Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/Tfbz4XRqO9N8l5fqVzAm31f2004.roa
File:                     Tfbz4XRqO9N8l5fqVzAm31f2004.roa (raw, json)
Hash identifier:          i9m9fA86UpDXkafd35BO763NMxyHtr/odwJ1Rv9yrLY=
Subject key identifier:   4D:F6:F3:E1:74:6A:3B:D3:7C:97:97:EA:57:30:26:DF:57:F6:D3:4E
Certificate issuer:       /CN=353e3f28e647e92ac8a710c305c2e21b623edc1c
Certificate serial:       018CC5DC921292B179A479448A7DA58F9040
Authority key identifier: 35:3E:3F:28:E6:47:E9:2A:C8:A7:10:C3:05:C2:E2:1B:62:3E:DC:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/Tfbz4XRqO9N8l5fqVzAm31f2004.roa
Signing time:             Mon 01 Jan 2024 16:30:16 +0000
ROA not before:           Mon 01 Jan 2024 16:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60397
IP address blocks:        37.152.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:92:12:92:b1:79:a4:79:44:8a:7d:a5:8f:90:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=353e3f28e647e92ac8a710c305c2e21b623edc1c
        Validity
            Not Before: Jan  1 16:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4df6f3e1746a3bd37c9797ea573026df57f6d34e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ca:6b:86:99:86:ed:5b:cd:62:48:cb:9c:56:
                    f9:3f:01:4c:10:8d:52:fa:3f:be:8e:91:7f:6c:a4:
                    0c:8e:55:24:0e:9a:55:f2:a6:99:e3:5d:57:eb:cf:
                    bf:85:05:e4:6b:2c:25:e5:7b:b5:83:48:02:47:f0:
                    68:63:a4:bc:64:94:ec:65:fe:a5:ac:42:fd:2e:8f:
                    e8:76:55:2d:cc:54:91:89:52:56:7f:7a:f8:40:95:
                    41:b1:bd:85:28:06:f1:c5:be:66:75:e0:a6:a9:ce:
                    8b:75:5b:99:ff:1a:66:5e:26:14:02:71:05:d6:44:
                    73:b4:f5:0b:98:46:98:eb:a5:92:4f:f7:b9:82:6f:
                    13:d1:02:6f:ce:16:81:8f:2f:2d:41:65:8f:79:72:
                    44:56:08:a3:14:39:42:4c:95:af:7e:a2:a5:b3:30:
                    0b:b6:84:af:28:b0:41:ed:fb:c6:09:62:c3:d5:11:
                    ab:cc:e5:ea:88:9b:6c:98:c4:80:07:62:19:cd:39:
                    9c:4a:1a:a5:cd:22:78:ca:27:2c:22:ce:49:22:96:
                    59:8e:8b:9f:9b:2c:75:71:13:4b:ad:d2:a5:39:75:
                    9f:7c:2d:b7:19:c1:ef:4d:1d:8c:7e:6b:1d:93:62:
                    ad:4a:0a:70:26:5a:0e:36:0b:ed:bd:95:a5:59:72:
                    e3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F6:F3:E1:74:6A:3B:D3:7C:97:97:EA:57:30:26:DF:57:F6:D3:4E
            X509v3 Authority Key Identifier:
                keyid:35:3E:3F:28:E6:47:E9:2A:C8:A7:10:C3:05:C2:E2:1B:62:3E:DC:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/Tfbz4XRqO9N8l5fqVzAm31f2004.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/767933-4a73-4b2f-ac84-daca26de6f7b/1/NT4_KOZH6SrIpxDDBcLiG2I-3Bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.152.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:ff:d7:d2:83:bb:28:48:2b:79:6b:57:e0:56:c6:15:1d:63:
         8b:fd:10:99:42:97:7c:ff:68:08:1c:5d:70:84:a3:a8:50:c8:
         23:f8:e6:69:b1:67:37:61:ac:24:c6:08:61:d0:8b:06:6d:9a:
         03:c9:db:a5:13:cc:bd:4f:0e:58:25:c4:bc:43:16:7b:86:62:
         4f:48:07:df:7e:87:82:01:9e:79:73:23:ba:d8:22:74:73:8c:
         3f:ee:6f:b0:44:f8:f3:1e:64:83:09:65:71:ec:07:46:77:0b:
         9c:20:3c:39:56:7c:ff:0f:0f:f4:bc:e0:d0:1d:8d:b1:64:60:
         8d:1b:a3:e1:f5:d9:9b:8e:9e:05:59:b3:30:af:65:58:bd:7b:
         93:0a:35:52:3d:9e:ff:79:e6:a3:e7:6f:91:0a:4b:98:2b:30:
         32:01:4f:e3:a9:08:63:dd:3e:86:40:54:ea:29:fb:4b:b9:de:
         b4:bc:56:76:d3:70:7e:98:d8:b0:c0:9b:21:13:79:8b:8c:20:
         1a:55:8f:6a:d7:39:11:2f:f5:90:15:a8:26:47:3f:0b:42:51:
         40:6d:c6:90:f4:71:59:ce:d0:c0:da:af:ff:e0:78:3e:d5:e6:
         28:b7:fc:db:f2:c7:54:e3:57:32:57:85:fc:bd:21:39:50:1f:
         81:b6:69:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3JISkrF5pHlEin2lj5BAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1M2UzZjI4ZTY0N2U5MmFjOGE3MTBjMzA1YzJlMjFiNjIz
ZWRjMWMwHhcNMjQwMTAxMTYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY2ZjNlMTc0NmEzYmQzN2M5Nzk3ZWE1NzMwMjZkZjU3ZjZkMzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMprhpmG7VvNYkjLnFb5PwFMEI1S
+j++jpF/bKQMjlUkDppV8qaZ411X68+/hQXkaywl5Xu1g0gCR/BoY6S8ZJTsZf6l
rEL9Lo/odlUtzFSRiVJWf3r4QJVBsb2FKAbxxb5mdeCmqc6LdVuZ/xpmXiYUAnEF
1kRztPULmEaY66WST/e5gm8T0QJvzhaBjy8tQWWPeXJEVgijFDlCTJWvfqKlszAL
toSvKLBB7fvGCWLD1RGrzOXqiJtsmMSAB2IZzTmcShqlzSJ4yicsIs5JIpZZjouf
myx1cRNLrdKlOXWffC23GcHvTR2Mfmsdk2KtSgpwJloONgvtvZWlWXLjJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE328+F0ajvTfJeX6lcwJt9X9tNOMB8GA1UdIwQY
MBaAFDU+PyjmR+kqyKcQwwXC4htiPtwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlQ0X0tPWkg2U3JJcHhEREJjTGlHMkktM0J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi83Njc5MzMtNGE3My00YjJmLWFjODQt
ZGFjYTI2ZGU2ZjdiLzEvVGZiejRYUnFPOU44bDVmcVZ6QW0zMWYyMDA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi83Njc5MzMtNGE3My00YjJmLWFjODQtZGFjYTI2ZGU2Zjdi
LzEvTlQ0X0tPWkg2U3JJcHhEREJjTGlHMkktM0J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZiGMA0G
CSqGSIb3DQEBCwUAA4IBAQAk/9fSg7soSCt5a1fgVsYVHWOL/RCZQpd8/2gIHF1w
hKOoUMgj+OZpsWc3Yawkxghh0IsGbZoDydulE8y9Tw5YJcS8QxZ7hmJPSAfffoeC
AZ55cyO62CJ0c4w/7m+wRPjzHmSDCWVx7AdGdwucIDw5Vnz/Dw/0vODQHY2xZGCN
G6Ph9dmbjp4FWbMwr2VYvXuTCjVSPZ7/eeaj52+RCkuYKzAyAU/jqQhj3T6GQFTq
KftLud60vFZ203B+mNiwwJshE3mLjCAaVY9q1zkRL/WQFagmRz8LQlFAbcaQ9HFZ
ztDA2q//4Hg+1eYot/zb8sdU41cyV4X8vSE5UB+Btmk2
-----END CERTIFICATE-----