Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/PJbSp3zlliLn9NmbWVAjbuA4muM.roa
File:                     PJbSp3zlliLn9NmbWVAjbuA4muM.roa (raw, json)
Hash identifier:          vkhYoXE1pADLo9cWXPCOwq2O8vdun0bKEXucigt7UH0=
Subject key identifier:   3C:96:D2:A7:7C:E5:96:22:E7:F4:D9:9B:59:50:23:6E:E0:38:9A:E3
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       019333E02DBECD0B202816E9E30227133CD8
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/PJbSp3zlliLn9NmbWVAjbuA4muM.roa
Signing time:             Sat 16 Nov 2024 07:29:09 +0000
ROA not before:           Sat 16 Nov 2024 07:29:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50371
IP address blocks:        37.32.74.0/24 maxlen: 24
                          185.129.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:33:e0:2d:be:cd:0b:20:28:16:e9:e3:02:27:13:3c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Nov 16 07:29:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c96d2a77ce59622e7f4d99b5950236ee0389ae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:3b:ac:01:5d:fe:d5:1b:3b:a5:ab:18:68:0e:
                    cc:8d:5e:d4:2b:7e:28:63:47:59:7f:f0:2c:93:da:
                    93:c5:bb:28:55:50:01:63:00:2c:59:0b:6f:fe:7c:
                    94:a0:6f:68:95:51:6f:c1:83:08:2c:9b:6f:a0:c5:
                    d0:5b:92:eb:1e:1e:bf:4b:fe:bb:f6:ec:81:6f:21:
                    3b:b1:88:3f:52:67:6e:e2:a6:88:4a:0b:70:7f:9f:
                    f5:8e:1e:fe:08:a4:4d:f1:5a:e4:69:a2:8f:75:f2:
                    7e:63:80:1c:75:1d:e8:23:04:ba:3a:35:f4:37:dd:
                    0b:ce:71:e6:a8:72:9d:bd:1f:35:0b:ab:16:99:ce:
                    05:b4:0c:81:a7:09:fe:6a:95:5d:30:3d:9d:9f:3d:
                    f2:47:c4:07:71:d6:c2:75:e0:49:59:ca:26:c7:54:
                    bc:84:81:d1:b4:f1:c0:c6:3a:50:fb:50:db:f5:f8:
                    e1:7f:a2:29:fa:13:11:13:f5:b3:12:be:48:50:df:
                    87:a1:4d:6d:33:93:65:86:8f:be:c4:b3:e1:cb:40:
                    8a:e4:89:ec:b1:d1:64:3e:ed:ce:33:b6:a1:75:d1:
                    fa:06:60:03:52:59:98:29:ed:54:04:fc:e7:fc:79:
                    70:56:f0:e2:cd:6f:26:5e:dd:a5:06:cd:11:6e:8e:
                    d2:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:96:D2:A7:7C:E5:96:22:E7:F4:D9:9B:59:50:23:6E:E0:38:9A:E3
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/PJbSp3zlliLn9NmbWVAjbuA4muM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.74.0/24
                  185.129.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:48:01:39:71:23:b9:68:52:e4:5e:65:28:4d:91:63:40:ec:
         46:06:f1:70:9a:91:70:97:b2:fa:2a:d7:d0:a8:e1:7e:af:ea:
         d6:8c:10:1c:03:65:b9:49:fd:3e:2e:ae:66:84:f8:a2:ec:51:
         6c:42:41:c4:30:aa:ed:0f:95:d9:65:74:70:69:04:62:f9:23:
         be:8a:0a:bf:f4:c7:7b:08:72:de:bb:66:56:45:24:7c:95:92:
         f6:94:38:c0:82:21:11:bf:fb:ee:a4:3b:93:c5:6c:6f:4c:d6:
         7d:fa:d3:92:8f:8c:57:c7:b4:dd:27:34:68:87:f8:2f:e4:af:
         79:91:80:5c:b1:b5:c0:b5:79:8a:d5:19:8f:dc:39:c9:d4:f7:
         94:83:96:6f:9f:1d:7a:25:36:a9:75:f5:ab:f1:a1:ad:e6:a0:
         11:b4:7a:87:e8:b5:5d:9f:8a:6d:99:a4:3c:d5:87:ab:e4:c5:
         d1:91:91:0d:cc:bd:d0:03:9d:df:e2:3c:e4:58:9b:59:6a:aa:
         4e:b5:4c:c1:cf:74:2e:37:dd:8b:99:57:7c:ff:59:40:5c:3e:
         d2:f5:7f:b2:4a:d9:d9:56:cf:b2:47:40:4c:1d:32:9f:51:93:
         25:1d:1d:77:61:ba:d5:08:58:1d:05:9a:97:f6:2b:35:02:d1:
         2b:46:00:d4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZMz4C2+zQsgKBbp4wInEzzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQxMTE2MDcyOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzk2ZDJhNzdjZTU5NjIyZTdmNGQ5OWI1OTUwMjM2ZWUwMzg5YWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TusAV3+1Rs7pasYaA7MjV7UK34o
Y0dZf/Ask9qTxbsoVVABYwAsWQtv/nyUoG9olVFvwYMILJtvoMXQW5LrHh6/S/67
9uyBbyE7sYg/Umdu4qaISgtwf5/1jh7+CKRN8VrkaaKPdfJ+Y4AcdR3oIwS6OjX0
N90LznHmqHKdvR81C6sWmc4FtAyBpwn+apVdMD2dnz3yR8QHcdbCdeBJWcomx1S8
hIHRtPHAxjpQ+1Db9fjhf6Ip+hMRE/WzEr5IUN+HoU1tM5Nlho++xLPhy0CK5Ins
sdFkPu3OM7ahddH6BmADUlmYKe1UBPzn/HlwVvDizW8mXt2lBs0Rbo7SPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDyW0qd85ZYi5/TZm1lQI27gOJrjMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvUEpiU3AzemxsaUxuOU5tYldWQWpidUE0bXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJSBKAwQA
uYFcMA0GCSqGSIb3DQEBCwUAA4IBAQB3SAE5cSO5aFLkXmUoTZFjQOxGBvFwmpFw
l7L6KtfQqOF+r+rWjBAcA2W5Sf0+Lq5mhPii7FFsQkHEMKrtD5XZZXRwaQRi+SO+
igq/9Md7CHLeu2ZWRSR8lZL2lDjAgiERv/vupDuTxWxvTNZ9+tOSj4xXx7TdJzRo
h/gv5K95kYBcsbXAtXmK1RmP3DnJ1PeUg5Zvnx16JTapdfWr8aGt5qARtHqH6LVd
n4ptmaQ81Yer5MXRkZENzL3QA53f4jzkWJtZaqpOtUzBz3QuN92LmVd8/1lAXD7S
9X+yStnZVs+yR0BMHTKfUZMlHR13YbrVCFgdBZqX9is1AtErRgDU
-----END CERTIFICATE-----