Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/37aNMfBB6UJ8zqgx63D9vUvuqOY.roa
File:                     37aNMfBB6UJ8zqgx63D9vUvuqOY.roa (raw, json)
Hash identifier:          +o7JzdGCCosq0igMR1CEO1M19VfE7na1iBPTqphqZAM=
Subject key identifier:   DF:B6:8D:31:F0:41:E9:42:7C:CE:A8:31:EB:70:FD:BD:4B:EE:A8:E6
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018E1EACE5662A4C81C47EC81766CDD1871A
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/37aNMfBB6UJ8zqgx63D9vUvuqOY.roa
Signing time:             Fri 08 Mar 2024 15:27:11 +0000
ROA not before:           Fri 08 Mar 2024 15:27:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212147
IP address blocks:        194.26.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:1e:ac:e5:66:2a:4c:81:c4:7e:c8:17:66:cd:d1:87:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar  8 15:27:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfb68d31f041e9427ccea831eb70fdbd4beea8e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9f:86:c0:79:f9:c7:29:56:42:11:90:8f:af:
                    76:d6:e0:c5:92:c2:d2:48:52:4c:82:73:82:d3:fc:
                    95:1e:62:6e:ae:76:81:fe:38:22:62:95:3a:70:a1:
                    a7:ca:99:25:f6:98:fd:06:b7:ac:1f:49:1a:9d:2a:
                    60:b7:ca:58:19:cb:9d:62:a5:72:09:b7:b7:f7:ca:
                    dc:c5:66:0b:4c:5b:31:84:5a:19:bb:bf:da:42:9c:
                    c8:60:4b:ba:8c:84:ee:7e:25:28:c0:6c:c6:00:43:
                    cc:78:51:c0:8d:ac:bc:1b:7c:e4:db:c7:f0:a4:b8:
                    cf:c3:8d:2b:6f:2d:50:8c:8f:2a:23:9e:7e:e4:84:
                    c5:d3:36:b7:f4:ed:1a:15:4a:29:44:a1:e7:7f:e7:
                    3f:7d:57:59:d1:2e:eb:5e:50:f6:a0:fe:96:bd:b1:
                    08:8b:65:86:d7:10:e9:1d:78:aa:2c:81:07:b5:94:
                    58:8d:78:64:18:0b:c7:eb:be:f8:88:a2:01:63:97:
                    69:7b:94:14:15:6a:2a:40:ae:a0:dd:b8:97:0f:23:
                    66:e1:ad:d6:31:f7:4c:13:3c:28:91:8f:0b:73:ae:
                    9f:bd:1b:e5:37:12:95:7b:87:77:07:04:66:6b:de:
                    50:99:10:0c:73:a5:2f:00:bb:4c:ed:0b:0e:bb:49:
                    e8:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B6:8D:31:F0:41:E9:42:7C:CE:A8:31:EB:70:FD:BD:4B:EE:A8:E6
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/37aNMfBB6UJ8zqgx63D9vUvuqOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:3a:5c:f9:25:46:d0:b1:33:98:62:e4:f6:94:78:47:52:97:
         91:3b:25:8c:30:ad:93:a1:63:85:b8:06:b4:3e:9b:ba:cb:07:
         69:42:b3:00:10:02:ca:9b:42:2f:ec:c6:7b:5d:3d:7c:14:3d:
         ba:45:39:32:0b:ab:04:6d:78:b2:36:b0:a4:02:a0:9b:e1:ae:
         71:d1:84:ed:fd:7c:72:ce:7e:21:53:97:bf:75:bf:06:b3:d6:
         d0:bc:59:2d:8a:bc:c4:94:70:ab:07:be:fc:25:02:11:4d:37:
         c3:95:86:b8:e3:ce:d7:2a:be:df:f3:c8:ef:21:33:f2:95:eb:
         09:a8:1d:da:fe:85:cb:06:30:8e:d9:6b:2b:d8:43:cd:b1:3e:
         98:29:67:fe:2b:65:25:45:8a:45:7e:69:6b:0f:79:6f:bd:85:
         a8:7d:5e:3f:35:d2:cf:b1:3b:ca:52:83:c4:c8:70:73:f9:20:
         c7:98:ff:b5:e9:bb:38:d5:30:15:76:1a:53:72:83:b9:93:60:
         8b:b0:08:46:17:31:cd:be:d3:f1:46:7c:db:93:44:25:32:a2:
         fa:7a:71:c5:e1:69:b5:3a:14:2a:1d:7b:5e:9a:e7:61:de:04:
         ef:fd:48:55:9e:ea:f8:b8:ea:3f:da:d8:e9:ae:ac:ad:ca:b0:
         5e:b7:e9:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4erOVmKkyBxH7IF2bN0YcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMzA4MTUyNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmI2OGQzMWYwNDFlOTQyN2NjZWE4MzFlYjcwZmRiZDRiZWVhOGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJ+GwHn5xylWQhGQj6921uDFksLS
SFJMgnOC0/yVHmJurnaB/jgiYpU6cKGnypkl9pj9BresH0kanSpgt8pYGcudYqVy
Cbe398rcxWYLTFsxhFoZu7/aQpzIYEu6jITufiUowGzGAEPMeFHAjay8G3zk28fw
pLjPw40rby1QjI8qI55+5ITF0za39O0aFUopRKHnf+c/fVdZ0S7rXlD2oP6WvbEI
i2WG1xDpHXiqLIEHtZRYjXhkGAvH6774iKIBY5dpe5QUFWoqQK6g3biXDyNm4a3W
MfdMEzwokY8Lc66fvRvlNxKVe4d3BwRma95QmRAMc6UvALtM7QsOu0noBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+2jTHwQelCfM6oMetw/b1L7qjmMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvMzdhTk1mQkI2VUo4enFneDYzRDl2VXZ1cU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhqJMA0G
CSqGSIb3DQEBCwUAA4IBAQCAOlz5JUbQsTOYYuT2lHhHUpeROyWMMK2ToWOFuAa0
Ppu6ywdpQrMAEALKm0Iv7MZ7XT18FD26RTkyC6sEbXiyNrCkAqCb4a5x0YTt/Xxy
zn4hU5e/db8Gs9bQvFktirzElHCrB778JQIRTTfDlYa4487XKr7f88jvITPylesJ
qB3a/oXLBjCO2Wsr2EPNsT6YKWf+K2UlRYpFfmlrD3lvvYWofV4/NdLPsTvKUoPE
yHBz+SDHmP+16bs41TAVdhpTcoO5k2CLsAhGFzHNvtPxRnzbk0QlMqL6enHF4Wm1
OhQqHXtemudh3gTv/UhVnur4uOo/2tjprqytyrBet+m/
-----END CERTIFICATE-----