Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/VImUHTDDRHKWm4JlJloTojQOE9k.roa
File:                     VImUHTDDRHKWm4JlJloTojQOE9k.roa (raw, json)
Hash identifier:          e/b/XPAmPyj+bqr/kvQosXTMROaPtpsPB/pPFqntsgQ=
Subject key identifier:   54:89:94:1D:30:C3:44:72:96:9B:82:65:26:5A:13:A2:34:0E:13:D9
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B946D07C6E64813726F957283F64EF
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/VImUHTDDRHKWm4JlJloTojQOE9k.roa
Signing time:             Mon 01 Jan 2024 20:31:20 +0000
ROA not before:           Mon 01 Jan 2024 20:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24851
IP address blocks:        37.235.55.0/24 maxlen: 24
                          2a03:f80:44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:46:d0:7c:6e:64:81:37:26:f9:57:28:3f:64:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5489941d30c34472969b8265265a13a2340e13d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:19:f6:da:e7:ba:0d:ef:6e:c7:0b:e0:2d:aa:
                    79:f2:95:94:42:b4:de:b5:c3:fa:19:96:5c:58:5e:
                    d3:a5:10:a6:b0:a3:0c:e8:61:a9:6f:bc:a0:e0:8d:
                    71:ed:72:25:5e:f5:23:82:a0:f7:7d:ae:5f:93:27:
                    ce:1c:f2:5a:4d:b5:26:9e:26:77:08:f2:a8:2b:55:
                    9a:6e:9b:43:37:50:8d:86:03:01:d6:9d:ad:90:24:
                    39:a5:95:2c:52:33:47:e6:11:7e:bf:17:61:82:42:
                    6a:e2:2e:1c:f1:b5:9e:25:5b:7c:6f:b9:70:91:f0:
                    72:b4:57:f3:4f:3f:a6:a8:1e:9e:16:1b:9d:e3:c5:
                    b9:40:8e:82:c5:39:3a:46:25:30:dc:95:b8:4b:ec:
                    f2:bd:de:db:7b:66:42:6d:8e:0b:56:e6:71:03:ea:
                    96:e6:71:72:b6:5f:42:3d:cb:7b:60:96:66:69:23:
                    80:07:f9:d5:70:24:5e:b2:b8:c8:48:22:6e:6e:55:
                    34:2f:17:cc:ac:63:06:26:89:3a:39:96:00:4d:00:
                    73:98:b9:d0:03:21:f0:49:9a:7b:7b:46:18:d5:b9:
                    0d:e9:c9:ca:68:8a:7e:f2:ef:f6:b9:77:6e:51:36:
                    28:8a:19:50:a8:cd:cc:49:7f:b8:76:5f:07:e2:31:
                    9b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:89:94:1D:30:C3:44:72:96:9B:82:65:26:5A:13:A2:34:0E:13:D9
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/VImUHTDDRHKWm4JlJloTojQOE9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.55.0/24
                IPv6:
                  2a03:f80:44::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:e1:f5:b8:65:ac:96:23:df:a3:fc:7b:9a:c9:21:4e:92:cf:
         32:cd:88:09:5a:a3:36:e0:0a:3c:21:85:4d:96:c9:78:88:4d:
         8f:be:3a:9f:78:43:2e:12:89:a5:04:bc:aa:84:fd:2f:40:2d:
         28:d5:b0:18:93:b4:13:53:dd:7d:ca:a9:7b:8a:09:1d:be:3c:
         ef:4c:bd:e3:e1:53:23:cb:45:85:25:ff:35:3a:7b:21:78:1c:
         cd:fd:9c:a0:91:02:0c:ad:08:a0:e6:df:4c:94:01:4b:65:bd:
         8f:c3:c2:03:c6:7e:1e:cb:e9:98:ad:4c:8b:8a:d7:3b:ed:0c:
         36:0b:1d:e7:6c:ad:a3:5f:b1:9f:6c:f2:14:84:22:b9:77:52:
         c5:e3:1b:41:b4:be:a5:d1:35:62:37:a4:78:51:8c:6a:fe:0d:
         01:57:e3:40:86:37:59:3e:4e:5b:84:7e:10:48:c4:d4:35:8f:
         97:b8:d5:53:a7:6d:9d:a7:58:d0:38:07:be:84:16:65:c3:44:
         bc:cc:dc:69:2a:fb:81:b4:10:8e:cd:a7:cc:fa:62:72:97:81:
         c5:33:19:dc:88:0e:4d:a6:4e:40:9e:f1:57:28:fc:4b:18:7d:
         17:33:88:44:45:9e:e6:ca:57:69:72:2c:be:7f:52:2c:4b:86:
         78:76:c4:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGuUbQfG5kgTcm+VcoP2TvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDg5OTQxZDMwYzM0NDcyOTY5YjgyNjUyNjVhMTNhMjM0MGUxM2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRn22ue6De9uxwvgLap58pWUQrTe
tcP6GZZcWF7TpRCmsKMM6GGpb7yg4I1x7XIlXvUjgqD3fa5fkyfOHPJaTbUmniZ3
CPKoK1WabptDN1CNhgMB1p2tkCQ5pZUsUjNH5hF+vxdhgkJq4i4c8bWeJVt8b7lw
kfBytFfzTz+mqB6eFhud48W5QI6CxTk6RiUw3JW4S+zyvd7be2ZCbY4LVuZxA+qW
5nFytl9CPct7YJZmaSOAB/nVcCResrjISCJublU0LxfMrGMGJok6OZYATQBzmLnQ
AyHwSZp7e0YY1bkN6cnKaIp+8u/2uXduUTYoihlQqM3MSX+4dl8H4jGbKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFSJlB0ww0RylpuCZSZaE6I0DhPZMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvVkltVUhURERSSEtXbTRKbEpsb1RvalFPRTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAJes3MA8E
AgACMAkDBwAqAw+AAEQwDQYJKoZIhvcNAQELBQADggEBAIHh9bhlrJYj36P8e5rJ
IU6SzzLNiAlaozbgCjwhhU2WyXiITY++Op94Qy4SiaUEvKqE/S9ALSjVsBiTtBNT
3X3KqXuKCR2+PO9MvePhUyPLRYUl/zU6eyF4HM39nKCRAgytCKDm30yUAUtlvY/D
wgPGfh7L6ZitTIuK1zvtDDYLHedsraNfsZ9s8hSEIrl3UsXjG0G0vqXRNWI3pHhR
jGr+DQFX40CGN1k+TluEfhBIxNQ1j5e41VOnbZ2nWNA4B76EFmXDRLzM3Gkq+4G0
EI7Np8z6YnKXgcUzGdyIDk2mTkCe8Vco/EsYfRcziERFnubKV2lyLL5/UixLhnh2
xIc=
-----END CERTIFICATE-----