Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/964411-d327-4136-ab43-306905fafe0e/1/VLu8qXaB6nMyQI0IrTkn42lYGs8.roa
File:                     VLu8qXaB6nMyQI0IrTkn42lYGs8.roa (raw, json)
Hash identifier:          IHfapnZhT9q3vBWij3E9p9XWs/z9gR6tNKdantbH3Ks=
Subject key identifier:   54:BB:BC:A9:76:81:EA:73:32:40:8D:08:AD:39:27:E3:69:58:1A:CF
Certificate issuer:       /CN=efc34233ed96424a516e2bf9d39171b62e44b441
Certificate serial:       018CC5DBF220DD7C72BFD30D521259448E31
Authority key identifier: EF:C3:42:33:ED:96:42:4A:51:6E:2B:F9:D3:91:71:B6:2E:44:B4:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/78NCM-2WQkpRbiv505Fxti5EtEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/964411-d327-4136-ab43-306905fafe0e/1/VLu8qXaB6nMyQI0IrTkn42lYGs8.roa
Signing time:             Mon 01 Jan 2024 16:29:35 +0000
ROA not before:           Mon 01 Jan 2024 16:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57928
IP address blocks:        37.157.8.0/21 maxlen: 21
                          193.41.95.0/24 maxlen: 24
                          2a00:bf40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/964411-d327-4136-ab43-306905fafe0e/1/78NCM-2WQkpRbiv505Fxti5EtEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/964411-d327-4136-ab43-306905fafe0e/1/78NCM-2WQkpRbiv505Fxti5EtEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/78NCM-2WQkpRbiv505Fxti5EtEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f2:20:dd:7c:72:bf:d3:0d:52:12:59:44:8e:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=efc34233ed96424a516e2bf9d39171b62e44b441
        Validity
            Not Before: Jan  1 16:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54bbbca97681ea7332408d08ad3927e369581acf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b8:67:26:0b:f1:b7:b7:e5:04:0d:61:55:de:
                    12:b5:8d:e0:1a:5b:c7:8f:f9:58:a8:01:da:93:27:
                    d5:bb:a4:ae:91:e6:e2:e7:f4:60:1a:98:9f:f9:ed:
                    71:d2:4c:15:bb:74:1d:d9:14:d2:a8:01:cf:18:81:
                    28:90:f6:88:ac:b3:cb:75:4f:1d:2b:58:4c:b0:06:
                    dd:f6:49:17:2e:0a:95:e2:df:b2:8a:7e:63:f1:80:
                    90:ec:07:05:5b:68:26:97:87:7f:d4:a9:f9:ec:ca:
                    e1:6c:8e:5e:79:75:e2:c5:a7:dd:f9:35:04:2c:f9:
                    9f:d1:72:19:7f:ac:8c:68:b2:70:aa:89:64:e4:ac:
                    5b:88:ab:f1:9f:78:e1:50:0e:59:1c:e3:b0:3c:24:
                    ff:64:da:c4:68:21:d0:6a:06:bf:5d:cb:22:cc:01:
                    0d:3a:02:f5:95:dd:38:ed:cc:fe:f0:0b:d7:af:1c:
                    73:1d:e7:0c:7e:1d:8e:83:45:75:66:7b:48:9c:fe:
                    3b:32:d3:ac:ea:55:3f:8c:8e:cb:ee:8b:69:cc:25:
                    76:b5:77:24:64:0c:43:ef:a9:fb:d3:0d:ee:5e:de:
                    dc:be:b7:96:2d:4f:34:cd:e9:79:72:4c:15:2e:f8:
                    73:32:c6:f0:09:f4:e2:c4:b8:e9:0a:e0:36:01:b1:
                    ac:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:BB:BC:A9:76:81:EA:73:32:40:8D:08:AD:39:27:E3:69:58:1A:CF
            X509v3 Authority Key Identifier:
