Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/S2686P4b87MQy1aQ6QOC1omFJUY.roa
File:                     S2686P4b87MQy1aQ6QOC1omFJUY.roa (raw, json)
Hash identifier:          zPAN2SN0UgJEwxHEzXpIHS8pW3PCcOCvw0hNoYbrNmE=
Subject key identifier:   4B:6E:BC:E8:FE:1B:F3:B3:10:CB:56:90:E9:03:82:D6:89:85:25:46
Certificate issuer:       /CN=336f6ac82f6f28e3d3e5b66475594d8318e75ab3
Certificate serial:       018CCA29CE5C11607E947BA46FC6C5DF3ACB
Authority key identifier: 33:6F:6A:C8:2F:6F:28:E3:D3:E5:B6:64:75:59:4D:83:18:E7:5A:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M29qyC9vKOPT5bZkdVlNgxjnWrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/S2686P4b87MQy1aQ6QOC1omFJUY.roa
Signing time:             Tue 02 Jan 2024 12:33:06 +0000
ROA not before:           Tue 02 Jan 2024 12:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7155
IP address blocks:        37.19.96.0/21 maxlen: 21
                          37.19.97.0/24 maxlen: 24
                          37.19.98.0/24 maxlen: 24
                          37.19.99.0/24 maxlen: 24
                          37.19.100.0/24 maxlen: 24
                          185.109.163.0/24 maxlen: 24
                          37.203.192.0/24 maxlen: 24
                          37.203.192.0/22 maxlen: 22
                          37.203.192.0/21 maxlen: 21
                          37.203.193.0/24 maxlen: 24
                          37.203.194.0/24 maxlen: 24
                          37.203.195.0/24 maxlen: 24
                          37.203.196.0/24 maxlen: 24
                          37.203.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/M29qyC9vKOPT5bZkdVlNgxjnWrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/M29qyC9vKOPT5bZkdVlNgxjnWrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M29qyC9vKOPT5bZkdVlNgxjnWrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ce:5c:11:60:7e:94:7b:a4:6f:c6:c5:df:3a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=336f6ac82f6f28e3d3e5b66475594d8318e75ab3
        Validity
            Not Before: Jan  2 12:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b6ebce8fe1bf3b310cb5690e90382d689852546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ef:48:9b:1d:a0:a0:31:8f:d3:35:71:9b:36:
                    1b:9e:2c:fd:ae:42:e6:0b:c9:c4:db:48:a8:40:5d:
                    4f:1b:0f:bb:4a:6b:f3:08:df:7b:96:a6:85:19:45:
                    d2:9f:22:3a:0f:d8:6b:9d:7d:e6:c8:1d:2f:57:c5:
                    05:62:59:f6:81:c7:e8:50:4f:3c:f3:26:3e:62:63:
                    70:bb:83:bf:17:d4:36:06:bc:b9:cc:2a:77:28:ec:
                    79:49:3d:9d:1f:af:34:19:a5:b5:08:d0:9b:01:1b:
                    9f:06:5d:94:51:30:88:14:47:4a:6e:47:2f:22:28:
                    e8:da:1a:d7:d4:4f:5c:46:8b:a6:48:80:fd:86:fc:
                    c0:8b:c6:12:2f:b3:a7:92:59:40:8b:36:7f:bb:23:
                    83:56:85:5c:95:d6:f6:45:71:51:21:9a:42:91:36:
                    2e:c2:60:a4:9b:74:dc:c1:67:bf:b8:ce:fa:6b:0d:
                    b5:14:17:1b:78:e9:2e:45:a7:8d:ce:b7:0e:5e:10:
                    a1:f0:ac:7d:fa:6c:8c:b2:39:70:21:08:dd:51:78:
                    60:bd:77:42:5d:77:dc:b6:98:4a:e0:db:1e:aa:a1:
                    f6:73:88:8c:2e:ce:bf:e9:3c:c8:54:a9:c2:05:e3:
                    76:59:16:4a:d8:7d:7f:c8:db:ce:b5:22:f2:ac:88:
                    ee:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:6E:BC:E8:FE:1B:F3:B3:10:CB:56:90:E9:03:82:D6:89:85:25:46
            X509v3 Authority Key Identifier:
                keyid:33:6F:6A:C8:2F:6F:28:E3:D3:E5:B6:64:75:59:4D:83:18:E7:5A:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M29qyC9vKOPT5bZkdVlNgxjnWrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/S2686P4b87MQy1aQ6QOC1omFJUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/M29qyC9vKOPT5bZkdVlNgxjnWrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.19.96.0/21
                  37.203.192.0/21
                  185.109.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:99:e3:cd:a5:94:2b:7a:c2:99:1e:5d:29:45:d3:84:7b:5f:
         3e:fa:0f:99:53:61:45:96:29:85:19:90:65:f1:30:2f:e2:92:
         8b:2a:f0:87:cd:f2:7a:3d:4f:7b:d7:df:ba:9e:cd:b6:3b:ca:
         77:31:85:ae:ba:bd:d1:aa:7c:d2:4a:ff:12:1c:a1:f7:06:35:
         77:96:93:05:05:96:74:cc:0e:e9:d5:71:ca:90:a1:17:98:26:
         33:b3:f6:f8:ed:18:03:36:4a:87:80:19:b4:c2:24:a0:76:91:
         76:68:d5:fd:3f:36:83:8f:c3:60:88:c2:cb:f7:41:4f:3a:0d:
         a3:e7:cc:14:6e:7a:5f:1d:77:9b:dd:4c:9b:27:48:3a:ef:d9:
         92:e3:ee:ee:8b:a2:df:c7:19:3c:c0:dc:45:7a:32:1a:79:c4:
         0a:bb:be:c3:a7:10:5e:3f:47:14:ac:60:b5:a5:99:e7:42:08:
         31:0c:fb:4b:c0:fc:80:c9:e2:d4:62:07:80:6b:2c:dc:c0:76:
         65:6b:04:2b:4f:8e:ef:71:6c:74:da:f2:73:b2:bc:11:ca:91:
         6c:87:dc:ac:08:c7:fb:8f:05:ce:19:02:1b:99:c4:d4:91:2c:
         77:4e:de:3b:a4:6c:15:a4:de:47:7e:aa:6a:47:18:aa:b8:e3:
         c3:2c:7a:40
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKc5cEWB+lHukb8bF3zrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNmY2YWM4MmY2ZjI4ZTNkM2U1YjY2NDc1NTk0ZDgzMThl
NzVhYjMwHhcNMjQwMTAyMTIzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjZlYmNlOGZlMWJmM2IzMTBjYjU2OTBlOTAzODJkNjg5ODUyNTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+9Imx2goDGP0zVxmzYbniz9rkLm
C8nE20ioQF1PGw+7SmvzCN97lqaFGUXSnyI6D9hrnX3myB0vV8UFYln2gcfoUE88
8yY+YmNwu4O/F9Q2Bry5zCp3KOx5ST2dH680GaW1CNCbARufBl2UUTCIFEdKbkcv
Iijo2hrX1E9cRoumSID9hvzAi8YSL7OnkllAizZ/uyODVoVcldb2RXFRIZpCkTYu
wmCkm3TcwWe/uM76aw21FBcbeOkuRaeNzrcOXhCh8Kx9+myMsjlwIQjdUXhgvXdC
XXfctphK4NseqqH2c4iMLs6/6TzIVKnCBeN2WRZK2H1/yNvOtSLyrIjuLwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEtuvOj+G/OzEMtWkOkDgtaJhSVGMB8GA1UdIwQY
MBaAFDNvasgvbyjj0+W2ZHVZTYMY51qzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTI5cXlDOXZLT1BUNWJaa2RWbE5neGpuV3JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85MTVjYmItNTY4YS00ZjQyLThiODAt
Y2NiMDE2YWUxNTEzLzEvUzI2ODZQNGI4N01ReTFhUTZRT0Mxb21GSlVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85MTVjYmItNTY4YS00ZjQyLThiODAtY2NiMDE2YWUxNTEz
LzEvTTI5cXlDOXZLT1BUNWJaa2RWbE5neGpuV3JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJRNgAwQD
JcvAAwQAuW2jMA0GCSqGSIb3DQEBCwUAA4IBAQCZmePNpZQresKZHl0pRdOEe18+
+g+ZU2FFlimFGZBl8TAv4pKLKvCHzfJ6PU9719+6ns22O8p3MYWuur3RqnzSSv8S
HKH3BjV3lpMFBZZ0zA7p1XHKkKEXmCYzs/b47RgDNkqHgBm0wiSgdpF2aNX9PzaD
j8NgiMLL90FPOg2j58wUbnpfHXeb3UybJ0g679mS4+7ui6Lfxxk8wNxFejIaecQK
u77DpxBeP0cUrGC1pZnnQggxDPtLwPyAyeLUYgeAayzcwHZlawQrT47vcWx02vJz
srwRypFsh9ysCMf7jwXOGQIbmcTUkSx3Tt47pGwVpN5HfqpqRxiquOPDLHpA
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:30:12 2024 by rpki-client on console-ams.rpki-client.org