Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/v0B2WJNbU72JzUwEtfsRU9EGr8A.roa
File:                     v0B2WJNbU72JzUwEtfsRU9EGr8A.roa (raw, json)
Hash identifier:          bkZ7vvKmMRttjisw4wz3UjVly/FH8PJFyMj7pePFFkI=
Subject key identifier:   BF:40:76:58:93:5B:53:BD:89:CD:4C:04:B5:FB:11:53:D1:06:AF:C0
Certificate issuer:       /CN=04cbe5b4623dab42f15a905002db7ce62e854f29
Certificate serial:       0194282333D324C5D36C4D9BA90E99AEAF96
Authority key identifier: 04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/v0B2WJNbU72JzUwEtfsRU9EGr8A.roa
Signing time:             Thu 02 Jan 2025 17:49:43 +0000
ROA not before:           Thu 02 Jan 2025 17:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212443
IP address blocks:        37.202.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:33:d3:24:c5:d3:6c:4d:9b:a9:0e:99:ae:af:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04cbe5b4623dab42f15a905002db7ce62e854f29
        Validity
            Not Before: Jan  2 17:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf407658935b53bd89cd4c04b5fb1153d106afc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:20:f5:92:6c:f5:19:ff:81:2c:66:ea:63:6a:
                    77:d5:3b:50:b2:4a:01:6f:b9:43:f0:47:a0:db:15:
                    82:8f:1f:20:2d:87:94:b0:d3:7f:c5:38:be:8f:cd:
                    99:69:9d:c8:86:9d:21:4f:12:c0:c6:e9:be:2c:5a:
                    75:7e:b3:48:b7:1e:74:30:b2:24:ad:ad:51:a5:63:
                    85:c5:d7:e7:96:b9:93:94:69:06:65:9d:9d:a2:dc:
                    af:6e:76:3e:f9:c8:14:91:ce:5a:76:76:5d:39:31:
                    66:5d:a6:6e:4e:08:bb:94:e8:6a:f4:29:73:d7:fd:
                    3f:22:5f:a7:2b:70:2b:b5:9b:64:48:46:fc:e2:98:
                    26:85:90:92:a8:d6:86:c3:ba:6b:74:38:d5:b4:42:
                    0d:82:3a:a0:0d:53:85:51:d6:38:41:0c:2f:49:d9:
                    46:65:73:34:a7:fe:82:92:0e:7c:88:38:99:77:68:
                    8c:70:9b:4d:c5:49:f0:7c:35:81:94:ca:ae:fe:f7:
                    9d:b2:2a:52:fd:b2:fe:af:20:78:bd:7b:1d:75:d7:
                    ab:ab:c6:95:47:e3:58:0b:3a:7f:39:4e:26:c0:b8:
                    7c:a6:0c:a4:4e:b6:fa:e3:46:5d:93:4e:20:39:17:
                    c8:1d:56:0c:2a:9b:e6:d7:73:bf:4d:16:d6:4d:b5:
                    b4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:40:76:58:93:5B:53:BD:89:CD:4C:04:B5:FB:11:53:D1:06:AF:C0
            X509v3 Authority Key Identifier:
