Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/4CCwoDvVz37WCgTEcjfOO81myx8.roa
File:                     4CCwoDvVz37WCgTEcjfOO81myx8.roa (raw, json)
Hash identifier:          b3SCaXfYBhUdCVngxiWYqn8wang0GLBuLnINM3qV2QU=
Subject key identifier:   E0:20:B0:A0:3B:D5:CF:7E:D6:0A:04:C4:72:37:CE:3B:CD:66:CB:1F
Certificate issuer:       /CN=36574be6ae76cd523b33787cfbdb69264263d074
Certificate serial:       018CC7276374122910FD050917A0CB7A71AE
Authority key identifier: 36:57:4B:E6:AE:76:CD:52:3B:33:78:7C:FB:DB:69:26:42:63:D0:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/4CCwoDvVz37WCgTEcjfOO81myx8.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200873
IP address blocks:        37.221.99.0/24 maxlen: 24
                          185.67.236.0/23 maxlen: 23
                          185.67.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/NldL5q52zVI7M3h8-9tpJkJj0HQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/NldL5q52zVI7M3h8-9tpJkJj0HQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:63:74:12:29:10:fd:05:09:17:a0:cb:7a:71:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36574be6ae76cd523b33787cfbdb69264263d074
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e020b0a03bd5cf7ed60a04c47237ce3bcd66cb1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:79:4a:1d:84:a7:0d:bf:a7:48:ae:f4:e2:c5:
                    2c:c6:a6:30:02:22:47:56:50:44:4b:71:95:a1:d6:
                    ce:ee:d5:29:66:ea:a3:55:0f:0f:3c:0e:b4:cd:ea:
                    a6:19:af:fb:c7:aa:15:c4:a4:8b:16:f0:c3:1a:7e:
                    b6:d6:06:55:32:59:e1:94:f5:cc:44:1e:0d:c9:ee:
                    df:95:b8:f8:63:a2:44:f5:80:51:eb:0e:f6:40:3f:
                    2d:43:cb:48:c4:f4:a1:f3:11:9a:7a:24:06:fc:b2:
                    ee:61:8c:e2:41:e3:be:51:14:8f:92:0e:10:e6:7e:
                    d6:8b:d6:0d:c5:9d:e7:14:ae:bd:04:78:b4:61:77:
                    9e:7d:d9:cc:e6:7d:94:5b:22:ed:f2:ab:48:f9:37:
                    19:60:b4:66:77:27:f5:07:a0:4e:d5:18:0e:05:9e:
                    a3:f1:36:72:bb:99:18:8f:c6:bb:14:8a:6b:58:00:
                    a8:98:f8:a8:b7:c1:33:34:10:66:75:8b:68:58:78:
                    79:35:57:db:e1:2c:be:9d:7d:a2:45:99:ed:7a:56:
                    35:70:79:fd:50:4d:b4:04:a3:79:3b:d6:90:0b:6f:
                    34:13:80:a8:16:50:8a:ca:12:1d:c0:71:6e:b4:07:
                    20:6b:37:e0:99:d0:13:85:41:26:d3:66:0b:04:ff:
                    b5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:20:B0:A0:3B:D5:CF:7E:D6:0A:04:C4:72:37:CE:3B:CD:66:CB:1F
            X509v3 Authority Key Identifier:
                keyid:36:57:4B:E6:AE:76:CD:52:3B:33:78:7C:FB:DB:69:26:42:63:D0:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NldL5q52zVI7M3h8-9tpJkJj0HQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/4CCwoDvVz37WCgTEcjfOO81myx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/7e1d94-1854-473d-8753-18ded80b4b5d/1/NldL5q52zVI7M3h8-9tpJkJj0HQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.99.0/24
