Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Ewkt-CLF0VopP9bH2dWCr3v4b44.roa
File:                     Ewkt-CLF0VopP9bH2dWCr3v4b44.roa (raw, json)
Hash identifier:          ZqGP0uiTNvYAloqQ2mCEtCY4KrJc44+r+8em4VPwioQ=
Subject key identifier:   13:09:2D:F8:22:C5:D1:5A:29:3F:D6:C7:D9:D5:82:AF:7B:F8:6F:8E
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018E480A6766E9F63FDDE3D647ABC806A656
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Ewkt-CLF0VopP9bH2dWCr3v4b44.roa
Signing time:             Sat 16 Mar 2024 16:13:45 +0000
ROA not before:           Sat 16 Mar 2024 16:13:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152179
IP address blocks:        37.128.250.0/23 maxlen: 24
                          176.221.16.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:48:0a:67:66:e9:f6:3f:dd:e3:d6:47:ab:c8:06:a6:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Mar 16 16:13:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13092df822c5d15a293fd6c7d9d582af7bf86f8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:19:36:d9:07:ec:11:07:4d:1c:26:9e:31:8b:
                    5b:75:29:c2:bb:b7:b3:93:b5:80:0a:a0:11:c6:99:
                    ba:77:22:55:6c:97:27:a9:66:80:ca:e6:1b:ac:d5:
                    08:da:83:2a:f1:a5:9f:f8:45:b5:c4:bc:55:a3:14:
                    6b:f9:54:61:1c:89:69:93:bd:3b:34:29:a6:82:b9:
                    b9:e3:9e:17:b4:b8:0c:e0:05:8e:e7:c3:12:b3:38:
                    68:e3:da:b9:f0:28:44:cc:1e:2a:48:f9:34:cc:5c:
                    eb:c5:3e:0c:1e:e5:54:7d:5c:24:49:65:6f:11:82:
                    c1:5a:44:73:d7:20:88:91:44:94:ea:77:e8:10:b7:
                    40:95:a0:3c:58:fd:10:e1:f8:04:b1:03:a5:12:4d:
                    8e:9a:68:c8:17:5f:b1:3f:51:ef:36:40:05:49:85:
                    9e:cf:70:4d:b5:44:86:62:a5:98:24:c4:2a:69:f2:
                    41:92:9f:4d:d9:8d:a1:0f:a5:c0:09:ba:26:11:76:
                    5a:45:95:9c:95:47:e8:00:81:55:c6:b8:09:be:58:
                    f4:4c:84:2b:f6:8b:fc:9a:6c:d2:f5:45:33:4c:4d:
                    65:6d:fd:0b:50:9a:00:ed:8c:6b:d2:69:85:ac:25:
                    91:d1:af:6d:d7:4b:68:1a:4b:05:3f:de:0b:54:f5:
                    a3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:09:2D:F8:22:C5:D1:5A:29:3F:D6:C7:D9:D5:82:AF:7B:F8:6F:8E
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/Ewkt-CLF0VopP9bH2dWCr3v4b44.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.250.0/23
                  176.221.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:fe:bc:1e:94:9a:fd:47:4d:f5:99:66:50:87:3a:6c:c2:6d:
         3a:1e:04:fd:fa:24:35:73:be:5b:09:30:85:ac:c5:27:5d:53:
         8d:65:31:23:9c:40:1a:84:51:31:e1:57:35:cc:2d:af:8d:72:
         85:97:aa:8e:31:78:87:c0:9b:d0:9d:22:86:a9:cc:bb:5a:be:
         59:2d:75:5e:da:3d:fa:e8:86:5d:a6:d7:eb:4e:20:37:35:ae:
         d0:65:50:35:ee:76:e0:19:e8:70:84:8d:6d:eb:d6:1d:b7:20:
         80:bb:2d:30:5d:d7:79:5d:42:77:58:d4:9d:f2:eb:fd:01:90:
         fa:59:58:05:09:ed:3b:f7:18:c1:1d:de:ee:82:91:d7:49:7d:
         2a:d2:0d:3f:e1:f6:66:de:36:e8:58:10:92:a5:22:38:a7:7f:
         01:80:45:fa:10:27:bd:c2:c6:8d:bd:59:80:92:c5:6e:67:93:
         87:af:0f:df:ac:42:68:e8:02:83:4f:d9:0b:2a:07:75:ff:d3:
         b3:06:52:85:56:29:2d:74:e9:21:0c:25:7f:4d:ff:6c:d8:5c:
         51:95:04:82:53:4a:cc:95:02:3f:be:f2:67:18:27:01:c2:bf:
         91:fa:6a:e2:8a:d7:1b:da:4a:cf:2a:c4:03:91:d9:d7:81:a1:
         d3:82:83:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5ICmdm6fY/3ePWR6vIBqZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMzE2MTYxMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzA5MmRmODIyYzVkMTVhMjkzZmQ2YzdkOWQ1ODJhZjdiZjg2ZjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxk22QfsEQdNHCaeMYtbdSnCu7ez
k7WACqARxpm6dyJVbJcnqWaAyuYbrNUI2oMq8aWf+EW1xLxVoxRr+VRhHIlpk707
NCmmgrm5454XtLgM4AWO58MSszho49q58ChEzB4qSPk0zFzrxT4MHuVUfVwkSWVv
EYLBWkRz1yCIkUSU6nfoELdAlaA8WP0Q4fgEsQOlEk2OmmjIF1+xP1HvNkAFSYWe
z3BNtUSGYqWYJMQqafJBkp9N2Y2hD6XACbomEXZaRZWclUfoAIFVxrgJvlj0TIQr
9ov8mmzS9UUzTE1lbf0LUJoA7Yxr0mmFrCWR0a9t10toGksFP94LVPWjWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBMJLfgixdFaKT/Wx9nVgq97+G+OMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvRXdrdC1DTEYwVm9wUDliSDJkV0NyM3Y0YjQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJYD6AwQC
sN0QMA0GCSqGSIb3DQEBCwUAA4IBAQAn/rwelJr9R031mWZQhzpswm06HgT9+iQ1
c75bCTCFrMUnXVONZTEjnEAahFEx4Vc1zC2vjXKFl6qOMXiHwJvQnSKGqcy7Wr5Z
LXVe2j366IZdptfrTiA3Na7QZVA17nbgGehwhI1t69YdtyCAuy0wXdd5XUJ3WNSd
8uv9AZD6WVgFCe079xjBHd7ugpHXSX0q0g0/4fZm3jboWBCSpSI4p38BgEX6ECe9
wsaNvVmAksVuZ5OHrw/frEJo6AKDT9kLKgd1/9OzBlKFViktdOkhDCV/Tf9s2FxR
lQSCU0rMlQI/vvJnGCcBwr+R+mriitcb2krPKsQDkdnXgaHTgoPP
-----END CERTIFICATE-----