Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/6fcb84-017c-4aaf-bde7-aa91c92d5c48/1/37jQZ12TCubZsi_Lvu2d0VS9T4A.roa
File:                     37jQZ12TCubZsi_Lvu2d0VS9T4A.roa (raw, json)
Hash identifier:          /y7PHYuVrZaI71/H3A7mzThL6YOuGsN+3Dtd0s1ALPs=
Subject key identifier:   DF:B8:D0:67:5D:93:0A:E6:D9:B2:2F:CB:BE:ED:9D:D1:54:BD:4F:80
Certificate issuer:       /CN=67fb0328cbf0b254af7c99d3b69fc634cfd8f600
Certificate serial:       018CC726C3FF658BB0EBA53EC522CFE90A7D
Authority key identifier: 67:FB:03:28:CB:F0:B2:54:AF:7C:99:D3:B6:9F:C6:34:CF:D8:F6:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_sDKMvwslSvfJnTtp_GNM_Y9gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/6fcb84-017c-4aaf-bde7-aa91c92d5c48/1/37jQZ12TCubZsi_Lvu2d0VS9T4A.roa
Signing time:             Mon 01 Jan 2024 22:30:55 +0000
ROA not before:           Mon 01 Jan 2024 22:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8220
IP address blocks:        193.16.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/6fcb84-017c-4aaf-bde7-aa91c92d5c48/1/Z_sDKMvwslSvfJnTtp_GNM_Y9gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/6fcb84-017c-4aaf-bde7-aa91c92d5c48/1/Z_sDKMvwslSvfJnTtp_GNM_Y9gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_sDKMvwslSvfJnTtp_GNM_Y9gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:c3:ff:65:8b:b0:eb:a5:3e:c5:22:cf:e9:0a:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67fb0328cbf0b254af7c99d3b69fc634cfd8f600
        Validity
            Not Before: Jan  1 22:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfb8d0675d930ae6d9b22fcbbeed9dd154bd4f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:90:99:ab:ad:bf:b2:a1:57:74:e6:8b:11:eb:
                    3f:16:c5:2b:9d:01:e9:99:9d:92:d2:e9:d7:27:d4:
                    8b:32:36:25:33:f6:96:77:e8:8c:5d:48:ea:00:82:
                    7f:4c:ec:d0:6a:54:b9:d3:ea:cc:d3:13:bd:3a:18:
                    0b:f1:26:70:69:16:c6:58:eb:26:d6:c5:d6:c5:7e:
                    c9:2f:f4:f3:33:d6:63:8a:bf:ea:a3:c0:9f:54:e4:
                    92:37:8d:40:ec:5f:08:21:81:2f:b6:df:4b:41:5a:
                    38:ad:77:64:3d:2f:75:48:85:fb:ef:c2:ff:56:7d:
                    40:42:bd:71:0d:fe:59:1e:b9:fa:c2:48:a4:cb:6d:
                    9f:9f:ac:aa:69:09:f6:13:24:6b:11:32:cd:45:8c:
                    ce:23:6e:92:37:22:c4:03:55:fb:73:b6:50:a6:b5:
                    ac:98:e6:e8:2f:7f:de:97:4b:2e:da:e9:df:1c:b6:
                    10:d7:43:9e:7e:d5:f3:af:a4:d9:71:44:7a:5c:d1:
                    e5:38:43:d8:df:ba:6f:a7:87:0b:38:c2:3e:b4:54:
                    76:3e:95:23:4e:84:be:81:10:31:40:0c:6a:bd:e7:
                    81:4c:91:ae:84:d0:f8:67:52:a3:c7:7d:44:8b:8b:
                    24:98:c8:9c:3b:f6:cf:d7:03:6c:e8:a7:79:1c:c7:
                    93:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B8:D0:67:5D:93:0A:E6:D9:B2:2F:CB:BE:ED:9D:D1:54:BD:4F:80
            X509v3 Authority Key Identifier:
