Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/WBtyH3xIh85ZZBrTcxdAkOqLh0U.roa
File:                     WBtyH3xIh85ZZBrTcxdAkOqLh0U.roa (raw, json)
Hash identifier:          Nze5z+bOBRkL3xCF0RtTEc5oQLu9PgceLl5A2srU0nE=
Subject key identifier:   58:1B:72:1F:7C:48:87:CE:59:64:1A:D3:73:17:40:90:EA:8B:87:45
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018CCA2A35CCFC12A1F749DFAB1C4623F320
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/WBtyH3xIh85ZZBrTcxdAkOqLh0U.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61112
IP address blocks:        37.128.252.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:35:cc:fc:12:a1:f7:49:df:ab:1c:46:23:f3:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=581b721f7c4887ce59641ad373174090ea8b8745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:93:4c:f5:a2:73:80:a4:98:92:f4:e2:41:8c:
                    c2:2e:62:fd:b8:0a:d0:ce:85:10:bd:56:8e:75:8c:
                    df:1e:64:5e:41:3f:72:e7:49:0c:8d:06:2a:cf:4c:
                    ae:80:07:b5:a5:01:03:7d:93:56:5a:bb:f4:d5:2f:
                    92:c1:79:51:48:6b:bd:59:99:7b:dc:27:4b:c4:0a:
                    c6:79:6f:b9:d5:92:23:e8:2e:7d:55:61:92:ac:d6:
                    47:a1:62:b4:d8:b6:ff:d5:57:88:f3:a8:34:57:72:
                    94:ef:61:8a:d3:14:6f:00:ae:89:44:98:e0:f0:5a:
                    37:95:87:9c:8c:94:e8:24:50:95:e1:bb:20:b3:37:
                    f4:4d:f2:e9:59:59:29:61:0d:43:4f:99:44:ee:96:
                    26:4d:a0:61:6a:aa:7f:43:47:44:11:95:17:ca:e4:
                    e7:59:d4:ae:6b:cf:8a:0f:d3:69:94:37:ea:2c:9a:
                    e8:f0:de:50:88:74:07:22:0a:1e:62:42:b0:5f:18:
                    7f:44:d1:d9:bb:02:b7:d1:54:a6:6b:c0:7e:84:50:
                    2a:ae:31:3d:54:54:6d:c8:a1:33:23:65:8f:90:13:
                    25:64:17:90:e5:66:ff:43:60:39:4c:13:fb:5f:93:
                    38:57:7a:29:54:84:c0:85:4a:91:ac:a4:eb:bc:73:
                    d1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:1B:72:1F:7C:48:87:CE:59:64:1A:D3:73:17:40:90:EA:8B:87:45
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/WBtyH3xIh85ZZBrTcxdAkOqLh0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:20:82:d3:86:0b:fc:3c:49:fb:f3:71:cf:e2:d5:5a:5a:9f:
         b7:18:06:d6:38:c5:2a:9a:f8:d7:9e:65:09:2d:cf:7e:f0:ff:
         f3:d9:79:17:74:55:ff:ad:b2:02:e7:f8:40:ae:08:12:27:96:
         40:68:85:6b:94:02:8b:37:51:f1:35:a2:e1:9e:f1:8a:1d:90:
         ca:73:f1:43:89:a5:8c:81:bf:4e:ba:e5:03:69:86:59:81:b5:
         48:e8:5a:42:2b:b6:e7:2b:a3:be:f6:5e:e4:d2:d9:d9:b5:86:
         fb:8b:53:8e:61:7c:9f:7b:02:d6:36:8a:fe:97:24:65:90:53:
         53:23:c7:88:6d:5c:6b:b6:1e:76:26:e6:49:12:51:32:d6:7b:
         2a:05:a8:f5:10:9f:fc:d1:71:99:7c:80:a9:18:bf:ec:7a:cb:
         99:3b:21:a7:6a:0c:dc:8d:72:87:d2:61:eb:17:63:5b:69:5a:
         d7:c8:fc:51:4a:46:77:93:b1:ed:42:b8:00:1f:c7:13:2e:63:
         a5:a2:06:0a:69:2b:b3:4f:49:f5:ad:1a:b4:0c:cd:f8:db:9d:
         e7:42:50:56:a8:88:90:0a:2e:40:0c:df:26:3a:e0:bc:d9:24:
         01:a4:cf:7f:6a:9b:fa:bc:86:fe:c5:50:4c:60:3c:a1:b0:2c:
         dc:8b:00:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjXM/BKh90nfqxxGI/MgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODFiNzIxZjdjNDg4N2NlNTk2NDFhZDM3MzE3NDA5MGVhOGI4NzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5NM9aJzgKSYkvTiQYzCLmL9uArQ
zoUQvVaOdYzfHmReQT9y50kMjQYqz0yugAe1pQEDfZNWWrv01S+SwXlRSGu9WZl7
3CdLxArGeW+51ZIj6C59VWGSrNZHoWK02Lb/1VeI86g0V3KU72GK0xRvAK6JRJjg
8Fo3lYecjJToJFCV4bsgszf0TfLpWVkpYQ1DT5lE7pYmTaBhaqp/Q0dEEZUXyuTn
WdSua8+KD9NplDfqLJro8N5QiHQHIgoeYkKwXxh/RNHZuwK30VSma8B+hFAqrjE9
VFRtyKEzI2WPkBMlZBeQ5Wb/Q2A5TBP7X5M4V3opVITAhUqRrKTrvHPRLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgbch98SIfOWWQa03MXQJDqi4dFMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvV0J0eUgzeEloODVaWkJyVGN4ZEFrT3FMaDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJYD8MA0G
CSqGSIb3DQEBCwUAA4IBAQCxIILThgv8PEn783HP4tVaWp+3GAbWOMUqmvjXnmUJ
Lc9+8P/z2XkXdFX/rbIC5/hArggSJ5ZAaIVrlAKLN1HxNaLhnvGKHZDKc/FDiaWM
gb9OuuUDaYZZgbVI6FpCK7bnK6O+9l7k0tnZtYb7i1OOYXyfewLWNor+lyRlkFNT
I8eIbVxrth52JuZJElEy1nsqBaj1EJ/80XGZfICpGL/sesuZOyGnagzcjXKH0mHr
F2NbaVrXyPxRSkZ3k7HtQrgAH8cTLmOlogYKaSuzT0n1rRq0DM34253nQlBWqIiQ
Ci5ADN8mOuC82SQBpM9/apv6vIb+xVBMYDyhsCzciwAs
-----END CERTIFICATE-----