Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/MTHCrmEEzXlB20dHmHlArbrDXLg.roa
File:                     MTHCrmEEzXlB20dHmHlArbrDXLg.roa (raw, json)
Hash identifier:          AHUdhVWc3NjvsyTUn/ObFij3ueUrch9LCn6c2FAGgUg=
Subject key identifier:   31:31:C2:AE:61:04:CD:79:41:DB:47:47:98:79:40:AD:BA:C3:5C:B8
Certificate issuer:       /CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
Certificate serial:       018CC5003475D4141497D36B67EBB9DD1530
Authority key identifier: C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/MTHCrmEEzXlB20dHmHlArbrDXLg.roa
Signing time:             Mon 01 Jan 2024 12:29:34 +0000
ROA not before:           Mon 01 Jan 2024 12:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199234
IP address blocks:        37.131.166.0/24 maxlen: 24
                          37.131.161.0/24 maxlen: 24
                          37.131.162.0/23 maxlen: 23
                          37.131.170.0/23 maxlen: 23
                          37.131.167.0/24 maxlen: 24
                          37.131.172.0/22 maxlen: 22
                          2a00:10a0:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:34:75:d4:14:14:97:d3:6b:67:eb:b9:dd:15:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
        Validity
            Not Before: Jan  1 12:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3131c2ae6104cd7941db4747987940adbac35cb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:cf:68:fc:10:87:ec:15:75:fa:91:c4:cf:a8:
                    14:4d:9d:46:de:bf:47:15:0a:7d:c2:c4:91:d4:5d:
                    0b:9a:fb:e2:ad:15:48:4f:52:c9:9d:ec:d4:9e:98:
                    b7:06:c9:9b:65:96:bd:34:82:95:d8:0e:b2:18:44:
                    1c:aa:98:bd:2f:8f:ee:1b:dd:ac:0f:59:bb:c7:7c:
                    ec:06:fa:9c:bd:87:a1:db:b4:b2:f5:37:b2:b4:58:
                    3c:53:5f:c7:53:ac:f5:df:c5:3b:fe:ed:7f:7a:37:
                    b4:56:52:7b:67:44:41:a9:be:e9:00:c2:5d:d7:83:
                    7e:53:43:5c:7c:10:9e:e2:d9:24:43:6a:2b:32:16:
                    5a:4c:10:0b:03:55:53:f4:67:ca:73:82:b8:3c:04:
                    bc:8d:56:c3:d9:38:06:5c:ce:52:de:ac:ea:a5:36:
                    c3:63:8d:96:31:55:80:9d:f0:63:25:2f:44:fc:0b:
                    ca:25:6b:96:2c:63:3d:24:93:14:7d:8e:a0:00:a4:
                    d5:11:97:ee:d2:dc:37:30:25:5e:2c:45:7c:e3:10:
                    de:c2:88:1c:5d:16:74:1b:d6:19:7f:9f:9e:3a:76:
                    49:0f:59:08:6c:36:1d:43:16:e7:91:52:97:48:16:
                    9c:4c:56:2d:08:0d:13:eb:e5:6a:5f:77:2d:c7:2e:
                    63:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:31:C2:AE:61:04:CD:79:41:DB:47:47:98:79:40:AD:BA:C3:5C:B8
            X509v3 Authority Key Identifier:
                keyid:C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/MTHCrmEEzXlB20dHmHlArbrDXLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.131.161.0-37.131.163.255