                keyid:EF:C3:42:33:ED:96:42:4A:51:6E:2B:F9:D3:91:71:B6:2E:44:B4:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/78NCM-2WQkpRbiv505Fxti5EtEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/964411-d327-4136-ab43-306905fafe0e/1/VLu8qXaB6nMyQI0IrTkn42lYGs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/964411-d327-4136-ab43-306905fafe0e/1/78NCM-2WQkpRbiv505Fxti5EtEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.8.0/21
                  193.41.95.0/24
                IPv6:
                  2a00:bf40::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:80:5a:d4:12:c8:fd:51:1d:cd:2d:8f:03:d3:06:00:ca:d1:
         8a:c4:67:07:94:ca:51:a4:f6:b2:a5:f1:10:d9:b3:6e:59:56:
         42:da:e4:6c:9a:0a:cf:6e:c6:07:72:8c:f5:09:08:5a:60:5c:
         81:46:c5:37:80:db:31:e8:74:af:fc:35:a8:04:15:29:b7:aa:
         f5:b0:87:f7:89:4b:ea:df:1e:65:f5:62:54:a1:28:68:b3:f9:
         a1:61:b2:77:f4:78:4b:f9:34:62:b9:1a:ee:37:87:66:8f:26:
         25:29:32:38:4d:59:72:58:3b:68:c6:e2:b3:49:b4:91:fd:69:
         7b:ef:52:60:90:34:ec:13:80:a7:95:66:db:16:11:76:54:fa:
         78:ba:d4:19:a9:dc:32:f2:c9:2b:9a:e3:8e:81:02:35:68:ec:
         b2:cd:83:10:a3:d9:a8:45:f6:3e:c2:87:e1:4f:6f:a5:78:78:
         42:ec:29:e5:ab:d8:85:35:78:14:1d:fc:21:df:b9:13:9e:77:
         ce:ae:af:5e:d2:ee:b4:56:28:56:dd:a7:76:81:9c:1e:2d:17:
         f1:f0:30:1a:be:67:b0:31:1c:70:4e:11:2b:1e:4c:4d:55:92:
         52:56:ad:07:c7:79:63:f3:4d:33:39:2c:ba:04:6b:da:9c:54:
         d9:28:be:cc
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF2/Ig3Xxyv9MNUhJZRI4xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmYzM0MjMzZWQ5NjQyNGE1MTZlMmJmOWQzOTE3MWI2MmU0
NGI0NDEwHhcNMjQwMTAxMTYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGJiYmNhOTc2ODFlYTczMzI0MDhkMDhhZDM5MjdlMzY5NTgxYWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbhnJgvxt7flBA1hVd4StY3gGlvH
j/lYqAHakyfVu6Sukebi5/RgGpif+e1x0kwVu3Qd2RTSqAHPGIEokPaIrLPLdU8d
K1hMsAbd9kkXLgqV4t+yin5j8YCQ7AcFW2gml4d/1Kn57MrhbI5eeXXixafd+TUE
LPmf0XIZf6yMaLJwqolk5KxbiKvxn3jhUA5ZHOOwPCT/ZNrEaCHQaga/XcsizAEN
OgL1ld047cz+8AvXrxxzHecMfh2Og0V1ZntInP47MtOs6lU/jI7L7otpzCV2tXck
ZAxD76n70w3uXt7cvreWLU80zel5ckwVLvhzMsbwCfTixLjpCuA2AbGstwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFS7vKl2gepzMkCNCK05J+NpWBrPMB8GA1UdIwQY
MBaAFO/DQjPtlkJKUW4r+dORcbYuRLRBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzhOQ00tMldRa3BSYml2NTA1Rnh0aTVFdEVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS85NjQ0MTEtZDMyNy00MTM2LWFiNDMt
MzA2OTA1ZmFmZTBlLzEvVkx1OHFYYUI2bk15UUkwSXJUa240MmxZR3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS85NjQ0MTEtZDMyNy00MTM2LWFiNDMtMzA2OTA1ZmFmZTBl
LzEvNzhOQ00tMldRa3BSYml2NTA1Rnh0aTVFdEVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJZ0IAwQA
wSlfMA0EAgACMAcDBQAqAL9AMA0GCSqGSIb3DQEBCwUAA4IBAQAWgFrUEsj9UR3N
LY8D0wYAytGKxGcHlMpRpPaypfEQ2bNuWVZC2uRsmgrPbsYHcoz1CQhaYFyBRsU3
gNsx6HSv/DWoBBUpt6r1sIf3iUvq3x5l9WJUoShos/mhYbJ39HhL+TRiuRruN4dm
jyYlKTI4TVlyWDtoxuKzSbSR/Wl771JgkDTsE4CnlWbbFhF2VPp4utQZqdwy8skr
muOOgQI1aOyyzYMQo9moRfY+wofhT2+leHhC7Cnlq9iFNXgUHfwh37kTnnfOrq9e
0u60VihW3ad2gZweLRfx8DAavmewMRxwThErHkxNVZJSVq0Hx3lj800zOSy6BGva
nFTZKL7M
-----END CERTIFICATE-----