Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/rXg68WxvBy1spNsKgcnSLnZS3vY.roa
File:                     rXg68WxvBy1spNsKgcnSLnZS3vY.roa (raw, json)
Hash identifier:          Lhu4SxnpKdL4EoYxujZ/7DAC09daGR/flpY50oTSXrw=
Subject key identifier:   AD:78:3A:F1:6C:6F:07:2D:6C:A4:DB:0A:81:C9:D2:2E:76:52:DE:F6
Certificate issuer:       /CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
Certificate serial:       018CC801D9E1258C4D9B538E9009195F8C8A
Authority key identifier: A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/rXg68WxvBy1spNsKgcnSLnZS3vY.roa
Signing time:             Tue 02 Jan 2024 02:30:13 +0000
ROA not before:           Tue 02 Jan 2024 02:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50796
IP address blocks:        37.32.56.0/21 maxlen: 24
                          194.180.116.0/22 maxlen: 24
                          185.3.196.0/22 maxlen: 24
                          192.166.204.0/22 maxlen: 24
                          178.22.0.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d9:e1:25:8c:4d:9b:53:8e:90:09:19:5f:8c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7e2ce3109480aee7b3fd2846ec8f8646885cdba
        Validity
            Not Before: Jan  2 02:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad783af16c6f072d6ca4db0a81c9d22e7652def6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1d:be:66:58:56:ab:f9:bc:01:3d:1d:9a:83:
                    12:0c:3e:75:5f:ce:83:62:48:5a:83:09:a1:7a:c0:
                    76:ce:22:9e:45:06:12:9c:f6:9f:45:03:84:ce:b9:
                    e9:eb:2f:a2:46:2a:92:a5:c0:72:ae:1c:eb:79:f8:
                    46:f6:e4:c8:f0:e6:46:9a:34:bd:4b:69:7e:5e:30:
                    f2:76:42:93:d4:71:8a:74:92:a1:b8:88:89:e5:00:
                    16:72:ef:4a:ff:2b:ba:f2:96:63:6c:13:ea:6a:7f:
                    a7:6f:88:3c:bd:18:5b:9d:f2:c2:c0:c4:26:7c:52:
                    9d:c1:f3:96:8d:c6:74:4e:18:08:cb:a0:56:3f:b8:
                    fa:bc:60:af:f4:d6:0e:cf:b8:17:6f:7a:5a:fb:fb:
                    fa:e4:6f:ce:4d:02:10:5b:b4:6e:e8:86:e4:2b:cd:
                    a7:43:96:0d:8d:96:67:9e:e5:83:c2:9d:95:69:42:
                    e4:f7:0f:2e:c5:ab:be:22:bf:1d:10:e0:c1:5e:c8:
                    18:f0:6d:75:fa:fc:d1:83:5f:7c:c8:22:95:8b:ef:
                    3a:68:6e:dc:85:2c:cb:58:83:c6:d2:b3:e1:cd:80:
                    a5:d0:ac:97:52:aa:32:35:51:31:e6:c3:78:14:cd:
                    e3:97:48:d3:67:8a:a2:b2:a6:15:48:93:21:76:15:
                    d8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:78:3A:F1:6C:6F:07:2D:6C:A4:DB:0A:81:C9:D2:2E:76:52:DE:F6
            X509v3 Authority Key Identifier:
                keyid:A7:E2:CE:31:09:48:0A:EE:7B:3F:D2:84:6E:C8:F8:64:68:85:CD:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-LOMQlICu57P9KEbsj4ZGiFzbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/rXg68WxvBy1spNsKgcnSLnZS3vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/b61add-32f0-42f4-a301-7818a89456cb/1/p-LOMQlICu57P9KEbsj4ZGiFzbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.56.0/21
