Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/f4baea-f054-4e23-9aa8-0ff8cafe5dea/1/yjLdisVxsIoHIDmK1cdDeBbKxeM.roa
File:                     yjLdisVxsIoHIDmK1cdDeBbKxeM.roa (raw, json)
Hash identifier:          neXJQtfQf6uvjUfLs6HDebDTp+ALBw/1LALUwbwR4Wk=
Subject key identifier:   CA:32:DD:8A:C5:71:B0:8A:07:20:39:8A:D5:C7:43:78:16:CA:C5:E3
Certificate issuer:       /CN=ecdf3696cf74ea955be383874e39a727aa6824f1
Certificate serial:       018CC9BC09DC1EC6F7EF54352242A369392C
Authority key identifier: EC:DF:36:96:CF:74:EA:95:5B:E3:83:87:4E:39:A7:27:AA:68:24:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7N82ls906pVb44OHTjmnJ6poJPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/f4baea-f054-4e23-9aa8-0ff8cafe5dea/1/yjLdisVxsIoHIDmK1cdDeBbKxeM.roa
Signing time:             Tue 02 Jan 2024 10:33:12 +0000
ROA not before:           Tue 02 Jan 2024 10:33:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210733
IP address blocks:        37.72.137.0/24 maxlen: 24
                          2a11:3040::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/f4baea-f054-4e23-9aa8-0ff8cafe5dea/1/7N82ls906pVb44OHTjmnJ6poJPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/f4baea-f054-4e23-9aa8-0ff8cafe5dea/1/7N82ls906pVb44OHTjmnJ6poJPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7N82ls906pVb44OHTjmnJ6poJPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:09:dc:1e:c6:f7:ef:54:35:22:42:a3:69:39:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ecdf3696cf74ea955be383874e39a727aa6824f1
        Validity
            Not Before: Jan  2 10:33:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca32dd8ac571b08a0720398ad5c7437816cac5e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:c3:3f:f8:63:9f:35:b9:65:66:76:05:b6:a6:
                    c1:60:3c:46:91:dc:b7:ab:b3:62:3c:59:3f:d0:71:
                    99:8b:5f:e0:3d:8b:d9:f5:2c:54:93:65:e1:e8:21:
                    7e:51:45:95:59:c0:4b:71:52:26:3a:4a:a3:af:1b:
                    7b:81:d4:ec:3e:ae:3f:63:ba:88:3a:5a:44:96:7b:
                    ad:2a:e2:ec:d2:07:65:e2:41:6f:e5:c4:51:94:73:
                    80:fe:40:bd:72:3e:b4:bb:ee:d6:72:9e:d3:7a:8e:
                    b7:70:e5:a6:93:f9:d7:b2:7f:59:a2:bd:0e:9d:31:
                    5e:81:8a:6d:bc:27:83:af:d5:02:57:5c:c9:c6:04:
                    a9:d0:80:73:5e:89:74:a4:f0:8c:24:eb:2f:37:15:
                    d1:4a:fe:a3:df:ba:8a:17:84:41:7f:ec:d5:f4:b6:
                    71:ed:ce:67:90:6d:41:f0:11:b4:c2:46:04:3d:25:
                    81:c7:01:bc:7a:36:98:25:54:f5:84:6f:23:f7:c2:
                    1e:31:15:77:94:35:39:5c:db:fd:4c:3c:d9:89:ba:
                    0a:8b:ce:88:f7:54:c8:6f:50:22:88:ab:9d:ef:7e:
                    8d:5a:8c:99:dc:51:c2:74:c4:d4:c8:9c:13:f9:7e:
                    c9:e7:37:eb:46:4a:9a:38:8b:d6:da:22:64:cc:62:
                    7f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:32:DD:8A:C5:71:B0:8A:07:20:39:8A:D5:C7:43:78:16:CA:C5:E3
            X509v3 Authority Key Identifier:
                keyid:EC:DF:36:96:CF:74:EA:95:5B:E3:83:87:4E:39:A7:27:AA:68:24:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7N82ls906pVb44OHTjmnJ6poJPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f4baea-f054-4e23-9aa8-0ff8cafe5dea/1/yjLdisVxsIoHIDmK1cdDeBbKxeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f4baea-f054-4e23-9aa8-0ff8cafe5dea/1/7N82ls906pVb44OHTjmnJ6poJPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.137.0/24
                IPv6:
                  2a11:3040::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:5f:38:ae:5d:8b:21:48:44:0d:4c:69:61:d1:26:f7:70:5f:
         f3:5c:db:68:4f:64:d1:86:1f:12:4d:d8:d7:64:f8:87:ce:0b:
         29:bf:28:2c:79:1e:17:ec:58:3c:44:e4:fd:3d:58:df:5d:6b:
         a8:0c:ae:e9:a4:12:c7:ed:49:e1:41:6d:83:54:16:e9:93:60:
         2f:7d:50:34:52:18:8c:4b:96:08:24:18:ce:36:10:5f:cf:1a:
         bb:a3:1a:38:99:67:d5:45:2a:1a:4b:32:8d:c1:07:6e:be:80:
         18:ee:2b:b7:59:06:66:4a:c2:1f:f3:8d:65:ca:c0:07:cd:bd:
         9c:3a:7a:dd:3b:06:7d:13:cf:b0:3b:ce:9b:0a:23:1a:e1:24:
         f1:f9:4a:23:d3:a1:8d:d5:f4:08:8a:76:0d:36:e9:15:c4:d7:
         7f:6c:22:e3:00:26:08:c2:ab:3c:9b:89:2e:24:21:be:b9:ff:
         37:4f:a2:f1:da:09:1f:1e:2a:90:f0:42:3b:90:25:de:8a:7a:
         db:3c:48:ae:ef:45:84:b9:06:b1:3d:76:16:5c:d9:cf:eb:58:
         a3:d8:20:81:20:52:8a:cd:2d:68:53:1f:31:10:56:25:c2:62:
         ca:8c:23:19:0c:16:05:db:19:83:b4:d0:89:15:72:4b:c9:f5:
         b7:3b:36:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvAncHsb371Q1IkKjaTksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZGYzNjk2Y2Y3NGVhOTU1YmUzODM4NzRlMzlhNzI3YWE2
ODI0ZjEwHhcNMjQwMTAyMTAzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTMyZGQ4YWM1NzFiMDhhMDcyMDM5OGFkNWM3NDM3ODE2Y2FjNWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMM/+GOfNbllZnYFtqbBYDxGkdy3
q7NiPFk/0HGZi1/gPYvZ9SxUk2Xh6CF+UUWVWcBLcVImOkqjrxt7gdTsPq4/Y7qI
OlpElnutKuLs0gdl4kFv5cRRlHOA/kC9cj60u+7Wcp7Teo63cOWmk/nXsn9Zor0O
nTFegYptvCeDr9UCV1zJxgSp0IBzXol0pPCMJOsvNxXRSv6j37qKF4RBf+zV9LZx
7c5nkG1B8BG0wkYEPSWBxwG8ejaYJVT1hG8j98IeMRV3lDU5XNv9TDzZiboKi86I
91TIb1AiiKud736NWoyZ3FHCdMTUyJwT+X7J5zfrRkqaOIvW2iJkzGJ/AwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMoy3YrFcbCKByA5itXHQ3gWysXjMB8GA1UdIwQY
MBaAFOzfNpbPdOqVW+ODh045pyeqaCTxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN044MmxzOTA2cFZiNDRPSFRqbW5KNnBvSlBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9mNGJhZWEtZjA1NC00ZTIzLTlhYTgt
MGZmOGNhZmU1ZGVhLzEveWpMZGlzVnhzSW9ISURtSzFjZERlQmJLeGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9mNGJhZWEtZjA1NC00ZTIzLTlhYTgtMGZmOGNhZmU1ZGVh
LzEvN044MmxzOTA2cFZiNDRPSFRqbW5KNnBvSlBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJUiJMA0E
AgACMAcDBQMqETBAMA0GCSqGSIb3DQEBCwUAA4IBAQBZXziuXYshSEQNTGlh0Sb3
cF/zXNtoT2TRhh8STdjXZPiHzgspvygseR4X7Fg8ROT9PVjfXWuoDK7ppBLH7Unh
QW2DVBbpk2AvfVA0UhiMS5YIJBjONhBfzxq7oxo4mWfVRSoaSzKNwQduvoAY7iu3
WQZmSsIf841lysAHzb2cOnrdOwZ9E8+wO86bCiMa4STx+Uoj06GN1fQIinYNNukV
xNd/bCLjACYIwqs8m4kuJCG+uf83T6Lx2gkfHiqQ8EI7kCXeinrbPEiu70WEuQax
PXYWXNnP61ij2CCBIFKKzS1oUx8xEFYlwmLKjCMZDBYF2xmDtNCJFXJLyfW3OzZb
-----END CERTIFICATE-----