Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/AtiPNY5M1k-GpfrvThD3Z2bg0Lg.roa
File:                     AtiPNY5M1k-GpfrvThD3Z2bg0Lg.roa (raw, json)
Hash identifier:          04omoSUm8bZAaqa4LNpSJzgm0bIlqO6UIy4hXR7/6cI=
Subject key identifier:   02:D8:8F:35:8E:4C:D6:4F:86:A5:FA:EF:4E:10:F7:67:66:E0:D0:B8
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       018CC424A20E5D08FE138FDCBF85BB1B46BE
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/AtiPNY5M1k-GpfrvThD3Z2bg0Lg.roa
Signing time:             Mon 01 Jan 2024 08:29:44 +0000
ROA not before:           Mon 01 Jan 2024 08:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211007
IP address blocks:        77.37.112.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:a2:0e:5d:08:fe:13:8f:dc:bf:85:bb:1b:46:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Jan  1 08:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02d88f358e4cd64f86a5faef4e10f76766e0d0b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fd:18:30:4e:5a:f7:cc:88:1c:b3:a8:8e:ef:
                    89:8b:ea:4f:2c:af:2b:3c:90:6c:17:86:70:cf:02:
                    66:d5:04:ff:8e:76:53:1a:9d:01:84:8d:bc:50:8a:
                    cc:7b:9e:f9:e1:2d:ab:00:a2:22:1e:e7:b1:2a:76:
                    ca:8a:d0:da:d3:b6:d6:15:59:41:d4:9e:b7:0f:48:
                    30:60:d8:ff:53:8b:d9:bd:cc:e2:de:41:52:1b:cc:
                    4f:db:3a:f5:ce:64:48:03:d4:17:95:e6:c0:16:49:
                    54:17:46:f4:cf:2c:b3:b6:cd:a0:8a:38:9d:bb:f9:
                    fd:1b:bc:e3:6a:d6:1c:bb:89:d0:4f:35:30:bb:76:
                    de:86:4d:1b:13:30:07:82:c6:66:d5:fb:01:e4:c9:
                    b3:f4:c0:04:b7:0b:87:e0:76:a1:42:ae:76:f5:55:
                    ce:0c:a5:35:ec:e2:52:99:1a:55:6b:03:86:5b:b0:
                    83:80:52:e6:45:ab:2c:89:bf:b0:4f:17:f8:e0:bd:
                    c0:d5:db:a4:a1:fb:5f:63:12:75:5b:4f:7a:27:24:
                    8e:0d:fe:b0:f1:9a:c2:d2:66:9e:72:cc:44:67:50:
                    58:78:0e:89:b9:b8:e7:b8:91:24:b1:ad:85:ca:7f:
                    65:62:4f:af:5c:f8:f7:34:19:e8:69:af:63:1d:1c:
                    08:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:D8:8F:35:8E:4C:D6:4F:86:A5:FA:EF:4E:10:F7:67:66:E0:D0:B8
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/AtiPNY5M1k-GpfrvThD3Z2bg0Lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.37.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d3:9f:c7:0a:0c:31:fb:9c:b0:4a:a1:fa:8c:e3:db:f5:75:2d:
         55:0a:aa:f1:e2:71:0d:f0:f4:3a:9d:08:5c:e4:66:1d:3c:f2:
         83:81:4d:f2:b0:cb:16:9d:f7:a0:00:b9:8e:72:7f:51:bb:fd:
         3f:62:56:bc:7d:71:f8:70:50:85:0d:7c:8e:d1:fe:e4:10:e1:
         df:a2:12:3e:ef:43:e5:6e:99:7b:9e:fb:13:49:0a:ed:29:e5:
         63:5a:b0:d0:3d:b7:ef:8a:1e:ef:47:57:d7:6c:8c:db:63:2c:
         7c:fb:0e:25:4f:74:c4:61:7e:87:c9:04:4d:1a:f8:b9:ac:dd:
         9d:11:16:f9:ac:85:19:71:7b:16:d3:f9:b0:c2:04:cc:de:5a:
         3b:f2:46:d0:bb:66:8d:82:06:52:d5:bf:36:49:f9:7c:7b:67:
         2b:58:8c:fe:20:06:88:63:d0:2b:d4:de:61:63:87:70:48:d5:
         46:9c:12:d0:22:5d:78:ce:a9:4f:c4:f8:9f:f8:ea:58:c8:ed:
         ab:3b:57:4d:ac:db:5b:41:36:cf:aa:ba:cc:ec:64:17:ac:f4:
         c3:7d:b4:cb:df:c4:9c:ff:50:de:12:cd:eb:75:4c:db:bb:bd:
         15:ec:3d:2b:45:00:71:b5:72:a2:77:40:a2:1a:5e:35:ee:23:
         d3:af:37:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJKIOXQj+E4/cv4W7G0a+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjQwMTAxMDgyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQ4OGYzNThlNGNkNjRmODZhNWZhZWY0ZTEwZjc2NzY2ZTBkMGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmP0YME5a98yIHLOoju+Ji+pPLK8r
PJBsF4ZwzwJm1QT/jnZTGp0BhI28UIrMe5754S2rAKIiHuexKnbKitDa07bWFVlB
1J63D0gwYNj/U4vZvczi3kFSG8xP2zr1zmRIA9QXlebAFklUF0b0zyyzts2gijid
u/n9G7zjatYcu4nQTzUwu3behk0bEzAHgsZm1fsB5Mmz9MAEtwuH4HahQq529VXO
DKU17OJSmRpVawOGW7CDgFLmRassib+wTxf44L3A1dukoftfYxJ1W096JySODf6w
8ZrC0maecsxEZ1BYeA6JubjnuJEksa2Fyn9lYk+vXPj3NBnoaa9jHRwIUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALYjzWOTNZPhqX6704Q92dm4NC4MB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvQXRpUE5ZNU0xay1HcGZydlRoRDNaMmJnMExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBTSVwMA0G
CSqGSIb3DQEBCwUAA4IBAQDTn8cKDDH7nLBKofqM49v1dS1VCqrx4nEN8PQ6nQhc
5GYdPPKDgU3ysMsWnfegALmOcn9Ru/0/Yla8fXH4cFCFDXyO0f7kEOHfohI+70Pl
bpl7nvsTSQrtKeVjWrDQPbfvih7vR1fXbIzbYyx8+w4lT3TEYX6HyQRNGvi5rN2d
ERb5rIUZcXsW0/mwwgTM3lo78kbQu2aNggZS1b82Sfl8e2crWIz+IAaIY9Ar1N5h
Y4dwSNVGnBLQIl14zqlPxPif+OpYyO2rO1dNrNtbQTbPqrrM7GQXrPTDfbTL38Sc
/1DeEs3rdUzbu70V7D0rRQBxtXKid0CiGl417iPTrzf8
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:02:44 2024 by rpki-client on console-ams.rpki-client.org