Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/RzTS_aVg4A3thhT1xHxtMXq_vOI.roa
File:                     RzTS_aVg4A3thhT1xHxtMXq_vOI.roa (raw, json)
Hash identifier:          zu1mzofX6iUkewhCXeSVvIWnMGeLEK4TikiEna45T0w=
Subject key identifier:   47:34:D2:FD:A5:60:E0:0D:ED:86:14:F5:C4:7C:6D:31:7A:BF:BC:E2
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       019427482037CCC00F87EA3DCDF28AF493B0
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/RzTS_aVg4A3thhT1xHxtMXq_vOI.roa
Signing time:             Thu 02 Jan 2025 13:50:25 +0000
ROA not before:           Thu 02 Jan 2025 13:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59704
IP address blocks:        37.32.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:20:37:cc:c0:0f:87:ea:3d:cd:f2:8a:f4:93:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  2 13:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4734d2fda560e00ded8614f5c47c6d317abfbce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:82:d7:08:4e:2d:02:72:54:6b:38:33:84:94:
                    65:5d:cd:2e:a0:dd:f5:74:b3:94:c7:ad:6a:fa:3d:
                    31:48:4e:e4:3b:86:75:2b:9a:67:df:15:7b:39:35:
                    14:9a:01:fc:10:df:8f:5a:48:f2:ff:3c:ec:e0:08:
                    7e:af:6b:d0:82:33:60:e5:5c:66:f4:0d:8f:24:7a:
                    cc:61:e2:c0:ed:26:51:a0:56:be:24:92:ce:db:a8:
                    ee:85:4a:52:7d:f3:6b:ab:92:73:ff:e0:2e:c1:0f:
                    e0:80:2c:52:72:1d:d8:a3:53:cd:d5:00:e7:2b:a2:
                    ca:7a:d0:5d:88:55:8f:3a:2f:5a:3c:f8:4d:fb:62:
                    54:50:ed:41:2b:56:b2:42:9c:1c:44:17:db:28:f9:
                    5c:28:10:ec:0b:d7:3e:2e:ea:b5:23:f3:ad:5d:22:
                    77:28:3a:b3:3f:bb:ce:e8:30:c7:2e:c5:35:54:fe:
                    4f:dd:7a:75:8d:34:1b:37:08:7d:a6:48:8e:ed:aa:
                    01:a5:9c:24:f2:86:65:c5:2f:99:50:86:8a:86:fe:
                    ad:ff:e9:0e:70:f5:d8:cb:05:c2:12:05:78:51:68:
                    c5:c5:57:26:95:43:05:d5:e9:4e:91:fd:44:1c:e8:
                    4e:62:df:dc:f7:4d:c6:a6:0a:c7:6f:12:31:d7:76:
                    1f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:34:D2:FD:A5:60:E0:0D:ED:86:14:F5:C4:7C:6D:31:7A:BF:BC:E2
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/RzTS_aVg4A3thhT1xHxtMXq_vOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:06:d7:ff:76:21:9d:79:99:42:60:fd:b3:53:17:ab:22:37:
         f9:74:4e:eb:a2:0b:77:67:a2:67:a6:28:bd:7d:1a:32:3f:aa:
         ad:10:91:f4:2e:ce:e5:9f:8a:70:67:31:89:28:23:68:0d:cd:
         fd:9a:6f:26:ee:a5:2e:e5:a1:ac:17:86:6f:8e:6c:1f:2f:c7:
         e8:67:28:a2:a8:66:d2:53:13:d7:c7:54:75:41:4f:60:6a:8f:
         ab:63:21:3d:e5:48:ff:5e:94:e6:e3:5b:40:33:74:e6:f5:f6:
         d3:2c:fb:6a:3d:dc:fe:48:7f:aa:91:fe:2e:ac:8a:29:f1:43:
         ac:21:1e:94:58:26:f1:a2:52:2d:9c:84:53:55:ff:36:1f:1b:
         c6:f2:27:ea:e2:10:a0:a4:a2:5b:35:7f:09:98:bf:f0:b5:a5:
         a5:95:03:a5:7b:3d:b0:8c:d4:d4:51:08:fd:1d:b3:a4:bb:51:
         2a:e1:f2:9a:22:d6:b7:85:f5:b9:4c:32:75:62:fd:06:a1:68:
         3d:f1:5b:70:ac:d6:de:7c:fc:2a:9a:c7:6a:d6:54:ad:33:9c:
         1e:e3:e3:ed:7d:50:ff:b5:96:d2:b0:04:f8:52:1b:30:2b:98:
         4c:43:b9:4a:2e:c3:a6:57:67:a8:ba:86:73:48:1a:ba:8d:68:
         13:a3:de:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSCA3zMAPh+o9zfKK9JOwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjUwMTAyMTM1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM0ZDJmZGE1NjBlMDBkZWQ4NjE0ZjVjNDdjNmQzMTdhYmZiY2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoLXCE4tAnJUazgzhJRlXc0uoN31
dLOUx61q+j0xSE7kO4Z1K5pn3xV7OTUUmgH8EN+PWkjy/zzs4Ah+r2vQgjNg5Vxm
9A2PJHrMYeLA7SZRoFa+JJLO26juhUpSffNrq5Jz/+AuwQ/ggCxSch3Yo1PN1QDn
K6LKetBdiFWPOi9aPPhN+2JUUO1BK1ayQpwcRBfbKPlcKBDsC9c+Luq1I/OtXSJ3
KDqzP7vO6DDHLsU1VP5P3Xp1jTQbNwh9pkiO7aoBpZwk8oZlxS+ZUIaKhv6t/+kO
cPXYywXCEgV4UWjFxVcmlUMF1elOkf1EHOhOYt/c903GpgrHbxIx13YfOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEc00v2lYOAN7YYU9cR8bTF6v7ziMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvUnpUU19hVmc0QTN0aGhUMXhIeHRNWHFfdk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBNMA0G
CSqGSIb3DQEBCwUAA4IBAQATBtf/diGdeZlCYP2zUxerIjf5dE7rogt3Z6Jnpii9
fRoyP6qtEJH0Ls7ln4pwZzGJKCNoDc39mm8m7qUu5aGsF4ZvjmwfL8foZyiiqGbS
UxPXx1R1QU9gao+rYyE95Uj/XpTm41tAM3Tm9fbTLPtqPdz+SH+qkf4urIop8UOs
IR6UWCbxolItnIRTVf82HxvG8ifq4hCgpKJbNX8JmL/wtaWllQOlez2wjNTUUQj9
HbOku1Eq4fKaIta3hfW5TDJ1Yv0GoWg98VtwrNbefPwqmsdq1lStM5we4+PtfVD/
tZbSsAT4UhswK5hMQ7lKLsOmV2eouoZzSBq6jWgTo95X
-----END CERTIFICATE-----