Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/Kp0fRX3pae5ujJv3WdnlqBOjWQw.roa
File:                     Kp0fRX3pae5ujJv3WdnlqBOjWQw.roa (raw, json)
Hash identifier:          smvu2VQrAK9kUKobOTALLC4g3t5HTk5hN9xg2k2Dvhk=
Subject key identifier:   2A:9D:1F:45:7D:E9:69:EE:6E:8C:9B:F7:59:D9:E5:A8:13:A3:59:0C
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       018CC4923B97E8ECBC694C43F625B7C98204
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/Kp0fRX3pae5ujJv3WdnlqBOjWQw.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397223
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3b:97:e8:ec:bc:69:4c:43:f6:25:b7:c9:82:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a9d1f457de969ee6e8c9bf759d9e5a813a3590c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b7:d7:9c:9e:e5:90:53:ee:26:50:50:ed:79:
                    24:ea:c5:ed:71:8c:2a:8e:ec:c9:1e:4c:b4:ac:ba:
                    ba:db:be:fa:5f:13:61:e1:19:b7:5f:63:ca:e0:cd:
                    92:a8:01:f4:b0:c8:a3:72:bf:30:2d:67:f1:34:e2:
                    0c:2f:3d:20:18:4c:fb:8a:6d:c4:52:5b:6b:0b:4f:
                    b9:06:e2:87:52:ad:34:51:3d:18:b5:90:1c:b4:3f:
                    a5:a3:98:58:06:97:6b:4b:6a:50:3a:1c:cc:3d:db:
                    de:7a:ee:da:5a:58:2c:23:71:9f:3c:e9:ee:89:02:
                    16:85:85:c4:6b:2a:7d:3e:c8:3d:6b:67:70:a8:5e:
                    c6:d3:ee:74:59:4c:d3:9c:cb:cb:2b:7b:71:38:a0:
                    7e:8a:2d:f4:56:19:63:45:44:c7:c2:64:c9:45:68:
                    30:87:f5:93:59:6c:bd:7e:e7:70:72:9c:2e:a6:20:
                    e5:31:21:e9:38:09:1c:73:b0:7a:ea:d4:1e:45:bb:
                    78:4f:7e:44:0a:a5:c3:70:8a:fe:17:8e:57:60:6f:
                    69:2d:4c:33:7f:41:06:b0:8b:16:a8:94:f3:5f:fe:
                    72:43:a0:8f:ec:e4:9e:2d:70:89:01:5a:95:44:da:
                    da:b9:ff:6a:f1:6d:5d:a2:da:5d:97:b0:3b:42:dc:
                    06:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:9D:1F:45:7D:E9:69:EE:6E:8C:9B:F7:59:D9:E5:A8:13:A3:59:0C
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/Kp0fRX3pae5ujJv3WdnlqBOjWQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:70:e3:fd:e8:00:05:1a:7e:f0:6c:4b:6b:c3:97:2c:da:aa:
         b8:a5:22:b6:6c:f5:41:46:4a:fb:1c:b2:b1:a2:d2:03:27:7d:
         e1:fe:42:88:60:72:46:ad:13:13:ff:1e:26:56:82:15:78:f4:
         f1:62:84:27:5d:bf:0f:1a:90:6d:71:17:6c:f7:d9:43:4d:d2:
         71:58:42:e5:c3:1a:47:78:30:fe:cf:c1:76:77:38:b4:2c:4e:
         26:00:3b:1c:65:53:32:a4:17:28:8e:b2:48:ea:af:09:2e:ab:
         24:f8:d0:5b:74:ad:8b:5f:c6:91:c9:90:24:9b:e4:90:9f:cd:
         d9:eb:42:9f:af:b0:7a:85:c1:5e:7b:12:ae:db:08:03:02:cb:
         24:c3:57:f6:c5:c0:b5:ae:4c:0f:87:67:d5:e7:22:26:2f:5a:
         ba:07:87:f3:41:e1:da:eb:b9:e0:a3:da:2f:00:d5:c6:8b:87:
         02:34:9f:a9:09:18:6c:ba:d5:c4:a7:b2:a2:74:dc:d0:a0:cc:
         d0:50:dc:9c:18:6a:71:53:6f:b5:25:2a:7e:3e:25:9e:64:93:
         e2:98:21:c6:d3:32:c2:f3:d8:ae:be:f8:3d:92:a6:80:00:71:
         5f:d6:c7:66:1f:69:2d:ee:28:46:29:80:d8:35:0f:e3:95:b0:
         c5:16:3c:5f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkjuX6Oy8aUxD9iW3yYIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTlkMWY0NTdkZTk2OWVlNmU4YzliZjc1OWQ5ZTVhODEzYTM1OTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7fXnJ7lkFPuJlBQ7Xkk6sXtcYwq
juzJHky0rLq62776XxNh4Rm3X2PK4M2SqAH0sMijcr8wLWfxNOIMLz0gGEz7im3E
UltrC0+5BuKHUq00UT0YtZActD+lo5hYBpdrS2pQOhzMPdveeu7aWlgsI3GfPOnu
iQIWhYXEayp9Psg9a2dwqF7G0+50WUzTnMvLK3txOKB+ii30VhljRUTHwmTJRWgw
h/WTWWy9fudwcpwupiDlMSHpOAkcc7B66tQeRbt4T35ECqXDcIr+F45XYG9pLUwz
f0EGsIsWqJTzX/5yQ6CP7OSeLXCJAVqVRNrauf9q8W1dotpdl7A7QtwGcQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCqdH0V96Wnuboyb91nZ5agTo1kMMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvS3AwZlJYM3BhZTV1akp2M1dkbmxxQk9qV1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQAOcOP96AAFGn7wbEtr
w5cs2qq4pSK2bPVBRkr7HLKxotIDJ33h/kKIYHJGrRMT/x4mVoIVePTxYoQnXb8P
GpBtcRds99lDTdJxWELlwxpHeDD+z8F2dzi0LE4mADscZVMypBcojrJI6q8JLqsk
+NBbdK2LX8aRyZAkm+SQn83Z60Kfr7B6hcFeexKu2wgDAsskw1f2xcC1rkwPh2fV
5yImL1q6B4fzQeHa67ngo9ovANXGi4cCNJ+pCRhsutXEp7KidNzQoMzQUNycGGpx
U2+1JSp+PiWeZJPimCHG0zLC89iuvvg9kqaAAHFf1sdmH2kt7ihGKYDYNQ/jlbDF
Fjxf
-----END CERTIFICATE-----
Generated at Fri Nov 22 14:40:17 2024 by rpki-client on console-ams.rpki-client.org