Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/_Hdhw1I1M7c7Cmdzeo_VOnZMMg8.roa
File:                     _Hdhw1I1M7c7Cmdzeo_VOnZMMg8.roa (raw, json)
Hash identifier:          lW5g4/r/1ojwAQNfoz9Vbp51ypxzOeUXrV+63E1+Pj4=
Subject key identifier:   FC:77:61:C3:52:35:33:B7:3B:0A:67:73:7A:8F:D5:3A:76:4C:32:0F
Certificate issuer:       /CN=95cae2c37c86630e61afdf8903fe174de8b945be
Certificate serial:       018CC2DB4E4CFAA077AA1BD925279461A92C
Authority key identifier: 95:CA:E2:C3:7C:86:63:0E:61:AF:DF:89:03:FE:17:4D:E8:B9:45:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lcriw3yGYw5hr9-JA_4XTei5Rb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/_Hdhw1I1M7c7Cmdzeo_VOnZMMg8.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43193
IP address blocks:        37.46.8.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/lcriw3yGYw5hr9-JA_4XTei5Rb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/lcriw3yGYw5hr9-JA_4XTei5Rb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lcriw3yGYw5hr9-JA_4XTei5Rb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4e:4c:fa:a0:77:aa:1b:d9:25:27:94:61:a9:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95cae2c37c86630e61afdf8903fe174de8b945be
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc7761c3523533b73b0a67737a8fd53a764c320f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7d:c4:50:b7:64:76:c9:b0:ee:bb:4c:e9:77:
                    26:46:14:7b:f3:6c:80:e5:12:c2:78:b0:24:27:75:
                    08:ce:ca:dd:50:45:a2:78:6b:82:c2:8b:96:31:2a:
                    16:63:d2:2b:37:4f:5f:1a:83:cd:cc:77:06:6b:30:
                    85:85:3f:6f:f4:fe:25:c3:58:57:c4:3a:aa:26:5f:
                    c5:70:69:71:c4:6a:ea:0e:65:50:19:e1:3f:11:84:
                    7c:b1:1c:e2:eb:d5:62:14:db:62:d1:40:30:7d:c7:
                    b1:5f:b9:66:7a:1f:b5:76:c0:3b:7f:68:2d:17:ca:
                    8c:5b:16:1b:be:aa:b2:87:b2:e5:7a:f6:c0:ee:be:
                    b5:6e:c7:18:1d:24:b3:2c:c9:54:0c:2b:43:36:fe:
                    5e:85:71:5c:ee:70:ac:50:4c:df:7a:51:6e:cd:8e:
                    93:f7:c9:0a:2e:06:1f:ab:ed:51:85:10:ab:1b:11:
                    1e:5b:8c:bf:df:cf:d9:b3:85:ab:53:0f:d7:f1:05:
                    cc:c9:67:f1:4b:4f:f5:29:af:aa:ca:f6:e3:ff:ea:
                    87:3d:19:1f:71:00:71:d3:89:b4:0b:51:29:c6:5a:
                    f0:b9:f0:95:08:de:3b:78:fe:4e:a8:da:90:cc:14:
                    e5:15:ea:55:43:ae:27:6f:67:bb:14:e1:3f:93:8d:
                    bb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:77:61:C3:52:35:33:B7:3B:0A:67:73:7A:8F:D5:3A:76:4C:32:0F
            X509v3 Authority Key Identifier:
