Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/T-E2WOIeKtObiN9hRI7QvjZDf30.roa
File:                     T-E2WOIeKtObiN9hRI7QvjZDf30.roa (raw, json)
Hash identifier:          wk9u8/4ow0rfl9yJeTqH29FOTPYXCqUaMltBKfh2h4A=
Subject key identifier:   4F:E1:36:58:E2:1E:2A:D3:9B:88:DF:61:44:8E:D0:BE:36:43:7F:7D
Certificate issuer:       /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial:       018CC9BC4F6DF9EA1A05D17B69A9E2225698
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/T-E2WOIeKtObiN9hRI7QvjZDf30.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48571
IP address blocks:        37.143.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:4f:6d:f9:ea:1a:05:d1:7b:69:a9:e2:22:56:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fe13658e21e2ad39b88df61448ed0be36437f7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:ce:56:37:c6:dd:54:36:fd:69:c3:be:70:00:
                    7b:1b:8d:43:4f:da:e2:5c:5c:f2:0c:58:d0:8d:89:
                    92:f4:56:4e:0d:27:9f:b7:c3:bc:4a:f5:23:84:92:
                    23:50:4a:3e:a2:8b:7d:98:ed:c6:13:29:ca:8d:a2:
                    74:71:86:27:fb:54:4b:23:6b:3a:4d:37:84:03:84:
                    10:e6:f5:6d:50:b5:06:3c:d5:93:2a:6d:e4:8e:8b:
                    c5:a2:27:f1:97:4a:8f:47:12:95:9d:a0:0d:8d:26:
                    83:5b:8a:34:14:fd:86:c8:5c:ad:8d:b6:31:ff:cc:
                    f0:53:97:7c:e4:de:06:7f:72:39:3c:24:01:ed:81:
                    44:33:d7:9a:b2:d8:f7:9b:1d:c2:b8:ef:8f:28:1f:
                    30:78:7b:c1:db:21:70:99:e7:57:e4:6e:be:b8:d3:
                    11:a1:63:28:c9:dd:77:54:b1:35:fd:8d:5e:30:46:
                    dc:da:f7:b0:3f:c1:12:e1:36:9a:47:13:fe:93:ab:
                    4c:d8:50:6d:4e:4e:73:09:17:8d:54:1d:a8:b0:20:
                    23:18:f6:f2:63:ed:a3:8d:f0:17:4b:e1:de:8d:ea:
                    b2:42:0a:31:c4:3f:1e:f9:17:50:f4:4e:e8:b5:0a:
                    80:8c:ea:4b:f2:d4:9d:d5:2e:cb:c0:e4:64:62:61:
                    74:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E1:36:58:E2:1E:2A:D3:9B:88:DF:61:44:8E:D0:BE:36:43:7F:7D
            X509v3 Authority Key Identifier:
                keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/T-E2WOIeKtObiN9hRI7QvjZDf30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:a5:20:12:68:c1:0c:b6:a6:37:30:29:d4:7a:37:72:68:7a:
         72:2e:98:91:fd:da:e7:75:3b:36:36:1a:2e:ca:c1:a3:85:7a:
         bf:22:fa:56:af:bd:0c:9c:b1:0c:e9:39:61:7e:f6:fc:00:93:
         46:29:0c:41:0e:d2:ae:2b:67:f3:4c:4c:d6:d8:f7:26:8a:63:
         fe:f7:03:07:93:01:85:85:8a:7c:c6:e9:79:54:b5:ad:76:73:
         45:60:3f:f2:c6:71:50:fc:94:95:d2:26:16:c6:ae:62:2d:43:
         a4:ab:b0:23:44:c0:1a:e1:03:51:fe:17:ef:56:ca:04:4f:9a:
         06:74:43:6d:72:e4:90:3f:95:ab:7b:13:2f:f1:b9:61:03:5f:
         a7:46:c1:8f:13:88:af:63:ed:a3:e5:12:04:df:9c:59:e2:95:
         99:6b:9f:01:19:40:b0:8a:fe:2a:74:6d:b1:f6:b2:87:39:9e:
         1f:29:95:76:58:2b:e8:c0:f7:18:f5:7a:f6:a6:81:85:53:22:
         7a:8b:46:0a:c0:8b:9c:95:93:71:5e:5f:34:ec:78:55:99:8b:
         97:fc:22:2f:ce:0e:2a:2b:5b:2f:50:66:a7:38:9a:86:75:ba:
         a4:db:01:13:03:b4:c6:0a:0c:be:fe:72:d3:eb:7b:d8:4d:c1:
         7d:9f:a3:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvE9t+eoaBdF7aaniIlaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmUxMzY1OGUyMWUyYWQzOWI4OGRmNjE0NDhlZDBiZTM2NDM3ZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9M5WN8bdVDb9acO+cAB7G41DT9ri
XFzyDFjQjYmS9FZODSeft8O8SvUjhJIjUEo+oot9mO3GEynKjaJ0cYYn+1RLI2s6
TTeEA4QQ5vVtULUGPNWTKm3kjovFoifxl0qPRxKVnaANjSaDW4o0FP2GyFytjbYx
/8zwU5d85N4Gf3I5PCQB7YFEM9eastj3mx3CuO+PKB8weHvB2yFwmedX5G6+uNMR
oWMoyd13VLE1/Y1eMEbc2vewP8ES4TaaRxP+k6tM2FBtTk5zCReNVB2osCAjGPby
Y+2jjfAXS+HejeqyQgoxxD8e+RdQ9E7otQqAjOpL8tSd1S7LwORkYmF05QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/hNljiHirTm4jfYUSO0L42Q399MB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEvVC1FMldPSWVLdE9iaU45aFJJN1F2alpEZjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJY+tMA0G
CSqGSIb3DQEBCwUAA4IBAQAfpSASaMEMtqY3MCnUejdyaHpyLpiR/drndTs2Nhou
ysGjhXq/IvpWr70MnLEM6Tlhfvb8AJNGKQxBDtKuK2fzTEzW2PcmimP+9wMHkwGF
hYp8xul5VLWtdnNFYD/yxnFQ/JSV0iYWxq5iLUOkq7AjRMAa4QNR/hfvVsoET5oG
dENtcuSQP5WrexMv8blhA1+nRsGPE4ivY+2j5RIE35xZ4pWZa58BGUCwiv4qdG2x
9rKHOZ4fKZV2WCvowPcY9Xr2poGFUyJ6i0YKwIuclZNxXl807HhVmYuX/CIvzg4q
K1svUGanOJqGdbqk2wETA7TGCgy+/nLT63vYTcF9n6Pp
-----END CERTIFICATE-----