Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/g9XEZkD0Q3jLRwKSbI_pFqiildQ.roa
File:                     g9XEZkD0Q3jLRwKSbI_pFqiildQ.roa (raw, json)
Hash identifier:          K+Io5c+LqCZiqiY89USPUlrpi0wbO9VHJp+F8gWeGOA=
Subject key identifier:   83:D5:C4:66:40:F4:43:78:CB:47:02:92:6C:8F:E9:16:A8:A2:95:D4
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01941FFA865BBDB8674BB83324F42D5418A8
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/g9XEZkD0Q3jLRwKSbI_pFqiildQ.roa
Signing time:             Wed 01 Jan 2025 03:48:19 +0000
ROA not before:           Wed 01 Jan 2025 03:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9384
IP address blocks:        37.128.240.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:86:5b:bd:b8:67:4b:b8:33:24:f4:2d:54:18:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  1 03:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83d5c46640f44378cb4702926c8fe916a8a295d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c9:4e:6b:12:20:58:1e:54:d8:5b:07:37:60:
                    8e:00:ec:26:fb:d4:27:69:b0:a6:a5:e1:c7:83:5e:
                    5f:f0:3c:4f:ac:cf:24:6a:19:d1:6b:31:76:64:e9:
                    b1:db:07:89:a3:66:42:5d:62:65:09:05:e0:81:c6:
                    94:f4:41:6d:11:63:f8:32:6a:64:7e:9c:9a:fb:68:
                    61:f3:fd:5c:4a:25:22:6f:3e:51:0c:b6:a5:ea:b1:
                    5d:75:ad:37:d4:68:2e:b0:5e:cc:76:e8:21:bf:63:
                    82:79:98:78:4a:a0:d9:4d:da:63:49:07:5e:64:34:
                    b2:77:a6:e8:ed:57:ae:7b:55:84:de:e9:9a:ee:6e:
                    48:9a:01:63:eb:5a:fb:1c:35:28:5f:d4:bc:27:ef:
                    05:59:89:42:9b:a4:5b:b1:58:0c:93:a1:1e:b5:84:
                    be:f5:68:fc:66:49:e4:28:10:e3:69:49:ab:81:79:
                    f5:7e:ae:9b:74:e1:8c:22:d5:fb:06:f1:2d:e8:f9:
                    9d:c0:b4:e1:0f:08:62:46:50:ae:7a:ec:ab:a2:e2:
                    10:2e:20:c4:d6:e4:98:06:db:06:09:78:24:cc:49:
                    3d:8f:18:aa:90:37:70:38:52:02:17:60:26:ad:ba:
                    70:40:ea:6d:30:c1:f3:15:95:f3:e2:f3:f4:40:d1:
                    5f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D5:C4:66:40:F4:43:78:CB:47:02:92:6C:8F:E9:16:A8:A2:95:D4
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/g9XEZkD0Q3jLRwKSbI_pFqiildQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         17:c1:ae:89:50:d4:21:ba:f8:0c:b9:d5:1f:51:74:ee:fc:18:
         71:2f:60:c4:70:fe:25:e2:eb:da:e7:db:a1:fe:20:a2:07:c5:
         7b:da:2c:53:b5:aa:6d:31:1e:90:04:f0:ef:bd:0a:0d:97:be:
         3a:85:a9:83:e6:fd:fe:40:ff:84:98:01:51:c0:9b:b7:e4:fb:
         f7:d9:51:f9:77:73:07:a1:58:23:ef:06:9b:11:04:d6:ac:cb:
         06:bf:cb:51:f3:01:d9:a1:76:6b:29:69:cf:de:25:31:93:b5:
         bf:a0:71:0b:1c:67:af:e7:3c:77:a7:e3:80:4e:8e:86:05:2d:
         93:e3:2f:44:8d:fc:0d:89:71:f3:44:b0:75:76:7c:6a:ae:09:
         76:5d:2b:1b:1f:92:be:a6:4e:ba:91:56:04:27:23:49:a5:dc:
         02:2f:03:ac:ab:a6:1f:69:a5:52:2b:28:48:b2:2b:6f:58:3f:
         5c:83:1a:e9:44:63:e4:ec:c6:3a:7f:53:bf:1e:39:58:23:63:
         28:ba:28:ec:dd:6d:58:b6:94:dc:87:e8:40:bd:d7:02:46:34:
         e9:db:5d:7f:75:47:93:28:0f:8f:df:71:1d:74:dd:73:cc:31:
         9f:45:7e:0e:8d:4c:79:72:cc:95:20:aa:a2:2f:34:9a:64:a5:
         b4:69:42:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+oZbvbhnS7gzJPQtVBioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Q1YzQ2NjQwZjQ0Mzc4Y2I0NzAyOTI2YzhmZTkxNmE4YTI5NWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MlOaxIgWB5U2FsHN2COAOwm+9Qn
abCmpeHHg15f8DxPrM8kahnRazF2ZOmx2weJo2ZCXWJlCQXggcaU9EFtEWP4Mmpk
fpya+2hh8/1cSiUibz5RDLal6rFdda031GgusF7Mdughv2OCeZh4SqDZTdpjSQde
ZDSyd6bo7Veue1WE3uma7m5ImgFj61r7HDUoX9S8J+8FWYlCm6RbsVgMk6EetYS+
9Wj8ZknkKBDjaUmrgXn1fq6bdOGMItX7BvEt6PmdwLThDwhiRlCueuyrouIQLiDE
1uSYBtsGCXgkzEk9jxiqkDdwOFICF2AmrbpwQOptMMHzFZXz4vP0QNFfowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPVxGZA9EN4y0cCkmyP6RaoopXUMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZzlYRVprRDBRM2pMUndLU2JJX3BGcWlpbGRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJYDwMA0G
CSqGSIb3DQEBCwUAA4IBAQAXwa6JUNQhuvgMudUfUXTu/BhxL2DEcP4l4uva59uh
/iCiB8V72ixTtaptMR6QBPDvvQoNl746hamD5v3+QP+EmAFRwJu35Pv32VH5d3MH
oVgj7wabEQTWrMsGv8tR8wHZoXZrKWnP3iUxk7W/oHELHGev5zx3p+OATo6GBS2T
4y9EjfwNiXHzRLB1dnxqrgl2XSsbH5K+pk66kVYEJyNJpdwCLwOsq6YfaaVSKyhI
sitvWD9cgxrpRGPk7MY6f1O/HjlYI2Mouijs3W1YtpTch+hAvdcCRjTp211/dUeT
KA+P33EddN1zzDGfRX4OjUx5csyVIKqiLzSaZKW0aUKM
-----END CERTIFICATE-----