Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/BN0KYhm1Wyk8lvX-J3ZbaUnsKW4.roa
File:                     BN0KYhm1Wyk8lvX-J3ZbaUnsKW4.roa (raw, json)
Hash identifier:          m380wFZUCuGIkQSSfRorHcPew6oQUNEKavdz0EknKII=
Subject key identifier:   04:DD:0A:62:19:B5:5B:29:3C:96:F5:FE:27:76:5B:69:49:EC:29:6E
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       018CC3B73FE76ABBAD2DC5470D530851C024
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/BN0KYhm1Wyk8lvX-J3ZbaUnsKW4.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216231
IP address blocks:        37.32.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3f:e7:6a:bb:ad:2d:c5:47:0d:53:08:51:c0:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04dd0a6219b55b293c96f5fe27765b6949ec296e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:09:b5:31:84:08:ce:f2:56:4d:f9:37:de:11:
                    da:1b:ba:be:53:ed:a3:47:8a:e0:4e:4a:55:91:c4:
                    7a:3a:b8:8f:ab:0c:15:ae:0a:93:12:73:f6:26:53:
                    1f:31:23:b1:81:47:ed:9c:ad:57:59:43:b8:c2:5e:
                    ac:40:f6:b7:16:75:a3:57:0d:e6:bd:a8:7d:c0:c5:
                    6d:b9:d6:5e:9d:55:e5:1a:cd:1b:4c:67:ac:0e:d7:
                    26:90:36:3f:fc:64:0e:5e:2c:c8:e4:f6:24:00:b7:
                    93:a5:d3:4a:f7:f2:cd:78:d1:b1:7a:6d:09:ea:2a:
                    13:8e:47:5c:6a:44:b4:3f:47:18:9d:27:82:96:a7:
                    4c:2c:ea:30:1a:8c:05:8e:c3:a5:4e:3d:c7:1e:00:
                    e4:7a:05:d8:aa:a1:0f:02:25:d4:9a:a5:16:4d:db:
                    92:57:db:d0:28:40:81:a0:6d:37:99:33:4f:a3:b9:
                    57:dd:50:33:0e:cc:a6:a2:4d:d0:f9:4b:9f:94:2d:
                    d9:d2:50:01:6c:15:fa:ad:05:5f:23:af:98:0e:37:
                    09:b6:66:eb:d6:f2:8e:aa:2b:2a:1d:f7:61:3d:76:
                    e2:9c:e5:55:76:10:39:b4:a1:24:80:7f:9d:97:8c:
                    23:42:f4:58:95:d4:65:7c:07:5c:45:92:ee:f7:ab:
                    bd:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:DD:0A:62:19:B5:5B:29:3C:96:F5:FE:27:76:5B:69:49:EC:29:6E
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/BN0KYhm1Wyk8lvX-J3ZbaUnsKW4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:84:1c:bb:1b:7d:ad:51:9c:18:be:2b:c4:75:7d:f6:b4:cd:
         b6:59:83:4f:9d:fb:55:22:d2:4d:53:7a:c7:48:fb:d2:e5:75:
         c0:a7:23:31:8d:95:05:f6:9d:3d:40:35:bd:14:25:28:6c:94:
         d0:4e:15:45:35:88:75:07:ab:ef:1a:95:36:16:ba:2b:4e:07:
         05:1e:6d:c4:55:dd:e1:47:b1:c1:f4:31:6b:8b:31:07:0d:25:
         44:87:b3:3b:83:86:c5:7f:88:56:ab:5e:86:84:f2:47:f8:35:
         0e:01:42:f7:28:b8:26:f8:f7:c7:69:92:44:ac:cb:fa:67:d7:
         e1:63:ba:73:e9:32:dd:ec:9e:c7:19:13:6b:33:25:dd:42:31:
         47:c3:0b:e1:60:d3:93:42:57:42:0e:5f:e4:c3:eb:f1:a8:d6:
         e2:20:ca:aa:b3:62:3d:9d:35:30:ce:42:e3:88:68:51:59:11:
         1d:d5:9d:e2:30:4c:94:81:bc:dd:46:41:1d:fd:14:22:c5:88:
         59:ac:41:a1:e9:7e:af:f8:ad:90:71:2a:7d:20:b9:22:f7:26:
         a7:6d:f1:9f:cc:43:25:b9:18:09:8b:1c:44:e8:ea:c1:b5:82:
         68:b8:4b:55:3e:ba:83:c0:e3:bc:7f:3d:96:ce:03:fc:66:a6:
         c7:d2:a0:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtz/narutLcVHDVMIUcAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGRkMGE2MjE5YjU1YjI5M2M5NmY1ZmUyNzc2NWI2OTQ5ZWMyOTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwm1MYQIzvJWTfk33hHaG7q+U+2j
R4rgTkpVkcR6OriPqwwVrgqTEnP2JlMfMSOxgUftnK1XWUO4wl6sQPa3FnWjVw3m
vah9wMVtudZenVXlGs0bTGesDtcmkDY//GQOXizI5PYkALeTpdNK9/LNeNGxem0J
6ioTjkdcakS0P0cYnSeClqdMLOowGowFjsOlTj3HHgDkegXYqqEPAiXUmqUWTduS
V9vQKECBoG03mTNPo7lX3VAzDsymok3Q+UuflC3Z0lABbBX6rQVfI6+YDjcJtmbr
1vKOqisqHfdhPXbinOVVdhA5tKEkgH+dl4wjQvRYldRlfAdcRZLu96u9/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATdCmIZtVspPJb1/id2W2lJ7CluMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvQk4wS1lobTFXeWs4bHZYLUozWmJhVW5zS1c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBMMA0G
CSqGSIb3DQEBCwUAA4IBAQCbhBy7G32tUZwYvivEdX32tM22WYNPnftVItJNU3rH
SPvS5XXApyMxjZUF9p09QDW9FCUobJTQThVFNYh1B6vvGpU2FrorTgcFHm3EVd3h
R7HB9DFrizEHDSVEh7M7g4bFf4hWq16GhPJH+DUOAUL3KLgm+PfHaZJErMv6Z9fh
Y7pz6TLd7J7HGRNrMyXdQjFHwwvhYNOTQldCDl/kw+vxqNbiIMqqs2I9nTUwzkLj
iGhRWREd1Z3iMEyUgbzdRkEd/RQixYhZrEGh6X6v+K2QcSp9ILki9yanbfGfzEMl
uRgJixxE6OrBtYJouEtVPrqDwOO8fz2WzgP8ZqbH0qDu
-----END CERTIFICATE-----