Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/S8ivnUHlcBa3I4aKMXotbj6p-5g.roa
File:                     S8ivnUHlcBa3I4aKMXotbj6p-5g.roa (raw, json)
Hash identifier:          Cq8WlRKrWGY4LNmOo/VH8oPEczSa5l7mVa46LBxWrQo=
Subject key identifier:   4B:C8:AF:9D:41:E5:70:16:B7:23:86:8A:31:7A:2D:6E:3E:A9:FB:98
Certificate issuer:       /CN=dc0e25e17a51696923a5c02966787409aac9aa36
Certificate serial:       018CC726BD313B9FC93B6451D08C7D54D276
Authority key identifier: DC:0E:25:E1:7A:51:69:69:23:A5:C0:29:66:78:74:09:AA:C9:AA:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/S8ivnUHlcBa3I4aKMXotbj6p-5g.roa
Signing time:             Mon 01 Jan 2024 22:30:53 +0000
ROA not before:           Mon 01 Jan 2024 22:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59726
IP address blocks:        37.230.201.0/24 maxlen: 24
                          212.86.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:bd:31:3b:9f:c9:3b:64:51:d0:8c:7d:54:d2:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc0e25e17a51696923a5c02966787409aac9aa36
        Validity
            Not Before: Jan  1 22:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bc8af9d41e57016b723868a317a2d6e3ea9fb98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:53:49:dc:e2:f3:36:f6:63:96:23:fd:28:ff:
                    4f:fa:67:a0:f0:6d:13:d3:44:0c:42:8d:0c:45:e8:
                    eb:73:42:0a:5a:d7:4a:89:8a:56:59:1c:49:3d:9f:
                    ff:4e:d0:a8:cc:4e:a1:1a:22:16:3f:44:8d:23:d0:
                    64:9b:af:0b:be:fe:30:1f:58:d4:07:27:df:d5:36:
                    02:4b:f6:64:b7:95:bf:03:5e:60:40:08:78:47:e7:
                    1a:43:cd:05:3d:45:31:bd:d0:a9:19:18:11:75:64:
                    40:fc:40:7d:6c:00:36:61:01:00:08:12:54:20:73:
                    57:5e:68:68:40:eb:4f:56:ed:94:50:a4:5e:4f:69:
                    4c:3d:22:df:2a:44:ff:94:38:85:88:10:35:ff:c0:
                    da:b0:28:66:2a:de:1c:6a:c3:81:59:81:70:ef:7a:
                    3a:6f:55:df:46:ef:ba:8b:42:af:07:ed:72:df:31:
                    95:ce:47:8b:12:a4:e2:d6:b8:8b:11:81:8c:1a:91:
                    5a:18:df:ec:cd:9a:42:61:42:0c:1f:05:c6:62:6b:
                    53:b8:df:c4:c7:08:cb:8c:76:fe:a6:47:0c:a9:ab:
                    e8:b1:87:f8:85:7d:10:a9:56:95:0f:d5:2d:b7:34:
                    d6:c0:2d:64:b6:10:94:e3:a0:98:f3:e7:99:94:fd:
                    62:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:C8:AF:9D:41:E5:70:16:B7:23:86:8A:31:7A:2D:6E:3E:A9:FB:98
            X509v3 Authority Key Identifier:
                keyid:DC:0E:25:E1:7A:51:69:69:23:A5:C0:29:66:78:74:09:AA:C9:AA:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3A4l4XpRaWkjpcApZnh0CarJqjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/S8ivnUHlcBa3I4aKMXotbj6p-5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/2cc46c-8c51-4330-b623-1835cc8a1d9d/1/3A4l4XpRaWkjpcApZnh0CarJqjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.201.0/24
