Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/AlSOhJMU63JQIzB91nI6JD3bd3k.roa
File:                     AlSOhJMU63JQIzB91nI6JD3bd3k.roa (raw, json)
Hash identifier:          NuY1rnkkK5awrdTYXXuj0ShJXsUX38zQhVU0IIxaZsE=
Subject key identifier:   02:54:8E:84:93:14:EB:72:50:23:30:7D:D6:72:3A:24:3D:DB:77:79
Certificate issuer:       /CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
Certificate serial:       018CC424793ED8746A0A45EC8FEF83FAA5EE
Authority key identifier: E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/AlSOhJMU63JQIzB91nI6JD3bd3k.roa
Signing time:             Mon 01 Jan 2024 08:29:33 +0000
ROA not before:           Mon 01 Jan 2024 08:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57811
IP address blocks:        37.247.235.0/24 maxlen: 24
                          37.247.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:79:3e:d8:74:6a:0a:45:ec:8f:ef:83:fa:a5:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e29b9ac2ef631b92e82f595d73e4792c816ec6e6
        Validity
            Not Before: Jan  1 08:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02548e849314eb725023307dd6723a243ddb7779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8e:61:cb:4f:e2:8a:d1:3b:fc:dd:e6:b9:ce:
                    42:f7:8a:dc:03:35:fc:b1:96:17:42:bc:fc:6c:88:
                    71:8e:0f:ac:b9:86:ea:fe:31:94:61:95:f1:17:6f:
                    f2:b7:e5:7c:14:99:10:0c:48:08:88:96:62:e7:97:
                    cc:14:d5:0f:fe:25:18:74:37:15:63:0c:47:e6:d0:
                    29:27:98:38:2e:64:34:1a:c7:0c:63:86:0b:9b:a6:
                    33:23:88:b8:32:b7:4b:08:57:6f:cb:da:5c:9e:01:
                    5b:70:90:9a:c8:d0:7c:db:47:8e:de:32:92:cf:04:
                    9b:ed:15:4b:51:1d:35:48:2c:67:7b:c2:81:4e:bd:
                    99:d8:47:2e:ce:f3:d6:04:be:6d:45:e2:b1:4b:72:
                    40:0c:7b:9f:74:ed:c4:f6:f1:43:2f:8e:d5:e3:c7:
                    7d:89:9c:fc:05:a3:ec:5e:6c:24:17:11:0c:da:d4:
                    6b:6c:4b:73:97:53:8d:e1:dc:35:5a:e5:32:8a:aa:
                    9e:66:9d:39:14:9e:cf:0f:e0:25:b1:d9:1e:b9:06:
                    d4:e1:ce:29:59:e3:eb:cf:7b:65:78:28:ea:08:34:
                    43:68:54:19:20:db:2f:91:c4:dc:cd:47:eb:20:9e:
                    71:42:2c:e1:60:f0:bc:4f:5d:f5:b4:3c:58:3f:28:
                    83:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:54:8E:84:93:14:EB:72:50:23:30:7D:D6:72:3A:24:3D:DB:77:79
            X509v3 Authority Key Identifier:
                keyid:E2:9B:9A:C2:EF:63:1B:92:E8:2F:59:5D:73:E4:79:2C:81:6E:C6:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4puawu9jG5LoL1ldc-R5LIFuxuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/AlSOhJMU63JQIzB91nI6JD3bd3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/690357-dfbe-4d86-afd6-9164e352a83c/1/4puawu9jG5LoL1ldc-R5LIFuxuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.247.235.0-37.247.236.255

