Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/2UO1PT713wnOBl4UtZeu26y2VPk.roa
File:                     2UO1PT713wnOBl4UtZeu26y2VPk.roa (raw, json)
Hash identifier:          lfWpgCEG/GU+sysnwzI9rpQf90lqHbJxJ04OCHvXK+Y=
Subject key identifier:   D9:43:B5:3D:3E:F5:DF:09:CE:06:5E:14:B5:97:AE:DB:AC:B6:54:F9
Certificate issuer:       /CN=29993007c7c92df6178e7cb43183fd7f52a526d8
Certificate serial:       01921AD179E4B93F14F6F5E54BEE1CEA13A2
Authority key identifier: 29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/2UO1PT713wnOBl4UtZeu26y2VPk.roa
Signing time:             Sun 22 Sep 2024 17:39:48 +0000
ROA not before:           Sun 22 Sep 2024 17:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42216
IP address blocks:        37.77.25.0/24 maxlen: 24
                          37.77.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1a:d1:79:e4:b9:3f:14:f6:f5:e5:4b:ee:1c:ea:13:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29993007c7c92df6178e7cb43183fd7f52a526d8
        Validity
            Not Before: Sep 22 17:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d943b53d3ef5df09ce065e14b597aedbacb654f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7b:74:5e:34:88:4b:3c:bc:92:ac:cc:b2:d1:
                    fa:34:3a:0c:72:73:7e:79:79:56:ac:97:76:34:a1:
                    66:11:d7:58:50:05:d6:1f:8a:52:ac:dc:2a:1f:ba:
                    57:5c:da:3f:64:c2:f9:aa:b8:14:37:4f:a1:5e:61:
                    f3:93:f3:da:d4:d8:f0:f9:f6:a8:fd:e2:ad:c8:09:
                    e0:0c:ae:e3:65:50:31:8c:d5:38:e2:76:78:aa:f8:
                    b7:fa:54:bd:08:12:5d:dc:a5:51:d9:35:3c:55:5b:
                    5f:11:92:3a:e0:40:94:17:d4:62:e4:97:5d:f4:9e:
                    d7:97:c6:1d:95:16:19:b1:f4:c3:91:01:8b:72:8c:
                    9f:de:46:68:20:14:2d:e8:30:a7:a1:9f:bd:b2:9d:
                    8e:70:24:3e:a3:ad:9b:7d:ce:bf:c5:1e:80:48:0e:
                    4b:7a:bc:27:2b:da:5a:51:5b:d4:0d:35:37:16:24:
                    d5:47:67:ee:d1:aa:59:61:43:a7:0c:c5:bd:e0:ba:
                    1f:5e:f1:40:37:d5:94:ed:20:a0:78:cf:ac:cb:1f:
                    ae:7d:7e:94:d4:eb:b5:e6:3a:87:2f:d8:4c:53:f4:
                    54:7d:e0:db:bb:7f:f5:31:4d:86:75:a7:40:2a:01:
                    fe:3a:e6:80:6c:9b:c7:d2:79:01:6b:44:e4:24:3e:
                    b1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:43:B5:3D:3E:F5:DF:09:CE:06:5E:14:B5:97:AE:DB:AC:B6:54:F9
            X509v3 Authority Key Identifier:
                keyid:29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/2UO1PT713wnOBl4UtZeu26y2VPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.25.0-37.77.26.255

    Signature Algorithm: sha256WithRSAEncryption
         97:31:14:99:71:c6:b7:ea:a3:65:36:c9:cd:59:6c:5a:23:48:
         40:0b:27:e9:40:f8:68:4f:41:75:22:61:67:bd:32:d6:b5:69:
         8d:e5:97:65:25:35:e2:56:6d:34:45:2a:36:00:6c:42:2d:bb:
         7f:21:e8:12:be:91:03:b8:b7:c9:4a:31:7c:2d:56:f0:4c:98:
         de:c3:d6:6a:73:a6:ed:18:8b:8c:59:5a:c4:4e:de:ec:8b:d6:
         4f:d4:93:db:84:09:92:ff:49:6b:a3:83:07:ba:89:2f:5d:2e:
         67:f3:e5:4a:6e:0e:ea:87:22:24:48:7f:15:fd:48:3c:f0:49:
         a1:1c:9b:68:93:af:99:7d:8a:ef:b2:2c:f0:7c:d6:f2:f0:be:
         73:c0:6a:aa:bf:77:d0:2d:e5:6c:50:c7:5f:68:fd:5a:f1:f6:
         01:4f:d7:a7:60:33:6f:2f:92:d3:e3:ec:f6:d3:ea:58:47:bb:
         41:35:ac:c0:1a:f6:72:5b:3d:8a:38:fa:19:2c:e7:c3:68:00:
         ae:6d:4a:3c:2f:c7:1e:75:43:e4:2d:54:0b:48:c8:73:92:33:
         95:14:15:15:13:24:fd:cc:11:49:34:90:04:6f:a6:f0:38:f1:
         34:f1:f3:48:6d:af:f8:67:b4:f4:22:f2:67:db:da:f4:b8:8b:
         38:01:9f:1d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZIa0XnkuT8U9vXlS+4c6hOiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTkzMDA3YzdjOTJkZjYxNzhlN2NiNDMxODNmZDdmNTJh
NTI2ZDgwHhcNMjQwOTIyMTczOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTQzYjUzZDNlZjVkZjA5Y2UwNjVlMTRiNTk3YWVkYmFjYjY1NGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXt0XjSISzy8kqzMstH6NDoMcnN+
eXlWrJd2NKFmEddYUAXWH4pSrNwqH7pXXNo/ZML5qrgUN0+hXmHzk/Pa1Njw+fao
/eKtyAngDK7jZVAxjNU44nZ4qvi3+lS9CBJd3KVR2TU8VVtfEZI64ECUF9Ri5Jdd
9J7Xl8YdlRYZsfTDkQGLcoyf3kZoIBQt6DCnoZ+9sp2OcCQ+o62bfc6/xR6ASA5L
erwnK9paUVvUDTU3FiTVR2fu0apZYUOnDMW94LofXvFAN9WU7SCgeM+syx+ufX6U
1Ou15jqHL9hMU/RUfeDbu3/1MU2GdadAKgH+OuaAbJvH0nkBa0TkJD6xCwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNlDtT0+9d8JzgZeFLWXrtustlT5MB8GA1UdIwQY
MBaAFCmZMAfHyS32F458tDGD/X9SpSbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODkt
MWU4MjlmZmExYzNhLzEvMlVPMVBUNzEzd25PQmw0VXRaZXUyNnkyVlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODktMWU4MjlmZmExYzNh
LzEvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAlTRkD
BAAlTRowDQYJKoZIhvcNAQELBQADggEBAJcxFJlxxrfqo2U2yc1ZbFojSEALJ+lA
+GhPQXUiYWe9Mta1aY3ll2UlNeJWbTRFKjYAbEItu38h6BK+kQO4t8lKMXwtVvBM
mN7D1mpzpu0Yi4xZWsRO3uyL1k/Uk9uECZL/SWujgwe6iS9dLmfz5UpuDuqHIiRI
fxX9SDzwSaEcm2iTr5l9iu+yLPB81vLwvnPAaqq/d9At5WxQx19o/Vrx9gFP16dg
M28vktPj7PbT6lhHu0E1rMAa9nJbPYo4+hks58NoAK5tSjwvxx51Q+QtVAtIyHOS
M5UUFRUTJP3MEUk0kARvpvA48TTx80htr/hntPQi8mfb2vS4izgBnx0=
-----END CERTIFICATE-----