Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/9DHBflpO2zTq-ZsTYT_i7dxcY_g.roa
File:                     9DHBflpO2zTq-ZsTYT_i7dxcY_g.roa (raw, json)
Hash identifier:          YT2WyJ5x+F2bOi2viPVWXtqAfg5t81Bc82ekuwDxgjA=
Subject key identifier:   F4:31:C1:7E:5A:4E:DB:34:EA:F9:9B:13:61:3F:E2:ED:DC:5C:63:F8
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       01941FFA3B10FCC7CF0794E8E77061AD329F
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/9DHBflpO2zTq-ZsTYT_i7dxcY_g.roa
Signing time:             Wed 01 Jan 2025 03:48:00 +0000
ROA not before:           Wed 01 Jan 2025 03:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203446
IP address blocks:        37.114.41.0/24 maxlen: 24
                          37.114.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3b:10:fc:c7:cf:07:94:e8:e7:70:61:ad:32:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f431c17e5a4edb34eaf99b13613fe2eddc5c63f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:98:a0:52:34:ab:14:21:ce:85:80:b2:17:12:
                    5a:0c:5b:cc:63:99:2a:41:0b:79:b2:17:ec:a8:03:
                    b1:59:f2:75:e4:d7:05:4c:f9:d2:3c:d2:13:67:1a:
                    a7:4a:94:7e:58:1b:92:0e:11:39:6f:54:d0:21:6b:
                    f1:5e:e2:b8:06:e5:9c:7d:2a:22:5b:c8:79:8d:84:
                    20:88:c0:97:6d:8d:79:cc:40:41:cb:ec:ca:c4:d9:
                    c2:22:47:10:99:68:50:38:1f:39:ca:b3:90:4c:b5:
                    95:09:22:ce:e7:c9:5d:29:75:bc:02:28:da:25:72:
                    86:7e:f5:ca:e0:c5:0a:d2:d6:60:95:c5:21:c5:eb:
                    7d:d0:ec:0d:38:30:7c:09:74:f5:85:14:57:77:de:
                    df:82:1e:a8:0e:94:41:a5:da:f4:a1:96:3f:be:28:
                    75:3d:cd:48:f5:8e:ce:f3:f1:ff:58:51:49:7c:21:
                    f8:7d:8a:0f:79:7c:b7:7f:7f:d7:ca:31:e1:58:d0:
                    bd:14:97:f0:c8:e3:e3:e1:c8:11:63:db:16:98:32:
                    05:51:2f:65:0a:bb:23:0c:34:c6:1f:4a:85:3b:fc:
                    b1:4e:17:de:89:fe:3e:0a:54:3c:9c:31:57:c6:b3:
                    04:c9:fd:b9:a7:6c:6a:85:cf:51:75:8d:6b:04:2b:
                    22:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:31:C1:7E:5A:4E:DB:34:EA:F9:9B:13:61:3F:E2:ED:DC:5C:63:F8
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/9DHBflpO2zTq-ZsTYT_i7dxcY_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.41.0/24
                  37.114.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bd:4d:60:3b:03:4c:5e:09:ca:0e:c6:6d:ff:e2:28:4f:b2:14:
         97:cf:7d:a2:40:99:3c:68:0e:eb:6c:ef:9b:78:c1:76:ef:b9:
         8d:6a:f5:74:c8:31:ab:6e:95:5f:d8:60:a1:a2:b8:d2:c5:47:
         8d:da:25:df:a7:83:f3:36:56:a4:2b:0a:30:72:f1:53:c1:a4:
         47:9f:98:b1:04:86:17:71:3f:0b:34:57:52:84:c7:26:94:46:
         5a:fc:86:ab:b8:73:aa:5d:cf:83:c5:77:a7:c9:03:78:fd:a5:
         64:e6:f1:d6:37:d7:40:48:67:7e:09:23:8c:ed:50:97:c5:27:
         df:ed:1e:3f:14:f7:d8:13:67:4c:13:c1:47:b3:c2:ef:15:63:
         83:f8:40:cc:73:b9:11:30:21:98:36:66:15:fe:23:28:7a:04:
         d1:ae:38:92:0d:2a:4c:10:bb:fe:2c:aa:02:f7:d1:95:3b:ab:
         fa:de:f3:57:a0:62:05:f5:58:c6:9d:f7:bd:57:c3:44:ab:f7:
         c0:e1:0c:52:85:06:7b:87:b7:3b:36:f5:fa:80:b1:4d:54:a0:
         b8:07:2a:32:70:47:e5:b5:73:4f:da:23:fb:b4:b5:88:e9:24:
         0f:86:68:fb:65:17:3c:37:e6:90:9d:bc:29:17:33:a5:c5:55:
         53:2c:26:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+jsQ/MfPB5To53BhrTKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDMxYzE3ZTVhNGVkYjM0ZWFmOTliMTM2MTNmZTJlZGRjNWM2M2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5igUjSrFCHOhYCyFxJaDFvMY5kq
QQt5shfsqAOxWfJ15NcFTPnSPNITZxqnSpR+WBuSDhE5b1TQIWvxXuK4BuWcfSoi
W8h5jYQgiMCXbY15zEBBy+zKxNnCIkcQmWhQOB85yrOQTLWVCSLO58ldKXW8Aija
JXKGfvXK4MUK0tZglcUhxet90OwNODB8CXT1hRRXd97fgh6oDpRBpdr0oZY/vih1
Pc1I9Y7O8/H/WFFJfCH4fYoPeXy3f3/XyjHhWNC9FJfwyOPj4cgRY9sWmDIFUS9l
CrsjDDTGH0qFO/yxThfeif4+ClQ8nDFXxrMEyf25p2xqhc9RdY1rBCsiWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPQxwX5aTts06vmbE2E/4u3cXGP4MB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvOURIQmZscE8yelRxLVpzVFlUX2k3ZHhjWV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJXIpAwQA
JXIuMA0GCSqGSIb3DQEBCwUAA4IBAQC9TWA7A0xeCcoOxm3/4ihPshSXz32iQJk8
aA7rbO+beMF277mNavV0yDGrbpVf2GChorjSxUeN2iXfp4PzNlakKwowcvFTwaRH
n5ixBIYXcT8LNFdShMcmlEZa/IaruHOqXc+DxXenyQN4/aVk5vHWN9dASGd+CSOM
7VCXxSff7R4/FPfYE2dME8FHs8LvFWOD+EDMc7kRMCGYNmYV/iMoegTRrjiSDSpM
ELv+LKoC99GVO6v63vNXoGIF9VjGnfe9V8NEq/fA4QxShQZ7h7c7NvX6gLFNVKC4
ByoycEfltXNP2iP7tLWI6SQPhmj7ZRc8N+aQnbwpFzOlxVVTLCbS
-----END CERTIFICATE-----