Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rD_SQlr9nwqaKHrfr3i6V9xuEYk.roa
File:                     rD_SQlr9nwqaKHrfr3i6V9xuEYk.roa (raw, json)
Hash identifier:          5sgkwIirQp5SZxCboDMGWEDv1wiDNbOqQc8QYANpKrY=
Subject key identifier:   AC:3F:D2:42:5A:FD:9F:0A:9A:28:7A:DF:AF:78:BA:57:DC:6E:11:89
Certificate issuer:       /CN=adac830ccaa74783dd961fab241a228d7cc6f808
Certificate serial:       018CC3B7472F3A48424729F1940E95DEF7E0
Authority key identifier: AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rD_SQlr9nwqaKHrfr3i6V9xuEYk.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51813
IP address blocks:        37.61.182.0/23 maxlen: 32
                          81.18.140.0/23 maxlen: 32
                          46.20.76.0/22 maxlen: 32
                          193.150.108.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:47:2f:3a:48:42:47:29:f1:94:0e:95:de:f7:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=adac830ccaa74783dd961fab241a228d7cc6f808
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac3fd2425afd9f0a9a287adfaf78ba57dc6e1189
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:f1:c2:dd:5a:3e:17:ff:5a:93:85:85:ab:de:
                    63:99:db:cf:fd:11:08:5f:2f:92:1f:3e:25:5f:14:
                    57:e6:3b:3e:22:90:67:be:3c:c5:a2:f0:c8:84:d3:
                    cd:e7:19:58:2b:82:42:b3:10:ec:7a:23:7a:1a:93:
                    7b:8e:b6:69:23:80:3b:3e:f3:d4:06:b9:a5:86:b0:
                    45:59:fa:af:37:58:07:5d:7f:e4:3d:18:b4:6b:4c:
                    ed:a6:b9:09:fb:54:b7:ef:d8:14:9a:2a:9e:37:58:
                    47:3d:14:4b:cf:ea:89:a0:c1:9a:4e:4d:12:76:00:
                    45:40:df:cb:75:0c:e6:9d:1f:d2:d9:1a:02:3e:15:
                    7f:64:8c:76:1e:7b:38:e2:d2:f7:23:c5:35:13:60:
                    f7:b5:a8:1f:01:c9:0f:6c:40:b2:2c:79:ad:26:77:
                    a2:3a:d0:ef:f4:fd:1a:6c:b6:34:6e:f5:b1:a6:08:
                    a6:57:7a:5c:37:5d:eb:a0:f3:f3:fe:47:6c:7c:4f:
                    68:af:2d:a6:2c:e0:fc:fc:1d:a5:5f:db:7d:50:b7:
                    42:48:08:1d:b1:5b:0f:6a:4c:9d:ec:a0:a3:7f:58:
                    f9:46:4e:d5:6c:45:b8:a0:bf:c7:75:31:2d:53:cd:
                    15:2b:3d:c1:9b:b0:6e:be:9b:96:ed:d8:5c:2c:42:
                    60:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3F:D2:42:5A:FD:9F:0A:9A:28:7A:DF:AF:78:BA:57:DC:6E:11:89
            X509v3 Authority Key Identifier:
                keyid:AD:AC:83:0C:CA:A7:47:83:DD:96:1F:AB:24:1A:22:8D:7C:C6:F8:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rayDDMqnR4Pdlh-rJBoijXzG-Ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rD_SQlr9nwqaKHrfr3i6V9xuEYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/325c8d-d368-4eee-9ca8-929f7d635f4b/1/rayDDMqnR4Pdlh-rJBoijXzG-Ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.182.0/23
