Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/agCunAIMbiFUpVXyoVcRfE7xh3E.roa
File:                     agCunAIMbiFUpVXyoVcRfE7xh3E.roa (raw, json)
Hash identifier:          12EZuxX19r69+S96SCYBCKtQN4XtGc150mYeWjkdyLo=
Subject key identifier:   6A:00:AE:9C:02:0C:6E:21:54:A5:55:F2:A1:57:11:7C:4E:F1:87:71
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       019427481EC24EAF18883C8A3FB56D07089E
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/agCunAIMbiFUpVXyoVcRfE7xh3E.roa
Signing time:             Thu 02 Jan 2025 13:50:25 +0000
ROA not before:           Thu 02 Jan 2025 13:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28787
IP address blocks:        37.32.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:1e:c2:4e:af:18:88:3c:8a:3f:b5:6d:07:08:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  2 13:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a00ae9c020c6e2154a555f2a157117c4ef18771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:52:dc:30:7b:b7:46:44:eb:b0:d6:e9:ab:44:
                    76:5b:40:2c:d1:e5:89:72:df:34:02:9b:d4:a2:9d:
                    65:9a:fc:d4:e3:6f:4d:ca:01:c2:91:8f:b7:f3:45:
                    79:aa:34:4a:e6:72:f1:ca:bc:56:72:b5:45:eb:65:
                    c2:4b:60:93:0d:07:71:97:28:08:a4:96:38:d3:8e:
                    9e:89:2a:96:c1:9a:15:7e:0e:1e:48:04:66:25:4a:
                    de:92:33:93:72:a5:45:57:f0:84:34:48:d8:1e:a5:
                    d4:d6:8b:24:ad:27:8e:5b:af:da:cc:20:c1:7f:f3:
                    89:34:38:60:91:ab:f7:7d:aa:fe:a9:75:cf:a3:8c:
                    b2:0b:11:9a:34:a2:d1:1a:51:2c:18:d0:bb:b4:47:
                    be:08:db:b6:06:11:f0:de:54:ae:b0:49:9d:98:e4:
                    93:b7:57:df:19:bb:0e:a4:81:5b:27:f1:ca:47:c5:
                    0a:d6:27:9c:c2:8c:34:40:34:65:bc:3d:23:2e:86:
                    3e:ad:77:d0:2c:7c:9d:e6:be:52:8a:d2:f4:51:ba:
                    e9:fe:21:ee:51:ed:67:f9:c2:af:f8:ea:38:c5:e6:
                    ef:65:73:5a:c7:9c:a2:6f:05:aa:ed:75:d3:19:e8:
                    1a:c3:91:4c:4a:a9:ba:16:c6:0e:2c:98:2d:38:b7:
                    95:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:00:AE:9C:02:0C:6E:21:54:A5:55:F2:A1:57:11:7C:4E:F1:87:71
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/agCunAIMbiFUpVXyoVcRfE7xh3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:f2:5c:f7:63:29:9e:14:4d:54:89:a8:77:9e:04:ca:4f:04:
         2e:3b:72:3f:8f:25:39:89:1e:c5:37:8f:58:2a:c2:ff:87:8b:
         95:9a:b3:7d:5b:05:87:8c:2e:96:d9:25:f3:d5:20:5a:3c:c3:
         2e:1c:1d:ab:13:1c:c0:7a:24:d5:0f:d9:90:11:a1:29:61:37:
         49:20:1e:ac:9b:f3:75:3b:d7:bc:e4:d7:d0:4e:ce:f0:e2:cb:
         37:16:e7:d3:87:e8:d6:48:da:60:9b:eb:9b:2a:bd:c3:59:75:
         8f:df:72:99:e2:f9:e5:4d:dc:31:75:45:06:c9:c1:57:d2:7f:
         84:b1:56:d5:ff:c0:b5:1e:92:14:44:3e:73:eb:4c:4f:f9:dc:
         2b:53:aa:ad:58:bd:c1:60:42:c1:cc:00:a6:5c:7d:92:fb:93:
         2e:23:2e:c0:d0:61:c7:3b:da:ae:b7:da:58:84:03:b8:62:22:
         c2:71:28:5b:a3:63:ce:3d:44:a9:d7:c1:af:89:cc:4c:ac:4a:
         78:9e:c9:dd:fd:2f:37:40:57:c0:8f:93:1a:13:e3:d2:e0:c1:
         f9:36:3a:a8:ab:7a:43:f5:5a:94:c1:19:1b:28:70:c3:db:a5:
         9a:50:ee:4b:0d:77:07:14:c0:28:54:bd:b9:1d:ec:e4:5e:af:
         e8:45:89:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSB7CTq8YiDyKP7VtBwieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjUwMTAyMTM1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTAwYWU5YzAyMGM2ZTIxNTRhNTU1ZjJhMTU3MTE3YzRlZjE4NzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VLcMHu3RkTrsNbpq0R2W0As0eWJ
ct80ApvUop1lmvzU429NygHCkY+380V5qjRK5nLxyrxWcrVF62XCS2CTDQdxlygI
pJY4046eiSqWwZoVfg4eSARmJUrekjOTcqVFV/CENEjYHqXU1oskrSeOW6/azCDB
f/OJNDhgkav3far+qXXPo4yyCxGaNKLRGlEsGNC7tEe+CNu2BhHw3lSusEmdmOST
t1ffGbsOpIFbJ/HKR8UK1iecwow0QDRlvD0jLoY+rXfQLHyd5r5SitL0Ubrp/iHu
Ue1n+cKv+Oo4xebvZXNax5yibwWq7XXTGegaw5FMSqm6FsYOLJgtOLeVNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoArpwCDG4hVKVV8qFXEXxO8YdxMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvYWdDdW5BSU1iaUZVcFZYeW9WY1JmRTd4aDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBLMA0G
CSqGSIb3DQEBCwUAA4IBAQAp8lz3YymeFE1Uiah3ngTKTwQuO3I/jyU5iR7FN49Y
KsL/h4uVmrN9WwWHjC6W2SXz1SBaPMMuHB2rExzAeiTVD9mQEaEpYTdJIB6sm/N1
O9e85NfQTs7w4ss3FufTh+jWSNpgm+ubKr3DWXWP33KZ4vnlTdwxdUUGycFX0n+E
sVbV/8C1HpIURD5z60xP+dwrU6qtWL3BYELBzACmXH2S+5MuIy7A0GHHO9qut9pY
hAO4YiLCcShbo2POPUSp18GvicxMrEp4nsnd/S83QFfAj5MaE+PS4MH5Njqoq3pD
9VqUwRkbKHDD26WaUO5LDXcHFMAoVL25HezkXq/oRYmH
-----END CERTIFICATE-----