Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/b_1vnDEnAnavrnxXgqWEN8PYa_I.roa
File:                     b_1vnDEnAnavrnxXgqWEN8PYa_I.roa (raw, json)
Hash identifier:          4bPFMySGQZ8rHmdbWGO+4MTom1pvdfvEHqa5Q1Nu1bg=
Subject key identifier:   6F:FD:6F:9C:31:27:02:76:AF:AE:7C:57:82:A5:84:37:C3:D8:6B:F2
Certificate issuer:       /CN=c1ab247c636ad389bf9f8c5074c8220230e8edcc
Certificate serial:       018CC26D6A1D8E0F19BAC06B2BAF66F932B7
Authority key identifier: C1:AB:24:7C:63:6A:D3:89:BF:9F:8C:50:74:C8:22:02:30:E8:ED:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/b_1vnDEnAnavrnxXgqWEN8PYa_I.roa
Signing time:             Mon 01 Jan 2024 00:29:59 +0000
ROA not before:           Mon 01 Jan 2024 00:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205978
IP address blocks:        37.203.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:6a:1d:8e:0f:19:ba:c0:6b:2b:af:66:f9:32:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1ab247c636ad389bf9f8c5074c8220230e8edcc
        Validity
            Not Before: Jan  1 00:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ffd6f9c31270276afae7c5782a58437c3d86bf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d8:2c:9b:88:0b:cd:91:d2:cb:b3:15:c9:c6:
                    00:91:af:7f:7f:19:4b:a6:c9:c8:27:25:3a:97:c7:
                    b1:3f:6d:c9:59:ce:ef:d1:d7:d1:a6:90:ea:fe:1a:
                    56:58:10:65:79:0f:3e:eb:9f:e0:30:9d:2a:78:ae:
                    6b:bc:8c:7b:0f:9f:38:5b:62:15:b8:fc:a3:59:88:
                    f1:39:e3:c6:b2:ff:e8:43:a3:b7:2e:df:a3:7a:a0:
                    3d:4b:63:03:f2:1e:10:fc:e4:94:14:14:05:e9:a2:
                    01:dd:ab:7b:5c:72:bb:bb:ca:3c:97:bf:48:1d:ec:
                    4e:41:90:2b:f6:5d:64:23:35:7c:e0:1d:6e:25:e9:
                    bd:ee:df:4b:62:78:78:86:8a:d4:5e:55:b5:6d:7d:
                    ed:8a:98:5c:52:49:0c:3d:c0:f7:35:1d:1d:46:91:
                    b1:39:e5:71:8b:a2:e0:7f:29:c1:4d:54:6f:da:69:
                    a9:12:03:67:18:e3:0d:e5:f1:b7:38:e6:c4:61:c8:
                    4c:73:4b:d3:ab:c6:4b:61:5d:b3:84:8e:09:67:13:
                    05:b8:34:9f:98:35:9b:25:ec:4d:1e:bc:c6:e3:43:
                    18:51:35:e2:b5:a8:d9:25:fd:b6:51:c1:a5:21:98:
                    76:15:4a:27:d3:3a:70:ad:e8:d6:8b:e7:e0:7c:c1:
                    c9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:FD:6F:9C:31:27:02:76:AF:AE:7C:57:82:A5:84:37:C3:D8:6B:F2
            X509v3 Authority Key Identifier:
                keyid:C1:AB:24:7C:63:6A:D3:89:BF:9F:8C:50:74:C8:22:02:30:E8:ED:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/waskfGNq04m_n4xQdMgiAjDo7cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/b_1vnDEnAnavrnxXgqWEN8PYa_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/566938-e2a8-48b3-816b-27b113cff53b/1/waskfGNq04m_n4xQdMgiAjDo7cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:28:23:32:4d:96:3d:bb:7c:4f:83:77:78:b2:3d:7a:db:8d:
         8d:2c:14:2a:90:90:99:a8:1a:44:8c:de:97:25:4b:c2:51:f9:
         00:0a:71:dd:16:1d:8b:97:03:bd:c0:a2:c8:f3:1d:97:27:a3:
         54:45:c8:2f:5e:d0:b2:24:ea:d1:58:57:41:6b:ab:3c:35:4b:
         11:30:40:c3:49:2b:05:c9:ac:04:a4:00:55:d2:16:c2:77:2d:
         23:55:17:07:04:9b:91:ce:8e:62:7e:a0:4f:f9:ec:c8:98:6b:
         21:5c:01:46:84:78:6d:c5:69:10:27:71:f5:19:bb:65:aa:82:
         53:1e:f8:ec:ec:50:ea:7b:89:c1:34:d5:8c:0f:a6:c5:18:1c:
         26:07:fe:a1:af:d6:7f:bf:71:05:f0:e3:c4:88:e2:6f:11:e6:
         4b:0e:2a:b2:2c:09:77:7a:84:27:f6:c8:80:7f:a2:36:65:56:
         7c:83:31:03:ab:7f:46:9d:02:7b:b5:38:60:24:1f:59:18:89:
         bb:52:e7:8a:cf:8f:b7:f8:37:d1:10:03:ac:53:51:a4:fb:71:
         21:9d:04:96:d6:0f:59:6a:d3:6d:96:bb:e8:d9:26:ad:f2:4b:
         14:17:c1:ff:9c:38:0d:f4:53:1d:18:1d:fe:97:87:05:b8:5c:
         40:cf:c9:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWodjg8ZusBrK69m+TK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYWIyNDdjNjM2YWQzODliZjlmOGM1MDc0YzgyMjAyMzBl
OGVkY2MwHhcNMjQwMTAxMDAyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmZkNmY5YzMxMjcwMjc2YWZhZTdjNTc4MmE1ODQzN2MzZDg2YmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9gsm4gLzZHSy7MVycYAka9/fxlL
psnIJyU6l8exP23JWc7v0dfRppDq/hpWWBBleQ8+65/gMJ0qeK5rvIx7D584W2IV
uPyjWYjxOePGsv/oQ6O3Lt+jeqA9S2MD8h4Q/OSUFBQF6aIB3at7XHK7u8o8l79I
HexOQZAr9l1kIzV84B1uJem97t9LYnh4horUXlW1bX3tiphcUkkMPcD3NR0dRpGx
OeVxi6LgfynBTVRv2mmpEgNnGOMN5fG3OObEYchMc0vTq8ZLYV2zhI4JZxMFuDSf
mDWbJexNHrzG40MYUTXitajZJf22UcGlIZh2FUon0zpwrejWi+fgfMHJRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/9b5wxJwJ2r658V4KlhDfD2GvyMB8GA1UdIwQY
MBaAFMGrJHxjatOJv5+MUHTIIgIw6O3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2Fza2ZHTnEwNG1fbjR4UWRNZ2lBakRvN2N3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81NjY5MzgtZTJhOC00OGIzLTgxNmIt
MjdiMTEzY2ZmNTNiLzEvYl8xdm5ERW5BbmF2cm54WGdxV0VOOFBZYV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81NjY5MzgtZTJhOC00OGIzLTgxNmItMjdiMTEzY2ZmNTNi
LzEvd2Fza2ZHTnEwNG1fbjR4UWRNZ2lBakRvN2N3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcv0MA0G
CSqGSIb3DQEBCwUAA4IBAQAJKCMyTZY9u3xPg3d4sj16242NLBQqkJCZqBpEjN6X
JUvCUfkACnHdFh2LlwO9wKLI8x2XJ6NURcgvXtCyJOrRWFdBa6s8NUsRMEDDSSsF
yawEpABV0hbCdy0jVRcHBJuRzo5ifqBP+ezImGshXAFGhHhtxWkQJ3H1GbtlqoJT
Hvjs7FDqe4nBNNWMD6bFGBwmB/6hr9Z/v3EF8OPEiOJvEeZLDiqyLAl3eoQn9siA
f6I2ZVZ8gzEDq39GnQJ7tThgJB9ZGIm7UueKz4+3+DfREAOsU1Gk+3EhnQSW1g9Z
atNtlrvo2Sat8ksUF8H/nDgN9FMdGB3+l4cFuFxAz8m/
-----END CERTIFICATE-----