                  212.86.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:a9:b8:77:b1:95:fd:d3:2c:a1:a9:02:e5:ce:13:23:74:d4:
         02:18:8e:f4:3e:b7:7f:e1:6b:88:ce:55:50:f4:c0:b9:7c:e6:
         8f:ef:be:3d:f9:c3:63:7d:bb:a6:6e:cb:dd:01:2f:79:6d:d4:
         be:9d:6c:47:12:df:ef:9c:e4:2c:6a:92:71:f6:b9:df:f1:70:
         a0:aa:c8:bf:a3:45:c6:0b:30:f2:13:1b:4f:29:1f:5c:8a:9e:
         77:60:e3:91:cb:33:8c:23:db:5e:77:79:41:df:e8:ab:b6:d1:
         dc:b4:35:a6:b9:43:10:dd:c9:c6:3d:3a:3d:c5:2c:f2:f3:40:
         92:46:cb:57:5b:d5:dd:22:40:fc:56:79:60:8c:dd:f3:95:a7:
         a7:22:3f:67:09:83:96:db:7d:ab:27:dc:b2:e0:74:85:f0:d1:
         14:11:e7:77:49:89:64:17:c4:5f:39:5c:07:65:57:0b:ad:50:
         1d:17:8f:65:44:e5:f2:ba:f6:af:ca:69:dc:c9:a2:4c:5b:ff:
         58:cf:63:56:c9:a0:00:c2:ab:4b:07:5b:85:1f:66:7d:40:a3:
         a8:7a:30:69:77:df:54:28:57:7b:63:65:0f:23:c7:8e:93:cb:
         ae:d3:e9:a7:db:5a:dc:7a:70:5e:12:16:2d:cb:12:0e:d1:e9:
         f4:3e:ff:6b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJr0xO5/JO2RR0Ix9VNJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMGUyNWUxN2E1MTY5NjkyM2E1YzAyOTY2Nzg3NDA5YWFj
OWFhMzYwHhcNMjQwMTAxMjIzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmM4YWY5ZDQxZTU3MDE2YjcyMzg2OGEzMTdhMmQ2ZTNlYTlmYjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFNJ3OLzNvZjliP9KP9P+meg8G0T
00QMQo0MRejrc0IKWtdKiYpWWRxJPZ//TtCozE6hGiIWP0SNI9Bkm68Lvv4wH1jU
Byff1TYCS/Zkt5W/A15gQAh4R+caQ80FPUUxvdCpGRgRdWRA/EB9bAA2YQEACBJU
IHNXXmhoQOtPVu2UUKReT2lMPSLfKkT/lDiFiBA1/8DasChmKt4casOBWYFw73o6
b1XfRu+6i0KvB+1y3zGVzkeLEqTi1riLEYGMGpFaGN/szZpCYUIMHwXGYmtTuN/E
xwjLjHb+pkcMqavosYf4hX0QqVaVD9UttzTWwC1kthCU46CY8+eZlP1ivQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEvIr51B5XAWtyOGijF6LW4+qfuYMB8GA1UdIwQY
MBaAFNwOJeF6UWlpI6XAKWZ4dAmqyao2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0E0bDRYcFJhV2tqcGNBcFpuaDBDYXJKcWpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8yY2M0NmMtOGM1MS00MzMwLWI2MjMt
MTgzNWNjOGExZDlkLzEvUzhpdm5VSGxjQmEzSTRhS01Yb3RiajZwLTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8yY2M0NmMtOGM1MS00MzMwLWI2MjMtMTgzNWNjOGExZDlk
LzEvM0E0bDRYcFJhV2tqcGNBcFpuaDBDYXJKcWpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJebJAwQA
1FZjMA0GCSqGSIb3DQEBCwUAA4IBAQANqbh3sZX90yyhqQLlzhMjdNQCGI70Prd/
4WuIzlVQ9MC5fOaP7749+cNjfbumbsvdAS95bdS+nWxHEt/vnOQsapJx9rnf8XCg
qsi/o0XGCzDyExtPKR9cip53YOORyzOMI9ted3lB3+irttHctDWmuUMQ3cnGPTo9
xSzy80CSRstXW9XdIkD8VnlgjN3zlaenIj9nCYOW232rJ9yy4HSF8NEUEed3SYlk
F8RfOVwHZVcLrVAdF49lROXyuvavymncyaJMW/9Yz2NWyaAAwqtLB1uFH2Z9QKOo
ejBpd99UKFd7Y2UPI8eOk8uu0+mn21rcenBeEhYtyxIO0en0Pv9r
-----END CERTIFICATE-----