Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/zZAcBvA6RSpJHlMTgCYA67FRK5o.roa
File:                     zZAcBvA6RSpJHlMTgCYA67FRK5o.roa (raw, json)
Hash identifier:          U/OppZFgfILlFSwQjJLiLU0kqN7MJVXFczopCh/x/xA=
Subject key identifier:   CD:90:1C:06:F0:3A:45:2A:49:1E:53:13:80:26:00:EB:B1:51:2B:9A
Certificate issuer:       /CN=dcb65a90ed3cf4ae0452554ee34b92a8476dcf10
Certificate serial:       018CE395B40BA1C2482743F3A74895859394
Authority key identifier: DC:B6:5A:90:ED:3C:F4:AE:04:52:55:4E:E3:4B:92:A8:47:6D:CF:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3LZakO089K4EUlVO40uSqEdtzxA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/zZAcBvA6RSpJHlMTgCYA67FRK5o.roa
Signing time:             Sun 07 Jan 2024 11:01:28 +0000
ROA not before:           Sun 07 Jan 2024 11:01:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201031
IP address blocks:        37.77.69.0/24 maxlen: 24
                          37.77.68.0/24 maxlen: 24
                          37.77.65.0/24 maxlen: 24
                          37.77.70.0/24 maxlen: 24
                          37.77.71.0/24 maxlen: 24
                          37.77.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/3LZakO089K4EUlVO40uSqEdtzxA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/3LZakO089K4EUlVO40uSqEdtzxA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3LZakO089K4EUlVO40uSqEdtzxA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e3:95:b4:0b:a1:c2:48:27:43:f3:a7:48:95:85:93:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcb65a90ed3cf4ae0452554ee34b92a8476dcf10
        Validity
            Not Before: Jan  7 11:01:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd901c06f03a452a491e5313802600ebb1512b9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:02:37:e3:01:a9:66:57:7f:75:7a:d3:3f:b5:
                    9c:03:f4:8a:c3:3d:08:3f:65:e3:c4:43:33:87:3e:
                    72:4d:3f:26:9b:50:e9:6d:61:50:a1:4a:00:45:d4:
                    7e:9f:c5:81:b8:53:dd:31:92:5f:74:b6:f3:9d:a7:
                    88:19:90:dc:0f:8d:d9:cb:62:2c:c0:b1:0c:54:77:
                    34:24:1e:d9:d9:08:32:66:af:09:80:3d:80:60:87:
                    7b:3a:d9:b8:27:f7:46:d1:0a:06:40:ad:0c:53:15:
                    b6:1b:91:fe:a0:bb:28:ac:25:ec:09:9f:d1:22:51:
                    63:97:54:27:e6:a9:d7:33:cd:dd:7f:ab:8b:e5:dd:
                    a2:11:b6:07:b9:54:8d:35:7c:4e:4b:5b:82:92:b0:
                    3a:c5:a3:b0:6f:d5:82:03:3b:7e:af:84:3d:9a:f4:
                    be:fc:f1:2f:90:e4:01:8d:98:45:8f:1b:d7:8f:ac:
                    7b:47:4e:97:1c:19:41:17:fd:51:25:18:de:1a:f7:
                    eb:89:5f:40:02:02:e1:46:91:26:9b:f4:4c:fa:9d:
                    c8:f9:4e:b6:bd:ab:13:1c:09:a9:45:47:73:c7:4e:
                    d5:db:77:e3:cc:1c:94:64:b0:e8:c0:95:28:9d:f4:
                    15:03:f1:8b:71:70:4f:7d:2b:81:e4:ee:92:5f:af:
                    9e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:90:1C:06:F0:3A:45:2A:49:1E:53:13:80:26:00:EB:B1:51:2B:9A
            X509v3 Authority Key Identifier:
