Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/HUy1d5ZjGFmCv9h4hYfBJaWPXVQ.roa
File:                     HUy1d5ZjGFmCv9h4hYfBJaWPXVQ.roa (raw, json)
Hash identifier:          4gMZdGydCQFkoi7SUGmusmQIjxkKElsX6Vh2pKcWjso=
Subject key identifier:   1D:4C:B5:77:96:63:18:59:82:BF:D8:78:85:87:C1:25:A5:8F:5D:54
Certificate issuer:       /CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
Certificate serial:       018CE94B139950B82B8ADF25796A73FD72A0
Authority key identifier: 2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/HUy1d5ZjGFmCv9h4hYfBJaWPXVQ.roa
Signing time:             Mon 08 Jan 2024 13:37:40 +0000
ROA not before:           Mon 08 Jan 2024 13:37:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209360
IP address blocks:        37.61.77.0/24 maxlen: 24
                          37.61.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:4b:13:99:50:b8:2b:8a:df:25:79:6a:73:fd:72:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b0be226230d4099ceea0a4a6cf4ed8b90201350
        Validity
            Not Before: Jan  8 13:37:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d4cb5779663185982bfd8788587c125a58f5d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c0:ee:52:2f:5d:b0:fa:92:17:7a:01:20:47:
                    4f:1e:8d:f3:69:d2:83:8a:7e:2b:e8:84:e1:63:e1:
                    3e:c3:ad:59:04:62:2a:46:16:9a:2a:6b:16:2e:96:
                    49:fe:8c:16:78:73:42:fa:52:f0:f6:0d:14:47:fc:
                    99:2f:92:0d:c9:7b:33:31:39:83:35:9b:04:00:6b:
                    93:d1:74:5d:d2:f2:a4:f5:12:55:22:38:16:88:30:
                    3d:a5:86:ad:af:af:67:aa:c8:f6:f5:96:84:c0:a6:
                    31:01:b1:5d:5e:fe:ca:4e:87:39:56:c1:65:2d:d9:
                    5d:7c:12:0f:68:fa:aa:b6:41:5c:c9:07:58:90:d0:
                    80:1c:4e:f7:0d:5f:9c:bc:d9:97:ce:93:00:c5:d3:
                    a1:25:22:a9:d9:d5:01:a2:8a:3b:5b:40:ae:14:e8:
                    97:60:90:7a:c8:da:c5:3e:eb:6d:ef:2d:c9:eb:d3:
                    96:60:4a:37:8c:62:eb:15:32:34:60:64:a9:08:e7:
                    1b:c0:de:34:38:85:75:e2:f9:1b:eb:ef:34:0c:7d:
                    1c:f2:a1:7f:62:b6:c0:50:7c:1e:3b:fd:4b:9f:01:
                    0d:ce:a3:30:e2:fb:3b:09:ec:d9:8a:98:e1:08:5e:
                    bc:d8:e6:5d:da:40:0e:77:d3:94:3f:95:dd:c2:11:
                    c5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:4C:B5:77:96:63:18:59:82:BF:D8:78:85:87:C1:25:A5:8F:5D:54
            X509v3 Authority Key Identifier:
                keyid:2B:0B:E2:26:23:0D:40:99:CE:EA:0A:4A:6C:F4:ED:8B:90:20:13:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwviJiMNQJnO6gpKbPTti5AgE1A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/HUy1d5ZjGFmCv9h4hYfBJaWPXVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/fce675-bf53-4787-93e7-81f566185b06/1/KwviJiMNQJnO6gpKbPTti5AgE1A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.77.0-37.61.78.255

