Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/4yHr9-l1CbbxANcIh06x6HIOj4Y.roa
File:                     4yHr9-l1CbbxANcIh06x6HIOj4Y.roa (raw, json)
Hash identifier:          wJoBDBsZruQvi4J4ZdZlqe6D3koco/lpPC119krFeDc=
Subject key identifier:   E3:21:EB:F7:E9:75:09:B6:F1:00:D7:08:87:4E:B1:E8:72:0E:8F:86
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018CC6B8A3685322CCCAE5DF7550CC99806B
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/4yHr9-l1CbbxANcIh06x6HIOj4Y.roa
Signing time:             Mon 01 Jan 2024 20:30:38 +0000
ROA not before:           Mon 01 Jan 2024 20:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201443
IP address blocks:        37.202.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a3:68:53:22:cc:ca:e5:df:75:50:cc:99:80:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 20:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e321ebf7e97509b6f100d708874eb1e8720e8f86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e4:52:4b:d2:8d:db:31:20:db:d3:12:ce:a4:
                    bd:70:5d:fc:91:e0:38:f4:99:7d:b9:42:48:38:0b:
                    76:f6:75:b7:ec:e7:30:9a:37:a1:18:7a:03:49:b4:
                    b7:08:90:96:5d:cd:a8:dc:2e:42:41:ed:26:5b:cb:
                    c5:04:29:bb:66:72:7c:a7:e9:3c:8a:46:b2:b7:6d:
                    bf:a7:3f:ca:8e:28:ca:ae:dc:82:47:a6:9e:a7:35:
                    98:f2:23:a4:ae:cf:7c:83:27:1e:41:74:38:06:e5:
                    5f:df:76:c4:45:e2:ba:f3:e2:c5:50:81:94:0a:8c:
                    22:fa:81:a3:05:2e:6a:ab:5b:54:28:4d:ea:92:af:
                    e2:86:97:fb:45:a0:d7:31:3c:ec:c3:0a:15:68:bb:
                    37:21:f6:89:b2:07:62:d1:22:a8:c8:b6:72:03:0a:
                    18:d2:77:b0:78:6c:bf:83:01:d7:63:dd:75:10:f0:
                    ae:1f:27:57:77:00:71:ed:b3:48:1e:31:72:07:ad:
                    fc:1c:11:ec:6e:df:c6:75:78:7a:53:7b:96:43:42:
                    85:d2:87:45:f1:dd:a8:fa:1f:96:38:6f:82:44:b7:
                    14:e3:bc:e3:0a:5b:d3:51:f7:2a:71:ef:67:55:e1:
                    b0:25:4e:93:7d:1e:ed:a2:3c:c2:96:a1:26:98:ef:
                    7f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:21:EB:F7:E9:75:09:B6:F1:00:D7:08:87:4E:B1:E8:72:0E:8F:86
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/4yHr9-l1CbbxANcIh06x6HIOj4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:4d:fa:04:02:f3:01:25:f3:ff:eb:88:a3:2b:49:f7:47:98:
         64:04:0b:18:a3:b1:bb:e8:e2:a0:8c:e7:8c:1a:4b:5a:59:60:
         eb:92:35:6c:9f:78:27:9c:f1:9b:7e:e0:1b:35:d0:5f:5c:98:
         60:b0:8e:27:0d:9a:1b:9f:bb:a8:69:e4:db:cf:7c:a7:be:1b:
         6f:3a:9d:4b:5a:c5:44:90:5d:4b:4a:a5:88:a9:ab:cf:cd:c5:
         b9:7f:2d:01:20:2e:5e:8e:58:26:12:5b:09:e2:6f:92:3e:a5:
         b3:5b:2d:c3:f2:51:fc:e6:ed:39:ba:9c:b9:8b:83:b7:6e:80:
         b6:69:6d:bf:f9:ae:e7:6a:e4:b2:78:c9:cb:a6:35:09:3c:97:
         4c:1b:07:9e:af:d7:18:35:a0:09:b9:b0:b0:72:7e:08:aa:a3:
         a3:e6:55:db:62:a8:53:a0:34:78:ce:c6:6f:3b:53:40:37:ac:
         18:e1:ae:e4:05:d8:ac:aa:f5:f0:83:77:da:06:49:ad:98:66:
         e5:54:8d:3b:47:cf:0c:88:ae:69:2d:21:4a:fb:74:02:4a:4c:
         eb:3c:52:d3:d1:4b:80:3d:74:c6:27:57:f7:e5:ef:56:be:e1:
         c7:7f:c7:ea:16:c0:37:4c:c7:8d:a6:2e:b7:49:9e:25:ad:d2:
         39:d5:72:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuKNoUyLMyuXfdVDMmYBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwMTAxMjAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzIxZWJmN2U5NzUwOWI2ZjEwMGQ3MDg4NzRlYjFlODcyMGU4Zjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluRSS9KN2zEg29MSzqS9cF38keA4
9Jl9uUJIOAt29nW37OcwmjehGHoDSbS3CJCWXc2o3C5CQe0mW8vFBCm7ZnJ8p+k8
ikayt22/pz/KjijKrtyCR6aepzWY8iOkrs98gyceQXQ4BuVf33bEReK68+LFUIGU
Cowi+oGjBS5qq1tUKE3qkq/ihpf7RaDXMTzswwoVaLs3IfaJsgdi0SKoyLZyAwoY
0neweGy/gwHXY911EPCuHydXdwBx7bNIHjFyB638HBHsbt/GdXh6U3uWQ0KF0odF
8d2o+h+WOG+CRLcU47zjClvTUfcqce9nVeGwJU6TfR7tojzClqEmmO9/wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMh6/fpdQm28QDXCIdOsehyDo+GMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvNHlIcjktbDFDYmJ4QU5jSWgwNng2SElPajRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcoOMA0G
CSqGSIb3DQEBCwUAA4IBAQAUTfoEAvMBJfP/64ijK0n3R5hkBAsYo7G76OKgjOeM
GktaWWDrkjVsn3gnnPGbfuAbNdBfXJhgsI4nDZobn7uoaeTbz3ynvhtvOp1LWsVE
kF1LSqWIqavPzcW5fy0BIC5ejlgmElsJ4m+SPqWzWy3D8lH85u05upy5i4O3boC2
aW2/+a7nauSyeMnLpjUJPJdMGweer9cYNaAJubCwcn4IqqOj5lXbYqhToDR4zsZv
O1NAN6wY4a7kBdisqvXwg3faBkmtmGblVI07R88MiK5pLSFK+3QCSkzrPFLT0UuA
PXTGJ1f35e9WvuHHf8fqFsA3TMeNpi63SZ4lrdI51XI+
-----END CERTIFICATE-----