Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/YpeKHrX4PtxD4pzIqVUVSyk56mc.roa
File:                     YpeKHrX4PtxD4pzIqVUVSyk56mc.roa (raw, json)
Hash identifier:          +VbPHPdDLMS3BVb5kQPs8vgxCYRYYVTrN8SAhtNS95w=
Subject key identifier:   62:97:8A:1E:B5:F8:3E:DC:43:E2:9C:C8:A9:55:15:4B:29:39:EA:67
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018FB99B21A9222AB35E36549A6BBE12AC61
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/YpeKHrX4PtxD4pzIqVUVSyk56mc.roa
Signing time:             Mon 27 May 2024 10:31:42 +0000
ROA not before:           Mon 27 May 2024 10:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58087
IP address blocks:        37.114.46.0/24 maxlen: 24
                          37.114.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b9:9b:21:a9:22:2a:b3:5e:36:54:9a:6b:be:12:ac:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: May 27 10:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=62978a1eb5f83edc43e29cc8a955154b2939ea67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b6:64:66:a5:d9:35:0c:71:51:a5:1b:52:7b:
                    7d:50:b7:8a:b4:c9:e6:a6:f8:c1:9d:dd:0c:cd:3a:
                    8b:10:b2:cd:00:5f:6e:0d:7a:61:4d:c1:9c:23:bc:
                    62:32:ba:e7:c6:d0:c6:f4:43:00:a0:5e:18:76:fa:
                    3c:60:ca:cb:2e:cd:40:8b:ba:e0:60:5b:49:9e:b7:
                    f3:fb:08:b1:f6:bf:49:0f:f5:77:df:4d:f8:91:50:
                    b9:c8:22:df:86:54:b4:9a:27:d0:a5:50:06:80:40:
                    4c:97:d6:7e:c1:5e:d6:e7:49:af:27:78:fb:9f:7f:
                    2b:2e:cb:57:a1:fc:33:45:3a:1e:d5:37:90:f3:87:
                    8b:4f:0a:77:04:1e:0e:d3:6d:5a:e2:22:8b:6b:ba:
                    1a:bd:44:92:6f:06:df:6c:57:a8:77:0e:fb:a9:ac:
                    db:4a:3b:59:56:a3:32:31:19:d2:2d:5e:e9:01:30:
                    eb:16:85:f8:2f:db:ee:79:a8:12:7e:52:bc:f2:15:
                    ef:73:43:1f:63:86:0a:e1:a3:10:d3:38:2d:0a:36:
                    2c:6b:2a:8c:dc:0b:0d:5b:98:06:a9:a9:a6:c9:f7:
                    6c:67:33:0d:b3:c0:f9:ae:44:39:f3:ba:88:ae:01:
                    7d:03:e9:f2:59:7f:1f:19:f0:4e:26:76:ff:33:07:
                    19:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:97:8A:1E:B5:F8:3E:DC:43:E2:9C:C8:A9:55:15:4B:29:39:EA:67
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/YpeKHrX4PtxD4pzIqVUVSyk56mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.46.0/24
                  37.114.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:bb:68:81:1c:d0:7f:e8:3f:c6:c5:7e:f8:fa:87:33:5e:a6:
         99:e2:b6:f3:71:7d:4d:57:fb:ad:73:77:b6:c4:c2:ce:df:4d:
         41:6f:a0:73:0e:aa:76:dc:0a:58:2b:39:0d:42:94:bb:04:2f:
         02:ac:37:ab:2d:93:7c:50:2b:4c:04:b5:53:ca:af:fc:12:27:
         da:99:43:3b:7b:a7:c5:00:1b:dd:a2:d9:ef:d9:fe:f7:02:ad:
         bb:92:46:d6:d7:d9:d8:b5:70:ad:47:03:dc:c4:9d:ef:dc:13:
         30:17:71:77:d3:d9:09:66:49:0c:e5:c8:30:dc:f0:25:86:86:
         ef:c1:dd:69:89:82:71:ea:10:43:f1:fd:85:73:b3:74:50:63:
         2d:74:53:13:e9:76:55:19:12:37:f4:c1:48:ac:b5:6a:38:76:
         40:9e:27:2c:a9:fa:97:44:55:b3:f5:88:32:9e:31:79:f9:c8:
         d3:07:c3:32:b9:3c:97:6c:5c:72:c6:7a:f3:8a:f4:82:a2:d6:
         c0:5c:41:35:0c:3d:0b:10:d0:77:0e:9c:0d:e8:35:81:b5:4f:
         15:0e:c7:d7:b3:62:91:b0:a9:60:b5:08:4f:21:ec:8c:fb:58:
         93:c9:69:bc:72:ba:92:98:b6:ba:8f:16:1d:0c:aa:a2:f0:fd:
         b7:6f:63:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+5myGpIiqzXjZUmmu+EqxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwNTI3MTAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjk3OGExZWI1ZjgzZWRjNDNlMjljYzhhOTU1MTU0YjI5MzllYTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7ZkZqXZNQxxUaUbUnt9ULeKtMnm
pvjBnd0MzTqLELLNAF9uDXphTcGcI7xiMrrnxtDG9EMAoF4Ydvo8YMrLLs1Ai7rg
YFtJnrfz+wix9r9JD/V33034kVC5yCLfhlS0mifQpVAGgEBMl9Z+wV7W50mvJ3j7
n38rLstXofwzRToe1TeQ84eLTwp3BB4O021a4iKLa7oavUSSbwbfbFeodw77qazb
SjtZVqMyMRnSLV7pATDrFoX4L9vueagSflK88hXvc0MfY4YK4aMQ0zgtCjYsayqM
3AsNW5gGqammyfdsZzMNs8D5rkQ587qIrgF9A+nyWX8fGfBOJnb/MwcZTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGKXih61+D7cQ+KcyKlVFUspOepnMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvWXBlS0hyWDRQdHhENHB6SXFWVVZTeWs1Nm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJXIuAwQA
JXIyMA0GCSqGSIb3DQEBCwUAA4IBAQB7u2iBHNB/6D/GxX74+oczXqaZ4rbzcX1N
V/utc3e2xMLO301Bb6BzDqp23ApYKzkNQpS7BC8CrDerLZN8UCtMBLVTyq/8Eifa
mUM7e6fFABvdotnv2f73Aq27kkbW19nYtXCtRwPcxJ3v3BMwF3F309kJZkkM5cgw
3PAlhobvwd1piYJx6hBD8f2Fc7N0UGMtdFMT6XZVGRI39MFIrLVqOHZAnicsqfqX
RFWz9YgynjF5+cjTB8MyuTyXbFxyxnrzivSCotbAXEE1DD0LENB3DpwN6DWBtU8V
DsfXs2KRsKlgtQhPIeyM+1iTyWm8crqSmLa6jxYdDKqi8P23b2M4
-----END CERTIFICATE-----