    Signature Algorithm: sha256WithRSAEncryption
         49:f3:cf:a8:9c:33:09:22:fd:ef:93:07:b8:b9:e6:89:d3:75:
         de:9b:cb:4f:42:0d:b4:ae:9e:81:39:42:1c:10:cd:47:5a:93:
         06:56:f7:68:79:05:49:c1:a7:88:cb:8f:bb:f5:6d:f8:7a:b2:
         f1:15:e0:ad:6e:82:1a:32:ab:e5:f3:00:58:ca:aa:24:e9:d8:
         7e:19:33:fa:74:6b:d6:3e:4b:87:45:cb:0d:92:84:4c:45:0e:
         bc:c1:00:c6:c3:d5:38:80:fa:7e:8e:b2:ad:7f:80:e6:82:d3:
         6c:93:54:34:36:d4:dd:8f:12:dc:99:45:eb:cf:9d:6a:2d:de:
         52:1e:90:85:05:78:49:0d:46:ff:14:95:86:99:2b:35:02:a5:
         e2:40:a7:76:c7:98:64:b9:4a:90:b0:50:c1:95:63:75:2e:24:
         a7:c6:f6:98:ac:bc:fd:07:91:bd:16:04:9c:f4:f0:ae:92:0e:
         2a:11:af:88:7b:27:ae:07:99:f8:4f:42:29:cb:53:71:d0:fa:
         14:d7:b2:ce:09:84:22:3d:6d:fb:dc:eb:f7:42:5c:4b:d0:1a:
         09:b9:7e:17:06:b2:0c:a5:dd:08:ea:4a:f5:8a:14:a2:16:1b:
         b1:87:a2:25:b4:ad:60:29:c1:16:61:a1:d1:5a:48:20:e3:45:
         cc:e3:69:1b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzpSxOZULgrit8leWpz/XKgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMGJlMjI2MjMwZDQwOTljZWVhMGE0YTZjZjRlZDhiOTAy
MDEzNTAwHhcNMjQwMTA4MTMzNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDRjYjU3Nzk2NjMxODU5ODJiZmQ4Nzg4NTg3YzEyNWE1OGY1ZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcDuUi9dsPqSF3oBIEdPHo3zadKD
in4r6IThY+E+w61ZBGIqRhaaKmsWLpZJ/owWeHNC+lLw9g0UR/yZL5INyXszMTmD
NZsEAGuT0XRd0vKk9RJVIjgWiDA9pYatr69nqsj29ZaEwKYxAbFdXv7KToc5VsFl
LdldfBIPaPqqtkFcyQdYkNCAHE73DV+cvNmXzpMAxdOhJSKp2dUBooo7W0CuFOiX
YJB6yNrFPutt7y3J69OWYEo3jGLrFTI0YGSpCOcbwN40OIV14vkb6+80DH0c8qF/
YrbAUHweO/1LnwENzqMw4vs7CezZipjhCF682OZd2kAOd9OUP5XdwhHFXQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFB1MtXeWYxhZgr/YeIWHwSWlj11UMB8GA1UdIwQY
MBaAFCsL4iYjDUCZzuoKSmz07YuQIBNQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTct
ODFmNTY2MTg1YjA2LzEvSFV5MWQ1WmpHRm1DdjloNGhZZkJKYVdQWFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9mY2U2NzUtYmY1My00Nzg3LTkzZTctODFmNTY2MTg1YjA2
LzEvS3d2aUppTU5RSm5PNmdwS2JQVHRpNUFnRTFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAlPU0D
BAAlPU4wDQYJKoZIhvcNAQELBQADggEBAEnzz6icMwki/e+TB7i55onTdd6by09C
DbSunoE5QhwQzUdakwZW92h5BUnBp4jLj7v1bfh6svEV4K1ughoyq+XzAFjKqiTp
2H4ZM/p0a9Y+S4dFyw2ShExFDrzBAMbD1TiA+n6Osq1/gOaC02yTVDQ21N2PEtyZ
RevPnWot3lIekIUFeEkNRv8UlYaZKzUCpeJAp3bHmGS5SpCwUMGVY3UuJKfG9pis
vP0Hkb0WBJz08K6SDioRr4h7J64HmfhPQinLU3HQ+hTXss4JhCI9bfvc6/dCXEvQ
Ggm5fhcGsgyl3QjqSvWKFKIWG7GHoiW0rWApwRZhodFaSCDjRczjaRs=
-----END CERTIFICATE-----