Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/k9kwUTMXRJRJwV5ANx6-vBRPH9g.roa
File:                     k9kwUTMXRJRJwV5ANx6-vBRPH9g.roa (raw, json)
Hash identifier:          oh7hI2qshP1WbOOwit0yZUI5/HfQ+4tcS3emdIxxJuc=
Subject key identifier:   93:D9:30:51:33:17:44:94:49:C1:5E:40:37:1E:BE:BC:14:4F:1F:D8
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       018CC6B8A199ADD0367B98550087B88C6298
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/k9kwUTMXRJRJwV5ANx6-vBRPH9g.roa
Signing time:             Mon 01 Jan 2024 20:30:37 +0000
ROA not before:           Mon 01 Jan 2024 20:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25188
IP address blocks:        37.202.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:a1:99:ad:d0:36:7b:98:55:00:87:b8:8c:62:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  1 20:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93d930513317449449c15e40371ebebc144f1fd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c9:60:87:9b:61:4f:92:77:3b:4c:a5:0f:77:
                    4c:e6:7c:6a:e4:cc:d9:ec:fd:b8:ee:d2:74:0b:74:
                    a0:b2:93:1d:58:4c:3a:bd:20:93:f1:bc:10:89:c5:
                    15:9a:a6:8a:c2:2a:0b:46:ac:4d:3e:2c:ff:a0:37:
                    c6:60:26:2e:57:a4:8e:fc:4b:ba:d2:0d:ce:cc:97:
                    3a:87:5a:4c:d1:99:89:0f:01:14:5f:57:53:25:d8:
                    ef:55:56:bc:87:bf:f2:53:1d:14:43:1d:ae:16:ac:
                    99:f1:d6:c8:24:35:ed:42:9b:5b:cb:6d:56:b1:ce:
                    c8:37:d3:3b:32:eb:0a:2c:8b:9d:c3:55:4a:e6:cb:
                    27:dd:0e:ac:8a:68:bb:ed:51:21:9c:9e:ac:29:b2:
                    1d:4c:af:00:23:8b:b0:5f:3e:03:69:f2:a5:9c:a9:
                    fb:ae:d5:7d:35:33:e1:aa:61:ea:ab:f9:6a:35:3f:
                    be:95:d4:52:40:af:c4:9e:a7:ed:cf:d7:53:b2:63:
                    14:10:f8:b4:e5:39:11:14:67:37:94:17:1a:63:a9:
                    f4:41:7f:f0:04:b4:97:ef:f1:70:43:7f:e4:05:15:
                    91:57:1e:a5:91:b1:16:b8:ee:ed:e5:c5:27:1b:4d:
                    b9:b5:c3:8b:c5:d5:43:5e:88:c6:95:a8:61:c7:ed:
                    d6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:D9:30:51:33:17:44:94:49:C1:5E:40:37:1E:BE:BC:14:4F:1F:D8
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/k9kwUTMXRJRJwV5ANx6-vBRPH9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:15:2c:0c:a1:09:54:8c:4d:f5:32:62:83:17:66:88:65:36:
         07:23:6b:03:3d:28:c2:9a:9b:e9:dd:4a:58:c5:1f:22:da:25:
         b4:39:3e:dc:d1:02:54:0a:0f:b1:77:15:0d:db:e4:3f:a1:84:
         cc:9f:c1:46:72:7e:72:e1:e2:a5:57:5a:e9:2e:20:13:20:e9:
         25:a5:68:f6:7c:56:24:21:b3:ca:af:78:19:40:45:9f:78:65:
         5a:8e:c8:17:14:a5:01:be:6a:48:f6:82:95:72:79:2f:ef:97:
         f8:ba:c5:b2:bc:fd:b5:43:55:d5:7d:f7:ee:31:99:e4:10:90:
         62:44:e1:41:bb:30:f5:ca:60:1e:f6:ef:82:d7:e5:c1:33:41:
         a5:bb:86:78:15:29:ee:5c:95:d0:dd:7e:c6:4e:27:2b:03:58:
         59:a4:86:0b:32:18:7a:55:d0:ad:34:c2:06:ba:f2:72:00:cf:
         d7:47:22:d5:a3:aa:19:ae:0e:b3:c9:5e:41:65:e6:ba:87:58:
         49:bd:5f:df:dc:d6:79:82:27:01:80:d5:96:8d:4d:8a:26:b0:
         bc:6d:5e:cd:38:ff:58:5f:ff:0d:6f:28:eb:64:91:c9:fb:38:
         42:d4:1a:83:2d:03:2e:cf:ef:f8:32:4c:95:96:a1:dc:bc:49:
         77:1b:d5:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuKGZrdA2e5hVAIe4jGKYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjQwMTAxMjAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2Q5MzA1MTMzMTc0NDk0NDljMTVlNDAzNzFlYmViYzE0NGYxZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmclgh5thT5J3O0ylD3dM5nxq5MzZ
7P247tJ0C3SgspMdWEw6vSCT8bwQicUVmqaKwioLRqxNPiz/oDfGYCYuV6SO/Eu6
0g3OzJc6h1pM0ZmJDwEUX1dTJdjvVVa8h7/yUx0UQx2uFqyZ8dbIJDXtQptby21W
sc7IN9M7MusKLIudw1VK5ssn3Q6simi77VEhnJ6sKbIdTK8AI4uwXz4DafKlnKn7
rtV9NTPhqmHqq/lqNT++ldRSQK/Enqftz9dTsmMUEPi05TkRFGc3lBcaY6n0QX/w
BLSX7/FwQ3/kBRWRVx6lkbEWuO7t5cUnG025tcOLxdVDXojGlahhx+3WDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPZMFEzF0SUScFeQDcevrwUTx/YMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvazlrd1VUTVhSSlJKd1Y1QU54Ni12QlJQSDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJcoIMA0G
CSqGSIb3DQEBCwUAA4IBAQBlFSwMoQlUjE31MmKDF2aIZTYHI2sDPSjCmpvp3UpY
xR8i2iW0OT7c0QJUCg+xdxUN2+Q/oYTMn8FGcn5y4eKlV1rpLiATIOklpWj2fFYk
IbPKr3gZQEWfeGVajsgXFKUBvmpI9oKVcnkv75f4usWyvP21Q1XVfffuMZnkEJBi
ROFBuzD1ymAe9u+C1+XBM0Glu4Z4FSnuXJXQ3X7GTicrA1hZpIYLMhh6VdCtNMIG
uvJyAM/XRyLVo6oZrg6zyV5BZea6h1hJvV/f3NZ5gicBgNWWjU2KJrC8bV7NOP9Y
X/8NbyjrZJHJ+zhC1BqDLQMuz+/4MkyVlqHcvEl3G9Wg
-----END CERTIFICATE-----