                keyid:95:CA:E2:C3:7C:86:63:0E:61:AF:DF:89:03:FE:17:4D:E8:B9:45:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lcriw3yGYw5hr9-JA_4XTei5Rb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/_Hdhw1I1M7c7Cmdzeo_VOnZMMg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/lcriw3yGYw5hr9-JA_4XTei5Rb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:a3:4a:7f:92:fa:1d:6b:03:8c:07:e7:7b:da:1f:34:80:bf:
         4d:1e:d4:95:f3:a6:2e:4c:19:59:c1:f7:9b:d2:43:05:eb:5a:
         38:a7:e6:69:56:57:31:14:91:8c:dc:fc:0d:3f:92:90:82:9c:
         9b:10:b7:a9:c9:f1:49:ce:37:a4:d4:fe:e9:32:31:b7:c7:8e:
         e2:75:f3:f7:27:fe:4b:64:a1:e8:89:10:da:8d:a6:26:77:b6:
         45:80:5d:48:f0:6e:6c:63:1c:57:45:3c:1a:8f:61:04:92:05:
         05:c8:35:25:d5:19:1a:45:b3:79:20:6b:50:a7:e4:24:a1:ae:
         18:e6:66:ea:a4:cd:3d:2b:c1:61:4c:d4:8d:5a:0c:67:1f:7f:
         fc:57:6f:89:d9:a5:a9:8e:ef:20:b2:1e:fd:c8:f8:89:00:af:
         9c:26:1e:0b:0f:46:72:c9:d2:65:ef:e8:28:65:3d:84:7f:fa:
         17:95:0e:e7:53:83:20:9b:49:c3:80:42:8f:61:2a:3d:49:d6:
         87:27:d9:86:3c:7f:d1:c4:09:d6:6e:39:4c:da:2c:8c:73:20:
         8f:42:6e:45:b9:5e:1f:ca:6f:46:7e:47:c0:05:d3:f0:46:5e:
         4c:d5:10:ef:f7:75:ad:63:79:c9:4b:73:41:a4:41:db:17:49:
         a6:68:ca:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC205M+qB3qhvZJSeUYaksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1Y2FlMmMzN2M4NjYzMGU2MWFmZGY4OTAzZmUxNzRkZThi
OTQ1YmUwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzc3NjFjMzUyMzUzM2I3M2IwYTY3NzM3YThmZDUzYTc2NGMzMjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjH3EULdkdsmw7rtM6XcmRhR782yA
5RLCeLAkJ3UIzsrdUEWieGuCwouWMSoWY9IrN09fGoPNzHcGazCFhT9v9P4lw1hX
xDqqJl/FcGlxxGrqDmVQGeE/EYR8sRzi69ViFNti0UAwfcexX7lmeh+1dsA7f2gt
F8qMWxYbvqqyh7LlevbA7r61bscYHSSzLMlUDCtDNv5ehXFc7nCsUEzfelFuzY6T
98kKLgYfq+1RhRCrGxEeW4y/38/Zs4WrUw/X8QXMyWfxS0/1Ka+qyvbj/+qHPRkf
cQBx04m0C1EpxlrwufCVCN47eP5OqNqQzBTlFepVQ64nb2e7FOE/k427rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPx3YcNSNTO3Owpnc3qP1Tp2TDIPMB8GA1UdIwQY
MBaAFJXK4sN8hmMOYa/fiQP+F03ouUW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGNyaXczeUdZdzVocjktSkFfNFhUZWk1UmI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84MmU2ZjUtODJmMi00NWU3LTg0NGUt
MzUxNDg0MWYzNmFlLzEvX0hkaHcxSTFNN2M3Q21kemVvX1ZPblpNTWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84MmU2ZjUtODJmMi00NWU3LTg0NGUtMzUxNDg0MWYzNmFl
LzEvbGNyaXczeUdZdzVocjktSkFfNFhUZWk1UmI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJS4IMA0G
CSqGSIb3DQEBCwUAA4IBAQCMo0p/kvodawOMB+d72h80gL9NHtSV86YuTBlZwfeb
0kMF61o4p+ZpVlcxFJGM3PwNP5KQgpybELepyfFJzjek1P7pMjG3x47idfP3J/5L
ZKHoiRDajaYmd7ZFgF1I8G5sYxxXRTwaj2EEkgUFyDUl1RkaRbN5IGtQp+Qkoa4Y
5mbqpM09K8FhTNSNWgxnH3/8V2+J2aWpju8gsh79yPiJAK+cJh4LD0ZyydJl7+go
ZT2Ef/oXlQ7nU4Mgm0nDgEKPYSo9SdaHJ9mGPH/RxAnWbjlM2iyMcyCPQm5FuV4f
ym9GfkfABdPwRl5M1RDv93WtY3nJS3NBpEHbF0mmaMqz
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:41:50 2024 by rpki-client on console-fra.rpki-client.org