Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/52yNUwd1MPlR5dyvcdJ3i3QgqyE.roa
File:                     52yNUwd1MPlR5dyvcdJ3i3QgqyE.roa (raw, json)
Hash identifier:          UHX5ehwGgRGx2k5azGZPr7jzt62HUq6PwHor1v9cV5I=
Subject key identifier:   E7:6C:8D:53:07:75:30:F9:51:E5:DC:AF:71:D2:77:8B:74:20:AB:21
Certificate issuer:       /CN=f32be982060a43734d0ad126ad46da2f395c9def
Certificate serial:       018CCA2A129E6832852858911F0EFDD25C53
Authority key identifier: F3:2B:E9:82:06:0A:43:73:4D:0A:D1:26:AD:46:DA:2F:39:5C:9D:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/52yNUwd1MPlR5dyvcdJ3i3QgqyE.roa
Signing time:             Tue 02 Jan 2024 12:33:23 +0000
ROA not before:           Tue 02 Jan 2024 12:33:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59972
IP address blocks:        185.37.200.0/24 maxlen: 24
                          185.37.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 May 2024 07:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:12:9e:68:32:85:28:58:91:1f:0e:fd:d2:5c:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f32be982060a43734d0ad126ad46da2f395c9def
        Validity
            Not Before: Jan  2 12:33:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e76c8d53077530f951e5dcaf71d2778b7420ab21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f5:ed:f4:5d:63:d1:e6:a6:6e:db:c5:65:36:
                    f7:40:4a:e4:d8:ce:c5:02:5d:fc:c7:6e:84:69:fd:
                    66:f2:41:87:7f:e5:fe:36:79:c6:20:49:0a:69:94:
                    68:e6:45:a6:ee:37:a4:ab:6e:dc:66:45:00:57:bd:
                    9b:6c:1d:8a:2a:a2:0c:dc:4b:7f:21:38:b6:64:d1:
                    91:42:77:2b:af:45:6d:a2:37:29:58:6d:2f:27:17:
                    b1:b8:93:be:66:cc:5d:2d:8d:ac:f8:3a:eb:90:0b:
                    c5:6e:ec:ad:02:5a:21:84:ce:59:43:f5:64:04:3a:
                    47:01:0d:68:db:2e:58:9f:60:2d:e9:d4:84:52:c7:
                    5d:87:f5:e2:7c:2b:d6:69:0a:04:80:cf:ea:0c:92:
                    fa:35:a2:64:89:0e:61:13:7e:9b:f8:41:77:c3:17:
                    d0:c5:61:e0:df:0f:74:1e:08:3d:bd:e4:12:49:f6:
                    f4:a0:d1:75:d1:16:73:7c:76:45:66:50:4a:27:20:
                    cb:c5:a6:76:0c:8d:f5:12:2c:b6:4c:2d:f6:2b:1c:
                    c4:00:dd:07:3a:d0:08:f9:c9:2e:26:95:d3:6a:59:
                    d5:05:1d:02:c5:64:f1:59:b0:47:f1:fb:78:10:17:
                    2c:41:24:eb:b4:f9:66:2d:0a:30:59:a0:45:b3:15:
                    c7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:6C:8D:53:07:75:30:F9:51:E5:DC:AF:71:D2:77:8B:74:20:AB:21
            X509v3 Authority Key Identifier:
                keyid:F3:2B:E9:82:06:0A:43:73:4D:0A:D1:26:AD:46:DA:2F:39:5C:9D:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8yvpggYKQ3NNCtEmrUbaLzlcne8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/52yNUwd1MPlR5dyvcdJ3i3QgqyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/da3b1d-7acf-451f-b68b-99bcbe6d7f63/1/8yvpggYKQ3NNCtEmrUbaLzlcne8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.200.0/24
