Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS197537.roa
File:                     AS197537.roa (raw, json)
Hash identifier:          32u58ohpnJyqOkI5wrjozdj5UZIE1jFMc8jzW6NVj2I=
Subject key identifier:   09:50:82:E6:14:BC:78:F9:72:0B:D9:04:BE:BB:9C:DE:17:79:45:B0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7D07F501D595B811190B64CEE8976CFE0E29EB5E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS197537.roa
Signing time:             Fri 24 May 2024 08:19:24 +0000
ROA not before:           Fri 24 May 2024 08:14:24 +0000
ROA not after:            Fri 23 May 2025 08:19:24 +0000
asID:                     197537
IP address blocks:        179.61.157.0/24 maxlen: 24
                          181.214.4.0/24 maxlen: 24
                          181.214.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:07:f5:01:d5:95:b8:11:19:0b:64:ce:e8:97:6c:fe:0e:29:eb:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 24 08:14:24 2024 GMT
            Not After : May 23 08:19:24 2025 GMT
        Subject: CN=095082E614BC78F9720BD904BEBB9CDE177945B0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9c:c2:ea:35:15:95:0c:46:38:d5:3f:84:ae:
                    66:94:c0:03:5d:25:ad:73:ff:8f:5b:ab:4e:51:c2:
                    78:14:c3:51:d9:6b:23:ea:46:b8:be:6d:54:01:35:
                    69:98:2a:82:2d:20:62:f4:cb:c4:97:ea:90:fa:c3:
                    aa:86:d7:ef:a1:20:62:25:5d:e6:bb:78:ef:bb:ba:
                    bf:64:4c:29:e3:6d:4f:ac:2d:7f:96:46:eb:53:1e:
                    9e:b6:32:83:f8:7e:0d:2e:db:78:5d:0d:24:9f:cb:
                    26:cf:a4:66:d9:35:5f:23:1d:ed:c0:bc:21:c4:9e:
                    be:20:33:b0:f4:b2:1e:82:d3:a1:c7:2f:bd:f2:32:
                    cd:5d:7f:97:8b:eb:67:5c:7d:18:42:99:63:1f:1a:
                    97:54:24:15:ee:bc:c3:52:37:ca:06:96:98:77:e2:
                    87:74:04:67:b0:48:3c:1d:68:73:7b:b6:a6:07:80:
                    24:fe:2d:6c:29:de:f5:96:f1:3d:67:a4:41:8a:5c:
                    ef:f4:83:b7:fe:ee:95:0f:ac:f8:f2:7b:09:17:17:
                    09:4d:7b:96:1c:87:a1:fb:2a:2e:e4:3f:3e:ec:38:
                    d8:a4:9e:fc:3f:71:ca:c9:a1:19:08:61:be:c5:b1:
                    6d:77:4c:e2:72:df:e0:9f:d7:a5:21:bb:12:4a:bd:
                    ff:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:50:82:E6:14:BC:78:F9:72:0B:D9:04:BE:BB:9C:DE:17:79:45:B0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS197537.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.157.0/24
                  181.214.4.0/24
                  181.214.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d7:c2:89:8b:79:79:24:f6:86:e3:4c:12:82:6c:79:12:a8:
         8b:a5:1e:8e:86:d8:48:dc:18:d3:26:c3:42:b7:26:50:38:dc:
         10:0a:42:b5:59:8f:1b:b9:30:9c:6c:e4:62:dd:aa:6d:44:af:
         2d:e6:97:7a:7e:99:6d:e2:3d:f8:38:47:fe:96:c0:94:48:28:
         c7:32:8a:ad:9e:a2:5d:94:fd:4d:98:7f:6c:ed:88:26:d4:c0:
         41:09:b9:14:6b:3f:67:ca:68:23:7d:e7:5b:11:be:0e:74:af:
         60:8f:51:94:10:a1:79:08:4a:86:e0:61:ae:07:97:5c:c4:05:
         19:f5:88:db:f7:7f:8c:74:f5:56:72:2f:fa:35:de:16:8b:1b:
         ae:89:9d:bb:5f:0d:c4:3a:f4:13:c2:f6:0a:0e:be:4d:18:15:
         3b:de:56:f0:d7:45:2d:78:3c:c7:9a:cb:a5:6d:99:0c:b0:1f:
         b1:e5:53:40:d2:b7:13:f1:d8:a1:94:b7:80:13:23:30:9a:b4:
         18:74:b4:92:5f:94:22:33:c6:5b:b1:d8:3f:09:75:db:4a:fd:
         51:7c:48:76:50:97:f5:24:be:27:4e:8f:fc:e4:af:47:eb:46:
         09:d7:33:77:2f:16:d9:f3:8d:14:f6:4a:4e:ff:8a:4c:1f:1c:
         cc:6c:33:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUfQf1AdWVuBEZC2TO6Jds/g4p614wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MjQwODE0MjRaFw0yNTA1MjMwODE5MjRaMDMxMTAvBgNV
BAMTKDA5NTA4MkU2MTRCQzc4Rjk3MjBCRDkwNEJFQkI5Q0RFMTc3OTQ1QjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAnMLqNRWVDEY41T+ErmaUwANd
Ja1z/49bq05RwngUw1HZayPqRri+bVQBNWmYKoItIGL0y8SX6pD6w6qG1++hIGIl
Xea7eO+7ur9kTCnjbU+sLX+WRutTHp62MoP4fg0u23hdDSSfyybPpGbZNV8jHe3A
vCHEnr4gM7D0sh6C06HHL73yMs1df5eL62dcfRhCmWMfGpdUJBXuvMNSN8oGlph3
4od0BGewSDwdaHN7tqYHgCT+LWwp3vWW8T1npEGKXO/0g7f+7pUPrPjyewkXFwlN
e5Ych6H7Ki7kPz7sONiknvw/ccrJoRkIYb7FsW13TOJy3+Cf16UhuxJKvf+TAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUCVCC5hS8ePlyC9kEvruc3hd5RbAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTk3NTM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsz2d
AwQAtdYEAwQAtdYVMA0GCSqGSIb3DQEBCwUAA4IBAQA/18KJi3l5JPaG40wSgmx5
EqiLpR6OhthI3BjTJsNCtyZQONwQCkK1WY8buTCcbORi3aptRK8t5pd6fplt4j34
OEf+lsCUSCjHMoqtnqJdlP1NmH9s7Ygm1MBBCbkUaz9nymgjfedbEb4OdK9gj1GU
EKF5CEqG4GGuB5dcxAUZ9Yjb93+MdPVWci/6Nd4WixuuiZ27Xw3EOvQTwvYKDr5N
GBU73lbw10UteDzHmsulbZkMsB+x5VNA0rcT8dihlLeAEyMwmrQYdLSSX5QiM8Zb
sdg/CXXbSv1RfEh2UJf1JL4nTo/85K9H60YJ1zN3LxbZ840U9kpO/4pMHxzMbDOR
-----END CERTIFICATE-----
Generated at Sun Jun 16 14:53:41 2024 by rpki-client on console-ams.rpki-client.org