Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/QFDwHj-j-y33uDhFUsrE-1OKCE0.roa
File:                     QFDwHj-j-y33uDhFUsrE-1OKCE0.roa (raw, json)
Hash identifier:          zupjnMRcjVnfmgFPyHKsQHldn/aPiQG7UKeQJHmAcy4=
Subject key identifier:   40:50:F0:1E:3F:A3:FB:2D:F7:B8:38:45:52:CA:C4:FB:53:8A:08:4D
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B9479D9036A32AE607761C46615ADF
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/QFDwHj-j-y33uDhFUsrE-1OKCE0.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28099
IP address blocks:        37.235.52.0/24 maxlen: 24
                          2a03:f80:56::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:47:9d:90:36:a3:2a:e6:07:76:1c:46:61:5a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4050f01e3fa3fb2df7b8384552cac4fb538a084d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a8:46:4c:71:74:04:0b:62:3f:8b:77:78:38:
                    ac:db:ef:a8:3e:78:fc:4b:3b:bb:ed:bf:12:4b:45:
                    2c:ce:cc:87:e7:e4:1b:ce:bb:b7:95:65:ae:70:45:
                    f6:a4:53:e1:13:2b:c8:79:49:c8:cb:fb:2d:3b:4e:
                    1a:b8:a7:ba:8d:81:57:19:2a:13:00:0b:df:ab:57:
                    44:b0:cc:d0:36:38:42:4c:d1:18:10:dc:65:35:b2:
                    38:e8:a1:1f:ef:d7:a6:7e:d4:af:64:0c:d3:2c:91:
                    af:e0:4e:04:ee:82:0a:5c:40:e1:a3:6b:95:06:d6:
                    6b:81:ea:7d:a6:d4:9a:95:96:5e:a0:fb:22:1b:1f:
                    79:5a:14:74:9d:cb:88:ae:82:1b:de:f0:63:65:7c:
                    0c:8e:14:fd:c5:bd:7f:ff:f2:ce:e4:e6:b4:ca:83:
                    6a:9f:43:d6:8e:28:9b:ae:03:e2:5d:4a:ca:90:1c:
                    a0:9b:f6:33:db:df:39:bc:95:7c:d5:2c:b3:f4:ae:
                    bb:cb:e3:f7:44:69:8c:c7:99:59:ea:c2:a5:2d:ff:
                    bf:87:f7:86:d7:d6:28:1c:65:9a:24:3c:42:8b:f0:
                    57:ec:6f:52:d8:a8:77:4a:41:36:60:54:18:f4:ca:
                    85:f4:16:13:a1:db:9e:85:1f:3c:67:e9:7d:a3:a8:
                    ee:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:50:F0:1E:3F:A3:FB:2D:F7:B8:38:45:52:CA:C4:FB:53:8A:08:4D
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/QFDwHj-j-y33uDhFUsrE-1OKCE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.52.0/24
                IPv6:
                  2a03:f80:56::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:f1:6f:99:c3:9b:b1:c6:48:60:96:be:2c:dd:41:c6:77:31:
         71:1f:22:ce:37:ea:22:ae:5f:69:20:82:76:0c:ae:8b:46:f0:
         69:ee:d8:07:e3:72:b7:c3:21:73:3c:1d:a0:d4:d3:94:fc:b3:
         27:72:c9:f4:6c:3b:f2:37:05:a4:a9:48:74:c2:a2:51:64:29:
         c6:7d:b0:a2:d0:60:8a:c1:0c:d4:b7:0b:7e:7a:a5:d9:7b:01:
         60:4a:80:cb:1b:86:d1:51:2d:a6:9d:f8:66:18:76:43:40:9c:
         38:24:a4:10:a1:a4:1c:b0:e2:e1:d7:60:76:c8:1e:04:b9:cb:
         01:5a:80:be:d6:e8:94:32:f6:bb:2a:a5:c7:79:aa:7b:31:4e:
         1c:0b:1b:46:c3:00:8f:1c:9f:80:b1:2e:b2:3f:08:f5:b0:6f:
         1b:d5:eb:ff:89:0f:42:a6:94:10:a6:c1:b1:60:ef:74:e0:d4:
         e2:1e:b9:4f:3e:a1:2f:24:ef:9a:50:1a:f4:bf:3f:dc:34:c6:
         3c:51:ef:d1:0e:cd:cb:d6:a2:db:bd:71:8b:1f:ca:05:c9:89:
         d7:b3:de:8c:55:27:34:5e:c1:90:6e:9f:ba:c9:69:62:8d:fb:
         4b:a8:51:32:1a:62:25:ff:f8:4e:06:6b:ef:6e:be:de:5f:16:
         26:4d:dd:97
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuUedkDajKuYHdhxGYVrfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDUwZjAxZTNmYTNmYjJkZjdiODM4NDU1MmNhYzRmYjUzOGEwODRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKhGTHF0BAtiP4t3eDis2++oPnj8
Szu77b8SS0UszsyH5+Qbzru3lWWucEX2pFPhEyvIeUnIy/stO04auKe6jYFXGSoT
AAvfq1dEsMzQNjhCTNEYENxlNbI46KEf79emftSvZAzTLJGv4E4E7oIKXEDho2uV
BtZrgep9ptSalZZeoPsiGx95WhR0ncuIroIb3vBjZXwMjhT9xb1///LO5Oa0yoNq
n0PWjiibrgPiXUrKkBygm/Yz2985vJV81Syz9K67y+P3RGmMx5lZ6sKlLf+/h/eG
19YoHGWaJDxCi/BX7G9S2Kh3SkE2YFQY9MqF9BYToduehR88Z+l9o6juewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEBQ8B4/o/st97g4RVLKxPtTighNMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvUUZEd0hqLWoteTMzdURoRlVzckUtMU9LQ0UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAJes0MA8E
AgACMAkDBwAqAw+AAFYwDQYJKoZIhvcNAQELBQADggEBAGrxb5nDm7HGSGCWvizd
QcZ3MXEfIs436iKuX2kggnYMrotG8Gnu2AfjcrfDIXM8HaDU05T8sydyyfRsO/I3
BaSpSHTColFkKcZ9sKLQYIrBDNS3C356pdl7AWBKgMsbhtFRLaad+GYYdkNAnDgk
pBChpByw4uHXYHbIHgS5ywFagL7W6JQy9rsqpcd5qnsxThwLG0bDAI8cn4CxLrI/
CPWwbxvV6/+JD0KmlBCmwbFg73Tg1OIeuU8+oS8k75pQGvS/P9w0xjxR79EOzcvW
otu9cYsfygXJidez3oxVJzRewZBun7rJaWKN+0uoUTIaYiX/+E4Ga+9uvt5fFiZN
3Zc=
-----END CERTIFICATE-----