Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/N0rJiBdgtO9fU8yoRq-382oktFg.roa
File:                     N0rJiBdgtO9fU8yoRq-382oktFg.roa (raw, json)
Hash identifier:          bB1AV0SMHgeWK7jWVStwsYXs+HRbXPbLbF0IlJADV0k=
Subject key identifier:   37:4A:C9:88:17:60:B4:EF:5F:53:CC:A8:46:AF:B7:F3:6A:24:B4:58
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018CC94E105B53F03230027FDFD6C41BF595
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/N0rJiBdgtO9fU8yoRq-382oktFg.roa
Signing time:             Tue 02 Jan 2024 08:33:05 +0000
ROA not before:           Tue 02 Jan 2024 08:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44066
IP address blocks:        37.114.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:10:5b:53:f0:32:30:02:7f:df:d6:c4:1b:f5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  2 08:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=374ac9881760b4ef5f53cca846afb7f36a24b458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b1:c1:c0:36:dd:3b:60:96:da:2b:8b:a8:15:
                    11:83:82:97:d2:5b:ef:83:5b:04:dc:bd:00:57:c0:
                    fe:c8:2a:37:df:24:71:13:59:d8:42:e3:3e:d0:7b:
                    5e:3e:ff:a9:c2:3b:2d:06:6e:e0:98:5a:62:0a:6e:
                    0f:56:dc:39:23:8e:1b:92:73:b7:f7:d3:98:0c:55:
                    ac:3c:2b:c8:4b:60:40:5f:2f:a4:62:3a:19:09:01:
                    c9:f4:f2:76:34:b2:ac:fa:2a:3c:ee:df:49:2e:12:
                    db:e4:f8:75:be:79:cb:c7:13:dd:48:fe:86:16:86:
                    8f:6e:6f:e9:0e:53:3e:f5:f7:ef:df:c9:45:4f:39:
                    01:55:83:76:c9:84:e9:63:4a:49:2a:0e:04:7b:bf:
                    24:01:ef:33:a0:75:94:1e:1c:77:d1:44:95:cd:b1:
                    2e:a3:c4:4d:b9:8d:58:12:58:39:4f:3c:f6:00:ec:
                    9c:74:f8:f0:61:e2:71:83:44:1f:b2:e4:16:03:af:
                    a8:45:90:06:5e:65:f2:8e:fa:4f:ae:78:ed:f9:db:
                    02:91:e0:1b:5b:fa:e7:7f:c7:89:d9:94:50:50:d1:
                    09:84:30:54:52:ed:a6:09:33:11:e7:f4:43:c2:4e:
                    b1:98:cd:eb:b2:57:f1:d4:9b:4e:a1:f8:c9:ef:48:
                    fc:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:4A:C9:88:17:60:B4:EF:5F:53:CC:A8:46:AF:B7:F3:6A:24:B4:58
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/N0rJiBdgtO9fU8yoRq-382oktFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:3a:df:ae:ac:6a:24:0f:36:48:3d:ef:dd:55:b0:d8:1e:d1:
         41:ea:30:af:10:47:31:75:16:1c:e8:a7:11:68:df:38:2e:75:
         e9:e6:73:fe:bb:2e:13:3e:fb:96:04:22:06:e3:3f:be:0a:83:
         d4:6f:0e:49:b8:44:79:84:94:b6:5c:61:cf:71:bf:51:61:85:
         b4:0e:bf:cc:35:6e:c0:27:02:38:e1:08:85:0c:ea:27:9c:de:
         4e:bc:e1:9d:bf:a0:bb:14:46:a0:c4:56:ff:30:d0:9c:4a:95:
         d4:47:aa:19:15:82:3c:c1:2b:72:1f:5c:cc:fe:fa:b9:c7:e9:
         09:0b:d4:67:1b:0a:c1:1a:aa:7b:c5:da:cc:37:90:df:ea:d5:
         d3:81:5d:af:aa:25:4a:41:b2:b4:42:da:f0:b1:40:9a:da:fa:
         22:66:09:28:98:1a:23:2f:0f:f1:0f:fa:89:6f:95:81:c3:9c:
         dd:63:3c:60:17:9d:08:18:f6:5b:c0:0c:0d:50:d8:03:8a:2a:
         54:1c:5d:67:b1:7f:6b:4a:72:fe:b3:5b:2e:b4:d2:64:4f:89:
         92:4a:47:06:28:25:f3:ef:f2:e9:c1:69:b6:bf:14:30:0c:d0:
         74:1e:f9:af:d6:c7:15:28:b4:3b:71:09:a5:d9:6d:a9:0d:87:
         9b:45:ff:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJThBbU/AyMAJ/39bEG/WVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwMTAyMDgzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzRhYzk4ODE3NjBiNGVmNWY1M2NjYTg0NmFmYjdmMzZhMjRiNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobHBwDbdO2CW2iuLqBURg4KX0lvv
g1sE3L0AV8D+yCo33yRxE1nYQuM+0HtePv+pwjstBm7gmFpiCm4PVtw5I44bknO3
99OYDFWsPCvIS2BAXy+kYjoZCQHJ9PJ2NLKs+io87t9JLhLb5Ph1vnnLxxPdSP6G
FoaPbm/pDlM+9ffv38lFTzkBVYN2yYTpY0pJKg4Ee78kAe8zoHWUHhx30USVzbEu
o8RNuY1YElg5Tzz2AOycdPjwYeJxg0QfsuQWA6+oRZAGXmXyjvpPrnjt+dsCkeAb
W/rnf8eJ2ZRQUNEJhDBUUu2mCTMR5/RDwk6xmM3rslfx1JtOofjJ70j8+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdKyYgXYLTvX1PMqEavt/NqJLRYMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvTjBySmlCZGd0TzlmVTh5b1JxLTM4Mm9rdEZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXI4MA0G
CSqGSIb3DQEBCwUAA4IBAQAmOt+urGokDzZIPe/dVbDYHtFB6jCvEEcxdRYc6KcR
aN84LnXp5nP+uy4TPvuWBCIG4z++CoPUbw5JuER5hJS2XGHPcb9RYYW0Dr/MNW7A
JwI44QiFDOonnN5OvOGdv6C7FEagxFb/MNCcSpXUR6oZFYI8wStyH1zM/vq5x+kJ
C9RnGwrBGqp7xdrMN5Df6tXTgV2vqiVKQbK0QtrwsUCa2voiZgkomBojLw/xD/qJ
b5WBw5zdYzxgF50IGPZbwAwNUNgDiipUHF1nsX9rSnL+s1sutNJkT4mSSkcGKCXz
7/LpwWm2vxQwDNB0Hvmv1scVKLQ7cQml2W2pDYebRf/a
-----END CERTIFICATE-----