    Signature Algorithm: sha256WithRSAEncryption
         86:bb:e4:40:5a:f4:c2:e9:eb:61:36:7f:4a:ff:70:31:c4:b0:
         ed:cb:02:59:9c:f1:2a:28:a2:b4:d8:e3:04:29:e3:c2:a4:76:
         b9:9b:53:01:db:53:13:66:14:d2:6f:92:e1:8f:c1:7d:5e:2b:
         e9:56:a4:0c:ca:76:b1:e4:16:30:d4:7c:74:43:97:23:81:bd:
         b2:4b:e4:c6:09:c1:d1:7b:9e:f6:c5:8b:35:aa:09:93:d7:13:
         d7:8f:87:03:07:7f:00:99:34:3b:b0:00:33:6b:d5:51:fe:8a:
         3c:51:23:21:9b:1c:58:3c:ad:5d:b2:86:71:d6:40:60:a4:60:
         be:1c:e4:0e:0d:e3:2c:f3:c5:20:2c:f5:11:da:f6:ff:70:f1:
         f7:b2:29:46:a3:82:d3:aa:a2:13:f4:7e:74:47:eb:d9:75:d1:
         11:81:dd:bd:00:e2:3e:b7:ec:ae:e6:81:b4:34:46:87:2c:6f:
         ab:b4:35:59:f5:df:47:20:7d:b1:c5:ae:67:06:44:d9:86:f2:
         b5:3d:78:26:e0:46:b3:4d:d5:68:a1:21:d2:30:25:9f:75:59:
         81:6b:00:ba:14:f5:12:62:c6:db:58:94:59:f2:30:3e:e1:90:
         37:84:34:e2:2e:f5:2c:33:95:d8:52:5d:83:67:da:2e:4d:96:
         9d:4c:b9:35
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJHk+2HRqCkXsj++D+qXuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyOWI5YWMyZWY2MzFiOTJlODJmNTk1ZDczZTQ3OTJjODE2
ZWM2ZTYwHhcNMjQwMTAxMDgyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU0OGU4NDkzMTRlYjcyNTAyMzMwN2RkNjcyM2EyNDNkZGI3Nzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxI5hy0/iitE7/N3muc5C94rcAzX8
sZYXQrz8bIhxjg+suYbq/jGUYZXxF2/yt+V8FJkQDEgIiJZi55fMFNUP/iUYdDcV
YwxH5tApJ5g4LmQ0GscMY4YLm6YzI4i4MrdLCFdvy9pcngFbcJCayNB820eO3jKS
zwSb7RVLUR01SCxne8KBTr2Z2EcuzvPWBL5tReKxS3JADHufdO3E9vFDL47V48d9
iZz8BaPsXmwkFxEM2tRrbEtzl1ON4dw1WuUyiqqeZp05FJ7PD+AlsdkeuQbU4c4p
WePrz3tleCjqCDRDaFQZINsvkcTczUfrIJ5xQizhYPC8T131tDxYPyiD9wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAJUjoSTFOtyUCMwfdZyOiQ923d5MB8GA1UdIwQY
MBaAFOKbmsLvYxuS6C9ZXXPkeSyBbsbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYt
OTE2NGUzNTJhODNjLzEvQWxTT2hKTVU2M0pRSXpCOTFuSTZKRDNiZDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi82OTAzNTctZGZiZS00ZDg2LWFmZDYtOTE2NGUzNTJhODNj
LzEvNHB1YXd1OWpHNUxvTDFsZGMtUjVMSUZ1eHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAl9+sD
BAAl9+wwDQYJKoZIhvcNAQELBQADggEBAIa75EBa9MLp62E2f0r/cDHEsO3LAlmc
8SooorTY4wQp48KkdrmbUwHbUxNmFNJvkuGPwX1eK+lWpAzKdrHkFjDUfHRDlyOB
vbJL5MYJwdF7nvbFizWqCZPXE9ePhwMHfwCZNDuwADNr1VH+ijxRIyGbHFg8rV2y
hnHWQGCkYL4c5A4N4yzzxSAs9RHa9v9w8feyKUajgtOqohP0fnRH69l10RGB3b0A
4j637K7mgbQ0Rocsb6u0NVn130cgfbHFrmcGRNmG8rU9eCbgRrNN1WihIdIwJZ91
WYFrALoU9RJixttYlFnyMD7hkDeENOIu9SwzldhSXYNn2i5Nlp1MuTU=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:54:45 2024 by rpki-client on console-ams.rpki-client.org