Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uL7vgDiNQXHoRqEByLaXABWzqmc.roa
File:                     uL7vgDiNQXHoRqEByLaXABWzqmc.roa (raw, json)
Hash identifier:          eo4wAzVEH9qJD2OyGHmhy+EFM8AYk4x1KNWazYRzGLY=
Subject key identifier:   B8:BE:EF:80:38:8D:41:71:E8:46:A1:01:C8:B6:97:00:15:B3:AA:67
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019067B8212AE3E30D63C7EC21659917540A
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uL7vgDiNQXHoRqEByLaXABWzqmc.roa
Signing time:             Sun 30 Jun 2024 05:57:18 +0000
ROA not before:           Sun 30 Jun 2024 05:57:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60172
IP address blocks:        37.9.51.0/24 maxlen: 24
                          146.185.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:67:b8:21:2a:e3:e3:0d:63:c7:ec:21:65:99:17:54:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jun 30 05:57:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8beef80388d4171e846a101c8b6970015b3aa67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:cf:11:ff:51:aa:e2:0e:6d:28:06:0d:fd:53:
                    39:5c:ba:51:9e:14:35:af:89:56:75:f9:40:cd:9a:
                    c7:70:75:0d:a0:91:12:9f:85:99:77:00:ac:a5:e4:
                    c4:99:50:eb:da:c1:2c:6f:6b:48:18:33:11:db:d7:
                    8f:d8:b4:6e:c3:cd:2a:fb:34:69:09:ad:71:38:3b:
                    ad:12:51:57:a8:7d:cc:33:71:6b:16:88:93:54:ea:
                    63:e6:c5:4e:b5:73:45:4b:e2:3b:4b:bb:d6:5f:ab:
                    30:95:25:2a:cc:a7:94:ab:32:88:3e:2a:ff:b3:9c:
                    54:7c:b4:97:e6:f0:a1:f6:d2:ec:56:99:95:13:28:
                    ec:b3:f4:db:e4:7a:f8:f7:8a:85:65:42:6b:72:45:
                    60:d4:a5:11:c1:b6:e0:a0:70:3f:16:d3:1f:84:55:
                    98:0d:be:95:f0:ab:98:1d:ec:04:64:af:b5:60:8a:
                    d0:0d:89:09:2e:21:10:aa:32:d0:2d:7b:8a:16:cd:
                    9b:08:09:93:d2:3b:b7:62:fc:69:a5:49:bf:f6:32:
                    83:98:87:95:8c:8e:5c:c0:66:5c:09:62:76:50:fd:
                    a3:d0:b2:44:7f:14:5a:8d:74:ea:f5:c6:d1:2f:e1:
                    da:d3:fe:b0:3b:54:f2:5a:79:5d:e0:f2:44:f8:89:
                    21:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:BE:EF:80:38:8D:41:71:E8:46:A1:01:C8:B6:97:00:15:B3:AA:67
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/uL7vgDiNQXHoRqEByLaXABWzqmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.9.51.0/24
                  146.185.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:14:c8:e5:50:ee:57:eb:57:04:da:1b:e3:bc:f0:fc:22:7a:
         25:60:96:1b:54:32:20:15:66:9f:b0:80:5e:a1:21:71:32:01:
         f7:ad:b3:cb:ed:84:ef:2d:b0:b9:bb:69:41:cc:0b:69:4f:f1:
         16:8a:18:8f:19:2f:a3:d1:98:e9:49:27:86:d6:1c:4b:47:fd:
         57:7b:25:d6:70:26:6e:b0:7d:07:aa:ce:43:32:30:c1:57:27:
         6a:ca:3a:9a:85:9a:2e:d0:da:2c:ab:ca:69:9e:bc:e4:b9:de:
         76:be:f2:76:97:69:d6:42:38:a2:c9:ec:b1:6a:9d:a2:51:72:
         56:c4:d9:14:26:06:19:5f:a5:a9:4b:63:ed:a2:64:45:2a:69:
         76:9b:b1:76:c2:22:ed:e8:56:ab:8f:46:b1:bd:91:dd:0a:ba:
         1c:dd:99:be:9a:01:d3:c4:79:0c:84:94:43:6d:53:86:d5:71:
         ab:e4:60:1c:f7:4c:21:02:40:32:1e:8a:b1:7a:1a:50:17:32:
         a6:3c:0b:3e:ac:77:66:38:bc:9f:0e:a4:cf:83:6d:3e:56:0c:
         8f:12:89:90:07:19:c5:ae:dc:ad:3c:b6:94:8d:8f:fe:aa:3a:
         e8:81:94:07:0d:ce:6e:15:de:aa:96:4d:71:cd:f5:59:bc:1d:
         dc:9e:8a:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZBnuCEq4+MNY8fsIWWZF1QKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwNjMwMDU1NzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGJlZWY4MDM4OGQ0MTcxZTg0NmExMDFjOGI2OTcwMDE1YjNhYTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA288R/1Gq4g5tKAYN/VM5XLpRnhQ1
r4lWdflAzZrHcHUNoJESn4WZdwCspeTEmVDr2sEsb2tIGDMR29eP2LRuw80q+zRp
Ca1xODutElFXqH3MM3FrFoiTVOpj5sVOtXNFS+I7S7vWX6swlSUqzKeUqzKIPir/
s5xUfLSX5vCh9tLsVpmVEyjss/Tb5Hr494qFZUJrckVg1KURwbbgoHA/FtMfhFWY
Db6V8KuYHewEZK+1YIrQDYkJLiEQqjLQLXuKFs2bCAmT0ju3YvxppUm/9jKDmIeV
jI5cwGZcCWJ2UP2j0LJEfxRajXTq9cbRL+Ha0/6wO1TyWnld4PJE+IkhUQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLi+74A4jUFx6EahAci2lwAVs6pnMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvdUw3dmdEaU5RWEhvUnFFQnlMYVhBQld6cW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJQkzAwQA
krnoMA0GCSqGSIb3DQEBCwUAA4IBAQBpFMjlUO5X61cE2hvjvPD8InolYJYbVDIg
FWafsIBeoSFxMgH3rbPL7YTvLbC5u2lBzAtpT/EWihiPGS+j0ZjpSSeG1hxLR/1X
eyXWcCZusH0Hqs5DMjDBVydqyjqahZou0Nosq8ppnrzkud52vvJ2l2nWQjiiyeyx
ap2iUXJWxNkUJgYZX6WpS2PtomRFKml2m7F2wiLt6Farj0axvZHdCroc3Zm+mgHT
xHkMhJRDbVOG1XGr5GAc90whAkAyHoqxehpQFzKmPAs+rHdmOLyfDqTPg20+VgyP
EomQBxnFrtytPLaUjY/+qjrogZQHDc5uFd6qlk1xzfVZvB3cnooi
-----END CERTIFICATE-----