Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/z7RmVNBbCREUcp6M3H2zEBG4MtY.roa
File:                     z7RmVNBbCREUcp6M3H2zEBG4MtY.roa (raw, json)
Hash identifier:          UKLD0ookdT771LXoeqD+iQ7cPBMEcvfL246UcYrkjt4=
Subject key identifier:   CF:B4:66:54:D0:5B:09:11:14:72:9E:8C:DC:7D:B3:10:11:B8:32:D6
Certificate issuer:       /CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
Certificate serial:       018CC49238B195EBE35E033D9284300F2907
Authority key identifier: A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/z7RmVNBbCREUcp6M3H2zEBG4MtY.roa
Signing time:             Mon 01 Jan 2024 10:29:26 +0000
ROA not before:           Mon 01 Jan 2024 10:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397217
IP address blocks:        37.209.192.0/24 maxlen: 24
                          37.209.198.0/24 maxlen: 24
                          37.209.194.0/24 maxlen: 24
                          37.209.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:38:b1:95:eb:e3:5e:03:3d:92:84:30:0f:29:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5ae8a3d8bdaabf4765fda79d55eca8c69c8bf2c
        Validity
            Not Before: Jan  1 10:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfb46654d05b091114729e8cdc7db31011b832d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:00:aa:13:07:3b:2d:e6:e6:56:40:30:30:b6:
                    a1:2f:79:ba:d0:81:59:a5:f5:40:b2:da:56:b9:87:
                    63:82:72:b0:9a:1b:d8:2d:60:d3:ad:3f:6a:35:83:
                    c9:26:ec:1f:b1:00:7a:6a:6d:11:66:52:65:5b:3b:
                    e2:ac:c5:93:d3:65:5d:e5:52:22:fa:29:22:d8:cb:
                    d1:1a:a2:13:59:5b:eb:94:de:e2:7d:a8:b4:fd:f0:
                    1e:66:b1:42:7f:39:cc:b8:07:ca:fe:3e:7f:aa:11:
                    33:ec:e2:a8:67:75:8b:7c:20:83:54:99:ad:35:01:
                    74:ca:e3:29:de:f9:2f:37:92:71:26:45:83:78:83:
                    40:9f:65:8b:32:46:a6:fc:22:f3:18:77:26:53:2d:
                    73:8b:e6:77:78:fc:2f:a1:b6:6b:3d:4b:bd:bc:4c:
                    68:2b:cd:7b:14:a8:13:db:cd:db:9a:9c:11:94:c3:
                    dd:19:de:85:66:d3:b2:53:4c:b5:d7:55:55:61:79:
                    dd:e2:81:b3:b9:04:90:5a:15:65:dd:f0:c4:fd:6f:
                    e1:c9:08:55:ee:de:b2:e5:4a:02:66:29:b7:d9:9a:
                    87:d0:60:f2:b1:8f:f3:9f:92:8c:60:df:05:39:b8:
                    94:f8:11:cc:16:a5:ee:6e:a4:ba:59:d8:c9:49:9f:
                    4f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:B4:66:54:D0:5B:09:11:14:72:9E:8C:DC:7D:B3:10:11:B8:32:D6
            X509v3 Authority Key Identifier:
                keyid:A5:AE:8A:3D:8B:DA:AB:F4:76:5F:DA:79:D5:5E:CA:8C:69:C8:BF:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pa6KPYvaq_R2X9p51V7KjGnIvyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/z7RmVNBbCREUcp6M3H2zEBG4MtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/0d280c-9d88-4aea-b521-416f85ee237b/1/pa6KPYvaq_R2X9p51V7KjGnIvyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.192.0/24
