Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/LUWZzkXfA6tH7kZO7jIhXlx6fCk.roa
File:                     LUWZzkXfA6tH7kZO7jIhXlx6fCk.roa (raw, json)
Hash identifier:          t9q+GRa4a8GiGJBsYu/wzUJIIfzAwe8cjUXBQIq2rl8=
Subject key identifier:   2D:45:99:CE:45:DF:03:AB:47:EE:46:4E:EE:32:21:5E:5C:7A:7C:29
Certificate issuer:       /CN=949ff40831ca66f996c76ea466af49476fecd1ff
Certificate serial:       018CC8DD08E2FB2FF5DEDC67F92D4D7DB113
Authority key identifier: 94:9F:F4:08:31:CA:66:F9:96:C7:6E:A4:66:AF:49:47:6F:EC:D1:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lJ_0CDHKZvmWx26kZq9JR2_s0f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/LUWZzkXfA6tH7kZO7jIhXlx6fCk.roa
Signing time:             Tue 02 Jan 2024 06:29:38 +0000
ROA not before:           Tue 02 Jan 2024 06:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35236
IP address blocks:        37.221.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/lJ_0CDHKZvmWx26kZq9JR2_s0f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/lJ_0CDHKZvmWx26kZq9JR2_s0f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lJ_0CDHKZvmWx26kZq9JR2_s0f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dd:08:e2:fb:2f:f5:de:dc:67:f9:2d:4d:7d:b1:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=949ff40831ca66f996c76ea466af49476fecd1ff
        Validity
            Not Before: Jan  2 06:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d4599ce45df03ab47ee464eee32215e5c7a7c29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c2:3a:59:0a:ee:7b:d0:ba:4a:9e:35:3b:1b:
                    88:e9:57:3d:63:07:0f:0b:1e:90:1a:f8:08:52:18:
                    ed:47:e0:f0:25:63:35:89:2b:f1:92:f5:65:18:26:
                    7d:b0:8e:fa:15:8e:08:a3:46:0e:b6:c5:44:0e:b8:
                    ef:d3:57:c3:e4:f0:a6:91:42:af:d3:f6:51:e3:9a:
                    05:41:47:ed:43:db:ac:3a:c7:7c:7e:3f:b3:ad:0b:
                    3d:98:7e:8a:1f:1d:18:40:57:13:40:c6:b9:c4:c8:
                    31:87:af:f7:a6:27:0a:45:63:4d:19:60:88:c0:92:
                    9e:ad:a0:7d:02:7d:c5:08:57:ca:e1:54:38:7e:4a:
                    47:1d:69:7d:e3:6a:31:5e:61:73:78:69:7e:91:ac:
                    55:f6:97:c5:dd:aa:9f:ee:9d:e3:2a:f5:7c:fd:c7:
                    87:76:1a:cf:f6:7f:f4:14:88:2b:4e:33:03:2c:bb:
                    21:d8:ca:a5:7d:7f:b6:d3:db:92:92:f1:b4:80:55:
                    b0:db:ec:1e:e3:7e:c8:d3:89:01:6a:e4:cf:5e:c3:
                    5b:dc:96:0d:80:11:2a:b5:69:16:0e:56:77:18:43:
                    11:2b:77:6e:59:98:71:01:9a:88:2a:57:8f:fe:4f:
                    9f:2c:ae:d5:00:c6:7f:b2:e2:ce:6d:6c:bc:79:74:
                    dd:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:45:99:CE:45:DF:03:AB:47:EE:46:4E:EE:32:21:5E:5C:7A:7C:29
            X509v3 Authority Key Identifier:
                keyid:94:9F:F4:08:31:CA:66:F9:96:C7:6E:A4:66:AF:49:47:6F:EC:D1:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lJ_0CDHKZvmWx26kZq9JR2_s0f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/LUWZzkXfA6tH7kZO7jIhXlx6fCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/55d10d-b448-4b47-ba58-147adc90ca0f/1/lJ_0CDHKZvmWx26kZq9JR2_s0f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:40:63:4b:0a:68:03:99:d3:a1:8a:51:9e:d0:87:44:a7:b9:
         81:a6:87:f1:a1:72:2a:7b:d3:52:2e:4e:41:f0:a4:7d:df:a0:
         b5:3c:90:5d:c9:d1:58:4a:5d:85:3d:8f:fb:97:62:de:11:96:
         77:50:da:12:f0:95:42:44:c1:cf:78:37:24:04:70:09:df:df:
         65:02:34:ea:17:74:82:8e:84:89:31:45:9a:b6:3c:0c:26:6b:
         8a:31:f0:28:57:26:2e:d6:62:62:a8:5d:2f:ee:c4:ca:a7:9c:
         ea:c2:12:bc:3e:32:53:98:51:74:be:3e:65:c6:2a:b8:12:9b:
         2c:e7:cf:c4:b3:26:dd:3b:de:77:1e:f1:6a:34:09:78:83:a0:
         1a:19:46:25:30:6e:a2:04:2d:7c:93:f6:bf:2a:94:dc:d6:8e:
         73:5b:e8:4d:51:b7:c7:ca:1a:7e:75:64:85:8f:e5:b3:ee:0f:
         83:04:c2:e0:75:da:05:c1:a9:df:6c:bc:c2:bf:26:8e:24:e1:
         26:40:3d:b1:a5:8a:2c:ae:63:ab:ed:cc:01:59:32:39:db:80:
         a3:8a:8d:e5:60:72:ca:14:25:0e:f1:4a:35:e0:23:a6:35:d9:
         9f:c7:08:6b:77:2e:c3:ba:c3:9e:49:4d:56:ee:76:52:59:a5:
         f5:d3:eb:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3Qji+y/13txn+S1NfbETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0OWZmNDA4MzFjYTY2Zjk5NmM3NmVhNDY2YWY0OTQ3NmZl
Y2QxZmYwHhcNMjQwMTAyMDYyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDQ1OTljZTQ1ZGYwM2FiNDdlZTQ2NGVlZTMyMjE1ZTVjN2E3YzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcI6WQrue9C6Sp41OxuI6Vc9YwcP
Cx6QGvgIUhjtR+DwJWM1iSvxkvVlGCZ9sI76FY4Io0YOtsVEDrjv01fD5PCmkUKv
0/ZR45oFQUftQ9usOsd8fj+zrQs9mH6KHx0YQFcTQMa5xMgxh6/3picKRWNNGWCI
wJKeraB9An3FCFfK4VQ4fkpHHWl942oxXmFzeGl+kaxV9pfF3aqf7p3jKvV8/ceH
dhrP9n/0FIgrTjMDLLsh2MqlfX+209uSkvG0gFWw2+we437I04kBauTPXsNb3JYN
gBEqtWkWDlZ3GEMRK3duWZhxAZqIKleP/k+fLK7VAMZ/suLObWy8eXTdtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1Fmc5F3wOrR+5GTu4yIV5cenwpMB8GA1UdIwQY
MBaAFJSf9Agxymb5lsdupGavSUdv7NH/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEpfMENESEtadm1XeDI2a1pxOUpSMl9zMGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81NWQxMGQtYjQ0OC00YjQ3LWJhNTgt
MTQ3YWRjOTBjYTBmLzEvTFVXWnprWGZBNnRIN2taTzdqSWhYbHg2ZkNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81NWQxMGQtYjQ0OC00YjQ3LWJhNTgtMTQ3YWRjOTBjYTBm
LzEvbEpfMENESEtadm1XeDI2a1pxOUpSMl9zMGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd11MA0G
CSqGSIb3DQEBCwUAA4IBAQCNQGNLCmgDmdOhilGe0IdEp7mBpofxoXIqe9NSLk5B
8KR936C1PJBdydFYSl2FPY/7l2LeEZZ3UNoS8JVCRMHPeDckBHAJ399lAjTqF3SC
joSJMUWatjwMJmuKMfAoVyYu1mJiqF0v7sTKp5zqwhK8PjJTmFF0vj5lxiq4Epss
58/EsybdO953HvFqNAl4g6AaGUYlMG6iBC18k/a/KpTc1o5zW+hNUbfHyhp+dWSF
j+Wz7g+DBMLgddoFwanfbLzCvyaOJOEmQD2xpYosrmOr7cwBWTI524Cjio3lYHLK
FCUO8Uo14COmNdmfxwhrdy7DusOeSU1W7nZSWaX10+tM
-----END CERTIFICATE-----