Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/zYIoyh8ar-bEEwLiwjL6j6tRS3k.roa
File:                     zYIoyh8ar-bEEwLiwjL6j6tRS3k.roa (raw, json)
Hash identifier:          NHYJZNfTf0pdFvHvOLws6gIK1AxJDJZ9yK2nJisMlZs=
Subject key identifier:   CD:82:28:CA:1F:1A:AF:E6:C4:13:02:E2:C2:32:FA:8F:AB:51:4B:79
Certificate issuer:       /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial:       0194258F5A94F9BC0290F66D8623F1C02137
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/zYIoyh8ar-bEEwLiwjL6j6tRS3k.roa
Signing time:             Thu 02 Jan 2025 05:48:59 +0000
ROA not before:           Thu 02 Jan 2025 05:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39211
IP address blocks:        37.143.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:5a:94:f9:bc:02:90:f6:6d:86:23:f1:c0:21:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
        Validity
            Not Before: Jan  2 05:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd8228ca1f1aafe6c41302e2c232fa8fab514b79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9f:ff:00:30:1d:61:41:2a:78:b2:41:ea:3a:
                    51:8c:e6:64:14:0a:f1:c5:fa:0d:d0:62:c9:3f:38:
                    4f:71:af:bd:c6:9c:dc:68:1c:c7:e6:84:15:6b:7d:
                    80:25:ab:84:2d:46:d4:10:5f:de:98:bc:7c:ea:a4:
                    a0:69:49:20:b8:20:fa:43:40:4d:52:3b:86:87:7e:
                    4b:09:4f:a7:9f:72:05:12:d0:1a:ce:1a:6c:64:d3:
                    77:f6:73:6f:4c:b4:03:fb:1d:38:3a:32:98:c0:bc:
                    b0:10:e9:2c:1e:17:30:e2:52:af:ba:ac:ed:38:78:
                    a2:ec:2e:73:b5:99:e9:93:15:6d:84:e3:0c:80:06:
                    70:73:bf:19:a0:48:f9:1c:83:58:05:d0:87:d5:03:
                    e5:a8:15:13:b5:87:3e:df:9f:60:dc:df:ef:f3:5e:
                    ff:c2:b0:f4:57:25:12:c8:90:6f:b3:1e:90:2a:06:
                    c9:9e:bd:f4:7c:c5:86:5b:12:09:c3:26:49:36:76:
                    27:03:d1:a2:8e:a2:df:1b:af:31:f5:38:f2:33:2c:
                    6f:eb:06:54:c0:06:9a:0f:85:17:e9:3b:26:91:0e:
                    8a:db:05:01:3f:26:4c:80:c2:d1:2f:79:e4:5a:6d:
                    d4:bb:5e:00:f6:20:ba:56:b0:39:28:2f:10:0a:65:
                    db:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:82:28:CA:1F:1A:AF:E6:C4:13:02:E2:C2:32:FA:8F:AB:51:4B:79
            X509v3 Authority Key Identifier:
                keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/zYIoyh8ar-bEEwLiwjL6j6tRS3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:9e:2d:0c:6f:29:c2:03:b8:cb:5f:f8:9c:2a:77:9a:55:14:
         fb:65:de:8d:25:58:c9:dc:e8:b2:af:0a:8b:e6:fb:77:90:33:
         ff:d8:c4:a6:de:5e:3a:c0:e9:92:e5:9b:50:12:92:a4:d6:9c:
         c7:3e:71:75:94:6c:71:8b:e6:e8:f1:e5:31:f6:d1:f9:88:ae:
         3f:e3:3f:1f:e0:f2:c7:e3:43:8c:ba:f7:0e:df:98:c9:df:96:
         16:15:c1:92:7a:d7:cb:1a:72:b4:ce:5e:2b:b1:eb:52:3a:80:
         23:2b:f8:61:1f:a6:1e:e6:aa:70:7a:78:34:63:e4:23:69:25:
         28:ac:e5:54:8f:0c:58:8e:ef:68:6e:da:1e:5c:22:4f:c5:95:
         13:50:28:76:4b:2a:74:28:d3:e8:87:95:7b:5f:b8:5b:4c:38:
         6e:21:d2:e9:88:38:59:58:05:ea:b5:67:b7:7b:c6:c2:d6:38:
         4d:dd:1e:3d:2b:f8:a5:7b:5a:b9:66:35:5b:a5:8d:76:a0:69:
         52:b4:26:0e:ac:4e:59:e7:34:d5:97:50:dc:26:51:5e:14:49:
         ee:ad:fd:bb:39:34:e0:95:b8:20:15:f1:46:5e:8c:94:8c:b9:
         cc:b8:22:10:e8:9c:25:82:6c:9e:59:b0:ce:c6:5f:1f:2e:56:
         13:8f:18:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj1qU+bwCkPZthiPxwCE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjUwMTAyMDU0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDgyMjhjYTFmMWFhZmU2YzQxMzAyZTJjMjMyZmE4ZmFiNTE0Yjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJ//ADAdYUEqeLJB6jpRjOZkFArx
xfoN0GLJPzhPca+9xpzcaBzH5oQVa32AJauELUbUEF/emLx86qSgaUkguCD6Q0BN
UjuGh35LCU+nn3IFEtAazhpsZNN39nNvTLQD+x04OjKYwLywEOksHhcw4lKvuqzt
OHii7C5ztZnpkxVthOMMgAZwc78ZoEj5HINYBdCH1QPlqBUTtYc+359g3N/v817/
wrD0VyUSyJBvsx6QKgbJnr30fMWGWxIJwyZJNnYnA9GijqLfG68x9TjyMyxv6wZU
wAaaD4UX6TsmkQ6K2wUBPyZMgMLRL3nkWm3Uu14A9iC6VrA5KC8QCmXbIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM2CKMofGq/mxBMC4sIy+o+rUUt5MB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEvellJb3loOGFyLWJFRXdMaXdqTDZqNnRSUzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJY+uMA0G
CSqGSIb3DQEBCwUAA4IBAQAnni0MbynCA7jLX/icKneaVRT7Zd6NJVjJ3OiyrwqL
5vt3kDP/2MSm3l46wOmS5ZtQEpKk1pzHPnF1lGxxi+bo8eUx9tH5iK4/4z8f4PLH
40OMuvcO35jJ35YWFcGSetfLGnK0zl4rsetSOoAjK/hhH6Ye5qpweng0Y+QjaSUo
rOVUjwxYju9obtoeXCJPxZUTUCh2Syp0KNPoh5V7X7hbTDhuIdLpiDhZWAXqtWe3
e8bC1jhN3R49K/ile1q5ZjVbpY12oGlStCYOrE5Z5zTVl1DcJlFeFEnurf27OTTg
lbggFfFGXoyUjLnMuCIQ6JwlgmyeWbDOxl8fLlYTjxj1
-----END CERTIFICATE-----