                keyid:04:CB:E5:B4:62:3D:AB:42:F1:5A:90:50:02:DB:7C:E6:2E:85:4F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BMvltGI9q0LxWpBQAtt85i6FTyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/v0B2WJNbU72JzUwEtfsRU9EGr8A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/3d3a2d-a039-46f4-8687-057817ba9fb7/1/BMvltGI9q0LxWpBQAtt85i6FTyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:c2:07:ab:ed:15:af:8f:34:38:b0:6b:04:f0:71:09:36:2c:
         9e:8b:0a:ed:e8:81:1e:28:7d:67:dd:e5:7c:23:e1:58:c3:8e:
         c4:90:94:00:3c:49:5c:4a:35:86:14:c0:a8:9d:f3:b1:c5:bf:
         55:19:8d:82:6f:67:78:bc:fe:72:ec:f1:d9:95:72:b0:73:e0:
         e5:9e:7c:af:e7:b7:fe:26:5b:17:13:0e:e5:05:7e:86:3e:aa:
         ba:7d:58:ad:4d:0f:ac:b2:ca:3a:6d:21:39:80:76:1b:f8:df:
         51:f4:dc:63:fd:6b:4b:2a:6a:60:10:57:ee:f1:af:c2:22:fb:
         f7:ef:99:c5:24:c5:8b:90:f1:c7:9e:56:c0:4e:1d:7f:47:6d:
         2c:9e:ea:87:45:92:11:c2:0e:e4:bf:22:6f:96:1c:49:bf:d0:
         f6:74:8a:33:37:26:97:67:d4:16:ef:06:26:3c:ff:01:3f:18:
         43:69:2e:a0:3c:ff:8f:27:7d:f5:2f:e5:3a:e1:07:f3:07:87:
         5c:d9:53:2f:b0:34:88:52:e1:d5:ea:be:f9:58:51:d3:1e:b3:
         47:7d:df:98:93:21:37:0e:5e:d3:75:8c:cc:e8:e7:fd:04:f2:
         3e:90:fe:b3:7c:3e:5b:b5:ec:6f:ed:35:0f:5f:57:bb:26:bf:
         55:ac:04:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzPTJMXTbE2bqQ6Zrq+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0Y2JlNWI0NjIzZGFiNDJmMTVhOTA1MDAyZGI3Y2U2MmU4
NTRmMjkwHhcNMjUwMTAyMTc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjQwNzY1ODkzNWI1M2JkODljZDRjMDRiNWZiMTE1M2QxMDZhZmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSD1kmz1Gf+BLGbqY2p31TtQskoB
b7lD8Eeg2xWCjx8gLYeUsNN/xTi+j82ZaZ3Ihp0hTxLAxum+LFp1frNItx50MLIk
ra1RpWOFxdfnlrmTlGkGZZ2dotyvbnY++cgUkc5adnZdOTFmXaZuTgi7lOhq9Clz
1/0/Il+nK3ArtZtkSEb84pgmhZCSqNaGw7prdDjVtEINgjqgDVOFUdY4QQwvSdlG
ZXM0p/6Ckg58iDiZd2iMcJtNxUnwfDWBlMqu/vedsipS/bL+ryB4vXsddderq8aV
R+NYCzp/OU4mwLh8pgykTrb640Zdk04gORfIHVYMKpvm13O/TRbWTbW09wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9AdliTW1O9ic1MBLX7EVPRBq/AMB8GA1UdIwQY
MBaAFATL5bRiPatC8VqQUALbfOYuhU8pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODct
MDU3ODE3YmE5ZmI3LzEvdjBCMldKTmJVNzJKelV3RXRmc1JVOUVHcjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8zZDNhMmQtYTAzOS00NmY0LTg2ODctMDU3ODE3YmE5ZmI3
LzEvQk12bHRHSTlxMEx4V3BCUUF0dDg1aTZGVHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcoPMA0G
CSqGSIb3DQEBCwUAA4IBAQB9wger7RWvjzQ4sGsE8HEJNiyeiwrt6IEeKH1n3eV8
I+FYw47EkJQAPElcSjWGFMConfOxxb9VGY2Cb2d4vP5y7PHZlXKwc+Dlnnyv57f+
JlsXEw7lBX6GPqq6fVitTQ+ssso6bSE5gHYb+N9R9Nxj/WtLKmpgEFfu8a/CIvv3
75nFJMWLkPHHnlbATh1/R20snuqHRZIRwg7kvyJvlhxJv9D2dIozNyaXZ9QW7wYm
PP8BPxhDaS6gPP+PJ331L+U64QfzB4dc2VMvsDSIUuHV6r75WFHTHrNHfd+YkyE3
Dl7TdYzM6Of9BPI+kP6zfD5btexv7TUPX1e7Jr9VrATh
-----END CERTIFICATE-----