Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/_b-w9LvxuQUdQBFQTPOqft2tDNE.roa
File:                     _b-w9LvxuQUdQBFQTPOqft2tDNE.roa (raw, json)
Hash identifier:          ZeBYUCPyEsrx7JXuItWCAACWIJTP5Z1eTXibb6gzJH8=
Subject key identifier:   FD:BF:B0:F4:BB:F1:B9:05:1D:40:11:50:4C:F3:AA:7E:DD:AD:0C:D1
Certificate issuer:       /CN=9a3ce5c5a730cd8e2ff1f55d180f1a81b3000cc8
Certificate serial:       019422200EE64230CC1E6D0B7337DCD524BF
Authority key identifier: 9A:3C:E5:C5:A7:30:CD:8E:2F:F1:F5:5D:18:0F:1A:81:B3:00:0C:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mjzlxacwzY4v8fVdGA8agbMADMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/_b-w9LvxuQUdQBFQTPOqft2tDNE.roa
Signing time:             Wed 01 Jan 2025 13:48:33 +0000
ROA not before:           Wed 01 Jan 2025 13:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5432
IP address blocks:        213.137.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/mjzlxacwzY4v8fVdGA8agbMADMg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/mjzlxacwzY4v8fVdGA8agbMADMg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mjzlxacwzY4v8fVdGA8agbMADMg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:0e:e6:42:30:cc:1e:6d:0b:73:37:dc:d5:24:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a3ce5c5a730cd8e2ff1f55d180f1a81b3000cc8
        Validity
            Not Before: Jan  1 13:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fdbfb0f4bbf1b9051d4011504cf3aa7eddad0cd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:33:b6:c5:b2:12:a5:48:9d:98:e7:51:95:4b:
                    72:36:8b:91:95:0d:f2:de:96:5e:4c:46:c2:f9:c1:
                    b0:f0:61:bc:05:c1:30:ba:52:a4:68:5e:8a:fd:fe:
                    ff:75:b6:5f:6f:fb:7b:fa:9b:92:25:26:09:a8:76:
                    f1:e6:e5:84:e1:37:78:f1:bb:2d:28:db:f1:ec:37:
                    d1:08:09:f0:60:80:93:97:20:ab:45:aa:48:67:65:
                    37:dc:e8:40:cb:86:bb:b3:a3:99:02:db:c3:54:3d:
                    ee:29:72:3c:6a:cf:07:d2:24:c7:b6:d7:7e:70:21:
                    f6:3b:93:03:b0:2d:94:40:e9:65:58:52:b1:c6:62:
                    46:b8:c8:e9:7d:ea:e9:e5:02:d4:b3:0c:1a:d9:eb:
                    59:ae:e3:d8:a2:f7:42:6b:fa:aa:6f:1e:39:57:c0:
                    46:f6:5f:03:1e:0a:3a:38:9d:94:6d:12:35:cc:41:
                    d5:75:6c:01:f2:2f:5f:4e:79:0c:b1:bb:d1:b2:bb:
                    77:07:ed:0f:a6:c1:ff:75:2a:e2:a2:8a:d2:70:da:
                    0f:bd:1c:d9:24:ed:ae:52:2c:44:f2:ea:96:60:44:
                    ba:fd:22:9d:38:97:6a:8f:4b:26:aa:b2:ce:7d:26:
                    b4:2f:c7:96:e3:fd:55:2c:7e:5a:c4:96:d3:a1:83:
                    9e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BF:B0:F4:BB:F1:B9:05:1D:40:11:50:4C:F3:AA:7E:DD:AD:0C:D1
            X509v3 Authority Key Identifier:
