Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/2pAru1Er-omNMzjpXxXX5QCu9dw.roa
File:                     2pAru1Er-omNMzjpXxXX5QCu9dw.roa (raw, json)
Hash identifier:          jzotIQOGmOcfuIo5BOobmbaMoQA+VeTDZv3ZUSQumFI=
Subject key identifier:   DA:90:2B:BB:51:2B:FA:89:8D:33:38:E9:5F:15:D7:E5:00:AE:F5:DC
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018CC6B8A0E4AA530692654A0EFAA78F79A1
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/2pAru1Er-omNMzjpXxXX5QCu9dw.roa
Signing time:             Mon 01 Jan 2024 20:30:37 +0000
ROA not before:           Mon 01 Jan 2024 20:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6672
IP address blocks:        37.202.8.0/21 maxlen: 21
                          212.113.96.0/19 maxlen: 24
                          2a02:9d8::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 02:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a0:e4:aa:53:06:92:65:4a:0e:fa:a7:8f:79:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 20:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da902bbb512bfa898d3338e95f15d7e500aef5dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b3:96:da:73:0f:d0:4f:1a:ad:7b:93:5d:03:
                    e9:0d:ca:da:0b:de:1b:9e:ff:e6:0b:3b:f5:f0:32:
                    18:5f:42:e8:7d:05:a8:34:dd:94:0b:4c:32:6c:13:
                    ec:9c:7d:37:2a:71:76:16:bf:8d:7f:43:48:a7:da:
                    f3:d8:b1:e2:2e:4e:d6:77:e7:27:09:db:d8:58:7c:
                    89:3f:c4:10:9c:e7:c8:80:b9:00:c8:56:7f:d8:18:
                    0e:69:fa:0d:f1:be:b2:57:ab:26:d9:7a:74:79:ec:
                    a9:f0:02:06:8e:5b:05:20:52:99:a4:58:0b:7a:d6:
                    6d:f4:2b:c7:03:96:e0:f2:fd:30:80:21:e8:70:4f:
                    56:e1:14:5a:f8:39:c8:6f:1c:47:b5:11:2d:65:d0:
                    ab:30:8a:c3:32:47:82:7f:d5:21:1a:5d:cb:10:08:
                    e6:fd:f5:18:56:5e:4f:0b:8e:04:8f:9b:6b:80:c0:
                    10:61:88:c6:9a:f7:c6:d0:42:25:ee:0f:74:d0:f3:
                    67:f7:8c:5d:3a:1e:24:ed:8d:6a:57:a8:62:47:d2:
                    85:01:52:0b:9c:54:d2:f1:ea:0d:de:18:d8:04:7b:
                    d2:44:19:28:86:46:d5:4f:0f:31:fe:90:a0:2d:e5:
                    0e:69:01:d6:f3:9c:26:ae:3f:20:88:58:22:0b:90:
                    98:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:90:2B:BB:51:2B:FA:89:8D:33:38:E9:5F:15:D7:E5:00:AE:F5:DC
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/2pAru1Er-omNMzjpXxXX5QCu9dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.8.0/21
                  212.113.96.0/19
                IPv6:
                  2a02:9d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:1d:a7:33:ee:94:5d:b6:bd:03:af:25:ad:4f:88:ff:24:09:
         3b:e0:ac:93:15:be:73:ce:7c:5d:a9:70:a2:ce:a2:74:44:f7:
         58:f0:a3:72:62:ec:5a:76:e9:40:37:bf:d7:65:54:f1:91:f1:
         74:95:6b:06:b0:b6:35:d1:0c:a1:0d:f9:52:2c:41:68:8c:af:
         9d:d4:50:9d:57:ca:81:77:f2:b6:e6:cd:89:c7:a8:c3:67:b0:
         31:87:e9:c8:8d:37:70:33:30:6b:1e:4c:de:7f:2e:3c:98:7e:
         4b:d9:69:85:9e:2c:03:6c:91:63:15:62:d9:11:67:8b:0e:ba:
         cd:6f:93:78:db:e3:09:9d:67:b9:d1:e1:2f:95:53:2e:90:e2:
         0f:40:cf:23:53:a4:f2:2d:cd:0d:cd:80:0f:fe:13:b3:cd:93:
         3a:0b:35:cf:df:26:4b:f1:3e:f6:8e:10:0c:3a:d4:a1:4c:20:
         60:aa:8f:14:05:42:d4:cf:3f:54:92:90:bb:56:d0:aa:f2:1a:
         6d:45:e0:bf:1b:4f:cf:13:6d:74:96:3a:a2:8d:90:e0:dc:eb:
         36:46:bf:8b:64:32:1d:e4:73:6d:b3:27:37:9e:53:a0:0b:aa:
         1f:d2:e9:df:88:6d:d0:ba:b6:cb:d9:60:96:fa:a3:de:51:7e:
         5a:e3:e4:71
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGuKDkqlMGkmVKDvqnj3mhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwMTAxMjAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTkwMmJiYjUxMmJmYTg5OGQzMzM4ZTk1ZjE1ZDdlNTAwYWVmNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rOW2nMP0E8arXuTXQPpDcraC94b
nv/mCzv18DIYX0LofQWoNN2UC0wybBPsnH03KnF2Fr+Nf0NIp9rz2LHiLk7Wd+cn
CdvYWHyJP8QQnOfIgLkAyFZ/2BgOafoN8b6yV6sm2Xp0eeyp8AIGjlsFIFKZpFgL
etZt9CvHA5bg8v0wgCHocE9W4RRa+DnIbxxHtREtZdCrMIrDMkeCf9UhGl3LEAjm
/fUYVl5PC44Ej5trgMAQYYjGmvfG0EIl7g900PNn94xdOh4k7Y1qV6hiR9KFAVIL
nFTS8eoN3hjYBHvSRBkohkbVTw8x/pCgLeUOaQHW85wmrj8giFgiC5CYswIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNqQK7tRK/qJjTM46V8V1+UArvXcMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvMnBBcnUxRXItb21OTXpqcFh4WFg1UUN1OWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJcoIAwQF
1HFgMA0EAgACMAcDBQAqAgnYMA0GCSqGSIb3DQEBCwUAA4IBAQAwHacz7pRdtr0D
ryWtT4j/JAk74KyTFb5zznxdqXCizqJ0RPdY8KNyYuxadulAN7/XZVTxkfF0lWsG
sLY10QyhDflSLEFojK+d1FCdV8qBd/K25s2Jx6jDZ7Axh+nIjTdwMzBrHkzefy48
mH5L2WmFniwDbJFjFWLZEWeLDrrNb5N42+MJnWe50eEvlVMukOIPQM8jU6TyLc0N
zYAP/hOzzZM6CzXP3yZL8T72jhAMOtShTCBgqo8UBULUzz9UkpC7VtCq8hptReC/
G0/PE210ljqijZDg3Os2Rr+LZDId5HNtsyc3nlOgC6of0unfiG3QurbL2WCW+qPe
UX5a4+Rx
-----END CERTIFICATE-----