Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/j9NdtYV008vSEsemtjnECLfJhEA.roa
File:                     j9NdtYV008vSEsemtjnECLfJhEA.roa (raw, json)
Hash identifier:          Zo9Zo9n92g7lDzkgZRF7V7Ivm2aLs/6iLs2TFGLng2M=
Subject key identifier:   8F:D3:5D:B5:85:74:D3:CB:D2:12:C7:A6:B6:39:C4:08:B7:C9:84:40
Certificate issuer:       /CN=2906f026b1fe636c9a5da011dc7fd69c581d02b8
Certificate serial:       018CC2DAB81E34D66220FDCEB794AD121C64
Authority key identifier: 29:06:F0:26:B1:FE:63:6C:9A:5D:A0:11:DC:7F:D6:9C:58:1D:02:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQbwJrH-Y2yaXaAR3H_WnFgdArg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/j9NdtYV008vSEsemtjnECLfJhEA.roa
Signing time:             Mon 01 Jan 2024 02:29:23 +0000
ROA not before:           Mon 01 Jan 2024 02:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25180
IP address blocks:        37.17.184.0/24 maxlen: 24
                          37.17.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/KQbwJrH-Y2yaXaAR3H_WnFgdArg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/KQbwJrH-Y2yaXaAR3H_WnFgdArg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQbwJrH-Y2yaXaAR3H_WnFgdArg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:b8:1e:34:d6:62:20:fd:ce:b7:94:ad:12:1c:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2906f026b1fe636c9a5da011dc7fd69c581d02b8
        Validity
            Not Before: Jan  1 02:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fd35db58574d3cbd212c7a6b639c408b7c98440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:f3:c3:cf:0c:06:bd:1a:5f:0c:f1:22:a0:e9:
                    ea:c2:42:99:61:20:e3:f8:14:f9:61:3d:a0:8e:e7:
                    36:d2:80:eb:63:2c:42:cb:ab:98:75:31:49:46:4a:
                    b0:34:9f:e6:67:a3:bf:ee:c4:7a:2b:cb:be:32:1f:
                    6a:70:c7:aa:87:3d:5d:d9:76:e7:60:c0:ed:f2:53:
                    1d:57:0e:34:e0:23:9d:9a:55:ec:18:8f:4b:9c:99:
                    e9:e3:15:1c:82:ad:f1:58:07:1d:dd:04:ea:e7:77:
                    96:87:d0:09:47:58:06:2e:af:69:3c:8f:94:ba:95:
                    f5:93:79:7d:0d:26:2a:12:99:46:8b:2d:43:c4:0f:
                    08:c7:ee:ce:6a:8c:0b:df:fb:ba:4c:35:12:7c:16:
                    87:40:ed:e2:9a:4e:f7:97:c2:66:2c:ae:ca:3b:d6:
                    ae:07:8f:a8:26:ea:7f:ce:f2:d2:3e:46:d9:61:af:
                    c7:24:20:d5:90:18:fc:bb:aa:bb:67:26:ee:78:d3:
                    14:3d:22:2e:2c:ef:f9:71:43:e8:68:8d:7c:8e:9b:
                    28:8d:31:73:31:17:a7:d8:45:40:57:8b:73:5f:1e:
                    83:d9:fc:e4:07:6c:ed:0e:36:b9:9a:73:a7:61:42:
                    e8:21:73:f6:cd:ec:fa:89:86:ef:e0:26:62:a7:30:
                    1e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:D3:5D:B5:85:74:D3:CB:D2:12:C7:A6:B6:39:C4:08:B7:C9:84:40
            X509v3 Authority Key Identifier:
                keyid:29:06:F0:26:B1:FE:63:6C:9A:5D:A0:11:DC:7F:D6:9C:58:1D:02:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQbwJrH-Y2yaXaAR3H_WnFgdArg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/j9NdtYV008vSEsemtjnECLfJhEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/67a32d-7bf8-4b04-aa05-80a91be83e4b/1/KQbwJrH-Y2yaXaAR3H_WnFgdArg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.17.184.0/24
                  37.17.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:ac:d6:cc:b6:7b:38:28:be:b7:f3:f7:71:32:cd:9a:9a:1e:
         fa:c7:d0:3f:e9:5d:b5:32:04:7e:4e:c5:b0:e0:cb:0b:2d:92:
         37:2e:29:c0:c6:d5:f9:5c:c7:c3:7f:3a:da:35:70:08:30:f7:
         30:1a:ae:ad:83:43:97:88:f1:04:f7:68:e6:12:38:a4:06:cd:
         d7:cc:62:c6:35:b5:53:7f:08:08:3b:2e:f5:bc:cf:f7:09:b4:
         2b:51:7b:1d:80:2f:2b:d0:42:b2:be:4b:53:63:f4:f9:78:d9:
         05:4c:79:b1:06:38:45:d1:6c:5b:7a:b1:9b:39:1f:e3:db:17:
         49:33:75:37:6a:fa:7c:90:07:65:87:7d:06:97:c5:0c:f4:64:
         75:3d:98:d2:4a:5e:cb:54:af:6e:d7:93:bd:44:d0:7a:d0:17:
         30:48:2d:46:d9:fb:1e:65:e9:aa:2a:01:a5:3a:0c:93:4b:91:
         a0:8c:d5:69:21:36:c8:65:e8:59:c1:df:a8:db:85:a4:08:07:
         55:5c:e5:59:28:3a:86:43:3a:69:26:f9:6f:de:92:dd:8e:5b:
         ee:f7:d7:c5:16:30:5e:b8:6e:63:b2:cc:88:28:4b:06:70:d3:
         d3:73:ca:34:6a:0b:8b:ae:f8:3b:59:72:07:2f:34:ab:61:45:
         0b:26:bb:a8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2rgeNNZiIP3Ot5StEhxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDZmMDI2YjFmZTYzNmM5YTVkYTAxMWRjN2ZkNjljNTgx
ZDAyYjgwHhcNMjQwMTAxMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmQzNWRiNTg1NzRkM2NiZDIxMmM3YTZiNjM5YzQwOGI3Yzk4NDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivPDzwwGvRpfDPEioOnqwkKZYSDj
+BT5YT2gjuc20oDrYyxCy6uYdTFJRkqwNJ/mZ6O/7sR6K8u+Mh9qcMeqhz1d2Xbn
YMDt8lMdVw404COdmlXsGI9LnJnp4xUcgq3xWAcd3QTq53eWh9AJR1gGLq9pPI+U
upX1k3l9DSYqEplGiy1DxA8Ix+7OaowL3/u6TDUSfBaHQO3imk73l8JmLK7KO9au
B4+oJup/zvLSPkbZYa/HJCDVkBj8u6q7ZybueNMUPSIuLO/5cUPoaI18jpsojTFz
MRen2EVAV4tzXx6D2fzkB2ztDja5mnOnYULoIXP2zez6iYbv4CZipzAeNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI/TXbWFdNPL0hLHprY5xAi3yYRAMB8GA1UdIwQY
MBaAFCkG8Cax/mNsml2gEdx/1pxYHQK4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1Fid0pySC1ZMnlhWGFBUjNIX1duRmdkQXJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy82N2EzMmQtN2JmOC00YjA0LWFhMDUt
ODBhOTFiZTgzZTRiLzEvajlOZHRZVjAwOHZTRXNlbXRqbkVDTGZKaEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy82N2EzMmQtN2JmOC00YjA0LWFhMDUtODBhOTFiZTgzZTRi
LzEvS1Fid0pySC1ZMnlhWGFBUjNIX1duRmdkQXJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJRG4AwQA
JRG7MA0GCSqGSIb3DQEBCwUAA4IBAQBurNbMtns4KL638/dxMs2amh76x9A/6V21
MgR+TsWw4MsLLZI3LinAxtX5XMfDfzraNXAIMPcwGq6tg0OXiPEE92jmEjikBs3X
zGLGNbVTfwgIOy71vM/3CbQrUXsdgC8r0EKyvktTY/T5eNkFTHmxBjhF0WxberGb
OR/j2xdJM3U3avp8kAdlh30Gl8UM9GR1PZjSSl7LVK9u15O9RNB60BcwSC1G2fse
ZemqKgGlOgyTS5GgjNVpITbIZehZwd+o24WkCAdVXOVZKDqGQzppJvlv3pLdjlvu
99fFFjBeuG5jssyIKEsGcNPTc8o0aguLrvg7WXIHLzSrYUULJruo
-----END CERTIFICATE-----