Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/5KcLRy-cZuSsgteyBc4ZCpbOBgE.roa
File:                     5KcLRy-cZuSsgteyBc4ZCpbOBgE.roa (raw, json)
Hash identifier:          vlMY9M8ZCYNSJr7C0tbuNcxuWWhYbZY+IB3rhRzuBaE=
Subject key identifier:   E4:A7:0B:47:2F:9C:66:E4:AC:82:D7:B2:05:CE:19:0A:96:CE:06:01
Certificate issuer:       /CN=c67e2a46e34f491433c8b62f319b902bddfde831
Certificate serial:       018DDBC79C2EB9399E9530A2D7EDBC4D1BB9
Authority key identifier: C6:7E:2A:46:E3:4F:49:14:33:C8:B6:2F:31:9B:90:2B:DD:FD:E8:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/5KcLRy-cZuSsgteyBc4ZCpbOBgE.roa
Signing time:             Sat 24 Feb 2024 15:41:48 +0000
ROA not before:           Sat 24 Feb 2024 15:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3920
IP address blocks:        37.49.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/xn4qRuNPSRQzyLYvMZuQK9396DE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/xn4qRuNPSRQzyLYvMZuQK9396DE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:db:c7:9c:2e:b9:39:9e:95:30:a2:d7:ed:bc:4d:1b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c67e2a46e34f491433c8b62f319b902bddfde831
        Validity
            Not Before: Feb 24 15:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4a70b472f9c66e4ac82d7b205ce190a96ce0601
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c5:1b:2d:b2:d4:a1:3b:50:d9:3a:da:f3:a3:
                    f9:72:79:79:a7:6f:96:27:15:92:c8:4c:6d:fd:32:
                    86:66:87:ec:e8:c7:8e:05:71:84:f2:ab:d7:d9:db:
                    c3:6c:df:7d:3d:5c:b5:1c:ed:0f:ab:87:f7:f1:3c:
                    f7:fd:11:23:b2:9a:d9:88:1d:38:6b:49:a3:20:51:
                    d2:c6:ae:c5:4d:59:13:87:24:27:5f:70:18:79:f5:
                    8c:6f:28:53:a0:e6:e4:f9:c5:41:87:a6:61:16:4f:
                    ab:d8:be:7a:4a:40:b7:51:17:25:19:0f:4c:8e:d3:
                    ec:2c:ce:b0:d8:64:56:93:41:8d:2d:9b:6c:0c:47:
                    83:4c:af:ed:12:ef:fa:7d:57:ec:e3:ac:95:47:c6:
                    f7:1e:98:6b:97:99:aa:3b:2b:70:20:e8:5a:aa:42:
                    33:72:0a:36:9d:5e:1a:8c:65:af:ec:3d:34:5e:12:
                    0b:27:b0:63:f5:45:b2:4d:aa:a9:7b:ac:08:c8:e8:
                    39:88:6b:b6:c3:ce:a7:84:ef:d1:e0:c5:b1:2b:ea:
                    06:c3:f6:b3:f6:0b:e0:2a:25:29:c2:8a:09:6c:71:
                    d9:8b:18:e2:c3:7c:1d:1f:cf:17:11:4c:80:47:58:
                    72:19:b2:9a:97:91:54:6a:b0:3d:cc:27:b2:7c:47:
                    a6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A7:0B:47:2F:9C:66:E4:AC:82:D7:B2:05:CE:19:0A:96:CE:06:01
            X509v3 Authority Key Identifier:
                keyid:C6:7E:2A:46:E3:4F:49:14:33:C8:B6:2F:31:9B:90:2B:DD:FD:E8:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xn4qRuNPSRQzyLYvMZuQK9396DE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/5KcLRy-cZuSsgteyBc4ZCpbOBgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/80c568-bd15-4f32-8dd4-066866f2ded0/1/xn4qRuNPSRQzyLYvMZuQK9396DE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:e7:27:b3:6f:ce:16:0c:5d:bd:35:51:91:cd:d6:c3:2e:b9:
         c9:40:21:76:28:99:fb:0d:8d:2c:78:f9:ac:e0:8d:de:d1:ec:
         92:a7:be:1f:71:64:e3:6c:58:aa:1e:a5:c8:a7:b6:25:d7:7c:
         c2:09:4f:bc:99:4e:28:96:b9:35:49:26:0b:db:50:43:c8:e4:
         5f:51:85:9f:f0:8c:9d:06:ca:7b:06:f7:a7:26:39:71:55:e4:
         ad:cb:ac:58:5c:47:5f:5f:cf:8f:d3:f2:37:42:21:29:f0:d3:
         35:02:08:43:b5:be:36:15:b3:d5:d6:88:e6:3f:87:d0:d2:f9:
         6e:1a:0f:02:3f:65:66:23:29:73:81:63:4a:0a:6c:0a:6e:80:
         cb:47:38:11:52:b6:27:5c:e9:67:35:92:b9:1d:30:dd:ad:3c:
         23:85:b7:32:78:64:0a:50:81:cd:e1:56:13:4f:d6:7b:d4:bd:
         23:2e:bf:7d:d5:cd:19:1f:ee:28:6d:e8:bc:84:92:34:9f:3c:
         f0:9a:0c:50:a6:39:60:22:73:d8:db:f2:73:5a:d0:4b:01:f7:
         46:d9:fa:09:a5:f6:54:9e:b2:54:e3:29:99:ce:25:5a:c9:a0:
         2c:78:94:ac:b1:e7:3d:39:f7:da:d5:f5:6e:04:ea:9a:ad:8c:
         1d:c2:a8:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3bx5wuuTmelTCi1+28TRu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2N2UyYTQ2ZTM0ZjQ5MTQzM2M4YjYyZjMxOWI5MDJiZGRm
ZGU4MzEwHhcNMjQwMjI0MTU0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGE3MGI0NzJmOWM2NmU0YWM4MmQ3YjIwNWNlMTkwYTk2Y2UwNjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8UbLbLUoTtQ2Tra86P5cnl5p2+W
JxWSyExt/TKGZofs6MeOBXGE8qvX2dvDbN99PVy1HO0Pq4f38Tz3/REjsprZiB04
a0mjIFHSxq7FTVkThyQnX3AYefWMbyhToObk+cVBh6ZhFk+r2L56SkC3URclGQ9M
jtPsLM6w2GRWk0GNLZtsDEeDTK/tEu/6fVfs46yVR8b3Hphrl5mqOytwIOhaqkIz
cgo2nV4ajGWv7D00XhILJ7Bj9UWyTaqpe6wIyOg5iGu2w86nhO/R4MWxK+oGw/az
9gvgKiUpwooJbHHZixjiw3wdH88XEUyAR1hyGbKal5FUarA9zCeyfEemYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSnC0cvnGbkrILXsgXOGQqWzgYBMB8GA1UdIwQY
MBaAFMZ+KkbjT0kUM8i2LzGbkCvd/egxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG40cVJ1TlBTUlF6eUxZdk1adVFLOTM5NkRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84MGM1NjgtYmQxNS00ZjMyLThkZDQt
MDY2ODY2ZjJkZWQwLzEvNUtjTFJ5LWNadVNzZ3RleUJjNFpDcGJPQmdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84MGM1NjgtYmQxNS00ZjMyLThkZDQtMDY2ODY2ZjJkZWQw
LzEveG40cVJ1TlBTUlF6eUxZdk1adVFLOTM5NkRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJTHjMA0G
CSqGSIb3DQEBCwUAA4IBAQAu5yezb84WDF29NVGRzdbDLrnJQCF2KJn7DY0sePms
4I3e0eySp74fcWTjbFiqHqXIp7Yl13zCCU+8mU4olrk1SSYL21BDyORfUYWf8Iyd
Bsp7BvenJjlxVeSty6xYXEdfX8+P0/I3QiEp8NM1AghDtb42FbPV1ojmP4fQ0vlu
Gg8CP2VmIylzgWNKCmwKboDLRzgRUrYnXOlnNZK5HTDdrTwjhbcyeGQKUIHN4VYT
T9Z71L0jLr991c0ZH+4obei8hJI0nzzwmgxQpjlgInPY2/JzWtBLAfdG2foJpfZU
nrJU4ymZziVayaAseJSssec9Offa1fVuBOqarYwdwqgf
-----END CERTIFICATE-----