Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/lbQJ2rq_BHyJF6s2vYGbT2GOaEI.roa
File:                     lbQJ2rq_BHyJF6s2vYGbT2GOaEI.roa (raw, json)
Hash identifier:          aJ2Q0VP1V764a0H8xEOx6D+4ZkJqxXjOkmvFmOkcjng=
Subject key identifier:   95:B4:09:DA:BA:BF:04:7C:89:17:AB:36:BD:81:9B:4F:61:8E:68:42
Certificate issuer:       /CN=380b283a0513940d520a680b8b3d14dbc367770d
Certificate serial:       0194266BB3B4C2F0D27AB528320C9194F15C
Authority key identifier: 38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/lbQJ2rq_BHyJF6s2vYGbT2GOaEI.roa
Signing time:             Thu 02 Jan 2025 09:49:40 +0000
ROA not before:           Thu 02 Jan 2025 09:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31122
IP address blocks:        37.77.58.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:b3:b4:c2:f0:d2:7a:b5:28:32:0c:91:94:f1:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380b283a0513940d520a680b8b3d14dbc367770d
        Validity
            Not Before: Jan  2 09:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95b409dababf047c8917ab36bd819b4f618e6842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:47:5d:f1:b4:9a:91:3d:0b:17:cf:bf:07:7c:
                    01:b4:e5:3f:f1:ad:b2:3d:ad:6d:97:7d:6b:0b:6a:
                    50:25:5b:8d:19:23:d2:5c:d0:89:a6:7d:42:76:5e:
                    a2:37:0d:6e:9b:17:90:97:6c:09:1b:b4:aa:67:c4:
                    28:de:d5:7f:ff:dd:5e:09:2b:e9:4c:98:e0:02:17:
                    88:f7:9f:cb:10:d4:53:6d:5e:9e:00:2a:71:ae:bb:
                    e2:e2:5d:2c:7a:2f:b1:75:53:3b:53:6d:2c:6a:fc:
                    cf:56:49:dc:7b:b4:be:7c:4f:b1:b9:66:6b:ec:86:
                    47:35:b7:ea:20:1d:56:39:0c:88:56:6c:b5:ad:b9:
                    4b:a8:61:02:e9:1d:85:fd:9e:52:f3:98:cb:58:04:
                    0d:23:dc:cb:4a:43:a3:a3:70:37:f4:37:71:7d:08:
                    e4:72:a8:ea:b0:8b:97:0d:45:c0:2f:cc:ed:cf:f5:
                    9e:22:e1:3c:dc:85:e3:4b:f8:50:c8:90:34:d6:f2:
                    9c:a9:00:72:07:56:08:94:0d:ec:e4:50:3b:03:e1:
                    e8:2d:2a:ea:c4:f1:b5:93:fa:68:d0:1b:a8:fe:1a:
                    c2:02:a3:c6:02:85:4c:46:0e:51:bd:80:fc:78:93:
                    c8:51:9b:72:82:16:58:7d:23:a0:bb:b0:20:86:fb:
                    de:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B4:09:DA:BA:BF:04:7C:89:17:AB:36:BD:81:9B:4F:61:8E:68:42
            X509v3 Authority Key Identifier:
                keyid:38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/lbQJ2rq_BHyJF6s2vYGbT2GOaEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:0c:7a:02:74:ad:9d:5d:e4:09:ff:2a:73:ef:13:30:47:ef:
         9c:0d:a5:9c:95:a4:b1:2d:75:ea:16:f5:f2:db:4d:b1:b7:e5:
         03:fb:a6:e9:e9:83:a9:76:5f:47:0d:56:b4:97:8d:21:27:e1:
         00:d2:f2:43:43:80:75:a5:67:c9:7a:30:a9:7e:48:be:bf:95:
         bf:af:ca:86:64:b7:09:39:3c:62:47:45:45:06:fe:ff:37:82:
         ef:98:69:9f:1e:0c:7c:a2:71:9e:d1:7f:32:ac:b1:16:27:1b:
         3d:ce:4e:55:79:c0:fd:18:80:1a:2c:5c:90:c3:4a:b5:8e:5c:
         1e:15:e6:f9:51:49:15:2a:d8:f9:1e:69:e6:38:6d:29:f8:f2:
         30:02:3d:62:2b:aa:a2:00:62:14:1a:d4:37:c2:24:2e:55:62:
         81:63:e6:c1:7e:e8:2f:ae:f1:12:1c:dc:6e:86:04:a5:c3:66:
         da:62:1a:e1:97:ec:a5:4c:c7:9f:c4:ec:bf:5a:3b:b0:ef:e2:
         11:9d:d8:62:09:dc:ad:32:53:5e:47:f5:50:79:6e:5e:fd:c1:
         d7:88:65:22:67:f4:b7:48:80:73:02:85:61:76:80:6c:39:28:
         e8:d0:ff:7e:b5:22:c8:3f:03:80:0b:a0:9c:25:bd:08:3b:c9:
         92:f9:00:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma7O0wvDSerUoMgyRlPFcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGIyODNhMDUxMzk0MGQ1MjBhNjgwYjhiM2QxNGRiYzM2
Nzc3MGQwHhcNMjUwMTAyMDk0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI0MDlkYWJhYmYwNDdjODkxN2FiMzZiZDgxOWI0ZjYxOGU2ODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokdd8bSakT0LF8+/B3wBtOU/8a2y
Pa1tl31rC2pQJVuNGSPSXNCJpn1Cdl6iNw1umxeQl2wJG7SqZ8Qo3tV//91eCSvp
TJjgAheI95/LENRTbV6eACpxrrvi4l0sei+xdVM7U20savzPVknce7S+fE+xuWZr
7IZHNbfqIB1WOQyIVmy1rblLqGEC6R2F/Z5S85jLWAQNI9zLSkOjo3A39DdxfQjk
cqjqsIuXDUXAL8ztz/WeIuE83IXjS/hQyJA01vKcqQByB1YIlA3s5FA7A+HoLSrq
xPG1k/po0Buo/hrCAqPGAoVMRg5RvYD8eJPIUZtyghZYfSOgu7AghvveUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW0Cdq6vwR8iRerNr2Bm09hjmhCMB8GA1UdIwQY
MBaAFDgLKDoFE5QNUgpoC4s9FNvDZ3cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEt
Y2NmNjQ1NGJiMjRjLzEvbGJRSjJycV9CSHlKRjZzMnZZR2JUMkdPYUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEtY2NmNjQ1NGJiMjRj
LzEvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJU06MA0G
CSqGSIb3DQEBCwUAA4IBAQAwDHoCdK2dXeQJ/ypz7xMwR++cDaWclaSxLXXqFvXy
202xt+UD+6bp6YOpdl9HDVa0l40hJ+EA0vJDQ4B1pWfJejCpfki+v5W/r8qGZLcJ
OTxiR0VFBv7/N4LvmGmfHgx8onGe0X8yrLEWJxs9zk5VecD9GIAaLFyQw0q1jlwe
Feb5UUkVKtj5HmnmOG0p+PIwAj1iK6qiAGIUGtQ3wiQuVWKBY+bBfugvrvESHNxu
hgSlw2baYhrhl+ylTMefxOy/Wjuw7+IRndhiCdytMlNeR/VQeW5e/cHXiGUiZ/S3
SIBzAoVhdoBsOSjo0P9+tSLIPwOAC6CcJb0IO8mS+QDb
-----END CERTIFICATE-----