                keyid:DC:B6:5A:90:ED:3C:F4:AE:04:52:55:4E:E3:4B:92:A8:47:6D:CF:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3LZakO089K4EUlVO40uSqEdtzxA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/zZAcBvA6RSpJHlMTgCYA67FRK5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/09200e-999d-4b45-a741-85a955f2163b/1/3LZakO089K4EUlVO40uSqEdtzxA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.64.0/23
                  37.77.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:14:b4:66:3f:a3:04:b8:ba:86:ff:8b:9c:4a:17:a7:d3:33:
         9c:2a:33:f4:c0:dc:74:29:44:49:10:f6:02:5e:de:3e:60:f6:
         bb:26:b7:42:49:e3:6d:63:ed:1a:ef:60:9a:0d:eb:75:b9:5a:
         20:2f:8a:ac:3a:6b:ce:8e:d8:58:5f:54:e2:33:e9:09:54:4a:
         0e:bf:41:58:62:5f:c2:a0:b8:d0:69:13:21:91:f3:df:08:d1:
         fa:92:63:b1:07:72:28:10:8d:05:cc:a9:86:f1:64:17:48:33:
         cf:c9:83:62:a9:e4:7a:e4:fc:46:28:55:da:f1:74:6c:dc:56:
         3f:c7:5f:23:72:84:d8:fd:7d:62:54:d3:13:cd:36:6d:1a:63:
         db:c7:ad:c6:cc:b0:89:d1:cb:1a:67:b4:fe:8d:e4:24:1b:bd:
         f9:16:44:b0:61:67:d7:9c:95:e5:0a:d5:83:62:4f:fc:69:41:
         2d:d9:b7:ef:f6:d0:ba:25:d6:51:0c:98:1e:82:78:fe:11:dc:
         0d:d8:dc:6b:01:c1:26:9b:df:67:de:dd:75:a4:ca:a2:22:ba:
         c7:29:78:41:b3:d0:ca:f5:f2:68:65:69:cf:9f:a0:1c:a2:94:
         7d:c2:d6:ec:f7:0e:77:08:52:54:00:34:84:ec:2e:c5:67:cc:
         b8:22:f4:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzjlbQLocJIJ0Pzp0iVhZOUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYjY1YTkwZWQzY2Y0YWUwNDUyNTU0ZWUzNGI5MmE4NDc2
ZGNmMTAwHhcNMjQwMTA3MTEwMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDkwMWMwNmYwM2E0NTJhNDkxZTUzMTM4MDI2MDBlYmIxNTEyYjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAI34wGpZld/dXrTP7WcA/SKwz0I
P2XjxEMzhz5yTT8mm1DpbWFQoUoARdR+n8WBuFPdMZJfdLbznaeIGZDcD43Zy2Is
wLEMVHc0JB7Z2QgyZq8JgD2AYId7Otm4J/dG0QoGQK0MUxW2G5H+oLsorCXsCZ/R
IlFjl1Qn5qnXM83df6uL5d2iEbYHuVSNNXxOS1uCkrA6xaOwb9WCAzt+r4Q9mvS+
/PEvkOQBjZhFjxvXj6x7R06XHBlBF/1RJRjeGvfriV9AAgLhRpEmm/RM+p3I+U62
vasTHAmpRUdzx07V23fjzByUZLDowJUonfQVA/GLcXBPfSuB5O6SX6+eYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM2QHAbwOkUqSR5TE4AmAOuxUSuaMB8GA1UdIwQY
MBaAFNy2WpDtPPSuBFJVTuNLkqhHbc8QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0xaYWtPMDg5SzRFVWxWTzQwdVNxRWR0enhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wOTIwMGUtOTk5ZC00YjQ1LWE3NDEt
ODVhOTU1ZjIxNjNiLzEvelpBY0J2QTZSU3BKSGxNVGdDWUE2N0ZSSzVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wOTIwMGUtOTk5ZC00YjQ1LWE3NDEtODVhOTU1ZjIxNjNi
LzEvM0xaYWtPMDg5SzRFVWxWTzQwdVNxRWR0enhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJU1AAwQC
JU1EMA0GCSqGSIb3DQEBCwUAA4IBAQCPFLRmP6MEuLqG/4ucShen0zOcKjP0wNx0
KURJEPYCXt4+YPa7JrdCSeNtY+0a72CaDet1uVogL4qsOmvOjthYX1TiM+kJVEoO
v0FYYl/CoLjQaRMhkfPfCNH6kmOxB3IoEI0FzKmG8WQXSDPPyYNiqeR65PxGKFXa
8XRs3FY/x18jcoTY/X1iVNMTzTZtGmPbx63GzLCJ0csaZ7T+jeQkG735FkSwYWfX
nJXlCtWDYk/8aUEt2bfv9tC6JdZRDJgegnj+EdwN2NxrAcEmm99n3t11pMqiIrrH
KXhBs9DK9fJoZWnPn6AcopR9wtbs9w53CFJUADSE7C7FZ8y4IvS2
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:18:11 2024 by rpki-client on console-fra.rpki-client.org