Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/w1TKgrC3zeAYLl6lWzFac_PVlYU.roa
File:                     w1TKgrC3zeAYLl6lWzFac_PVlYU.roa (raw, json)
Hash identifier:          0SyDAl3bDi42oV5IFi9YRjkq9RVFLarxurDnYrtDhGg=
Subject key identifier:   C3:54:CA:82:B0:B7:CD:E0:18:2E:5E:A5:5B:31:5A:73:F3:D5:95:85
Certificate issuer:       /CN=07da339e5cd3c1be02ce6802a0421856aa0b547b
Certificate serial:       018CC8701BC2D970F25395528DE0E9389839
Authority key identifier: 07:DA:33:9E:5C:D3:C1:BE:02:CE:68:02:A0:42:18:56:AA:0B:54:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9oznlzTwb4CzmgCoEIYVqoLVHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/w1TKgrC3zeAYLl6lWzFac_PVlYU.roa
Signing time:             Tue 02 Jan 2024 04:30:39 +0000
ROA not before:           Tue 02 Jan 2024 04:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        37.1.160.0/21 maxlen: 24
                          37.252.104.0/21 maxlen: 24
                          185.19.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/B9oznlzTwb4CzmgCoEIYVqoLVHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/B9oznlzTwb4CzmgCoEIYVqoLVHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9oznlzTwb4CzmgCoEIYVqoLVHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:1b:c2:d9:70:f2:53:95:52:8d:e0:e9:38:98:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07da339e5cd3c1be02ce6802a0421856aa0b547b
        Validity
            Not Before: Jan  2 04:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c354ca82b0b7cde0182e5ea55b315a73f3d59585
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:3b:d2:f7:9a:e6:35:17:43:a9:81:38:0b:5d:
                    05:52:dc:bd:d4:6e:10:d4:66:6a:76:68:a2:fd:08:
                    46:68:fb:8a:60:2c:7b:df:77:f2:fd:10:44:dd:8c:
                    bf:21:68:30:b7:42:9b:e8:de:05:86:02:c5:95:32:
                    b9:c5:6e:95:98:9c:af:9b:54:66:a2:64:68:9f:47:
                    55:ed:8c:ba:88:9b:6b:49:d9:e3:2a:86:22:e1:fc:
                    af:1a:6c:05:19:56:68:6f:bc:c8:3f:a5:54:ed:08:
                    a3:1b:67:2c:7a:73:24:fa:f4:79:51:3c:f1:1b:f6:
                    4d:f6:c8:80:fc:5d:c4:14:e0:88:18:6d:a4:82:aa:
                    5f:8b:12:5e:0a:92:7e:b8:0a:80:c9:1a:c6:17:64:
                    12:6f:38:47:33:95:2a:b0:15:d8:29:8c:75:8e:4e:
                    4e:5b:79:79:4f:d8:cb:ac:a7:56:cb:a7:ba:f5:be:
                    27:f1:fa:27:98:04:8d:81:2d:0a:76:e1:ba:45:37:
                    b5:2b:6b:be:90:92:8b:28:eb:8a:25:03:8f:70:78:
                    a3:d6:5c:9e:5d:d8:f2:40:6b:d9:eb:37:e5:b4:d6:
                    1e:09:92:44:06:87:e0:d5:b7:7f:70:18:24:5f:7b:
                    f8:0d:5a:3f:05:64:5d:e8:21:06:de:d5:f0:52:b3:
                    b9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:54:CA:82:B0:B7:CD:E0:18:2E:5E:A5:5B:31:5A:73:F3:D5:95:85
            X509v3 Authority Key Identifier:
                keyid:07:DA:33:9E:5C:D3:C1:BE:02:CE:68:02:A0:42:18:56:AA:0B:54:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9oznlzTwb4CzmgCoEIYVqoLVHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/w1TKgrC3zeAYLl6lWzFac_PVlYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/B9oznlzTwb4CzmgCoEIYVqoLVHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.1.160.0/21
                  37.252.104.0/21
                  185.19.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:48:e6:2b:e1:59:f7:6d:1d:b3:d3:c6:0f:c3:e7:50:5c:b4:
         cb:25:dc:b9:3d:f6:74:df:1d:b8:11:12:86:ed:a6:d1:b4:20:
         e4:a7:48:9e:a5:96:ea:7d:f8:d7:0f:0d:3f:9e:3e:2c:8b:37:
         20:fd:9a:a5:3e:69:ca:39:c7:08:6c:22:82:6d:f8:0f:65:09:
         0a:43:a2:83:61:0a:88:53:72:3e:33:23:de:8d:60:7e:f1:53:
         55:7c:21:20:50:8c:18:4e:e1:36:82:72:9d:72:76:37:a7:f5:
         e5:76:92:f6:74:b9:4d:3e:17:cd:24:8c:5d:79:2d:9a:f4:f9:
         44:49:74:c5:f1:49:7c:2c:0c:7f:38:7b:13:0d:5e:7f:b6:6d:
         29:cd:bb:0f:e2:a6:03:5f:f0:a1:bb:f8:f7:1d:b9:22:a1:86:
         c8:06:44:9c:4d:fb:57:be:70:de:53:dd:a6:96:d6:d6:27:c3:
         0a:29:7d:5e:97:d8:a2:4b:76:a5:c4:25:90:db:c5:d7:f3:12:
         dc:32:2e:92:05:a3:2f:01:38:3e:58:63:49:31:ef:d2:0b:dd:
         71:cb:bd:43:d6:ea:1b:35:72:f3:05:66:d1:c9:5f:96:e4:46:
         7a:d8:95:1b:31:f3:77:79:81:4f:41:f3:da:e9:1e:19:8d:21:
         30:35:8a:2e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIcBvC2XDyU5VSjeDpOJg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZGEzMzllNWNkM2MxYmUwMmNlNjgwMmEwNDIxODU2YWEw
YjU0N2IwHhcNMjQwMTAyMDQzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzU0Y2E4MmIwYjdjZGUwMTgyZTVlYTU1YjMxNWE3M2YzZDU5NTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijvS95rmNRdDqYE4C10FUty91G4Q
1GZqdmii/QhGaPuKYCx733fy/RBE3Yy/IWgwt0Kb6N4FhgLFlTK5xW6VmJyvm1Rm
omRon0dV7Yy6iJtrSdnjKoYi4fyvGmwFGVZob7zIP6VU7QijG2csenMk+vR5UTzx
G/ZN9siA/F3EFOCIGG2kgqpfixJeCpJ+uAqAyRrGF2QSbzhHM5UqsBXYKYx1jk5O
W3l5T9jLrKdWy6e69b4n8fonmASNgS0KduG6RTe1K2u+kJKLKOuKJQOPcHij1lye
XdjyQGvZ6zfltNYeCZJEBofg1bd/cBgkX3v4DVo/BWRd6CEG3tXwUrO5iwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMNUyoKwt83gGC5epVsxWnPz1ZWFMB8GA1UdIwQY
MBaAFAfaM55c08G+As5oAqBCGFaqC1R7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlvem5selR3YjRDem1nQ29FSVlWcW9MVkhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jNjJlMGMtNDQ1NC00M2M4LTk3YmMt
ODE2NzRkOTUzZDU2LzEvdzFUS2dyQzN6ZUFZTGw2bFd6RmFjX1BWbFlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jNjJlMGMtNDQ1NC00M2M4LTk3YmMtODE2NzRkOTUzZDU2
LzEvQjlvem5selR3YjRDem1nQ29FSVlWcW9MVkhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJQGgAwQD
JfxoAwQCuRMkMA0GCSqGSIb3DQEBCwUAA4IBAQApSOYr4Vn3bR2z08YPw+dQXLTL
Jdy5PfZ03x24ERKG7abRtCDkp0iepZbqffjXDw0/nj4sizcg/ZqlPmnKOccIbCKC
bfgPZQkKQ6KDYQqIU3I+MyPejWB+8VNVfCEgUIwYTuE2gnKdcnY3p/XldpL2dLlN
PhfNJIxdeS2a9PlESXTF8Ul8LAx/OHsTDV5/tm0pzbsP4qYDX/Chu/j3HbkioYbI
BkScTftXvnDeU92mltbWJ8MKKX1el9iiS3alxCWQ28XX8xLcMi6SBaMvATg+WGNJ
Me/SC91xy71D1uobNXLzBWbRyV+W5EZ62JUbMfN3eYFPQfPa6R4ZjSEwNYou
-----END CERTIFICATE-----
Generated at Sun May 12 21:00:17 2024 by rpki-client on console-ams.rpki-client.org