Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/VzIpGRlOmR2ax4jkMOV9Xayk8h8.roa
File:                     VzIpGRlOmR2ax4jkMOV9Xayk8h8.roa (raw, json)
Hash identifier:          GFEzXDf+oQNFDbQ7u9yYgGo99T7gEjDw5zpRrxXZnoc=
Subject key identifier:   57:32:29:19:19:4E:99:1D:9A:C7:88:E4:30:E5:7D:5D:AC:A4:F2:1F
Certificate issuer:       /CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
Certificate serial:       018CC26D4B00C6FF7037091EC56B0A16ECA5
Authority key identifier: 31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/VzIpGRlOmR2ax4jkMOV9Xayk8h8.roa
Signing time:             Mon 01 Jan 2024 00:29:51 +0000
ROA not before:           Mon 01 Jan 2024 00:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57734
IP address blocks:        37.49.234.0/23 maxlen: 24
                          37.49.234.0/24 maxlen: 24
                          2a00:a4c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4b:00:c6:ff:70:37:09:1e:c5:6b:0a:16:ec:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
        Validity
            Not Before: Jan  1 00:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57322919194e991d9ac788e430e57d5daca4f21f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:6e:4b:3a:c7:66:f1:5c:99:92:14:51:d3:3f:
                    bf:45:77:e3:15:94:ee:aa:2e:9b:83:eb:09:aa:5c:
                    1c:b7:42:e4:e6:28:07:11:a8:56:43:91:64:fa:f9:
                    94:49:20:b4:2e:e3:12:0c:8e:54:53:fa:63:e5:39:
                    b2:24:e6:ef:e5:bd:1f:fa:79:bc:78:60:48:e0:9f:
                    1d:35:c1:f0:f6:f3:90:9b:93:1e:bf:e5:0d:37:c2:
                    ec:97:5d:11:eb:bd:79:4a:81:93:4e:35:1f:df:2d:
                    2c:69:9a:80:e6:54:b3:5d:56:d2:a6:00:79:2c:82:
                    8c:48:9f:0f:54:7d:49:8a:7d:54:69:9c:b7:81:25:
                    3e:3c:d1:1a:23:df:97:29:0f:52:65:13:fb:e0:20:
                    77:dc:9c:0c:0d:fb:3d:3b:1c:93:8e:b9:40:50:19:
                    da:b7:d6:df:02:5b:73:4c:74:c4:0b:53:16:37:e7:
                    9b:11:bf:e5:e4:5f:3f:49:d2:9e:41:60:2e:69:49:
                    f6:c6:dc:18:24:83:cb:0d:3a:3f:6c:c1:1c:3d:9f:
                    40:c0:33:fb:10:64:58:d0:ee:41:15:f1:6f:41:2e:
                    65:65:6e:c9:ce:92:bf:d2:ff:f4:a6:4a:f2:cd:42:
                    c1:6c:0f:d5:6e:8b:e8:73:20:64:09:5a:10:e7:b5:
                    9f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:32:29:19:19:4E:99:1D:9A:C7:88:E4:30:E5:7D:5D:AC:A4:F2:1F
            X509v3 Authority Key Identifier:
                keyid:31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/VzIpGRlOmR2ax4jkMOV9Xayk8h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.234.0/23
                IPv6:
                  2a00:a4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:cd:14:cb:22:8a:bc:5d:9d:d2:3b:2c:6d:a9:19:51:31:8a:
         12:f8:35:e2:a0:f2:82:ca:60:30:f7:a1:3e:7f:e7:0b:7d:2e:
         4e:3b:86:cc:4c:e6:f4:1b:a0:c3:e3:70:ce:08:26:da:a2:99:
         76:81:ce:3e:8d:da:07:55:01:84:2d:26:ae:15:8b:0e:dc:69:
         3b:a6:ef:28:93:11:9a:1d:1f:e8:09:31:36:e5:fd:2b:2f:d3:
         ce:c7:0a:7c:00:78:01:43:0e:91:1b:36:d6:17:88:2d:54:c6:
         af:ff:7e:da:09:8c:e4:f1:b6:0f:b1:44:d1:96:a2:42:05:d9:
         87:7c:5a:0f:3c:cf:51:fd:a5:48:e4:f9:3b:e3:a9:b8:1c:f9:
         b7:e5:f8:a3:27:33:2e:78:de:98:0b:4e:7c:33:9c:00:18:93:
         c6:4c:b6:6b:61:d6:e5:73:15:10:3d:4d:eb:87:9d:1a:b1:0c:
         74:4c:24:81:c8:47:52:e2:01:b9:4f:87:4e:34:ab:87:db:65:
         53:66:45:1a:2c:84:f3:6a:4e:0e:84:36:7c:1a:6b:65:15:96:
         b2:0c:72:7f:46:58:0f:e5:7c:f3:26:46:87:f2:07:37:99:12:
         e2:b3:e2:37:2f:92:da:22:bd:66:6c:6b:2d:e3:60:b4:68:aa:
         63:a1:a7:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzCbUsAxv9wNwkexWsKFuylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMWQ2MmI3ZmQ5ZmNmYzg3ZGZlYTk4NzUxNTc2N2M4Mzhl
MjFiYjkwHhcNMjQwMTAxMDAyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzMyMjkxOTE5NGU5OTFkOWFjNzg4ZTQzMGU1N2Q1ZGFjYTRmMjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1m5LOsdm8VyZkhRR0z+/RXfjFZTu
qi6bg+sJqlwct0Lk5igHEahWQ5Fk+vmUSSC0LuMSDI5UU/pj5TmyJObv5b0f+nm8
eGBI4J8dNcHw9vOQm5Mev+UNN8Lsl10R6715SoGTTjUf3y0saZqA5lSzXVbSpgB5
LIKMSJ8PVH1Jin1UaZy3gSU+PNEaI9+XKQ9SZRP74CB33JwMDfs9OxyTjrlAUBna
t9bfAltzTHTEC1MWN+ebEb/l5F8/SdKeQWAuaUn2xtwYJIPLDTo/bMEcPZ9AwDP7
EGRY0O5BFfFvQS5lZW7JzpK/0v/0pkryzULBbA/VbovocyBkCVoQ57WfPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFcyKRkZTpkdmseI5DDlfV2spPIfMB8GA1UdIwQY
MBaAFDEdYrf9n8/Iff6ph1FXZ8g44hu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEt
ODUwZjM0OTA2MjI5LzEvVnpJcEdSbE9tUjJheDRqa01PVjlYYXlrOGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEtODUwZjM0OTA2MjI5
LzEvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBJTHqMA0E
AgACMAcDBQAqAKTAMA0GCSqGSIb3DQEBCwUAA4IBAQBkzRTLIoq8XZ3SOyxtqRlR
MYoS+DXioPKCymAw96E+f+cLfS5OO4bMTOb0G6DD43DOCCbaopl2gc4+jdoHVQGE
LSauFYsO3Gk7pu8okxGaHR/oCTE25f0rL9POxwp8AHgBQw6RGzbWF4gtVMav/37a
CYzk8bYPsUTRlqJCBdmHfFoPPM9R/aVI5Pk746m4HPm35fijJzMueN6YC058M5wA
GJPGTLZrYdblcxUQPU3rh50asQx0TCSByEdS4gG5T4dONKuH22VTZkUaLITzak4O
hDZ8GmtlFZayDHJ/RlgP5XzzJkaH8gc3mRLis+I3L5LaIr1mbGst42C0aKpjoads
-----END CERTIFICATE-----