Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/DK3RzNUfxXZ5sAmc97BdhkLvY20.roa
File:                     DK3RzNUfxXZ5sAmc97BdhkLvY20.roa (raw, json)
Hash identifier:          IWDetys3EsFNyIsUdB8RsYrwp6YIyACCEny3WBCj7V8=
Subject key identifier:   0C:AD:D1:CC:D5:1F:C5:76:79:B0:09:9C:F7:B0:5D:86:42:EF:63:6D
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018CC94E10B63B186DEBD07F19906FBE9506
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/DK3RzNUfxXZ5sAmc97BdhkLvY20.roa
Signing time:             Tue 02 Jan 2024 08:33:05 +0000
ROA not before:           Tue 02 Jan 2024 08:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44592
IP address blocks:        37.114.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:10:b6:3b:18:6d:eb:d0:7f:19:90:6f:be:95:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  2 08:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cadd1ccd51fc57679b0099cf7b05d8642ef636d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3c:e9:87:03:32:5c:8f:7b:c9:24:1d:bb:fa:
                    fd:ee:ff:6c:27:91:e4:4e:71:46:9d:ef:f6:2f:8d:
                    ee:7d:06:1d:8b:be:c6:44:fe:2c:59:b3:f4:c1:3e:
                    15:3a:e7:cb:ba:7d:6a:95:c8:63:4b:57:46:44:2f:
                    b5:d4:e2:1b:36:a9:69:a9:1c:8d:e9:56:40:72:04:
                    25:ed:6a:9d:1f:93:d8:d7:94:08:17:ee:ee:1e:12:
                    9c:11:23:ce:9e:f1:dd:73:5e:64:41:69:30:a7:df:
                    73:72:67:51:20:2c:80:98:94:bd:c1:af:d8:87:b7:
                    db:02:eb:a4:7d:89:fd:66:ac:29:e7:44:fa:3d:45:
                    aa:8c:e2:55:28:e7:1e:02:fd:08:16:29:1e:3b:72:
                    e0:c2:7a:a7:02:68:31:28:9f:2d:80:a7:b2:18:c0:
                    2d:ed:07:12:92:ce:0a:11:33:48:60:ce:0e:4a:15:
                    55:d8:87:98:5e:2e:a4:8f:8e:3b:7e:f9:e2:88:2c:
                    a2:5d:ee:51:de:9a:c3:6a:2f:28:bb:59:3c:43:0d:
                    d0:be:61:76:51:a7:64:e1:f7:a6:83:39:4b:ad:ce:
                    6f:76:69:96:cc:87:68:d0:1b:f1:a3:70:a2:e6:48:
                    19:02:3f:fd:47:64:3c:bf:17:de:49:dc:7f:cf:9e:
                    8f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:AD:D1:CC:D5:1F:C5:76:79:B0:09:9C:F7:B0:5D:86:42:EF:63:6D
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/DK3RzNUfxXZ5sAmc97BdhkLvY20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:25:3e:71:0d:45:f4:f7:23:8f:8c:3e:f4:d8:bb:10:da:81:
         57:8d:18:82:5c:1f:52:b8:6e:c1:9a:b9:0f:db:93:0d:c9:1d:
         ce:86:fa:04:d8:17:a3:2f:f9:ae:cc:a2:63:8b:76:4b:28:4b:
         33:2c:cc:7d:97:7f:4d:1b:75:8d:5a:7b:2c:66:a3:d5:3d:04:
         c3:26:01:3a:0c:ae:b5:f0:a0:6d:5d:36:4b:ef:90:53:24:c0:
         42:21:c9:77:8a:c8:5b:8a:f1:4e:5e:8c:66:af:84:4d:35:76:
         8c:38:e6:2a:f1:b6:82:7a:7c:75:45:77:b5:ed:2a:6a:66:a4:
         15:f1:33:eb:df:75:b4:0f:31:ce:19:3a:60:16:b1:af:03:12:
         21:38:c3:2b:48:71:91:5e:c9:e0:0a:bb:93:5e:be:3e:4a:37:
         7c:59:bd:02:7b:b3:3c:c2:a6:a4:c9:0f:7f:f4:09:84:f6:1a:
         ed:ed:a0:5a:5b:26:3e:f3:15:b1:68:22:8c:50:38:bd:b7:be:
         2e:d6:8c:87:c6:ba:14:ad:b8:5e:27:a3:c7:15:a3:6c:99:1e:
         35:62:32:96:e4:9a:75:4c:a0:41:13:c9:53:0e:db:2f:a1:26:
         ae:bd:19:ce:3c:57:c5:b8:87:90:ef:4b:fb:42:b3:85:ac:1c:
         a4:9b:fc:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJThC2Oxht69B/GZBvvpUGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwMTAyMDgzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2FkZDFjY2Q1MWZjNTc2NzliMDA5OWNmN2IwNWQ4NjQyZWY2MzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTzphwMyXI97ySQdu/r97v9sJ5Hk
TnFGne/2L43ufQYdi77GRP4sWbP0wT4VOufLun1qlchjS1dGRC+11OIbNqlpqRyN
6VZAcgQl7WqdH5PY15QIF+7uHhKcESPOnvHdc15kQWkwp99zcmdRICyAmJS9wa/Y
h7fbAuukfYn9Zqwp50T6PUWqjOJVKOceAv0IFikeO3LgwnqnAmgxKJ8tgKeyGMAt
7QcSks4KETNIYM4OShVV2IeYXi6kj447fvniiCyiXe5R3prDai8ou1k8Qw3QvmF2
Uadk4femgzlLrc5vdmmWzIdo0Bvxo3Ci5kgZAj/9R2Q8vxfeSdx/z56PSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAyt0czVH8V2ebAJnPewXYZC72NtMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvREszUnpOVWZ4WFo1c0FtYzk3QmRoa0x2WTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIgMA0G
CSqGSIb3DQEBCwUAA4IBAQBbJT5xDUX09yOPjD702LsQ2oFXjRiCXB9SuG7BmrkP
25MNyR3OhvoE2BejL/muzKJji3ZLKEszLMx9l39NG3WNWnssZqPVPQTDJgE6DK61
8KBtXTZL75BTJMBCIcl3ishbivFOXoxmr4RNNXaMOOYq8baCenx1RXe17SpqZqQV
8TPr33W0DzHOGTpgFrGvAxIhOMMrSHGRXsngCruTXr4+Sjd8Wb0Ce7M8wqakyQ9/
9AmE9hrt7aBaWyY+8xWxaCKMUDi9t74u1oyHxroUrbheJ6PHFaNsmR41YjKW5Jp1
TKBBE8lTDtsvoSauvRnOPFfFuIeQ70v7QrOFrBykm/wF
-----END CERTIFICATE-----