:cc:7e:
         55:36:ac:c2:e4:2c:57:6b:0f:da:b5:4d:97:35:34:d8:7e:fa:
         85:8a:52:1c:7c:32:53:79:aa:f2:53:15:d8:65:f9:33:bd:ae:
         32:b9:c0:62:4e:39:b1:e1:61:aa:ab:90:cf:93:48:da:5b:2e:
         b5:79:65:1a:8c:d7:9a:85:92:5c:06:29:ec:4c:4a:ef:d4:e0:
         4a:f8:8e:15
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkkIfUuz1EQzvIg/EDqECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjQwMTAxMTAyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzcwZWUyYWQ4MWIxYjhlM2I4MzE3MTkxNzlhNzk1MzU5MjFmM2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrMinI3KRlZme0swsQ6M4WsNHH1f
RMdPpYiVDWMjkdolGJ1yJa187q3iLI2/5pDZvrpMwe2CF+Ic4KWTWQQ7np3hC6Ai
m9m9xQavDMQj9MK826RFzVc3YK/++d2A2x3yqTpsYJINGVH/vCQlzZe0y8wUzlJm
MpiNoTvqkYwUSSoQD7rkIcmLSj9Gt/+ndvJmz4KLbbcVpuAYYwK8wZ/KogLNkgRq
4oV8cgNZu5rauIsstsDTpXEXxdsaDtKXKYTIEN73uWRVlPLhbZMLXoWVurAmfEFv
GW+Gjba7k8QhxSe5zJ+tji46ffpnfpz3oiRM7SsOm5rTwGmG/fWrd/LXFwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFONw7irYGxuOO4MXGReaeVNZIfOyMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvNDNEdUt0Z2JHNDQ3Z3hjWkY1cDVVMWtoODdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQAoELFyRfKjM2fSDQXm
pL4ujjeQUfIpQyI+jtXkE0aqw0XXwXMi6SU/3CdzoSvv0GkdKQV0cJfsbPJ966RW
o09VOb3Gy0VEZLFTQPZMaIBx0CVYqerjCCiuxuyP+cZWmeZJ1Oyn94mnsso2jQhE
8IWmCkA0cSQugLqVk6ZKXcpE6K5wBXQl4hM7n2fZAmZdSN1oyPoQ4ESGwjWK32Xy
6Uy94hItgRl7PQMCAtDiJRHhw22KzH5VNqzC5CxXaw/atU2XNTTYfvqFilIcfDJT
earyUxXYZfkzva4yucBiTjmx4WGqq5DPk0jaWy61eWUajNeahZJcBinsTErv1OBK
+I4V
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:46:05 2024 by rpki-client on console-fra.rpki-client.org