Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/69KSWywBgxSibWj8KNd1ZEwJrag.roa
File:                     69KSWywBgxSibWj8KNd1ZEwJrag.roa (raw, json)
Hash identifier:          kTQetJJII0EcI1Yyx2J8WiT2DeLF91dale0taXpzkrQ=
Subject key identifier:   EB:D2:92:5B:2C:01:83:14:A2:6D:68:FC:28:D7:75:64:4C:09:AD:A8
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018F05376A51BC35CF354905422BACAE2F17
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/69KSWywBgxSibWj8KNd1ZEwJrag.roa
Signing time:             Mon 22 Apr 2024 09:51:08 +0000
ROA not before:           Mon 22 Apr 2024 09:51:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215338
IP address blocks:        37.114.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:03:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:05:37:6a:51:bc:35:cf:35:49:05:42:2b:ac:ae:2f:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Apr 22 09:51:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebd2925b2c018314a26d68fc28d775644c09ada8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:21:81:69:a9:07:2c:37:26:26:77:30:6c:72:
                    f0:de:bf:9c:a8:34:48:a3:e6:92:17:c7:9c:83:bf:
                    58:ab:b0:71:02:da:5d:43:9b:41:fd:4f:f6:e0:f9:
                    5a:87:c9:a3:63:1b:a1:47:7e:d1:38:74:4c:30:75:
                    3f:f9:8e:bf:c7:60:04:0c:9a:e6:22:36:cd:a1:7b:
                    84:f2:f2:27:d8:ed:3e:89:5c:50:98:4c:c1:5c:e5:
                    f8:0f:91:4d:49:5a:6a:2d:e1:ea:1f:98:33:f7:44:
                    b0:3f:93:56:a8:74:f7:90:cf:80:25:46:d6:33:3c:
                    cd:bb:b8:f7:5b:27:e1:c3:52:9a:37:99:9f:04:7c:
                    cf:ce:08:07:eb:24:93:32:d1:ec:83:a9:3a:35:7f:
                    53:2c:d5:58:a1:d7:ac:78:b9:be:3a:77:95:c6:e7:
                    3c:c3:d1:cc:42:b8:96:ba:76:f2:d9:f5:b1:80:fa:
                    80:45:00:cf:f9:5a:fd:11:3e:14:25:8e:98:85:c2:
                    e2:a4:84:9f:8a:a8:3e:bb:c4:98:00:de:71:e6:f5:
                    d0:cb:82:3a:b8:44:8f:d8:78:9a:db:4f:98:be:50:
                    95:e1:20:df:02:a1:59:54:30:da:89:ab:67:c7:a7:
                    e3:ba:76:19:1d:22:3a:c1:1f:6e:e8:34:db:6e:28:
                    b7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D2:92:5B:2C:01:83:14:A2:6D:68:FC:28:D7:75:64:4C:09:AD:A8
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/69KSWywBgxSibWj8KNd1ZEwJrag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c9:10:43:03:c9:e3:72:21:06:bf:2c:40:fc:30:92:13:6e:
         34:b0:69:37:55:64:f0:53:56:53:00:33:b2:60:f9:e0:7f:94:
         5f:78:ac:94:b7:98:bf:6a:ff:c3:68:0d:d0:62:27:5a:6b:50:
         03:fe:70:ff:76:15:fa:ba:16:ae:ba:68:1d:6b:e3:aa:0a:70:
         51:da:96:3e:bd:01:a1:5f:3b:96:56:2a:38:ef:b0:b2:87:df:
         d5:f4:e2:59:df:96:c8:27:eb:25:7d:18:93:82:f1:eb:60:7f:
         d3:5d:9d:31:50:d0:15:41:21:f8:37:c0:64:9d:c7:6d:09:9c:
         f6:6e:da:d5:55:03:db:ca:3a:63:6f:2f:b7:1c:bd:65:66:10:
         c3:23:7c:ec:28:3c:fd:b9:de:2f:8f:a6:64:cd:56:a9:e9:49:
         d1:80:c0:c2:76:23:4c:c5:3c:9a:70:38:fa:5b:5b:c1:cb:21:
         ff:8a:5e:00:d0:1f:04:18:bb:17:75:0b:d2:6e:66:6f:71:6d:
         d1:3d:b9:ce:f6:76:48:7a:96:6c:73:4a:ca:24:3c:8e:5f:ed:
         c3:9b:83:0b:20:79:24:75:8b:8c:1d:a9:dd:14:ca:65:10:17:
         9e:b5:01:0d:09:bb:9b:5f:fd:3d:50:94:1b:d5:b4:53:8f:ad:
         63:db:36:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8FN2pRvDXPNUkFQiusri8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwNDIyMDk1MTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQyOTI1YjJjMDE4MzE0YTI2ZDY4ZmMyOGQ3NzU2NDRjMDlhZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiGBaakHLDcmJncwbHLw3r+cqDRI
o+aSF8ecg79Yq7BxAtpdQ5tB/U/24Plah8mjYxuhR37ROHRMMHU/+Y6/x2AEDJrm
IjbNoXuE8vIn2O0+iVxQmEzBXOX4D5FNSVpqLeHqH5gz90SwP5NWqHT3kM+AJUbW
MzzNu7j3Wyfhw1KaN5mfBHzPzggH6ySTMtHsg6k6NX9TLNVYodeseLm+OneVxuc8
w9HMQriWunby2fWxgPqARQDP+Vr9ET4UJY6YhcLipISfiqg+u8SYAN5x5vXQy4I6
uESP2Hia20+YvlCV4SDfAqFZVDDaiatnx6fjunYZHSI6wR9u6DTbbii3mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvSklssAYMUom1o/CjXdWRMCa2oMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvNjlLU1d5d0JneFNpYldqOEtOZDFaRXdKcmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXI2MA0G
CSqGSIb3DQEBCwUAA4IBAQCRyRBDA8njciEGvyxA/DCSE240sGk3VWTwU1ZTADOy
YPngf5RfeKyUt5i/av/DaA3QYidaa1AD/nD/dhX6uhauumgda+OqCnBR2pY+vQGh
XzuWVio477Cyh9/V9OJZ35bIJ+slfRiTgvHrYH/TXZ0xUNAVQSH4N8BkncdtCZz2
btrVVQPbyjpjby+3HL1lZhDDI3zsKDz9ud4vj6ZkzVap6UnRgMDCdiNMxTyacDj6
W1vByyH/il4A0B8EGLsXdQvSbmZvcW3RPbnO9nZIepZsc0rKJDyOX+3Dm4MLIHkk
dYuMHandFMplEBeetQENCbubX/09UJQb1bRTj61j2zac
-----END CERTIFICATE-----