Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/2s4ghGsMJ4UjziczDpj7_nBo6GE.roa
File:                     2s4ghGsMJ4UjziczDpj7_nBo6GE.roa (raw, json)
Hash identifier:          jn5a6RlzlWn5orrS4JyYzumT++ei7+4zrAsQWhkhOUE=
Subject key identifier:   DA:CE:20:84:6B:0C:27:85:23:CE:27:33:0E:98:FB:FE:70:68:E8:61
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       019426D9FA7006FDAED1A2B37BE3A4E9FEE6
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/2s4ghGsMJ4UjziczDpj7_nBo6GE.roa
Signing time:             Thu 02 Jan 2025 11:50:07 +0000
ROA not before:           Thu 02 Jan 2025 11:50:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24851
IP address blocks:        37.235.55.0/24 maxlen: 24
                          2a03:f80:44::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:fa:70:06:fd:ae:d1:a2:b3:7b:e3:a4:e9:fe:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  2 11:50:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dace20846b0c278523ce27330e98fbfe7068e861
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:80:6f:20:88:ed:33:42:6a:cd:db:fa:74:c9:
                    51:3c:3a:50:e0:2f:f1:66:ce:06:94:18:59:98:b7:
                    f8:32:68:60:ea:72:f8:f6:d5:51:4e:f1:c8:80:73:
                    4c:cb:75:37:44:9a:5f:3f:0e:8c:0d:21:fe:25:c0:
                    39:e2:36:4b:5a:73:79:9e:3f:28:02:bc:47:94:e4:
                    ee:78:5c:4a:40:cf:79:d0:47:d6:5f:9c:96:5f:76:
                    a6:86:af:0b:bd:4c:92:a6:af:6c:da:48:c7:54:ec:
                    eb:fa:09:a1:e6:31:f2:8d:b5:6c:ac:6e:1c:11:08:
                    c3:cd:17:65:0e:ed:b7:36:38:11:b6:50:a9:e3:c0:
                    47:89:98:45:2b:66:57:57:eb:1b:87:24:cb:07:0e:
                    0f:5e:e3:3b:b1:7e:f5:94:cd:28:67:fc:12:6b:10:
                    48:6f:a6:aa:1f:2a:5c:58:d3:86:a1:b6:37:c7:d1:
                    e1:6f:ff:32:33:8e:3e:f8:56:97:e6:74:e3:7c:14:
                    ea:47:37:1b:6e:92:b4:88:2b:48:2f:ff:f9:2f:e5:
                    ee:2f:6e:3d:9e:af:4c:f8:10:61:dd:6d:74:ed:13:
                    03:20:aa:e5:1d:14:b5:6a:58:8d:13:2a:84:fe:8a:
                    05:fb:79:a0:1d:bb:37:7b:11:de:3e:ed:2e:97:75:
                    82:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:CE:20:84:6B:0C:27:85:23:CE:27:33:0E:98:FB:FE:70:68:E8:61
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/2s4ghGsMJ4UjziczDpj7_nBo6GE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.55.0/24
                IPv6:
                  2a03:f80:44::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:ee:ad:ee:3f:22:71:d2:dc:cc:31:59:5b:68:da:fe:72:b9:
         a8:56:9b:69:e6:32:88:66:d9:24:09:3e:05:02:52:d6:e5:12:
         8f:e2:6d:fb:43:5a:0a:01:ef:5d:51:17:8a:93:be:11:5f:4d:
         a3:5c:6b:ab:33:35:82:71:89:2c:50:71:99:40:a1:b7:c7:ed:
         44:01:81:07:4a:f2:c7:65:36:6f:3a:fe:09:59:6f:b4:09:45:
         a6:6a:76:1f:73:66:53:8d:f1:e3:a5:aa:f4:3b:31:0d:bf:71:
         cb:71:39:ab:ad:65:d1:35:e1:2c:75:00:9d:e4:64:14:77:f1:
         a8:93:84:97:cd:dc:d2:0e:8b:11:a3:84:ab:c5:b7:ed:81:76:
         c7:5d:f0:c2:d2:7d:c3:06:a1:35:99:32:55:25:2e:ba:2d:e8:
         d8:ff:34:85:59:13:f5:3f:13:1f:33:6b:7a:e7:e8:a7:d1:21:
         07:63:5d:f8:62:aa:0e:d6:16:a3:4f:d1:37:09:06:e7:20:ed:
         7f:72:66:98:d2:49:1e:ee:3e:10:8d:27:f1:b9:a2:14:5b:0d:
         2a:47:30:3a:e3:88:05:44:13:b5:6d:53:cb:da:2c:b0:31:c0:
         46:7e:e8:a0:78:fc:56:d8:94:df:81:53:fb:c9:6f:14:a8:83:
         4e:4b:f2:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2fpwBv2u0aKze+Ok6f7mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjUwMTAyMTE1MDA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWNlMjA4NDZiMGMyNzg1MjNjZTI3MzMwZTk4ZmJmZTcwNjhlODYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoBvIIjtM0Jqzdv6dMlRPDpQ4C/x
Zs4GlBhZmLf4Mmhg6nL49tVRTvHIgHNMy3U3RJpfPw6MDSH+JcA54jZLWnN5nj8o
ArxHlOTueFxKQM950EfWX5yWX3amhq8LvUySpq9s2kjHVOzr+gmh5jHyjbVsrG4c
EQjDzRdlDu23NjgRtlCp48BHiZhFK2ZXV+sbhyTLBw4PXuM7sX71lM0oZ/wSaxBI
b6aqHypcWNOGobY3x9Hhb/8yM44++FaX5nTjfBTqRzcbbpK0iCtIL//5L+XuL249
nq9M+BBh3W107RMDIKrlHRS1aliNEyqE/ooF+3mgHbs3exHePu0ul3WCFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNrOIIRrDCeFI84nMw6Y+/5waOhhMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvMnM0Z2hHc01KNFVqemljekRwajdfbkJvNkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAJes3MA8E
AgACMAkDBwAqAw+AAEQwDQYJKoZIhvcNAQELBQADggEBAA3ure4/InHS3MwxWVto
2v5yuahWm2nmMohm2SQJPgUCUtblEo/ibftDWgoB711RF4qTvhFfTaNca6szNYJx
iSxQcZlAobfH7UQBgQdK8sdlNm86/glZb7QJRaZqdh9zZlON8eOlqvQ7MQ2/cctx
OautZdE14Sx1AJ3kZBR38aiThJfN3NIOixGjhKvFt+2Bdsdd8MLSfcMGoTWZMlUl
Lrot6Nj/NIVZE/U/Ex8za3rn6KfRIQdjXfhiqg7WFqNP0TcJBucg7X9yZpjSSR7u
PhCNJ/G5ohRbDSpHMDrjiAVEE7VtU8vaLLAxwEZ+6KB4/FbYlN+BU/vJbxSog05L
8hs=
-----END CERTIFICATE-----