Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/UeSYQPGbNbvyqiVX9l-wl7_UvG4.roa
File:                     UeSYQPGbNbvyqiVX9l-wl7_UvG4.roa (raw, json)
Hash identifier:          67siw6pCAH4WfkC8kLM65x7GXg0O4v0zvP8EnKkzDMQ=
Subject key identifier:   51:E4:98:40:F1:9B:35:BB:F2:AA:25:57:F6:5F:B0:97:BF:D4:BC:6E
Certificate issuer:       /CN=66a1d1a017802e5c57da5978544fc537403da73a
Certificate serial:       018CC6B9338281CD752C9A23084658B68FD6
Authority key identifier: 66:A1:D1:A0:17:80:2E:5C:57:DA:59:78:54:4F:C5:37:40:3D:A7:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZqHRoBeALlxX2ll4VE_FN0A9pzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/UeSYQPGbNbvyqiVX9l-wl7_UvG4.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61029
IP address blocks:        37.72.96.0/20 maxlen: 24
                          213.232.253.0/24 maxlen: 24
                          2a00:8240::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/ZqHRoBeALlxX2ll4VE_FN0A9pzo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/ZqHRoBeALlxX2ll4VE_FN0A9pzo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZqHRoBeALlxX2ll4VE_FN0A9pzo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:33:82:81:cd:75:2c:9a:23:08:46:58:b6:8f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66a1d1a017802e5c57da5978544fc537403da73a
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=51e49840f19b35bbf2aa2557f65fb097bfd4bc6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5a:4e:37:ca:44:d2:8c:42:00:f1:38:25:1c:
                    78:0f:b4:3a:2f:b6:4e:26:46:22:a1:8f:ea:00:13:
                    67:d9:86:b6:94:43:78:b6:5d:fd:dd:97:95:37:73:
                    0a:f9:de:db:9d:17:4f:84:f6:24:80:d7:58:7e:ef:
                    5f:c3:88:0d:50:4e:5c:b3:f0:0d:e1:28:eb:d0:14:
                    16:89:3c:1b:69:46:ea:b2:01:fb:c8:eb:1c:06:9f:
                    e3:88:af:94:3d:d1:ef:43:42:73:0a:a0:f8:01:41:
                    01:bc:b8:48:77:08:7e:68:c0:b4:79:b2:c6:bc:54:
                    bd:fb:35:91:8c:c7:41:98:aa:3c:76:22:9d:90:22:
                    66:bb:c6:f4:8a:a8:d3:6d:9b:55:07:2c:7d:d8:55:
                    f1:dc:7b:42:fa:e7:16:ac:91:d0:c4:24:d6:39:3c:
                    93:6b:e3:38:20:be:2e:c1:e2:41:00:37:e6:44:b3:
                    84:cf:e8:a8:c6:7c:76:c3:fe:08:99:99:6a:51:4d:
                    92:7c:08:9f:64:7a:41:1d:f5:7e:5f:81:5b:12:f4:
                    00:13:2b:6e:b2:21:5c:c1:17:fb:80:1f:62:f0:d9:
                    d0:09:c5:26:c1:61:f7:7a:44:5d:0c:ec:ec:ff:8a:
                    c5:a6:ce:26:38:33:a2:7a:b2:a1:6d:9e:67:18:01:
                    7f:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E4:98:40:F1:9B:35:BB:F2:AA:25:57:F6:5F:B0:97:BF:D4:BC:6E
            X509v3 Authority Key Identifier:
                keyid:66:A1:D1:A0:17:80:2E:5C:57:DA:59:78:54:4F:C5:37:40:3D:A7:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZqHRoBeALlxX2ll4VE_FN0A9pzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/UeSYQPGbNbvyqiVX9l-wl7_UvG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/91548b-bab5-454c-b60b-19f2a1d16033/1/ZqHRoBeALlxX2ll4VE_FN0A9pzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.96.0/20
                  213.232.253.0/24
                IPv6:
                  2a00:8240::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:98:0c:4b:10:d8:23:48:96:25:b6:df:e8:61:fa:2c:e6:0c:
         d8:d5:be:a2:37:9b:f0:93:04:7f:1c:67:45:95:2a:08:c3:51:
         92:f9:47:d3:ff:e0:05:f8:42:8a:ae:8c:56:25:45:61:ae:f8:
         72:d7:ee:89:e3:a6:bf:1e:8e:2c:e2:af:76:14:9e:6b:67:5f:
         0c:46:0d:f7:1b:e7:ad:5f:4b:64:1a:fd:c3:1f:75:a0:a2:c2:
         aa:77:90:fb:b0:4e:66:b8:38:37:9b:2c:70:01:7e:4b:7d:e7:
         1b:31:eb:3b:fb:78:f4:99:2c:b4:61:9d:bf:dc:dd:df:16:9d:
         56:87:97:81:f1:7a:be:ad:d4:fd:9a:60:99:b7:07:0c:c8:c7:
         81:d3:3a:9d:37:14:1d:1d:de:57:ed:a5:ae:3d:2f:76:04:5f:
         69:84:81:5c:78:3e:39:f8:a2:eb:91:4b:c5:28:1b:c5:aa:1d:
         08:df:e1:f0:95:e0:da:be:be:ae:c9:fc:60:ca:16:69:4c:fa:
         b1:23:3e:20:cd:ba:6a:1b:85:ac:71:54:d1:56:6f:ca:c9:58:
         52:d6:51:c9:fa:88:25:56:69:cb:8f:89:95:a9:28:64:dc:82:
         93:e9:0d:06:84:c5:d1:a1:f7:82:97:e2:6b:30:f1:00:ea:57:
         31:d9:dd:47
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGuTOCgc11LJojCEZYto/WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YTFkMWEwMTc4MDJlNWM1N2RhNTk3ODU0NGZjNTM3NDAz
ZGE3M2EwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWU0OTg0MGYxOWIzNWJiZjJhYTI1NTdmNjVmYjA5N2JmZDRiYzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFpON8pE0oxCAPE4JRx4D7Q6L7ZO
JkYioY/qABNn2Ya2lEN4tl393ZeVN3MK+d7bnRdPhPYkgNdYfu9fw4gNUE5cs/AN
4Sjr0BQWiTwbaUbqsgH7yOscBp/jiK+UPdHvQ0JzCqD4AUEBvLhIdwh+aMC0ebLG
vFS9+zWRjMdBmKo8diKdkCJmu8b0iqjTbZtVByx92FXx3HtC+ucWrJHQxCTWOTyT
a+M4IL4uweJBADfmRLOEz+ioxnx2w/4ImZlqUU2SfAifZHpBHfV+X4FbEvQAEytu
siFcwRf7gB9i8NnQCcUmwWH3ekRdDOzs/4rFps4mODOierKhbZ5nGAF/HwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFHkmEDxmzW78qolV/ZfsJe/1LxuMB8GA1UdIwQY
MBaAFGah0aAXgC5cV9pZeFRPxTdAPac6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnFIUm9CZUFMbHhYMmxsNFZFX0ZOMEE5cHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85MTU0OGItYmFiNS00NTRjLWI2MGIt
MTlmMmExZDE2MDMzLzEvVWVTWVFQR2JOYnZ5cWlWWDlsLXdsN19Vdkc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85MTU0OGItYmFiNS00NTRjLWI2MGItMTlmMmExZDE2MDMz
LzEvWnFIUm9CZUFMbHhYMmxsNFZFX0ZOMEE5cHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEJUhgAwQA
1ej9MA0EAgACMAcDBQMqAIJAMA0GCSqGSIb3DQEBCwUAA4IBAQBFmAxLENgjSJYl
tt/oYfos5gzY1b6iN5vwkwR/HGdFlSoIw1GS+UfT/+AF+EKKroxWJUVhrvhy1+6J
46a/Ho4s4q92FJ5rZ18MRg33G+etX0tkGv3DH3WgosKqd5D7sE5muDg3myxwAX5L
fecbMes7+3j0mSy0YZ2/3N3fFp1Wh5eB8Xq+rdT9mmCZtwcMyMeB0zqdNxQdHd5X
7aWuPS92BF9phIFceD45+KLrkUvFKBvFqh0I3+HwleDavr6uyfxgyhZpTPqxIz4g
zbpqG4WscVTRVm/KyVhS1lHJ+oglVmnLj4mVqShk3IKT6Q0GhMXRofeCl+JrMPEA
6lcx2d1H
-----END CERTIFICATE-----