Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/lGD-WU79Ntyq7p_mAJ8NQ5mxH9s.roa
File:                     lGD-WU79Ntyq7p_mAJ8NQ5mxH9s.roa (raw, json)
Hash identifier:          cuwY0QKnO+SgqaVoulQBEEVjqVUkpcGkIK9s+UFsUzQ=
Subject key identifier:   94:60:FE:59:4E:FD:36:DC:AA:EE:9F:E6:00:9F:0D:43:99:B1:1F:DB
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       019035275E16A5E7483F1BBD620D3835997D
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/lGD-WU79Ntyq7p_mAJ8NQ5mxH9s.roa
Signing time:             Thu 20 Jun 2024 10:18:10 +0000
ROA not before:           Thu 20 Jun 2024 10:18:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12357
IP address blocks:        37.222.0.0/15 maxlen: 24
                          87.125.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 13:01:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:27:5e:16:a5:e7:48:3f:1b:bd:62:0d:38:35:99:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jun 20 10:18:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9460fe594efd36dcaaee9fe6009f0d4399b11fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:93:fa:64:38:e2:58:8b:fb:73:1a:0d:d2:e2:
                    f9:0a:f9:33:ee:78:5d:13:fe:94:b8:84:ca:7d:db:
                    0a:c7:03:cd:1a:9d:d7:22:ed:c6:99:87:d9:4e:90:
                    9f:63:ff:d8:75:20:e1:96:ed:1e:cb:d6:f8:d6:b9:
                    3a:61:e6:61:e5:3e:a5:77:36:c0:d6:f4:82:b8:76:
                    3a:00:47:2f:95:a2:33:9a:f6:f4:1c:c1:6a:a1:aa:
                    87:d3:5d:a1:55:d7:ec:bb:2a:8f:a9:0d:23:b1:95:
                    75:55:bf:70:8c:5b:7c:78:27:23:87:67:58:8a:c2:
                    18:b5:10:87:0d:87:10:cb:1c:f5:21:74:23:8b:c5:
                    86:f4:d4:f3:77:68:c2:39:82:de:5d:c1:66:30:56:
                    4a:29:e9:22:01:dc:95:a6:fa:50:79:34:16:bf:3a:
                    05:f4:3e:d7:2c:f5:77:70:72:1e:9c:71:28:3a:2e:
                    60:9a:d8:27:c2:ca:da:e6:c7:4f:9f:99:36:d6:5e:
                    56:e3:de:01:67:bc:71:9a:04:e2:6a:69:57:ff:29:
                    ff:bc:6b:0a:f2:58:67:0c:02:5f:5a:c9:16:89:50:
                    b1:d1:e6:24:97:ff:58:f8:42:38:7d:1d:e9:28:50:
                    4d:48:6e:f4:49:b3:ec:2f:38:c2:98:cd:43:bc:0c:
                    09:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:60:FE:59:4E:FD:36:DC:AA:EE:9F:E6:00:9F:0D:43:99:B1:1F:DB
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/lGD-WU79Ntyq7p_mAJ8NQ5mxH9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.222.0.0/15
                  87.125.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bc:c2:f6:07:de:b8:c8:6c:38:a6:15:d4:56:25:46:8b:63:55:
         4a:ae:92:76:02:cf:3a:94:4d:f4:ee:d4:c9:fe:d1:07:f0:8b:
         90:07:51:9f:f5:1d:ab:bc:30:be:f4:02:a6:48:ef:62:52:cd:
         7e:6c:ac:7a:b5:67:0c:8e:78:3b:44:a4:5f:1b:66:05:3b:e0:
         01:6a:fa:22:ad:02:18:c6:1d:d1:53:fc:7c:11:46:3a:e6:a8:
         d2:1d:66:7c:04:e8:10:81:82:1b:a4:b0:e6:23:11:4e:6b:22:
         83:55:c2:23:80:86:da:43:c5:2e:4d:37:59:7f:6f:a7:5d:bc:
         bd:2d:c2:c6:86:c2:58:3c:c5:c1:ad:68:f4:1a:29:3d:fe:42:
         c5:9e:ba:89:f0:fd:58:ee:7d:36:53:21:59:e1:39:a8:f0:0d:
         42:d1:9c:04:bd:de:bb:40:f8:86:30:7f:31:66:db:39:7d:d3:
         28:3d:70:6c:89:cf:90:32:a4:b2:69:7a:e8:97:c6:8b:5a:bf:
         e7:19:e7:c8:81:ac:6e:29:e5:4f:1e:e8:b9:da:f7:fb:71:9c:
         98:fd:c3:82:08:d0:a0:af:50:f9:5e:df:a9:e8:e7:ed:d0:1e:
         00:8d:b3:cf:49:4b:98:72:e0:9f:3c:11:93:33:00:84:24:5d:
         b9:c9:3c:69
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZA1J14WpedIPxu9Yg04NZl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjQwNjIwMTAxODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDYwZmU1OTRlZmQzNmRjYWFlZTlmZTYwMDlmMGQ0Mzk5YjExZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25P6ZDjiWIv7cxoN0uL5Cvkz7nhd
E/6UuITKfdsKxwPNGp3XIu3GmYfZTpCfY//YdSDhlu0ey9b41rk6YeZh5T6ldzbA
1vSCuHY6AEcvlaIzmvb0HMFqoaqH012hVdfsuyqPqQ0jsZV1Vb9wjFt8eCcjh2dY
isIYtRCHDYcQyxz1IXQji8WG9NTzd2jCOYLeXcFmMFZKKekiAdyVpvpQeTQWvzoF
9D7XLPV3cHIenHEoOi5gmtgnwsra5sdPn5k21l5W494BZ7xxmgTiamlX/yn/vGsK
8lhnDAJfWskWiVCx0eYkl/9Y+EI4fR3pKFBNSG70SbPsLzjCmM1DvAwJ5QIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFJRg/llO/Tbcqu6f5gCfDUOZsR/bMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvbEdELVdVNzlOdHlxN3BfbUFKOE5RNW14SDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCMGCCsGAQUFBwEHAQH/BBQwEjAQBAIAATAKAwMBJd4DAwBX
fTANBgkqhkiG9w0BAQsFAAOCAQEAvML2B964yGw4phXUViVGi2NVSq6SdgLPOpRN
9O7Uyf7RB/CLkAdRn/Udq7wwvvQCpkjvYlLNfmyserVnDI54O0SkXxtmBTvgAWr6
Iq0CGMYd0VP8fBFGOuao0h1mfAToEIGCG6Sw5iMRTmsig1XCI4CG2kPFLk03WX9v
p128vS3CxobCWDzFwa1o9BopPf5CxZ66ifD9WO59NlMhWeE5qPANQtGcBL3eu0D4
hjB/MWbbOX3TKD1wbInPkDKksml66JfGi1q/5xnnyIGsbinlTx7oudr3+3GcmP3D
ggjQoK9Q+V7fqejn7dAeAI2zz0lLmHLgnzwRkzMAhCRduck8aQ==
-----END CERTIFICATE-----