Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/dzgtYDauTEDZHC8bHSIpBJ99lFA.roa
File:                     dzgtYDauTEDZHC8bHSIpBJ99lFA.roa (raw, json)
Hash identifier:          ZGLzJ+9niSYTDICrH2MjNQZesA/7tlZdYY8ovKwatZQ=
Subject key identifier:   77:38:2D:60:36:AE:4C:40:D9:1C:2F:1B:1D:22:29:04:9F:7D:94:50
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       01926C91DF747E391F14D9E25BC8F7B6B1DE
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/dzgtYDauTEDZHC8bHSIpBJ99lFA.roa
Signing time:             Tue 08 Oct 2024 14:39:12 +0000
ROA not before:           Tue 08 Oct 2024 14:39:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208002
IP address blocks:        185.137.212.0/24 maxlen: 24
                          185.137.213.0/24 maxlen: 24
                          185.137.214.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6c:91:df:74:7e:39:1f:14:d9:e2:5b:c8:f7:b6:b1:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Oct  8 14:39:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77382d6036ae4c40d91c2f1b1d2229049f7d9450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:61:61:35:ec:43:5a:5a:46:55:27:72:5c:
                    f8:2b:a5:1e:44:52:8d:5b:ca:40:56:73:f5:03:38:
                    2c:ac:bf:d3:68:97:d1:f1:fb:db:6e:92:9e:4b:9c:
                    45:d8:89:21:37:56:7c:42:f6:c3:8d:82:95:72:1e:
                    4e:77:47:cc:eb:4d:e3:52:bc:76:93:8d:de:34:95:
                    0d:72:bd:e2:59:8a:30:5c:8a:66:8b:b1:4b:36:0d:
                    81:29:cc:c9:ea:94:d2:8d:fc:75:df:0f:be:d5:7a:
                    77:a7:75:d8:c3:5a:ce:35:3d:09:f6:d8:72:b3:fd:
                    3d:ce:21:35:15:46:e4:f7:c4:69:14:36:fe:7f:d0:
                    c3:02:a7:19:98:f4:c3:ac:6c:ec:d7:e7:f7:c9:00:
                    a3:51:e8:0f:22:92:04:d5:ea:84:00:03:c6:ac:c6:
                    b0:ba:24:b3:7d:90:88:de:0e:62:8c:7d:0b:83:52:
                    b3:17:24:b7:78:7e:ba:59:c6:c7:88:d3:97:ce:0d:
                    a4:75:08:58:92:92:b0:5e:76:b1:be:55:e9:fd:ea:
                    25:25:ef:57:57:4d:f7:17:50:d2:c6:df:fc:7e:23:
                    c8:38:f2:53:e2:f4:d4:ea:73:16:c5:08:f0:b6:e2:
                    fb:2e:94:41:da:e0:84:82:11:b8:7d:2c:49:8d:0b:
                    9d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:38:2D:60:36:AE:4C:40:D9:1C:2F:1B:1D:22:29:04:9F:7D:94:50
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/dzgtYDauTEDZHC8bHSIpBJ99lFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:fc:01:39:5a:c1:14:46:4e:94:02:5d:4c:06:f6:a1:27:33:
         ab:8c:4c:05:da:6d:fd:79:a7:ad:e2:5f:e6:c7:2d:47:e4:0e:
         01:e6:3b:30:54:d7:c7:62:37:c2:f2:85:8e:88:a8:e9:80:6b:
         18:6e:49:6b:22:eb:22:47:66:9c:ae:dd:40:c1:96:54:9e:a0:
         85:b8:82:6b:41:67:45:5a:26:0f:9a:84:3e:33:e1:d3:bb:eb:
         d4:30:77:2b:45:bf:f5:5b:90:57:d7:99:9d:cc:33:ae:8b:df:
         1b:a1:c4:25:5a:e6:45:08:d6:49:31:e1:c0:74:5a:45:43:cc:
         bf:8b:85:d4:bc:a9:8e:22:60:14:de:32:fc:cf:c4:02:3b:46:
         09:69:8c:c5:ea:ed:4c:b0:f7:1a:6f:f5:c1:86:2d:27:f9:99:
         20:39:f5:c1:11:f4:2d:5c:2c:17:8a:58:57:87:51:db:31:28:
         38:bc:e6:6f:7d:a5:27:2c:4d:6a:a2:78:b7:2a:ac:05:a1:c6:
         0a:1d:70:2b:3e:2d:85:59:35:ff:7c:c2:0c:9d:9f:0b:c2:a4:
         d7:ec:62:4f:6d:76:1a:e5:00:20:f3:c1:ce:41:c2:a0:ed:e8:
         c8:b0:9b:54:cc:3b:73:63:51:ae:a1:e5:df:b7:03:0e:1f:50:
         a5:4e:2b:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJskd90fjkfFNniW8j3trHeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjQxMDA4MTQzOTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzM4MmQ2MDM2YWU0YzQwZDkxYzJmMWIxZDIyMjkwNDlmN2Q5NDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr21hYTXsQ1paRlUnclz4K6UeRFKN
W8pAVnP1AzgsrL/TaJfR8fvbbpKeS5xF2IkhN1Z8QvbDjYKVch5Od0fM603jUrx2
k43eNJUNcr3iWYowXIpmi7FLNg2BKczJ6pTSjfx13w++1Xp3p3XYw1rONT0J9thy
s/09ziE1FUbk98RpFDb+f9DDAqcZmPTDrGzs1+f3yQCjUegPIpIE1eqEAAPGrMaw
uiSzfZCI3g5ijH0Lg1KzFyS3eH66WcbHiNOXzg2kdQhYkpKwXnaxvlXp/eolJe9X
V033F1DSxt/8fiPIOPJT4vTU6nMWxQjwtuL7LpRB2uCEghG4fSxJjQudBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHc4LWA2rkxA2RwvGx0iKQSffZRQMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvZHpndFlEYXVURURaSEM4YkhTSXBCSjk5bEZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYnUMA0G
CSqGSIb3DQEBCwUAA4IBAQB8/AE5WsEURk6UAl1MBvahJzOrjEwF2m39eaet4l/m
xy1H5A4B5jswVNfHYjfC8oWOiKjpgGsYbklrIusiR2acrt1AwZZUnqCFuIJrQWdF
WiYPmoQ+M+HTu+vUMHcrRb/1W5BX15mdzDOui98bocQlWuZFCNZJMeHAdFpFQ8y/
i4XUvKmOImAU3jL8z8QCO0YJaYzF6u1MsPcab/XBhi0n+ZkgOfXBEfQtXCwXilhX
h1HbMSg4vOZvfaUnLE1qoni3KqwFocYKHXArPi2FWTX/fMIMnZ8LwqTX7GJPbXYa
5QAg88HOQcKg7ejIsJtUzDtzY1GuoeXftwMOH1ClTitp
-----END CERTIFICATE-----