                keyid:67:FB:03:28:CB:F0:B2:54:AF:7C:99:D3:B6:9F:C6:34:CF:D8:F6:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_sDKMvwslSvfJnTtp_GNM_Y9gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/6fcb84-017c-4aaf-bde7-aa91c92d5c48/1/37jQZ12TCubZsi_Lvu2d0VS9T4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/6fcb84-017c-4aaf-bde7-aa91c92d5c48/1/Z_sDKMvwslSvfJnTtp_GNM_Y9gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.16.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:6f:23:f8:bf:95:9d:eb:62:40:8a:66:40:6e:e5:87:16:63:
         69:10:ea:4a:0d:c9:44:37:86:67:a5:67:93:4f:e3:42:3a:52:
         82:13:6f:83:5b:8f:f2:4b:39:cd:44:3c:1a:7b:9f:3b:15:8f:
         16:46:49:ce:e9:37:46:62:e3:04:91:9b:d9:0d:09:b8:41:3a:
         d2:14:de:d1:ec:3d:45:07:25:78:d0:62:69:9a:4f:92:09:9b:
         c7:95:9b:b5:ef:af:ff:44:b2:5b:3a:d7:44:54:29:ef:97:3d:
         83:f0:1b:b0:29:8d:85:91:bf:df:5d:cc:cf:35:4a:74:91:5f:
         98:0b:34:6d:13:94:aa:da:de:5a:b5:dc:f5:9a:71:fb:26:3f:
         8e:4d:94:2d:d4:fe:32:91:5d:e6:df:60:95:1e:5c:a6:35:6f:
         87:b2:d9:de:c2:5c:b5:82:8c:b3:7a:29:5e:ec:12:06:4b:2d:
         39:73:7c:e0:52:e5:ae:23:d7:6a:ac:88:95:45:49:df:3b:bc:
         23:a7:25:b0:2f:61:dc:ae:c6:b0:5e:42:20:b5:c2:40:1d:10:
         09:b3:be:51:b1:03:39:f7:33:ea:0b:95:8b:fc:5f:44:25:23:
         1b:0d:90:8c:39:9c:a9:21:75:1f:c6:49:94:9c:2a:48:b7:c4:
         7b:a9:0d:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJsP/ZYuw66U+xSLP6Qp9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZmIwMzI4Y2JmMGIyNTRhZjdjOTlkM2I2OWZjNjM0Y2Zk
OGY2MDAwHhcNMjQwMTAxMjIzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmI4ZDA2NzVkOTMwYWU2ZDliMjJmY2JiZWVkOWRkMTU0YmQ0ZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopCZq62/sqFXdOaLEes/FsUrnQHp
mZ2S0unXJ9SLMjYlM/aWd+iMXUjqAIJ/TOzQalS50+rM0xO9OhgL8SZwaRbGWOsm
1sXWxX7JL/TzM9Zjir/qo8CfVOSSN41A7F8IIYEvtt9LQVo4rXdkPS91SIX778L/
Vn1AQr1xDf5ZHrn6wkiky22fn6yqaQn2EyRrETLNRYzOI26SNyLEA1X7c7ZQprWs
mOboL3/el0su2unfHLYQ10OeftXzr6TZcUR6XNHlOEPY37pvp4cLOMI+tFR2PpUj
ToS+gRAxQAxqveeBTJGuhND4Z1Kjx31Ei4skmMicO/bP1wNs6Kd5HMeTJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+40Gddkwrm2bIvy77tndFUvU+AMB8GA1UdIwQY
MBaAFGf7AyjL8LJUr3yZ07afxjTP2PYAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9zREtNdndzbFN2ZkpuVHRwX0dOTV9ZOWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS82ZmNiODQtMDE3Yy00YWFmLWJkZTct
YWE5MWM5MmQ1YzQ4LzEvMzdqUVoxMlRDdWJac2lfTHZ1MmQwVlM5VDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS82ZmNiODQtMDE3Yy00YWFmLWJkZTctYWE5MWM5MmQ1YzQ4
LzEvWl9zREtNdndzbFN2ZkpuVHRwX0dOTV9ZOWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRCbMA0G
CSqGSIb3DQEBCwUAA4IBAQAFbyP4v5Wd62JAimZAbuWHFmNpEOpKDclEN4ZnpWeT
T+NCOlKCE2+DW4/ySznNRDwae587FY8WRknO6TdGYuMEkZvZDQm4QTrSFN7R7D1F
ByV40GJpmk+SCZvHlZu176//RLJbOtdEVCnvlz2D8BuwKY2Fkb/fXczPNUp0kV+Y
CzRtE5Sq2t5atdz1mnH7Jj+OTZQt1P4ykV3m32CVHlymNW+Hstnewly1goyzeile
7BIGSy05c3zgUuWuI9dqrIiVRUnfO7wjpyWwL2HcrsawXkIgtcJAHRAJs75RsQM5
9zPqC5WL/F9EJSMbDZCMOZypIXUfxkmUnCpIt8R7qQ20
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:44:32 2024 by rpki-client on console-ams.rpki-client.org