                  37.209.194.0/24
                  37.209.196.0/24
                  37.209.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:54:29:44:b6:c3:a5:03:b2:f5:93:4e:91:40:15:3a:57:49:
         e5:a2:62:27:18:74:d3:35:a9:44:85:ac:5e:a7:f4:a7:75:e1:
         8a:eb:03:db:be:11:57:a7:98:3d:91:96:c8:f9:7b:3f:6a:f9:
         d5:cc:8f:49:a5:54:99:93:7d:e2:56:8d:c6:7d:8d:5f:7c:8a:
         99:54:ab:05:0b:01:19:d4:04:7f:1c:19:d0:a7:ea:ea:d7:0c:
         97:49:29:26:2a:76:34:29:97:be:76:d3:ac:50:0c:b0:39:9d:
         d8:9d:a7:65:47:47:f7:ed:68:5d:35:47:8b:b6:13:ac:77:ed:
         c5:ab:7e:95:5b:4a:b1:d9:fc:e5:5c:5b:0e:36:5a:0f:4e:db:
         b7:88:03:17:f3:3f:12:50:8c:90:27:e4:65:e1:50:17:ab:5a:
         36:e0:7f:d7:c6:17:e5:ad:64:9e:f9:bb:49:a1:62:a9:52:37:
         dd:e9:ca:61:d9:5c:69:d8:2b:4d:db:a3:a5:70:e1:f6:9c:f3:
         de:34:d5:db:87:68:b1:13:ad:4b:e3:d7:54:f2:c7:22:9f:67:
         0b:6b:61:e8:40:a5:2d:77:4a:3b:23:b6:9e:09:a8:4c:5f:d6:
         83:73:29:57:b0:67:d0:a2:5e:c2:34:7e:82:a0:bb:f3:b6:b0:
         65:a3:18:da
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzEkjixlevjXgM9koQwDykHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YWU4YTNkOGJkYWFiZjQ3NjVmZGE3OWQ1NWVjYThjNjlj
OGJmMmMwHhcNMjQwMTAxMTAyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmI0NjY1NGQwNWIwOTExMTQ3MjllOGNkYzdkYjMxMDExYjgzMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQCqEwc7LebmVkAwMLahL3m60IFZ
pfVAstpWuYdjgnKwmhvYLWDTrT9qNYPJJuwfsQB6am0RZlJlWzvirMWT02Vd5VIi
+iki2MvRGqITWVvrlN7ifai0/fAeZrFCfznMuAfK/j5/qhEz7OKoZ3WLfCCDVJmt
NQF0yuMp3vkvN5JxJkWDeINAn2WLMkam/CLzGHcmUy1zi+Z3ePwvobZrPUu9vExo
K817FKgT283bmpwRlMPdGd6FZtOyU0y111VVYXnd4oGzuQSQWhVl3fDE/W/hyQhV
7t6y5UoCZim32ZqH0GDysY/zn5KMYN8FObiU+BHMFqXubqS6WdjJSZ9PBwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFM+0ZlTQWwkRFHKejNx9sxARuDLWMB8GA1UdIwQY
MBaAFKWuij2L2qv0dl/aedVeyoxpyL8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEt
NDE2Zjg1ZWUyMzdiLzEvejdSbVZOQmJDUkVVY3A2TTNIMnpFQkc0TXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8wZDI4MGMtOWQ4OC00YWVhLWI1MjEtNDE2Zjg1ZWUyMzdi
LzEvcGE2S1BZdmFxX1IyWDlwNTFWN0tqR25Jdnl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAJdHAAwQA
JdHCAwQAJdHEAwQAJdHGMA0GCSqGSIb3DQEBCwUAA4IBAQBEVClEtsOlA7L1k06R
QBU6V0nlomInGHTTNalEhaxep/SndeGK6wPbvhFXp5g9kZbI+Xs/avnVzI9JpVSZ
k33iVo3GfY1ffIqZVKsFCwEZ1AR/HBnQp+rq1wyXSSkmKnY0KZe+dtOsUAywOZ3Y
nadlR0f37WhdNUeLthOsd+3Fq36VW0qx2fzlXFsONloPTtu3iAMX8z8SUIyQJ+Rl
4VAXq1o24H/XxhflrWSe+btJoWKpUjfd6cph2Vxp2CtN26OlcOH2nPPeNNXbh2ix
E61L49dU8scin2cLa2HoQKUtd0o7I7aeCahMX9aDcylXsGfQol7CNH6CoLvztrBl
oxja
-----END CERTIFICATE-----
Generated at Fri Nov 22 13:46:05 2024 by rpki-client on console-fra.rpki-client.org