                  178.22.0.0/21
                  185.3.196.0/22
                  192.166.204.0/22
                  194.180.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:ac:e0:55:f0:d8:a7:07:cf:3c:19:c5:8c:da:6f:5f:d5:1b:
         74:68:92:b8:dc:b2:4f:60:a9:34:90:d2:7a:74:3c:68:0c:77:
         8b:7f:82:81:b2:d9:24:92:9e:2b:4b:8f:ec:95:64:8f:7b:07:
         aa:05:34:04:dd:a7:cd:1e:88:c4:0e:0b:a7:1c:8f:ca:e4:0d:
         e0:f1:79:6b:fd:ab:5f:63:45:dd:bd:b1:56:c6:b7:b9:4a:90:
         d5:46:40:78:38:dd:f9:9f:ce:87:ed:61:99:ee:fe:cd:54:f1:
         44:2e:84:c5:6e:93:2c:f7:35:13:75:78:85:45:3d:b6:bf:81:
         86:43:53:c9:fa:f4:63:f9:e2:98:f7:e3:2c:9e:18:4c:ab:1c:
         7c:37:b6:2c:cc:f9:a4:ef:55:9d:7e:c5:49:f0:5c:29:b2:f1:
         25:4d:94:79:20:17:66:60:e8:de:7b:5a:f1:13:e0:59:a3:6b:
         3c:73:72:3b:3b:33:3d:5e:91:00:4c:6f:e6:27:39:e6:d2:8d:
         b8:64:6a:e5:c6:38:d5:42:00:11:f5:b9:7a:41:38:73:0d:3c:
         27:ca:cd:89:86:51:60:c6:78:a0:93:3c:b7:ad:77:5d:66:f1:
         42:ab:51:53:89:84:39:ae:00:5a:bf:52:36:b9:cc:73:35:fa:
         28:b1:1e:f2
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzIAdnhJYxNm1OOkAkZX4yKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZTJjZTMxMDk0ODBhZWU3YjNmZDI4NDZlYzhmODY0Njg4
NWNkYmEwHhcNMjQwMTAyMDIzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDc4M2FmMTZjNmYwNzJkNmNhNGRiMGE4MWM5ZDIyZTc2NTJkZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApx2+ZlhWq/m8AT0dmoMSDD51X86D
YkhagwmhesB2ziKeRQYSnPafRQOEzrnp6y+iRiqSpcByrhzrefhG9uTI8OZGmjS9
S2l+XjDydkKT1HGKdJKhuIiJ5QAWcu9K/yu68pZjbBPqan+nb4g8vRhbnfLCwMQm
fFKdwfOWjcZ0ThgIy6BWP7j6vGCv9NYOz7gXb3pa+/v65G/OTQIQW7Ru6IbkK82n
Q5YNjZZnnuWDwp2VaULk9w8uxau+Ir8dEODBXsgY8G11+vzRg198yCKVi+86aG7c
hSzLWIPG0rPhzYCl0KyXUqoyNVEx5sN4FM3jl0jTZ4qisqYVSJMhdhXYCQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFK14OvFsbwctbKTbCoHJ0i52Ut72MB8GA1UdIwQY
MBaAFKfizjEJSAruez/ShG7I+GRohc26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEt
NzgxOGE4OTQ1NmNiLzEvclhnNjhXeHZCeTFzcE5zS2djblNMblpTM3ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9iNjFhZGQtMzJmMC00MmY0LWEzMDEtNzgxOGE4OTQ1NmNi
LzEvcC1MT01RbElDdTU3UDlLRWJzajRaR2lGemJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDJSA4AwQD
shYAAwQCuQPEAwQCwKbMAwQCwrR0MA0GCSqGSIb3DQEBCwUAA4IBAQAWrOBV8Nin
B888GcWM2m9f1Rt0aJK43LJPYKk0kNJ6dDxoDHeLf4KBstkkkp4rS4/slWSPeweq
BTQE3afNHojEDgunHI/K5A3g8Xlr/atfY0XdvbFWxre5SpDVRkB4ON35n86H7WGZ
7v7NVPFELoTFbpMs9zUTdXiFRT22v4GGQ1PJ+vRj+eKY9+MsnhhMqxx8N7YszPmk
71WdfsVJ8FwpsvElTZR5IBdmYOjee1rxE+BZo2s8c3I7OzM9XpEATG/mJznm0o24
ZGrlxjjVQgAR9bl6QThzDTwnys2JhlFgxnigkzy3rXddZvFCq1FTiYQ5rgBav1I2
ucxzNfoosR7y
-----END CERTIFICATE-----
Generated at Wed Nov 27 02:52:14 2024 by rpki-client on console-fra.rpki-client.org