                  185.37.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:0a:69:dd:69:ea:4a:ef:e2:f5:dd:ff:2c:57:4d:f7:0d:89:
         f3:f9:e0:34:26:9e:aa:79:a6:1f:59:10:b3:f4:a3:25:40:d9:
         c4:d5:90:ac:27:a3:5e:c4:1b:de:50:e8:64:51:bd:9a:80:7a:
         a3:18:86:a7:2b:f9:95:d6:27:1f:ce:25:90:b4:75:f1:c7:f6:
         b2:e1:13:5f:84:41:1b:69:67:8f:64:94:22:60:10:f8:b8:09:
         6d:d5:19:0e:42:7a:d0:4b:d4:0e:08:1f:d6:b4:a1:6f:01:43:
         06:6e:d7:28:c9:b5:db:31:fc:89:7c:c0:9f:82:39:6f:4f:4e:
         8d:c6:c5:13:e8:7f:f2:f7:82:20:e5:2c:f7:c8:fb:b4:74:5b:
         83:99:2b:31:a8:51:fe:50:c4:a6:02:65:6f:5f:38:6b:be:ed:
         bc:6b:e7:0d:66:32:11:c4:c0:2e:69:e3:8c:c5:90:01:c6:c3:
         45:32:52:b4:72:e4:fa:f0:b6:14:0b:23:7d:a1:9a:f1:90:89:
         e3:2c:2e:8e:b3:88:c7:f3:f5:87:2c:4f:f2:10:0b:ed:66:33:
         65:12:d4:3f:84:27:ea:f6:64:45:d6:9c:ae:14:fc:7b:47:6f:
         32:b2:15:bb:0f:da:ba:76:c9:17:c9:fc:8e:3c:13:d8:15:23:
         5d:0d:91:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKhKeaDKFKFiRHw790lxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMmJlOTgyMDYwYTQzNzM0ZDBhZDEyNmFkNDZkYTJmMzk1
YzlkZWYwHhcNMjQwMTAyMTIzMzIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzZjOGQ1MzA3NzUzMGY5NTFlNWRjYWY3MWQyNzc4Yjc0MjBhYjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/Xt9F1j0eambtvFZTb3QErk2M7F
Al38x26Eaf1m8kGHf+X+NnnGIEkKaZRo5kWm7jekq27cZkUAV72bbB2KKqIM3Et/
ITi2ZNGRQncrr0VtojcpWG0vJxexuJO+ZsxdLY2s+DrrkAvFbuytAlohhM5ZQ/Vk
BDpHAQ1o2y5Yn2At6dSEUsddh/XifCvWaQoEgM/qDJL6NaJkiQ5hE36b+EF3wxfQ
xWHg3w90Hgg9veQSSfb0oNF10RZzfHZFZlBKJyDLxaZ2DI31Eiy2TC32KxzEAN0H
OtAI+ckuJpXTalnVBR0CxWTxWbBH8ft4EBcsQSTrtPlmLQowWaBFsxXHjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOdsjVMHdTD5UeXcr3HSd4t0IKshMB8GA1UdIwQY
MBaAFPMr6YIGCkNzTQrRJq1G2i85XJ3vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHl2cGdnWUtRM05OQ3RFbXJVYmFMemxjbmU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kYTNiMWQtN2FjZi00NTFmLWI2OGIt
OTliY2JlNmQ3ZjYzLzEvNTJ5TlV3ZDFNUGxSNWR5dmNkSjNpM1FncXlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kYTNiMWQtN2FjZi00NTFmLWI2OGItOTliY2JlNmQ3ZjYz
LzEvOHl2cGdnWUtRM05OQ3RFbXJVYmFMemxjbmU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuSXIAwQA
uSXKMA0GCSqGSIb3DQEBCwUAA4IBAQCiCmndaepK7+L13f8sV033DYnz+eA0Jp6q
eaYfWRCz9KMlQNnE1ZCsJ6NexBveUOhkUb2agHqjGIanK/mV1icfziWQtHXxx/ay
4RNfhEEbaWePZJQiYBD4uAlt1RkOQnrQS9QOCB/WtKFvAUMGbtcoybXbMfyJfMCf
gjlvT06NxsUT6H/y94Ig5Sz3yPu0dFuDmSsxqFH+UMSmAmVvXzhrvu28a+cNZjIR
xMAuaeOMxZABxsNFMlK0cuT68LYUCyN9oZrxkInjLC6Os4jH8/WHLE/yEAvtZjNl
EtQ/hCfq9mRF1pyuFPx7R28yshW7D9q6dskXyfyOPBPYFSNdDZEf
-----END CERTIFICATE-----