                  185.67.236.0-185.67.238.255

    Signature Algorithm: sha256WithRSAEncryption
         5a:09:2c:5c:ee:e9:d7:f2:fd:00:03:bc:b3:04:4b:e3:8d:a8:
         1a:39:b0:00:d4:b2:88:3c:9a:05:84:1d:5d:cf:fc:26:85:85:
         26:d0:ce:e0:93:f8:af:1d:97:b4:3c:6c:f8:69:a7:a7:d2:e8:
         c6:74:e4:f3:28:13:4e:dc:7d:b2:34:c6:f3:a2:e2:cd:09:2e:
         b8:36:27:df:70:c3:fd:e9:53:e1:7c:c1:91:58:68:90:1a:72:
         56:60:79:14:a7:77:b8:41:f9:9c:e9:53:e6:08:9a:3c:de:bd:
         81:a2:b5:87:f3:f6:2c:01:cd:17:c3:8e:6e:8a:4e:02:51:fb:
         a0:34:46:07:f3:b7:78:47:bd:5e:b9:14:9c:52:5c:f6:83:de:
         93:c9:f2:c8:56:2e:9f:f8:7e:95:be:ef:6d:d5:19:73:fb:15:
         ca:4f:39:ea:04:db:24:9c:5d:37:5d:9e:72:e4:e1:ff:67:9c:
         31:af:8b:62:b6:56:18:ea:9a:d7:9c:a6:7c:93:8b:28:41:a2:
         61:8e:cc:2b:89:06:81:15:c0:57:2f:3b:60:ff:86:a1:71:8e:
         4f:bc:fd:b9:24:31:f3:28:f1:40:db:c3:de:1a:56:8c:b1:ff:
         f0:94:a6:d0:2a:1a:93:81:9f:19:35:6d:27:dd:6b:4e:29:ee:
         bc:6b:71:f9
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHJ2N0EikQ/QUJF6DLenGuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NTc0YmU2YWU3NmNkNTIzYjMzNzg3Y2ZiZGI2OTI2NDI2
M2QwNzQwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDIwYjBhMDNiZDVjZjdlZDYwYTA0YzQ3MjM3Y2UzYmNkNjZjYjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXlKHYSnDb+nSK704sUsxqYwAiJH
VlBES3GVodbO7tUpZuqjVQ8PPA60zeqmGa/7x6oVxKSLFvDDGn621gZVMlnhlPXM
RB4Nye7flbj4Y6JE9YBR6w72QD8tQ8tIxPSh8xGaeiQG/LLuYYziQeO+URSPkg4Q
5n7Wi9YNxZ3nFK69BHi0YXeefdnM5n2UWyLt8qtI+TcZYLRmdyf1B6BO1RgOBZ6j
8TZyu5kYj8a7FIprWAComPiot8EzNBBmdYtoWHh5NVfb4Sy+nX2iRZntelY1cHn9
UE20BKN5O9aQC280E4CoFlCKyhIdwHFutAcgazfgmdAThUEm02YLBP+1OwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOAgsKA71c9+1goExHI3zjvNZssfMB8GA1UdIwQY
MBaAFDZXS+auds1SOzN4fPvbaSZCY9B0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmxkTDVxNTJ6Vkk3TTNoOC05dHBKa0pqMEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS83ZTFkOTQtMTg1NC00NzNkLTg3NTMt
MThkZWQ4MGI0YjVkLzEvNENDd29EdlZ6MzdXQ2dURWNqZk9PODFteXg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS83ZTFkOTQtMTg1NC00NzNkLTg3NTMtMThkZWQ4MGI0YjVk
LzEvTmxkTDVxNTJ6Vkk3TTNoOC05dHBKa0pqMEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAJd1jMAwD
BAK5Q+wDBAC5Q+4wDQYJKoZIhvcNAQELBQADggEBAFoJLFzu6dfy/QADvLMES+ON
qBo5sADUsog8mgWEHV3P/CaFhSbQzuCT+K8dl7Q8bPhpp6fS6MZ05PMoE07cfbI0
xvOi4s0JLrg2J99ww/3pU+F8wZFYaJAaclZgeRSnd7hB+ZzpU+YImjzevYGitYfz
9iwBzRfDjm6KTgJR+6A0Rgfzt3hHvV65FJxSXPaD3pPJ8shWLp/4fpW+723VGXP7
FcpPOeoE2yScXTddnnLk4f9nnDGvi2K2VhjqmtecpnyTiyhBomGOzCuJBoEVwFcv
O2D/hqFxjk+8/bkkMfMo8UDbw94aVoyx//CUptAqGpOBnxk1bSfda04p7rxrcfk=
-----END CERTIFICATE-----