Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/P6f9sdz98JuNzadRf06PelZEYZ0.roa
File:                     P6f9sdz98JuNzadRf06PelZEYZ0.roa (raw, json)
Hash identifier:          BAeDaPR/U/MalZUcYI2NRlO+jQ2xRgw7CvGICc1jCJs=
Subject key identifier:   3F:A7:FD:B1:DC:FD:F0:9B:8D:CD:A7:51:7F:4E:8F:7A:56:44:61:9D
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       018CC492372F983293DB4EBC2F0D90666207
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/P6f9sdz98JuNzadRf06PelZEYZ0.roa
Signing time:             Mon 01 Jan 2024 10:29:25 +0000
ROA not before:           Mon 01 Jan 2024 10:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:37:2f:98:32:93:db:4e:bc:2f:0d:90:66:62:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 10:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3fa7fdb1dcfdf09b8dcda7517f4e8f7a5644619d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:09:42:88:90:45:a9:69:03:de:e2:83:af:27:
                    c3:a3:83:76:00:42:70:1f:e1:45:8b:4e:48:41:55:
                    e2:95:2d:5f:d6:c4:f9:bb:3f:30:d6:09:8f:8d:16:
                    d9:22:f1:d3:a8:b9:21:e3:25:fe:39:d0:d2:18:89:
                    ed:dd:7a:31:31:68:b6:04:61:03:87:10:79:cb:18:
                    69:5f:da:1b:37:64:a1:ae:6d:10:13:47:93:e5:95:
                    0d:08:c3:84:49:0d:56:91:1d:19:ac:c1:83:65:ac:
                    2a:b4:b7:2f:32:84:92:9e:13:e4:10:36:c6:a3:de:
                    39:c4:f0:e2:42:a7:43:3f:df:32:f5:7e:92:bd:03:
                    ab:a8:d0:3b:29:38:1d:3b:7b:95:dd:c0:76:55:3d:
                    bc:bd:28:cc:31:f4:af:af:85:08:be:83:2a:1d:91:
                    81:b2:ec:54:0a:a8:6c:0d:57:41:d6:64:23:92:6d:
                    e9:86:24:e9:2f:65:4d:8e:b3:b0:98:55:7e:19:c5:
                    0d:12:aa:50:0e:9a:51:cd:55:e5:17:21:14:68:f3:
                    e2:ad:0d:39:16:f8:63:49:fc:f0:6c:17:dd:a8:c8:
                    ad:3b:57:70:ee:20:ce:c6:88:69:f1:60:ea:03:58:
                    ee:14:3f:d0:d0:ba:cd:25:ae:29:cc:e9:27:c6:64:
                    bd:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A7:FD:B1:DC:FD:F0:9B:8D:CD:A7:51:7F:4E:8F:7A:56:44:61:9D
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/P6f9sdz98JuNzadRf06PelZEYZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:56:db:05:11:f8:7a:b5:05:9d:25:f8:b8:93:ed:be:06:44:
         b9:23:d2:d9:10:b0:36:8e:cc:13:93:7a:19:2a:41:fc:c7:ba:
         b1:19:39:eb:9b:51:2b:e2:d6:4c:c5:cf:bc:46:33:14:c9:b4:
         bd:0d:1a:3d:9b:7b:c4:b2:93:9c:f0:15:cd:77:92:7a:a1:a3:
         3c:90:71:8d:8c:a3:d4:80:50:b3:9d:ce:11:72:26:0d:f8:a1:
         a5:c8:47:e9:c1:80:cd:1f:94:d7:24:52:18:b4:c8:9c:ad:54:
         c5:86:42:ee:9a:64:a9:1f:82:88:20:a0:e5:bd:e6:a5:1e:95:
         ee:2a:a4:49:74:46:3d:fe:e6:64:1e:e9:df:a0:36:5c:ff:79:
         7c:76:16:9e:42:e7:01:24:ba:5b:9b:c1:e9:ae:d5:fc:de:83:
         50:3e:fe:90:eb:fd:8f:e4:01:6f:a1:1a:ac:a6:ce:5c:53:a4:
         5b:c4:50:80:7b:de:e8:84:22:25:36:40:40:bf:86:3a:fc:49:
         66:bb:71:58:ae:e3:fb:61:58:6a:d3:d3:cc:08:95:56:09:a3:
         70:5d:6c:18:37:a0:28:42:a2:31:b4:9a:63:14:96:6d:f7:ae:
         3a:9d:af:7d:c0:f4:3d:18:b4:6b:78:e9:c4:79:1f:e8:66:29:
         89:63:d5:fb
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkjcvmDKT2068Lw2QZmIHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjQwMTAxMTAyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmE3ZmRiMWRjZmRmMDliOGRjZGE3NTE3ZjRlOGY3YTU2NDQ2MTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwlCiJBFqWkD3uKDryfDo4N2AEJw
H+FFi05IQVXilS1f1sT5uz8w1gmPjRbZIvHTqLkh4yX+OdDSGInt3XoxMWi2BGED
hxB5yxhpX9obN2Shrm0QE0eT5ZUNCMOESQ1WkR0ZrMGDZawqtLcvMoSSnhPkEDbG
o945xPDiQqdDP98y9X6SvQOrqNA7KTgdO3uV3cB2VT28vSjMMfSvr4UIvoMqHZGB
suxUCqhsDVdB1mQjkm3phiTpL2VNjrOwmFV+GcUNEqpQDppRzVXlFyEUaPPirQ05
FvhjSfzwbBfdqMitO1dw7iDOxohp8WDqA1juFD/Q0LrNJa4pzOknxmS9rQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD+n/bHc/fCbjc2nUX9Oj3pWRGGdMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvUDZmOXNkejk4SnVOemFkUmYwNlBlbFpFWVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQBvVtsFEfh6tQWdJfi4
k+2+BkS5I9LZELA2jswTk3oZKkH8x7qxGTnrm1Er4tZMxc+8RjMUybS9DRo9m3vE
spOc8BXNd5J6oaM8kHGNjKPUgFCznc4RciYN+KGlyEfpwYDNH5TXJFIYtMicrVTF
hkLummSpH4KIIKDlvealHpXuKqRJdEY9/uZkHunfoDZc/3l8dhaeQucBJLpbm8Hp
rtX83oNQPv6Q6/2P5AFvoRqsps5cU6RbxFCAe97ohCIlNkBAv4Y6/Elmu3FYruP7
YVhq09PMCJVWCaNwXWwYN6AoQqIxtJpjFJZt9646na99wPQ9GLRreOnEeR/oZimJ
Y9X7
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:33:11 2024 by rpki-client on console-fra.rpki-client.org