Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/1tAFnbECFNcjmU_vcKCN5OSZIdg.roa
File:                     1tAFnbECFNcjmU_vcKCN5OSZIdg.roa (raw, json)
Hash identifier:          OYY7YzQNALMP+t5wQQjQ6QURSMNXkpc4G9N34eI3Ms0=
Subject key identifier:   D6:D0:05:9D:B1:02:14:D7:23:99:4F:EF:70:A0:8D:E4:E4:99:21:D8
Certificate issuer:       /CN=380b283a0513940d520a680b8b3d14dbc367770d
Certificate serial:       018CC49394DDDC8483DD7889115997D7D867
Authority key identifier: 38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/1tAFnbECFNcjmU_vcKCN5OSZIdg.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31122
IP address blocks:        37.77.58.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:94:dd:dc:84:83:dd:78:89:11:59:97:d7:d8:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380b283a0513940d520a680b8b3d14dbc367770d
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d6d0059db10214d723994fef70a08de4e49921d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:23:e9:12:6b:b2:26:5b:af:a2:12:03:9a:d8:
                    0b:59:64:9a:94:ee:10:c3:86:5a:c5:c9:3a:ec:00:
                    d0:a3:dd:c9:2b:d7:a0:50:3a:c3:fc:8d:10:a4:d8:
                    c0:51:fb:1f:13:b4:08:b9:0c:ce:f3:8a:0a:02:43:
                    de:b8:28:ad:6f:7e:5e:21:d4:7c:6d:3e:17:85:c9:
                    46:ff:29:74:1b:79:95:1c:f0:a7:64:fe:fa:02:55:
                    20:06:1c:da:db:75:64:f7:0a:87:61:73:62:97:a3:
                    ec:74:0a:e0:df:5c:b8:8c:8a:da:07:fa:7b:56:bc:
                    8f:0b:a3:6e:35:9e:d9:ae:7f:98:35:6c:7b:e7:dd:
                    86:73:3b:36:f7:05:1b:4f:07:b3:80:3b:ff:21:40:
                    11:05:60:cf:08:35:d6:b2:9a:62:64:1a:76:33:20:
                    71:15:b0:fb:56:7f:15:68:0d:9e:cb:87:c0:10:1b:
                    25:1b:59:99:2b:02:f1:8b:59:3c:54:ff:22:19:48:
                    7c:7e:d7:93:73:cd:ed:7b:1a:0e:d8:68:89:f9:c6:
                    dc:31:91:df:4e:0d:33:3d:ab:f7:94:a7:2e:d5:86:
                    d3:d0:a2:21:9b:ca:de:ff:f0:2a:3c:e7:50:78:54:
                    52:55:c9:ca:a7:74:b9:b5:36:40:59:9e:16:13:96:
                    e5:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D0:05:9D:B1:02:14:D7:23:99:4F:EF:70:A0:8D:E4:E4:99:21:D8
            X509v3 Authority Key Identifier:
                keyid:38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/1tAFnbECFNcjmU_vcKCN5OSZIdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:bb:1d:66:ae:7c:1d:50:dc:e1:79:7c:4f:bb:f8:44:f3:fa:
         2a:7e:17:ee:1e:56:a3:a7:52:b6:fa:fb:47:05:ed:9c:96:ee:
         87:3e:6f:bd:54:a2:4c:43:28:ac:00:ba:7f:82:45:50:ff:b8:
         ff:79:ea:53:4f:02:f9:af:68:f3:42:d4:df:cb:81:91:ca:04:
         2e:22:28:e0:ae:1d:fc:be:ad:0b:2f:13:e2:4d:b1:d8:7a:05:
         26:01:01:33:44:ab:c7:17:41:2e:db:df:46:bb:0d:bd:9b:13:
         d5:26:4b:76:10:85:73:98:54:ad:e3:19:b8:d7:97:73:7f:1f:
         42:8c:a6:a8:49:b9:84:83:ab:90:82:cf:80:bf:aa:36:d7:de:
         bd:aa:e4:48:c4:86:e0:2a:c7:35:ac:de:9d:b4:df:a6:c8:6e:
         94:e5:f1:10:34:94:88:61:05:a6:09:72:fb:ca:08:65:c0:42:
         c2:52:52:a0:55:99:a1:78:9f:3f:ab:04:85:92:a2:19:d8:e3:
         e8:d9:55:8b:02:8d:f1:91:a8:79:0a:92:1e:8a:29:ac:a4:af:
         40:64:ed:23:19:f8:93:06:c8:47:ae:ad:79:2d:fe:5d:a2:b3:
         5a:8f:a7:9b:76:ff:02:14:02:2a:bc:35:ed:32:13:e7:48:35:
         37:0b:d0:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5Td3ISD3XiJEVmX19hnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGIyODNhMDUxMzk0MGQ1MjBhNjgwYjhiM2QxNGRiYzM2
Nzc3MGQwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQwMDU5ZGIxMDIxNGQ3MjM5OTRmZWY3MGEwOGRlNGU0OTkyMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyPpEmuyJluvohIDmtgLWWSalO4Q
w4Zaxck67ADQo93JK9egUDrD/I0QpNjAUfsfE7QIuQzO84oKAkPeuCitb35eIdR8
bT4XhclG/yl0G3mVHPCnZP76AlUgBhza23Vk9wqHYXNil6PsdArg31y4jIraB/p7
VryPC6NuNZ7Zrn+YNWx7592Gczs29wUbTwezgDv/IUARBWDPCDXWsppiZBp2MyBx
FbD7Vn8VaA2ey4fAEBslG1mZKwLxi1k8VP8iGUh8fteTc83texoO2GiJ+cbcMZHf
Tg0zPav3lKcu1YbT0KIhm8re//AqPOdQeFRSVcnKp3S5tTZAWZ4WE5blAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbQBZ2xAhTXI5lP73CgjeTkmSHYMB8GA1UdIwQY
MBaAFDgLKDoFE5QNUgpoC4s9FNvDZ3cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEt
Y2NmNjQ1NGJiMjRjLzEvMXRBRm5iRUNGTmNqbVVfdmNLQ041T1NaSWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEtY2NmNjQ1NGJiMjRj
LzEvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJU06MA0G
CSqGSIb3DQEBCwUAA4IBAQBHux1mrnwdUNzheXxPu/hE8/oqfhfuHlajp1K2+vtH
Be2clu6HPm+9VKJMQyisALp/gkVQ/7j/eepTTwL5r2jzQtTfy4GRygQuIijgrh38
vq0LLxPiTbHYegUmAQEzRKvHF0Eu299Guw29mxPVJkt2EIVzmFSt4xm415dzfx9C
jKaoSbmEg6uQgs+Av6o21969quRIxIbgKsc1rN6dtN+myG6U5fEQNJSIYQWmCXL7
yghlwELCUlKgVZmheJ8/qwSFkqIZ2OPo2VWLAo3xkah5CpIeiimspK9AZO0jGfiT
BshHrq15Lf5dorNaj6ebdv8CFAIqvDXtMhPnSDU3C9CT
-----END CERTIFICATE-----