Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/N-GyLcEjrv7_or8Kv3qbcCpg5R0.roa
File:                     N-GyLcEjrv7_or8Kv3qbcCpg5R0.roa (raw, json)
Hash identifier:          z6Wrprt67rB+4iYuqOBMlrpP/w43vgpsRjHYHWH838E=
Subject key identifier:   37:E1:B2:2D:C1:23:AE:FE:FF:A2:BF:0A:BF:7A:9B:70:2A:60:E5:1D
Certificate issuer:       /CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
Certificate serial:       018CC348ED8E7BF2CDC7EE2247443192F457
Authority key identifier: AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/N-GyLcEjrv7_or8Kv3qbcCpg5R0.roa
Signing time:             Mon 01 Jan 2024 04:29:45 +0000
ROA not before:           Mon 01 Jan 2024 04:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47971
IP address blocks:        81.94.218.0/23 maxlen: 24
                          81.94.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 17:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ed:8e:7b:f2:cd:c7:ee:22:47:44:31:92:f4:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb66ec5e8f2405f6f8d486e73fb82b8de0dee0f
        Validity
            Not Before: Jan  1 04:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37e1b22dc123aefeffa2bf0abf7a9b702a60e51d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:28:e5:95:38:eb:db:ba:a1:38:2f:e2:d0:dd:
                    87:a6:41:70:2f:6f:2d:e0:d5:a0:23:ca:8d:e9:6b:
                    d7:35:69:10:d9:56:d9:b4:fb:06:75:3e:e5:a0:fd:
                    1e:d8:ca:51:20:c9:68:22:e9:2d:0d:df:d9:24:5b:
                    b6:0b:fa:d0:95:62:96:21:17:47:f3:8d:19:5a:a3:
                    c0:fd:30:b9:0b:81:31:7b:6a:ab:67:0b:c2:a3:40:
                    f7:0e:74:63:70:a1:3f:3d:47:22:a1:1d:1f:b5:18:
                    15:d1:43:22:29:68:95:52:2a:0c:33:2d:a1:92:fd:
                    35:1d:ec:ce:8a:d4:3f:23:0f:b6:f3:0b:d3:f2:1b:
                    44:ae:46:2b:5e:17:83:89:c0:e1:92:32:9d:67:e8:
                    1a:fc:c8:68:58:78:20:1e:9f:cc:69:fd:f6:57:61:
                    07:b8:9d:ea:12:2c:f9:b5:1b:a4:43:73:6e:0a:b6:
                    3b:9a:9b:c7:ba:ec:f9:83:be:8d:9a:8c:35:46:56:
                    86:02:15:d2:94:e0:11:bb:43:5a:12:20:eb:cc:1d:
                    e6:90:71:ca:07:4a:45:20:0b:28:17:4e:67:5e:94:
                    72:ab:40:e7:ab:2b:61:76:15:21:b2:7c:5d:12:b3:
                    54:f5:58:f6:ca:00:cb:3f:72:ba:77:92:fc:d2:b0:
                    a9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E1:B2:2D:C1:23:AE:FE:FF:A2:BF:0A:BF:7A:9B:70:2A:60:E5:1D
            X509v3 Authority Key Identifier:
                keyid:AE:B6:6E:C5:E8:F2:40:5F:6F:8D:48:6E:73:FB:82:B8:DE:0D:EE:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrZuxejyQF9vjUhuc_uCuN4N7g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/N-GyLcEjrv7_or8Kv3qbcCpg5R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/153788-14b7-4551-9ade-6aea9057c800/1/rrZuxejyQF9vjUhuc_uCuN4N7g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.94.218.0/23
                  81.94.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:39:28:51:44:1d:6d:da:7c:54:2f:33:d2:a8:b8:75:0f:a3:
         81:8e:ab:0a:04:a7:1f:d2:32:5c:5f:d7:97:53:af:66:9c:a3:
         8c:54:b4:b4:10:b1:26:48:ea:94:52:d2:9f:47:06:9d:bb:e6:
         27:00:0a:20:fa:17:1c:6a:21:5b:5e:51:5e:43:1c:b5:10:01:
         e5:b4:34:f3:55:9d:0c:0c:38:7c:3a:79:04:60:4d:de:79:5c:
         1a:ba:50:9e:82:ea:82:aa:4a:be:6e:84:b3:cb:a3:a0:2a:ff:
         5a:25:be:13:4b:c0:2a:1e:6c:ec:13:86:97:eb:c4:9f:dc:2d:
         7e:51:13:8d:3a:22:74:3e:55:f6:64:34:78:63:ef:20:7b:5b:
         24:d4:86:2f:b2:e3:e8:cf:e5:d5:38:71:cc:fd:d3:8e:54:35:
         79:83:58:09:57:5f:0b:d5:88:fd:2e:cd:da:17:45:e0:55:03:
         94:38:a1:a7:37:af:cf:d2:5b:08:6a:c1:b1:93:33:cc:be:ab:
         7d:59:73:5a:5e:55:02:de:29:24:63:ab:13:bf:45:85:4c:40:
         10:82:50:ac:1d:5c:9c:c9:11:71:48:1e:98:2b:bb:b1:00:41:
         f9:b4:31:3e:18:fd:65:5e:31:02:8c:db:0c:0f:31:ac:71:cc:
         fd:23:f4:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSO2Oe/LNx+4iR0QxkvRXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjY2ZWM1ZThmMjQwNWY2ZjhkNDg2ZTczZmI4MmI4ZGUw
ZGVlMGYwHhcNMjQwMTAxMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2UxYjIyZGMxMjNhZWZlZmZhMmJmMGFiZjdhOWI3MDJhNjBlNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ijllTjr27qhOC/i0N2HpkFwL28t
4NWgI8qN6WvXNWkQ2VbZtPsGdT7loP0e2MpRIMloIuktDd/ZJFu2C/rQlWKWIRdH
840ZWqPA/TC5C4Exe2qrZwvCo0D3DnRjcKE/PUcioR0ftRgV0UMiKWiVUioMMy2h
kv01HezOitQ/Iw+28wvT8htErkYrXheDicDhkjKdZ+ga/MhoWHggHp/Maf32V2EH
uJ3qEiz5tRukQ3NuCrY7mpvHuuz5g76Nmow1RlaGAhXSlOARu0NaEiDrzB3mkHHK
B0pFIAsoF05nXpRyq0DnqythdhUhsnxdErNU9Vj2ygDLP3K6d5L80rCp6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDfhsi3BI67+/6K/Cr96m3AqYOUdMB8GA1UdIwQY
MBaAFK62bsXo8kBfb41IbnP7grjeDe4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUt
NmFlYTkwNTdjODAwLzEvTi1HeUxjRWpydjdfb3I4S3YzcWJjQ3BnNVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi8xNTM3ODgtMTRiNy00NTUxLTlhZGUtNmFlYTkwNTdjODAw
LzEvcnJadXhlanlRRjl2alVodWNfdUN1TjRON2c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUV7aAwQA
UV7eMA0GCSqGSIb3DQEBCwUAA4IBAQAFOShRRB1t2nxULzPSqLh1D6OBjqsKBKcf
0jJcX9eXU69mnKOMVLS0ELEmSOqUUtKfRwadu+YnAAog+hccaiFbXlFeQxy1EAHl
tDTzVZ0MDDh8OnkEYE3eeVwaulCeguqCqkq+boSzy6OgKv9aJb4TS8AqHmzsE4aX
68Sf3C1+URONOiJ0PlX2ZDR4Y+8ge1sk1IYvsuPoz+XVOHHM/dOOVDV5g1gJV18L
1Yj9Ls3aF0XgVQOUOKGnN6/P0lsIasGxkzPMvqt9WXNaXlUC3ikkY6sTv0WFTEAQ
glCsHVycyRFxSB6YK7uxAEH5tDE+GP1lXjECjNsMDzGsccz9I/RF
-----END CERTIFICATE-----