Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/NmTsH91MsnJsSzKqu961n4iyHr8.roa
File:                     NmTsH91MsnJsSzKqu961n4iyHr8.roa (raw, json)
Hash identifier:          V1umWRn/LC+CYX14Ni//C0N5GGLhNV9x6mG4CFCJ0sU=
Subject key identifier:   36:64:EC:1F:DD:4C:B2:72:6C:4B:32:AA:BB:DE:B5:9F:88:B2:1E:BF
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018CC94E16744FDF8F1E53EF7C2FE8993618
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/NmTsH91MsnJsSzKqu961n4iyHr8.roa
Signing time:             Tue 02 Jan 2024 08:33:07 +0000
ROA not before:           Tue 02 Jan 2024 08:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210522
IP address blocks:        37.114.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:16:74:4f:df:8f:1e:53:ef:7c:2f:e8:99:36:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  2 08:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3664ec1fdd4cb2726c4b32aabbdeb59f88b21ebf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:37:76:29:68:ec:23:4f:4d:e3:2e:10:d1:79:
                    3b:38:32:4b:a0:cb:e7:c0:a7:86:9d:6a:15:6a:26:
                    84:52:eb:2f:24:97:71:24:85:61:32:a2:d5:cd:ce:
                    ea:b0:a3:99:bc:b8:3a:6c:64:40:84:90:a9:56:07:
                    1f:d8:dc:20:78:8f:66:fd:7b:f8:98:80:8f:d7:1a:
                    0e:8f:ae:62:96:36:c9:7d:d4:44:45:13:48:77:c3:
                    a7:00:cb:c7:fe:e9:d6:f8:ed:e2:ac:69:d4:b8:3d:
                    67:c0:b4:b8:75:53:07:e6:92:1c:5e:b1:bc:ac:b7:
                    62:86:6c:c6:e1:c9:11:9c:8e:bb:64:f4:69:68:24:
                    2e:1c:2e:2a:47:d7:3e:98:73:44:d2:75:82:7c:a8:
                    4d:09:1d:f2:58:57:78:b6:bd:72:85:a6:a8:7c:f0:
                    0c:9b:88:70:4c:94:b0:c3:e2:8f:ff:13:3c:7e:05:
                    a1:ca:f9:f8:95:eb:ad:2e:b7:e7:2e:38:7d:08:b1:
                    1a:44:d5:2c:32:83:4e:47:77:35:5c:04:0a:4c:dc:
                    c5:bf:f2:37:f0:61:e7:67:c5:8e:b1:a9:4a:78:c1:
                    69:59:79:d5:91:4b:e9:2a:0e:57:f5:8f:fd:8f:ea:
                    03:b5:04:a2:89:b7:fd:c7:79:57:ce:46:d3:ad:2a:
                    7c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:64:EC:1F:DD:4C:B2:72:6C:4B:32:AA:BB:DE:B5:9F:88:B2:1E:BF
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/NmTsH91MsnJsSzKqu961n4iyHr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:76:11:64:e9:63:13:dc:56:4c:af:c6:9f:4b:90:01:78:b5:
         1b:03:01:95:f4:ab:90:e3:c8:89:c4:2d:1c:8b:b1:90:26:56:
         f1:ca:33:c1:c3:ae:b7:da:bc:6d:cc:40:46:d8:5f:c0:9c:af:
         53:03:6e:3d:51:c7:bf:d8:28:bf:f1:2c:a7:51:c8:1d:20:39:
         f7:88:3c:0c:9f:81:e9:50:37:f9:22:6e:59:a9:fd:80:23:3f:
         d5:13:d6:19:35:78:8d:6f:b0:2c:c4:08:b8:56:b2:8c:6f:78:
         08:f2:c7:05:c2:78:11:26:2f:96:ab:fc:45:a9:d5:d5:cc:17:
         15:e1:21:7c:66:8c:f4:2c:bb:ff:b6:93:4b:d8:76:52:d6:eb:
         75:ef:7d:b4:6b:cb:3a:22:f0:0d:56:27:73:bb:09:89:2d:df:
         da:64:6a:a5:b6:36:27:08:00:d9:fd:16:db:22:07:78:f3:7b:
         2f:2c:ae:cb:56:ae:99:2a:0e:b5:08:0e:3c:87:58:8a:f8:ee:
         f9:2f:c9:41:8d:42:8d:df:d9:bc:67:07:41:33:66:37:43:58:
         d4:23:75:28:61:a4:a6:fc:69:b4:5e:e3:23:7f:02:51:e8:56:
         f7:1b:8a:a5:ad:29:90:2f:bd:f1:6e:8d:41:9a:c2:a4:3d:e6:
         b4:50:b2:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJThZ0T9+PHlPvfC/omTYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwMTAyMDgzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjY0ZWMxZmRkNGNiMjcyNmM0YjMyYWFiYmRlYjU5Zjg4YjIxZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Td2KWjsI09N4y4Q0Xk7ODJLoMvn
wKeGnWoVaiaEUusvJJdxJIVhMqLVzc7qsKOZvLg6bGRAhJCpVgcf2NwgeI9m/Xv4
mICP1xoOj65iljbJfdRERRNId8OnAMvH/unW+O3irGnUuD1nwLS4dVMH5pIcXrG8
rLdihmzG4ckRnI67ZPRpaCQuHC4qR9c+mHNE0nWCfKhNCR3yWFd4tr1yhaaofPAM
m4hwTJSww+KP/xM8fgWhyvn4leutLrfnLjh9CLEaRNUsMoNOR3c1XAQKTNzFv/I3
8GHnZ8WOsalKeMFpWXnVkUvpKg5X9Y/9j+oDtQSiibf9x3lXzkbTrSp8yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZk7B/dTLJybEsyqrvetZ+Ish6/MB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvTm1Uc0g5MU1zbkpzU3pLcXU5NjFuNGl5SHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIpMA0G
CSqGSIb3DQEBCwUAA4IBAQA/dhFk6WMT3FZMr8afS5ABeLUbAwGV9KuQ48iJxC0c
i7GQJlbxyjPBw6632rxtzEBG2F/AnK9TA249Uce/2Ci/8SynUcgdIDn3iDwMn4Hp
UDf5Im5Zqf2AIz/VE9YZNXiNb7AsxAi4VrKMb3gI8scFwngRJi+Wq/xFqdXVzBcV
4SF8Zoz0LLv/tpNL2HZS1ut17320a8s6IvANVidzuwmJLd/aZGqltjYnCADZ/Rbb
Igd483svLK7LVq6ZKg61CA48h1iK+O75L8lBjUKN39m8ZwdBM2Y3Q1jUI3UoYaSm
/Gm0XuMjfwJR6Fb3G4qlrSmQL73xbo1BmsKkPea0ULIH
-----END CERTIFICATE-----