Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BqoADZUkIBegWprh0LoLQuIq5dI.roa
File:                     BqoADZUkIBegWprh0LoLQuIq5dI.roa (raw, json)
Hash identifier:          JW8TX96pxQNPQeTexHdw4KDZ3udO9uF5P8DEXG56Eic=
Subject key identifier:   06:AA:00:0D:95:24:20:17:A0:5A:9A:E1:D0:BA:0B:42:E2:2A:E5:D2
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E109B6DCE0FDD07B114D52DA42456
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BqoADZUkIBegWprh0LoLQuIq5dI.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60861
IP address blocks:        37.221.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 03:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:10:9b:6d:ce:0f:dd:07:b1:14:d5:2d:a4:24:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=06aa000d95242017a05a9ae1d0ba0b42e22ae5d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ee:72:46:12:ca:45:4d:62:3c:50:25:7b:81:
                    41:e9:9c:4f:37:7e:4f:de:62:8c:68:21:fd:42:bd:
                    28:f3:81:4e:34:84:fa:b6:8f:2b:18:c8:56:9a:f9:
                    47:1c:78:0a:d4:6a:e4:a4:7e:71:e3:86:16:46:60:
                    ee:3f:ca:fb:f7:d7:b4:b2:ca:08:e7:45:19:51:98:
                    a1:d6:2b:43:f6:98:b5:66:34:45:8f:ae:05:ac:42:
                    d4:ed:49:ab:95:e8:a0:39:1f:2b:f3:0c:37:03:a0:
                    b1:a8:0d:12:1e:e1:79:1d:ee:a8:b6:4f:6f:06:1f:
                    b4:19:71:9f:50:1e:cb:4f:96:d1:e9:2b:d9:f0:9e:
                    53:11:34:c4:18:90:f5:ea:a7:f7:4b:17:7f:76:16:
                    d8:bc:af:83:44:f6:ab:da:4c:65:30:45:1c:3b:6f:
                    1e:86:4f:99:7e:cf:9c:0c:89:ce:f3:81:6e:d4:bb:
                    3d:a9:8f:b7:16:eb:6d:fe:4a:f2:50:64:2f:f5:1d:
                    14:d6:fa:49:c4:89:47:26:9c:21:8e:34:3b:53:b8:
                    5c:a3:9b:c6:ef:1f:1f:b8:82:cf:f3:31:bb:e3:7f:
                    32:58:12:a9:1d:e2:e5:dd:b0:15:66:82:b3:14:74:
                    af:7c:51:dc:5b:99:34:a8:cd:8f:91:2d:1c:54:35:
                    01:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:AA:00:0D:95:24:20:17:A0:5A:9A:E1:D0:BA:0B:42:E2:2A:E5:D2
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/BqoADZUkIBegWprh0LoLQuIq5dI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:f6:ef:c4:38:23:39:45:b0:97:f4:73:b7:6c:7b:5f:11:5d:
         43:ca:48:ab:2d:01:8f:3c:de:ca:90:7a:b8:e3:4d:db:b1:93:
         2e:98:2e:53:4d:94:09:26:76:4f:f8:fd:b3:d4:d1:29:00:d1:
         af:29:ba:b0:1d:bf:ab:a4:db:19:c6:73:26:08:21:71:4d:4a:
         18:c2:7b:27:38:c5:b5:97:2d:e2:07:bf:29:e6:ef:80:7b:a0:
         17:25:da:b3:d6:ba:12:84:99:11:f9:d8:12:fc:d8:9e:80:6c:
         8a:ba:a6:ee:09:f5:8d:33:c8:02:13:3f:dc:e2:87:84:d4:71:
         5a:89:c2:9a:48:55:c2:16:8a:35:8b:5d:27:73:dc:e4:2c:e6:
         28:76:48:a0:a4:72:a4:3b:f6:bf:aa:3b:8b:9f:95:93:c1:a7:
         a0:63:5b:49:73:14:e3:bd:c2:04:67:15:ff:8f:3d:34:6c:7d:
         86:52:00:bb:46:21:b6:05:71:54:ae:73:61:b0:2b:1d:35:e4:
         2c:5c:2f:94:7d:d3:83:e8:56:7e:0b:2c:96:b5:3b:cd:0d:2b:
         68:55:d4:ab:2b:a7:e3:d8:c2:0b:b1:49:de:e6:cd:3b:35:0a:
         6a:f5:c4:0b:da:06:76:8c:74:08:64:a1:8e:1f:3d:58:af:e9:
         bf:d2:36:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhCbbc4P3QexFNUtpCRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmFhMDAwZDk1MjQyMDE3YTA1YTlhZTFkMGJhMGI0MmUyMmFlNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnu5yRhLKRU1iPFAle4FB6ZxPN35P
3mKMaCH9Qr0o84FONIT6to8rGMhWmvlHHHgK1GrkpH5x44YWRmDuP8r799e0ssoI
50UZUZih1itD9pi1ZjRFj64FrELU7UmrleigOR8r8ww3A6CxqA0SHuF5He6otk9v
Bh+0GXGfUB7LT5bR6SvZ8J5TETTEGJD16qf3Sxd/dhbYvK+DRPar2kxlMEUcO28e
hk+Zfs+cDInO84Fu1Ls9qY+3Futt/kryUGQv9R0U1vpJxIlHJpwhjjQ7U7hco5vG
7x8fuILP8zG7438yWBKpHeLl3bAVZoKzFHSvfFHcW5k0qM2PkS0cVDUB9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAaqAA2VJCAXoFqa4dC6C0LiKuXSMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvQnFvQURaVWtJQmVnV3ByaDBMb0xRdUlxNWRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd20MA0G
CSqGSIb3DQEBCwUAA4IBAQA69u/EOCM5RbCX9HO3bHtfEV1DykirLQGPPN7KkHq4
403bsZMumC5TTZQJJnZP+P2z1NEpANGvKbqwHb+rpNsZxnMmCCFxTUoYwnsnOMW1
ly3iB78p5u+Ae6AXJdqz1roShJkR+dgS/NiegGyKuqbuCfWNM8gCEz/c4oeE1HFa
icKaSFXCFoo1i10nc9zkLOYodkigpHKkO/a/qjuLn5WTwaegY1tJcxTjvcIEZxX/
jz00bH2GUgC7RiG2BXFUrnNhsCsdNeQsXC+UfdOD6FZ+CyyWtTvNDStoVdSrK6fj
2MILsUne5s07NQpq9cQL2gZ2jHQIZKGOHz1Yr+m/0jbB
-----END CERTIFICATE-----