                  37.131.166.0/23
                  37.131.170.0-37.131.175.255
                IPv6:
                  2a00:10a0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:b3:33:9b:d3:61:14:03:cb:ee:ec:c3:95:40:72:2a:ce:02:
         f5:e7:ca:50:8a:1f:8d:72:19:2e:71:37:5c:60:3c:81:fa:89:
         ac:fc:36:bd:e5:8d:ca:fa:f0:a8:ff:bb:cf:5e:85:da:c5:12:
         46:88:df:47:b2:f5:a2:82:5a:c3:20:dd:4b:ad:76:c4:db:49:
         5a:62:f1:d5:98:20:d9:09:cb:9f:ec:cd:02:06:d1:b7:48:c1:
         e4:fd:06:61:56:7f:bb:c8:d4:2e:4d:04:9a:86:9c:fd:97:71:
         61:7a:40:e0:1c:60:60:56:5a:59:8c:6b:ff:9f:f3:f9:2e:03:
         b6:12:c1:6d:9a:03:96:52:f2:e3:dc:8b:fe:3c:3d:a3:d8:3e:
         f1:08:a4:67:50:77:65:05:bf:eb:71:ff:04:93:2d:a5:93:80:
         c8:e9:26:3f:a0:23:06:b6:04:a9:8c:6c:8a:d2:7d:d3:6e:bb:
         5a:64:6b:f9:4e:e2:b7:12:01:22:3f:a9:17:30:37:2b:5d:05:
         04:6b:b2:b5:b1:ac:ae:b9:00:63:3f:dc:bb:40:5d:21:42:e8:
         9b:7d:b9:1b:f1:ee:c9:17:3b:80:64:06:98:54:a7:85:1e:25:
         65:d3:af:70:7a:4f:6e:22:5e:bf:b6:fe:57:52:14:92:a4:23:
         a2:22:7e:97
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzFADR11BQUl9NrZ+u53RUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MWM3MjIxZWRlM2FmNWVlOTJlMzIwNmFmMmYxOGJkMDEw
ZDVkZDkwHhcNMjQwMTAxMTIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTMxYzJhZTYxMDRjZDc5NDFkYjQ3NDc5ODc5NDBhZGJhYzM1Y2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg89o/BCH7BV1+pHEz6gUTZ1G3r9H
FQp9wsSR1F0LmvvirRVIT1LJnezUnpi3BsmbZZa9NIKV2A6yGEQcqpi9L4/uG92s
D1m7x3zsBvqcvYeh27Sy9TeytFg8U1/HU6z138U7/u1/eje0VlJ7Z0RBqb7pAMJd
14N+U0NcfBCe4tkkQ2orMhZaTBALA1VT9GfKc4K4PAS8jVbD2TgGXM5S3qzqpTbD
Y42WMVWAnfBjJS9E/AvKJWuWLGM9JJMUfY6gAKTVEZfu0tw3MCVeLEV84xDewogc
XRZ0G9YZf5+eOnZJD1kIbDYdQxbnkVKXSBacTFYtCA0T6+VqX3ctxy5jbwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFDExwq5hBM15QdtHR5h5QK26w1y4MB8GA1UdIwQY
MBaAFMQcciHt469e6S4yBq8vGL0BDV3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEt
OTkzMGYyMTk0YTBlLzEvTVRIQ3JtRUV6WGxCMjBkSG1IbEFyYnJEWExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEtOTkzMGYyMTk0YTBl
LzEveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAoBAIAATAiMAwDBAAlg6ED
BAIlg6ADBAElg6YwDAMEASWDqgMEBCWDoDAPBAIAAjAJAwcAKgAQoAAGMA0GCSqG
SIb3DQEBCwUAA4IBAQChszOb02EUA8vu7MOVQHIqzgL158pQih+NchkucTdcYDyB
+oms/Da95Y3K+vCo/7vPXoXaxRJGiN9HsvWiglrDIN1LrXbE20laYvHVmCDZCcuf
7M0CBtG3SMHk/QZhVn+7yNQuTQSahpz9l3FhekDgHGBgVlpZjGv/n/P5LgO2EsFt
mgOWUvLj3Iv+PD2j2D7xCKRnUHdlBb/rcf8Eky2lk4DI6SY/oCMGtgSpjGyK0n3T
brtaZGv5TuK3EgEiP6kXMDcrXQUEa7K1sayuuQBjP9y7QF0hQuibfbkb8e7JFzuA
ZAaYVKeFHiVl069wek9uIl6/tv5XUhSSpCOiIn6X
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:13:12 2024 by rpki-client on console-fra.rpki-client.org