                keyid:9A:3C:E5:C5:A7:30:CD:8E:2F:F1:F5:5D:18:0F:1A:81:B3:00:0C:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjzlxacwzY4v8fVdGA8agbMADMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/_b-w9LvxuQUdQBFQTPOqft2tDNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/mjzlxacwzY4v8fVdGA8agbMADMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.137.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:04:13:a2:64:75:ee:80:1d:7d:0f:37:85:df:20:77:dc:73:
         f1:19:96:cd:26:26:a6:47:56:db:ff:21:9c:f7:12:71:d8:32:
         42:40:78:cd:f7:22:c3:a2:8c:2f:5a:f6:7b:e9:2d:45:d6:f4:
         67:9f:3a:8c:ae:57:63:49:ac:90:17:31:47:d1:b6:03:14:aa:
         46:09:14:ae:37:4f:2b:bb:f1:6d:60:4a:29:b1:3c:7f:f3:8f:
         84:eb:20:fa:7a:c0:c5:07:f4:68:a0:6a:4a:3a:fc:64:b4:6e:
         4a:98:bc:8e:70:8d:03:17:26:c9:8e:08:79:b2:c1:3c:55:63:
         78:af:f6:4c:3c:37:a1:bd:6f:ba:53:c3:84:04:2a:f6:08:ca:
         53:a4:a7:fc:1e:ab:93:d7:fc:01:49:31:a3:8a:f4:38:ff:f8:
         98:95:09:db:67:a1:85:42:30:cf:ab:66:d1:16:82:97:a3:aa:
         48:81:b7:8b:9a:9b:6f:54:8c:1b:bd:1e:3f:2d:e1:de:58:e2:
         ad:59:f8:44:07:0b:34:77:40:5f:f9:9b:f0:63:5a:ca:3f:47:
         4e:de:bd:74:91:4a:19:8b:13:a1:04:3d:78:03:ed:96:86:34:
         8e:53:ad:46:e6:98:ff:e4:d3:bd:6f:b7:93:ed:d7:3e:0c:85:
         aa:95:32:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIA7mQjDMHm0Lczfc1SS/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhM2NlNWM1YTczMGNkOGUyZmYxZjU1ZDE4MGYxYTgxYjMw
MDBjYzgwHhcNMjUwMTAxMTM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGJmYjBmNGJiZjFiOTA1MWQ0MDExNTA0Y2YzYWE3ZWRkYWQwY2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTO2xbISpUidmOdRlUtyNouRlQ3y
3pZeTEbC+cGw8GG8BcEwulKkaF6K/f7/dbZfb/t7+puSJSYJqHbx5uWE4Td48bst
KNvx7DfRCAnwYICTlyCrRapIZ2U33OhAy4a7s6OZAtvDVD3uKXI8as8H0iTHttd+
cCH2O5MDsC2UQOllWFKxxmJGuMjpferp5QLUswwa2etZruPYovdCa/qqbx45V8BG
9l8DHgo6OJ2UbRI1zEHVdWwB8i9fTnkMsbvRsrt3B+0PpsH/dSrioorScNoPvRzZ
JO2uUixE8uqWYES6/SKdOJdqj0smqrLOfSa0L8eW4/1VLH5axJbToYOeBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2/sPS78bkFHUARUEzzqn7drQzRMB8GA1UdIwQY
MBaAFJo85cWnMM2OL/H1XRgPGoGzAAzIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWp6bHhhY3d6WTR2OGZWZEdBOGFnYk1BRE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wNTgwYjItZjZhNC00ZGU2LTkxMDMt
YTAxZDcyOWIwYTIxLzEvX2ItdzlMdnh1UVVkUUJGUVRQT3FmdDJ0RE5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wNTgwYjItZjZhNC00ZGU2LTkxMDMtYTAxZDcyOWIwYTIx
LzEvbWp6bHhhY3d6WTR2OGZWZEdBOGFnYk1BRE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YmdMA0G
CSqGSIb3DQEBCwUAA4IBAQDXBBOiZHXugB19DzeF3yB33HPxGZbNJiamR1bb/yGc
9xJx2DJCQHjN9yLDoowvWvZ76S1F1vRnnzqMrldjSayQFzFH0bYDFKpGCRSuN08r
u/FtYEopsTx/84+E6yD6esDFB/RooGpKOvxktG5KmLyOcI0DFybJjgh5ssE8VWN4
r/ZMPDehvW+6U8OEBCr2CMpTpKf8HquT1/wBSTGjivQ4//iYlQnbZ6GFQjDPq2bR
FoKXo6pIgbeLmptvVIwbvR4/LeHeWOKtWfhEBws0d0Bf+ZvwY1rKP0dO3r10kUoZ
ixOhBD14A+2WhjSOU61G5pj/5NO9b7eT7dc+DIWqlTLb
-----END CERTIFICATE-----