Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7Agtm1bXqGamtrjZYcHmUDbSR9Q.roa
File:                     7Agtm1bXqGamtrjZYcHmUDbSR9Q.roa (raw, json)
Hash identifier:          GnJVMYemvCzvCKwLht9O83YGKZG6vR1ZMve8oX3OBx8=
Subject key identifier:   EC:08:2D:9B:56:D7:A8:66:A6:B6:B8:D9:61:C1:E6:50:36:D2:47:D4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       018ED2277F4BA17BCD8955DA391FC839FC39
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7Agtm1bXqGamtrjZYcHmUDbSR9Q.roa
Signing time:             Fri 12 Apr 2024 11:53:07 +0000
ROA not before:           Fri 12 Apr 2024 11:53:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47583
IP address blocks:        37.98.151.0/24 maxlen: 24
                          109.176.196.0/24 maxlen: 24
                          109.176.197.0/24 maxlen: 24
                          109.176.198.0/24 maxlen: 24
                          109.176.199.0/24 maxlen: 24
                          212.38.94.0/24 maxlen: 24
                          212.38.95.0/24 maxlen: 24
                          213.130.144.0/24 maxlen: 24
                          213.130.145.0/24 maxlen: 24
                          213.130.146.0/24 maxlen: 24
                          213.130.147.0/24 maxlen: 24
                          213.210.13.0/24 maxlen: 24
                          213.210.20.0/24 maxlen: 24
                          213.210.21.0/24 maxlen: 24
                          213.210.36.0/24 maxlen: 24
                          213.210.37.0/24 maxlen: 24
                          213.210.57.0/24 maxlen: 24
                          213.218.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:27:7f:4b:a1:7b:cd:89:55:da:39:1f:c8:39:fc:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 12 11:53:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec082d9b56d7a866a6b6b8d961c1e65036d247d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:39:66:69:14:2c:90:a0:d3:0f:d7:c3:60:33:
                    d8:a7:d5:e9:b1:88:06:55:4d:32:d4:44:c4:93:e5:
                    e6:6e:42:6c:72:ac:1a:9a:fa:fc:ed:1b:b5:b4:7d:
                    d5:a1:89:4b:a4:d4:d8:cb:82:05:1b:dd:63:d2:59:
                    a0:cc:75:08:03:62:9a:5e:cf:f6:23:4f:ce:aa:18:
                    5d:a9:9f:c0:90:48:54:a0:f1:b6:7c:4f:cd:01:6c:
                    1c:f5:af:44:6d:e3:a4:e2:58:6e:e1:2d:fb:63:89:
                    92:43:78:0c:68:2e:4f:aa:ee:ff:19:7b:5d:5d:69:
                    e3:de:c9:94:ba:48:d9:1f:28:84:d1:c4:a2:e4:90:
                    20:f0:5c:59:3d:94:34:7b:e4:a9:c6:17:48:ab:1c:
                    2e:56:ea:63:3c:46:19:c5:09:3f:73:01:69:4e:8b:
                    c5:62:fe:dd:00:46:e6:6f:4d:f2:60:1a:ca:29:2a:
                    c8:83:ec:04:46:c1:10:d3:50:29:e9:6d:10:6a:ed:
                    e3:f0:40:ea:b2:a2:d4:48:54:73:7b:a4:46:70:fc:
                    ab:f5:0d:42:4b:90:57:1d:ba:ab:e0:28:89:1c:9d:
                    41:bb:a4:46:bc:40:4a:ff:15:df:20:3c:66:fd:a5:
                    c4:a8:91:4f:ee:ac:24:f1:90:5a:a5:6e:13:a2:f4:
                    ad:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:08:2D:9B:56:D7:A8:66:A6:B6:B8:D9:61:C1:E6:50:36:D2:47:D4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/7Agtm1bXqGamtrjZYcHmUDbSR9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.151.0/24
                  109.176.196.0/22
                  212.38.94.0/23
                  213.130.144.0/22
                  213.210.13.0/24
                  213.210.20.0/23
                  213.210.36.0/23
                  213.210.57.0/24
                  213.218.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:09:f5:ad:3c:d0:d3:c4:5d:76:e9:03:71:ac:12:d6:d4:1f:
         ff:85:e1:92:73:be:01:b3:38:b1:e4:fc:e5:e9:17:61:d9:ae:
         7a:ef:5e:3b:37:a5:9e:53:db:a0:83:b8:1a:34:d6:97:e8:5b:
         ac:43:4f:b8:cd:28:0a:dd:5f:4a:54:96:08:2e:ce:a9:e0:55:
         21:0e:68:d5:99:05:ce:3b:cf:35:85:a8:f6:96:cd:6a:29:b1:
         1a:ca:37:c2:ba:a8:d9:2d:36:23:fc:2b:65:90:76:ae:cc:ed:
         69:6d:5f:7b:a7:72:d7:83:7f:15:6b:66:c3:27:10:96:7b:aa:
         6e:22:8f:a8:24:86:53:15:a9:6f:53:ff:5d:3e:ef:9f:d2:b9:
         a5:b0:ab:b5:b7:b7:4e:41:c6:7d:96:11:c3:53:cc:69:5e:97:
         58:86:d2:b8:f3:4d:5f:03:43:da:46:1a:d7:51:13:3b:d0:7c:
         37:15:25:02:a2:08:e5:a6:67:f6:82:e5:f4:90:8a:db:e0:12:
         65:5a:12:a3:26:22:6a:63:da:a6:4d:3a:59:c3:16:a0:51:34:
         b1:1c:1a:72:c6:91:4b:7f:33:70:f8:52:2d:15:b5:15:d5:c1:
         a5:2d:21:c3:0f:77:d0:ab:f6:72:4a:10:d0:9e:9c:be:c9:2b:
         69:42:35:25
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY7SJ39LoXvNiVXaOR/IOfw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDEyMTE1MzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA4MmQ5YjU2ZDdhODY2YTZiNmI4ZDk2MWMxZTY1MDM2ZDI0N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzlmaRQskKDTD9fDYDPYp9XpsYgG
VU0y1ETEk+XmbkJscqwamvr87Ru1tH3VoYlLpNTYy4IFG91j0lmgzHUIA2KaXs/2
I0/OqhhdqZ/AkEhUoPG2fE/NAWwc9a9EbeOk4lhu4S37Y4mSQ3gMaC5Pqu7/GXtd
XWnj3smUukjZHyiE0cSi5JAg8FxZPZQ0e+SpxhdIqxwuVupjPEYZxQk/cwFpTovF
Yv7dAEbmb03yYBrKKSrIg+wERsEQ01Ap6W0Qau3j8EDqsqLUSFRze6RGcPyr9Q1C
S5BXHbqr4CiJHJ1Bu6RGvEBK/xXfIDxm/aXEqJFP7qwk8ZBapW4TovStGQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFOwILZtW16hmpra42WHB5lA20kfUMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvN0FndG0xYlhxR2FtdHJqWlljSG1VRGJTUjlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAJWKXAwQC
bbDEAwQB1CZeAwQC1YKQAwQA1dINAwQB1dIUAwQB1dIkAwQA1dI5AwQA1drwMA0G
CSqGSIb3DQEBCwUAA4IBAQCsCfWtPNDTxF126QNxrBLW1B//heGSc74Bszix5Pzl
6Rdh2a567147N6WeU9ugg7gaNNaX6FusQ0+4zSgK3V9KVJYILs6p4FUhDmjVmQXO
O881haj2ls1qKbEayjfCuqjZLTYj/CtlkHauzO1pbV97p3LXg38Va2bDJxCWe6pu
Io+oJIZTFalvU/9dPu+f0rmlsKu1t7dOQcZ9lhHDU8xpXpdYhtK4801fA0PaRhrX
URM70Hw3FSUCogjlpmf2guX0kIrb4BJlWhKjJiJqY9qmTTpZwxagUTSxHBpyxpFL
fzNw+FItFbUV1cGlLSHDD3fQq/ZyShDQnpy+yStpQjUl
-----END CERTIFICATE-----
Generated at Fri Nov 22 09:54:22 2024 by rpki-client on console-ams.rpki-client.org