Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/cScHY9A9XTP75mG8d_Ds7IO1m4g.roa
File:                     cScHY9A9XTP75mG8d_Ds7IO1m4g.roa (raw, json)
Hash identifier:          XWai+Z67aOcz9ZXnaIXa2pDDe16XY3ADQLn74mINplE=
Subject key identifier:   71:27:07:63:D0:3D:5D:33:FB:E6:61:BC:77:F0:EC:EC:83:B5:9B:88
Certificate issuer:       /CN=cd626bbb7b69eec9f6790b03705545b892fa2e8a
Certificate serial:       018CC64B48E67A9EBAFB986527BBFD7CBF15
Authority key identifier: CD:62:6B:BB:7B:69:EE:C9:F6:79:0B:03:70:55:45:B8:92:FA:2E:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWJru3tp7sn2eQsDcFVFuJL6Loo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/cScHY9A9XTP75mG8d_Ds7IO1m4g.roa
Signing time:             Mon 01 Jan 2024 18:31:11 +0000
ROA not before:           Mon 01 Jan 2024 18:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45015
IP address blocks:        134.90.248.0/21 maxlen: 21
                          37.99.248.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/zWJru3tp7sn2eQsDcFVFuJL6Loo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/zWJru3tp7sn2eQsDcFVFuJL6Loo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zWJru3tp7sn2eQsDcFVFuJL6Loo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:48:e6:7a:9e:ba:fb:98:65:27:bb:fd:7c:bf:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd626bbb7b69eec9f6790b03705545b892fa2e8a
        Validity
            Not Before: Jan  1 18:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71270763d03d5d33fbe661bc77f0ecec83b59b88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:97:7a:df:fd:55:85:ec:f4:d7:88:10:50:8b:
                    fc:3f:12:4a:d0:74:bd:d7:f3:41:59:2b:6e:a5:d8:
                    21:22:d9:1a:49:42:b1:3c:80:5d:be:da:af:60:9e:
                    7b:46:bb:99:65:c0:94:99:0e:d3:61:40:8e:29:37:
                    6b:50:cb:2e:0f:55:da:ff:5b:23:2d:ef:54:24:d9:
                    7d:28:0a:b4:9b:27:31:f5:85:d0:e3:d5:d6:49:38:
                    6f:7a:a1:67:05:56:12:99:62:e1:0b:17:d6:7a:f8:
                    3b:f8:73:eb:15:d0:db:70:38:70:1f:50:b6:19:d8:
                    b1:58:5e:26:86:85:89:cf:5d:33:5c:33:d6:62:90:
                    5a:80:8e:31:52:8f:af:4b:aa:79:71:a1:d0:45:76:
                    c9:28:e3:c7:90:b7:5b:1a:a3:af:b5:9d:0f:4b:c0:
                    c8:e0:76:ad:f2:64:09:ce:3d:e7:33:71:d0:b3:dd:
                    a3:5b:56:e7:48:91:ec:7c:93:11:31:a6:fc:3e:f3:
                    fb:0e:04:65:d2:d0:98:38:3b:34:47:0a:92:97:c2:
                    e6:28:84:50:1d:9f:69:ca:67:6d:42:2a:e6:76:a3:
                    c2:be:a6:6f:96:f6:ba:b9:4f:7b:cf:58:f1:1b:03:
                    6e:7a:3e:43:99:4a:48:eb:81:ff:83:b1:4f:3d:2f:
                    ee:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:27:07:63:D0:3D:5D:33:FB:E6:61:BC:77:F0:EC:EC:83:B5:9B:88
            X509v3 Authority Key Identifier:
                keyid:CD:62:6B:BB:7B:69:EE:C9:F6:79:0B:03:70:55:45:B8:92:FA:2E:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWJru3tp7sn2eQsDcFVFuJL6Loo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/cScHY9A9XTP75mG8d_Ds7IO1m4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2b37df-8ffe-41e5-ac07-c0f89ad36bca/1/zWJru3tp7sn2eQsDcFVFuJL6Loo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.99.248.0/21
                  134.90.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         84:5d:dd:f5:6a:6f:aa:ac:db:ee:4c:99:10:f8:91:cd:99:79:
         8f:f0:f7:26:45:ef:32:6c:1a:24:bf:64:28:ed:56:95:b6:6b:
         92:6e:97:77:9e:3e:0f:79:58:08:0e:13:4c:7f:8f:05:4d:d2:
         fc:13:86:5b:95:5f:0a:9d:20:37:6b:07:45:39:f0:13:04:d0:
         a9:02:f6:fb:e0:1c:66:93:3d:ad:c5:e2:c3:2a:7e:29:f7:9c:
         24:3a:6f:17:a7:de:57:7f:41:78:5b:b0:b3:96:12:4b:cb:c0:
         48:71:96:48:05:05:05:04:52:10:0f:b3:06:09:ef:32:59:9c:
         be:4a:54:4e:f5:aa:f2:90:ae:f3:dc:59:9a:e1:5c:01:1c:3e:
         76:08:79:6c:4a:d5:5d:eb:da:b5:bd:25:d1:2e:cf:b9:dc:f1:
         ff:da:ef:e7:e8:a0:20:73:65:79:a5:ce:ea:33:64:a0:55:d2:
         c1:2c:7a:f1:58:59:6d:ad:69:35:b7:3c:df:ff:f5:01:8e:a0:
         0a:23:7f:3d:69:6b:3b:06:6f:25:a7:7f:24:a9:71:9c:8a:9c:
         89:02:c1:1a:2e:d0:91:d4:50:21:4a:3a:25:d8:86:f5:5b:78:
         cd:4c:f4:0c:0c:c2:32:38:3c:6d:a2:11:20:07:52:ec:52:96:
         e1:14:2e:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS0jmep66+5hlJ7v9fL8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjI2YmJiN2I2OWVlYzlmNjc5MGIwMzcwNTU0NWI4OTJm
YTJlOGEwHhcNMjQwMTAxMTgzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI3MDc2M2QwM2Q1ZDMzZmJlNjYxYmM3N2YwZWNlYzgzYjU5Yjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJd63/1Vhez014gQUIv8PxJK0HS9
1/NBWStupdghItkaSUKxPIBdvtqvYJ57RruZZcCUmQ7TYUCOKTdrUMsuD1Xa/1sj
Le9UJNl9KAq0mycx9YXQ49XWSThveqFnBVYSmWLhCxfWevg7+HPrFdDbcDhwH1C2
GdixWF4mhoWJz10zXDPWYpBagI4xUo+vS6p5caHQRXbJKOPHkLdbGqOvtZ0PS8DI
4Hat8mQJzj3nM3HQs92jW1bnSJHsfJMRMab8PvP7DgRl0tCYODs0RwqSl8LmKIRQ
HZ9pymdtQirmdqPCvqZvlva6uU97z1jxGwNuej5DmUpI64H/g7FPPS/uaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHEnB2PQPV0z++ZhvHfw7OyDtZuIMB8GA1UdIwQY
MBaAFM1ia7t7ae7J9nkLA3BVRbiS+i6KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldKcnUzdHA3c24yZVFzRGNGVkZ1Skw2TG9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yYjM3ZGYtOGZmZS00MWU1LWFjMDct
YzBmODlhZDM2YmNhLzEvY1NjSFk5QTlYVFA3NW1HOGRfRHM3SU8xbTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yYjM3ZGYtOGZmZS00MWU1LWFjMDctYzBmODlhZDM2YmNh
LzEveldKcnUzdHA3c24yZVFzRGNGVkZ1Skw2TG9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJWP4AwQD
hlr4MA0GCSqGSIb3DQEBCwUAA4IBAQCEXd31am+qrNvuTJkQ+JHNmXmP8PcmRe8y
bBokv2Qo7VaVtmuSbpd3nj4PeVgIDhNMf48FTdL8E4ZblV8KnSA3awdFOfATBNCp
Avb74Bxmkz2txeLDKn4p95wkOm8Xp95Xf0F4W7CzlhJLy8BIcZZIBQUFBFIQD7MG
Ce8yWZy+SlRO9arykK7z3Fma4VwBHD52CHlsStVd69q1vSXRLs+53PH/2u/n6KAg
c2V5pc7qM2SgVdLBLHrxWFltrWk1tzzf//UBjqAKI389aWs7Bm8lp38kqXGcipyJ
AsEaLtCR1FAhSjol2Ib1W3jNTPQMDMIyODxtohEgB1LsUpbhFC5S
-----END CERTIFICATE-----