                  46.20.76.0/22
                  81.18.140.0/23
                  193.150.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e0:17:fc:3e:40:1f:3d:60:8d:73:f4:76:7e:fd:79:ea:ec:35:
         c0:e8:2d:50:2c:6f:e1:67:7b:2e:ea:5b:9c:e4:c1:5b:f1:92:
         1d:de:c9:5e:31:c1:04:77:94:60:14:d0:45:5a:7b:d0:47:b3:
         6c:c5:82:23:97:db:fc:5e:a6:66:dd:11:6d:d7:6f:1b:9f:e1:
         b4:68:a9:58:f6:d0:83:fe:cc:f8:4f:57:73:6d:17:2e:0e:c4:
         0e:0c:ef:90:51:44:b8:25:69:00:d5:cc:6d:ff:42:fb:1e:53:
         3d:86:fd:8c:ae:44:d2:fb:74:8b:a0:6a:16:b3:53:37:eb:b9:
         e3:f6:48:c6:51:16:4c:14:e3:d8:e7:a7:80:e7:c0:b6:a8:83:
         32:9d:f0:c2:a4:60:71:36:64:51:5b:f1:bb:40:ca:e6:67:da:
         3b:46:72:a0:95:45:70:ff:d5:fa:3a:63:fa:40:ed:ef:e8:da:
         a4:07:f2:64:48:bc:05:40:c8:01:61:24:e6:f9:f1:97:61:15:
         aa:2d:1a:5d:01:cb:70:10:a1:6f:0a:2e:75:00:53:f8:b9:c8:
         66:dc:ca:7a:d6:13:a4:d8:b1:ac:99:41:d1:eb:85:5f:9f:3a:
         93:95:35:49:cf:e6:bf:01:78:8e:6b:3d:92:5f:90:fd:2a:42:
         16:72:83:7a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzDt0cvOkhCRynxlA6V3vfgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkYWM4MzBjY2FhNzQ3ODNkZDk2MWZhYjI0MWEyMjhkN2Nj
NmY4MDgwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNmZDI0MjVhZmQ5ZjBhOWEyODdhZGZhZjc4YmE1N2RjNmUxMTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfHC3Vo+F/9ak4WFq95jmdvP/REI
Xy+SHz4lXxRX5js+IpBnvjzFovDIhNPN5xlYK4JCsxDseiN6GpN7jrZpI4A7PvPU
BrmlhrBFWfqvN1gHXX/kPRi0a0ztprkJ+1S379gUmiqeN1hHPRRLz+qJoMGaTk0S
dgBFQN/LdQzmnR/S2RoCPhV/ZIx2Hns44tL3I8U1E2D3tagfAckPbECyLHmtJnei
OtDv9P0abLY0bvWxpgimV3pcN13roPPz/kdsfE9ory2mLOD8/B2lX9t9ULdCSAgd
sVsPakyd7KCjf1j5Rk7VbEW4oL/HdTEtU80VKz3Bm7BuvpuW7dhcLEJgGQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKw/0kJa/Z8Kmih63694ulfcbhGJMB8GA1UdIwQY
MBaAFK2sgwzKp0eD3ZYfqyQaIo18xvgIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgt
OTI5ZjdkNjM1ZjRiLzEvckRfU1Fscjlud3FhS0hyZnIzaTZWOXh1RVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMjVjOGQtZDM2OC00ZWVlLTljYTgtOTI5ZjdkNjM1ZjRi
LzEvcmF5RERNcW5SNFBkbGgtckpCb2lqWHpHLUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBJT22AwQC
LhRMAwQBURKMAwQCwZZsMA0GCSqGSIb3DQEBCwUAA4IBAQDgF/w+QB89YI1z9HZ+
/Xnq7DXA6C1QLG/hZ3su6luc5MFb8ZId3sleMcEEd5RgFNBFWnvQR7NsxYIjl9v8
XqZm3RFt128bn+G0aKlY9tCD/sz4T1dzbRcuDsQODO+QUUS4JWkA1cxt/0L7HlM9
hv2MrkTS+3SLoGoWs1M367nj9kjGURZMFOPY56eA58C2qIMynfDCpGBxNmRRW/G7
QMrmZ9o7RnKglUVw/9X6OmP6QO3v6NqkB/JkSLwFQMgBYSTm+fGXYRWqLRpdActw
EKFvCi51AFP4uchm3Mp61hOk2LGsmUHR64VfnzqTlTVJz+a/AXiOaz2SX5D9KkIW
coN6
-----END CERTIFICATE-----
Generated at Sat Jun 15 11:07:30 2024 by rpki-client on console-ams.rpki-client.org