Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/RFfxaapS_vQyrkmmZQLFY15hv-g.roa
File:                     RFfxaapS_vQyrkmmZQLFY15hv-g.roa (raw, json)
Hash identifier:          DEUr0gAJ4rUsedletVyiNORU5Ow9A+cqDNsw8cJq7hY=
Subject key identifier:   44:57:F1:69:AA:52:FE:F4:32:AE:49:A6:65:02:C5:63:5E:61:BF:E8
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       018CC2DB0681F61490D0D0A712D03F999194
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/RFfxaapS_vQyrkmmZQLFY15hv-g.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60558
IP address blocks:        37.140.239.0/24 maxlen: 24
                          37.140.238.0/24 maxlen: 24
                          185.28.188.0/24 maxlen: 24
                          185.28.191.0/24 maxlen: 24
                          185.28.190.0/24 maxlen: 24
                          185.28.189.0/24 maxlen: 24
                          2a00:8860:100::/40 maxlen: 64
                          2a00:8861:100::/40 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:06:81:f6:14:90:d0:d0:a7:12:d0:3f:99:91:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4457f169aa52fef432ae49a66502c5635e61bfe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:0d:ad:28:57:ce:5e:92:4e:9e:ba:f1:7a:5e:
                    a0:e5:6d:d4:bb:79:b9:13:41:20:53:b2:33:1b:62:
                    82:07:95:de:7d:4a:16:75:3d:2c:89:83:de:47:32:
                    94:a0:45:e6:97:06:1b:7b:a8:97:1e:a6:bc:e9:12:
                    f4:3c:82:ba:7c:f7:1d:6d:ab:6d:95:13:66:f6:df:
                    c3:6a:ea:cc:57:dd:51:64:aa:1c:6d:d1:51:e0:af:
                    b4:8e:85:86:7f:37:55:14:07:8c:76:10:73:01:ad:
                    35:06:ba:7b:ff:b9:07:75:4a:1d:c9:5e:82:e0:aa:
                    16:5e:a7:c3:ef:82:0d:9e:e6:d1:5e:5d:62:e1:f4:
                    ca:15:ed:43:51:45:ed:05:24:24:cb:9f:fa:1b:27:
                    ce:a9:dc:29:3d:97:b7:4c:8b:e2:89:38:df:38:fa:
                    13:60:04:c3:7c:bf:29:02:0e:f7:e2:8f:60:8e:39:
                    ef:4f:b3:d2:3d:59:77:ca:0e:f9:12:28:6c:3d:b9:
                    0d:a5:99:9e:de:04:ea:13:89:43:16:35:ee:e7:65:
                    09:5e:c1:af:bd:6c:89:ff:40:b4:fa:71:89:21:2b:
                    cd:1f:32:89:33:f6:dd:1b:ca:00:58:cb:60:93:0e:
                    05:ad:29:54:96:f5:59:c1:e4:68:46:d3:5a:9c:38:
                    f1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:57:F1:69:AA:52:FE:F4:32:AE:49:A6:65:02:C5:63:5E:61:BF:E8
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/RFfxaapS_vQyrkmmZQLFY15hv-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.238.0/23
                  185.28.188.0/22
                IPv6:
                  2a00:8860:100::/40
                  2a00:8861:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         43:74:db:0d:66:90:ee:96:bd:ae:ed:e1:db:ea:33:c8:9b:bb:
         96:40:58:c0:4d:4e:e4:99:a1:62:7f:1c:eb:f5:8f:7d:24:55:
         cc:6e:1f:8b:40:05:a6:19:32:23:e3:69:bb:a4:29:be:1e:75:
         a3:b4:c7:f8:d8:97:11:5e:54:e5:9d:e6:41:ff:4d:04:1a:50:
         be:f5:39:59:62:c0:c9:15:e1:17:99:39:bc:d7:ad:03:d5:2b:
         e9:3c:5a:0f:c0:39:97:d9:66:c9:be:eb:a1:5b:ae:f1:f2:67:
         38:91:52:d9:9c:df:e9:3a:3e:3f:92:1f:c7:cb:10:84:52:9f:
         34:42:70:f7:59:ef:aa:e7:69:7b:b5:48:43:5b:09:0f:a3:da:
         12:bb:83:3d:f6:eb:e4:94:47:ae:de:cc:21:fe:bf:09:e8:bc:
         98:82:3a:22:c5:59:5b:d4:3c:39:09:09:b6:2e:31:7f:b6:e5:
         cd:50:e7:b9:97:5f:e2:79:22:2b:eb:41:3a:d9:fc:4d:ae:38:
         fd:d4:03:98:cc:7b:93:2d:9c:cb:8e:c8:e5:cd:f7:0b:9d:dd:
         2b:b4:0d:27:24:34:7c:d6:06:5d:51:0e:11:cf:1d:eb:87:21:
         1d:c1:ba:94:ba:ad:e9:a6:d3:11:e8:82:78:e8:c1:1b:da:e6:
         ed:d0:b6:1f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzC2waB9hSQ0NCnEtA/mZGUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDU3ZjE2OWFhNTJmZWY0MzJhZTQ5YTY2NTAyYzU2MzVlNjFiZmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlw2tKFfOXpJOnrrxel6g5W3Uu3m5
E0EgU7IzG2KCB5XefUoWdT0siYPeRzKUoEXmlwYbe6iXHqa86RL0PIK6fPcdbatt
lRNm9t/DaurMV91RZKocbdFR4K+0joWGfzdVFAeMdhBzAa01Brp7/7kHdUodyV6C
4KoWXqfD74INnubRXl1i4fTKFe1DUUXtBSQky5/6GyfOqdwpPZe3TIviiTjfOPoT
YATDfL8pAg734o9gjjnvT7PSPVl3yg75EihsPbkNpZme3gTqE4lDFjXu52UJXsGv
vWyJ/0C0+nGJISvNHzKJM/bdG8oAWMtgkw4FrSlUlvVZweRoRtNanDjxJQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFERX8WmqUv70Mq5JpmUCxWNeYb/oMB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvUkZmeGFhcFNfdlF5cmttbVpRTEZZMTVodi1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQBJYzuAwQC
uRy8MBYEAgACMBADBgAqAIhgAQMGACoAiGEBMA0GCSqGSIb3DQEBCwUAA4IBAQBD
dNsNZpDulr2u7eHb6jPIm7uWQFjATU7kmaFifxzr9Y99JFXMbh+LQAWmGTIj42m7
pCm+HnWjtMf42JcRXlTlneZB/00EGlC+9TlZYsDJFeEXmTm8160D1SvpPFoPwDmX
2WbJvuuhW67x8mc4kVLZnN/pOj4/kh/HyxCEUp80QnD3We+q52l7tUhDWwkPo9oS
u4M99uvklEeu3swh/r8J6LyYgjoixVlb1Dw5CQm2LjF/tuXNUOe5l1/ieSIr60E6
2fxNrjj91AOYzHuTLZzLjsjlzfcLnd0rtA0nJDR81gZdUQ4Rzx3rhyEdwbqUuq3p
ptMR6IJ46MEb2ubt0LYf
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:53:12 2024 by rpki-client on console-ams.rpki-client.org