Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/cBxanwiGWurA3NxinXihD34d3YU.roa
File:                     cBxanwiGWurA3NxinXihD34d3YU.roa (raw, json)
Hash identifier:          t1K/KqmABQ/VwysSwGoRxILUsqcCHmuF8IuyEE3CIqw=
Subject key identifier:   70:1C:5A:9F:08:86:5A:EA:C0:DC:DC:62:9D:78:A1:0F:7E:1D:DD:85
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E017C04383B8C29FCAE0ACD038A52
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/cBxanwiGWurA3NxinXihD34d3YU.roa
Signing time:             Mon 01 Jan 2024 14:29:30 +0000
ROA not before:           Mon 01 Jan 2024 14:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41112
IP address blocks:        146.185.232.0/24 maxlen: 24
                          37.9.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:01:7c:04:38:3b:8c:29:fc:ae:0a:cd:03:8a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=701c5a9f08865aeac0dcdc629d78a10f7e1ddd85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:be:c6:bc:3f:7e:da:12:c0:85:f8:88:3c:c9:
                    7f:a2:a2:bb:4b:23:65:ca:f6:66:15:02:17:7e:82:
                    6d:0b:3d:ca:81:6f:55:8b:ab:be:d3:36:13:23:04:
                    fe:0e:31:d0:29:a9:8e:c2:1f:58:23:a7:04:b5:2e:
                    49:a7:b8:62:1d:ad:0e:b2:ab:31:6d:63:aa:a4:1d:
                    13:a8:bd:bd:a7:53:f0:df:56:9d:cb:03:3e:99:4a:
                    b0:fb:53:82:9c:15:69:04:ea:92:e0:cc:d3:10:54:
                    93:7b:9b:23:03:68:06:b2:bc:86:b6:3b:fb:1a:9f:
                    1d:15:7b:35:7e:f6:51:a8:b2:48:ea:a9:13:4b:9d:
                    f0:6b:75:69:c1:25:15:e9:97:89:25:9f:fe:a7:c0:
                    42:85:9b:d3:33:03:04:1d:0e:d9:5b:4a:35:f2:ab:
                    54:3c:02:9c:96:f8:25:9e:69:bd:69:1d:71:fd:d5:
                    64:8b:81:3d:62:29:35:59:14:42:1e:3a:b4:70:21:
                    e9:a5:03:79:2e:74:94:10:1f:d5:7a:2c:3d:6b:ee:
                    fd:8c:78:21:1c:f5:5d:70:89:18:d7:7d:41:9a:6b:
                    a9:20:07:e1:70:11:4e:4a:c5:75:18:53:db:8a:b3:
                    c3:a7:bb:6f:6e:66:1b:65:36:90:ec:38:03:15:7e:
                    60:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:1C:5A:9F:08:86:5A:EA:C0:DC:DC:62:9D:78:A1:0F:7E:1D:DD:85
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/cBxanwiGWurA3NxinXihD34d3YU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.9.51.0/24
                  146.185.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:42:b0:65:56:9b:23:2f:a8:33:ec:cd:6c:09:be:93:5c:7b:
         52:64:84:65:c2:38:0c:48:e0:be:3f:0b:8b:10:d8:fb:7e:5d:
         af:bf:d4:22:02:7c:e9:d8:3b:e3:ac:c1:b1:3e:0e:d1:12:b7:
         8b:41:cb:54:1b:0d:97:39:05:55:e6:68:b9:2e:39:6b:ef:47:
         4e:90:d4:c4:4d:9c:90:45:53:ed:fe:f6:ac:9b:19:bf:45:57:
         46:0e:45:52:73:f4:f3:d4:83:12:87:a1:6c:85:d6:29:30:9c:
         71:26:6b:e9:73:3b:3a:fb:c5:b3:8e:e7:f0:df:b1:4e:8f:15:
         cb:e5:47:32:aa:c9:bf:ef:6b:96:f2:f0:8d:55:40:9a:40:91:
         05:5e:f8:72:1d:10:34:07:4d:6a:fa:89:fd:8d:88:36:1f:07:
         a6:2d:17:23:3f:70:26:36:f1:b9:92:5b:e7:94:40:0e:27:2e:
         35:6c:e0:6b:4b:cf:b5:4b:0a:80:4b:09:8c:dc:3a:c7:e9:dc:
         e6:db:d0:df:fa:b4:01:2b:80:5f:5f:e4:d6:a6:5f:ca:7c:1f:
         ac:b1:22:b0:3b:ca:5a:97:f3:ce:6d:27:ed:32:43:67:bd:7e:
         1c:51:11:59:d9:a6:09:3b:9d:f6:c8:48:c8:74:14:51:97:f2:
         18:ca:ae:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbgF8BDg7jCn8rgrNA4pSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDFjNWE5ZjA4ODY1YWVhYzBkY2RjNjI5ZDc4YTEwZjdlMWRkZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0b7GvD9+2hLAhfiIPMl/oqK7SyNl
yvZmFQIXfoJtCz3KgW9Vi6u+0zYTIwT+DjHQKamOwh9YI6cEtS5Jp7hiHa0Osqsx
bWOqpB0TqL29p1Pw31adywM+mUqw+1OCnBVpBOqS4MzTEFSTe5sjA2gGsryGtjv7
Gp8dFXs1fvZRqLJI6qkTS53wa3VpwSUV6ZeJJZ/+p8BChZvTMwMEHQ7ZW0o18qtU
PAKclvglnmm9aR1x/dVki4E9Yik1WRRCHjq0cCHppQN5LnSUEB/Veiw9a+79jHgh
HPVdcIkY131BmmupIAfhcBFOSsV1GFPbirPDp7tvbmYbZTaQ7DgDFX5glwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHAcWp8IhlrqwNzcYp14oQ9+Hd2FMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvY0J4YW53aUdXdXJBM054aW5YaWhEMzRkM1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJQkzAwQA
krnoMA0GCSqGSIb3DQEBCwUAA4IBAQAPQrBlVpsjL6gz7M1sCb6TXHtSZIRlwjgM
SOC+PwuLENj7fl2vv9QiAnzp2DvjrMGxPg7REreLQctUGw2XOQVV5mi5Ljlr70dO
kNTETZyQRVPt/vasmxm/RVdGDkVSc/Tz1IMSh6FshdYpMJxxJmvpczs6+8Wzjufw
37FOjxXL5Ucyqsm/72uW8vCNVUCaQJEFXvhyHRA0B01q+on9jYg2HwemLRcjP3Am
NvG5klvnlEAOJy41bOBrS8+1SwqASwmM3DrH6dzm29Df+rQBK4BfX+TWpl/KfB+s
sSKwO8pal/PObSftMkNnvX4cURFZ2aYJO532yEjIdBRRl/IYyq4W
-----END CERTIFICATE-----