Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/hLZXBFpCso34ciLWd7jDCZXkeC4.roa
File:                     hLZXBFpCso34ciLWd7jDCZXkeC4.roa (raw, json)
Hash identifier:          u8TD0SUv8+ftqt0kX4LwAPfOsQ3f8ji+yhYNZG2CRzU=
Subject key identifier:   84:B6:57:04:5A:42:B2:8D:F8:72:22:D6:77:B8:C3:09:95:E4:78:2E
Certificate issuer:       /CN=ba970de126b3a0b548dad76f5efa88855c6f1ff2
Certificate serial:       018CC802D554C3626E75C48557D8F039827A
Authority key identifier: BA:97:0D:E1:26:B3:A0:B5:48:DA:D7:6F:5E:FA:88:85:5C:6F:1F:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/upcN4SazoLVI2tdvXvqIhVxvH_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/hLZXBFpCso34ciLWd7jDCZXkeC4.roa
Signing time:             Tue 02 Jan 2024 02:31:18 +0000
ROA not before:           Tue 02 Jan 2024 02:31:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57913
IP address blocks:        37.61.228.0/24 maxlen: 24
                          2a13:f600::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/upcN4SazoLVI2tdvXvqIhVxvH_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/upcN4SazoLVI2tdvXvqIhVxvH_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/upcN4SazoLVI2tdvXvqIhVxvH_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:d5:54:c3:62:6e:75:c4:85:57:d8:f0:39:82:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba970de126b3a0b548dad76f5efa88855c6f1ff2
        Validity
            Not Before: Jan  2 02:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84b657045a42b28df87222d677b8c30995e4782e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:bb:38:4e:8b:01:8d:df:2f:dc:2b:d3:05:1e:
                    b1:f6:af:7a:34:f4:03:85:a5:5c:95:de:75:15:3b:
                    89:d5:42:c5:18:0d:1f:6d:81:d8:81:ef:dc:9d:7f:
                    94:33:6e:f1:e6:6b:7d:7b:fc:8a:88:71:94:96:ad:
                    61:3c:f9:c1:00:eb:d2:25:87:af:b6:05:a1:31:9a:
                    7d:2e:0a:44:1d:ea:ab:13:15:74:65:e2:7f:d4:9e:
                    5c:e0:68:4a:d0:92:1e:04:3c:f7:16:c7:bc:27:54:
                    7a:c7:44:ae:17:17:05:b8:6c:b2:19:1c:a7:55:df:
                    be:31:e7:f1:dc:70:52:3a:90:1f:e9:10:60:60:a1:
                    fb:bd:f2:20:d9:ca:e9:ab:10:76:d5:49:3e:30:6c:
                    f3:68:f2:34:2b:a8:bf:24:b2:4b:ae:1c:b3:59:c6:
                    3a:03:ae:64:c7:7b:20:7b:fc:15:1f:b9:26:f8:80:
                    e3:b7:2d:1c:73:7e:9d:01:14:e2:db:0a:fd:40:87:
                    a3:47:d8:ab:ba:a9:f0:cd:81:cd:3d:3d:57:42:91:
                    3b:03:7e:06:f4:89:ea:ac:70:e4:50:fb:34:71:89:
                    43:b2:45:ee:61:90:84:ae:52:c5:80:63:b7:ab:85:
                    ad:a5:47:45:5f:b7:9a:2e:a8:a9:c0:e4:ab:ea:7b:
                    fe:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:B6:57:04:5A:42:B2:8D:F8:72:22:D6:77:B8:C3:09:95:E4:78:2E
            X509v3 Authority Key Identifier:
                keyid:BA:97:0D:E1:26:B3:A0:B5:48:DA:D7:6F:5E:FA:88:85:5C:6F:1F:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/upcN4SazoLVI2tdvXvqIhVxvH_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/hLZXBFpCso34ciLWd7jDCZXkeC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/af72e8-f0d2-4d66-b520-3aba595b58a8/1/upcN4SazoLVI2tdvXvqIhVxvH_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.228.0/24
                IPv6:
                  2a13:f600::/29

    Signature Algorithm: sha256WithRSAEncryption
         c7:bc:65:ee:60:36:e4:0b:dc:99:45:83:fb:f9:f2:dd:53:f6:
         c1:cc:58:7e:23:87:e2:e2:cc:6a:72:b9:ac:70:48:bd:10:b5:
         18:c4:a2:5a:27:95:11:93:e8:0c:e3:12:94:e9:fc:87:16:c2:
         a7:bf:9b:ac:9c:2f:6a:46:e8:6d:de:e0:89:9f:be:50:d4:0e:
         2e:49:52:ac:c2:a0:47:d6:31:09:65:8c:3e:88:05:85:89:c9:
         e8:06:85:41:20:96:be:59:d4:8d:e4:ef:6e:3d:c9:54:f0:10:
         de:ec:1e:a9:04:9c:92:d9:32:c4:95:69:70:3a:e6:a9:dc:bc:
         cc:3a:94:f1:ae:50:67:fa:3f:0c:bb:38:de:5a:3f:43:eb:2c:
         6b:4c:42:38:96:91:08:3d:cf:ab:77:f2:eb:30:1c:f7:3f:46:
         57:52:fd:74:3f:0a:61:db:db:21:5c:7d:d6:8f:33:39:8e:84:
         4e:8d:e8:f2:a2:88:a0:56:ca:8c:b7:0a:c4:29:3b:01:b3:17:
         69:cd:43:2e:ae:00:41:f5:66:88:da:d8:a3:65:10:7a:51:1c:
         84:f5:97:91:55:fd:d1:cd:1d:26:4f:20:eb:0c:df:4e:7d:b4:
         8a:62:65:aa:2b:63:b9:b1:b6:f3:38:72:97:0d:6f:dd:87:00:
         2c:f0:0c:6a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAtVUw2JudcSFV9jwOYJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOTcwZGUxMjZiM2EwYjU0OGRhZDc2ZjVlZmE4ODg1NWM2
ZjFmZjIwHhcNMjQwMTAyMDIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI2NTcwNDVhNDJiMjhkZjg3MjIyZDY3N2I4YzMwOTk1ZTQ3ODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrs4TosBjd8v3CvTBR6x9q96NPQD
haVcld51FTuJ1ULFGA0fbYHYge/cnX+UM27x5mt9e/yKiHGUlq1hPPnBAOvSJYev
tgWhMZp9LgpEHeqrExV0ZeJ/1J5c4GhK0JIeBDz3Fse8J1R6x0SuFxcFuGyyGRyn
Vd++Mefx3HBSOpAf6RBgYKH7vfIg2crpqxB21Uk+MGzzaPI0K6i/JLJLrhyzWcY6
A65kx3sge/wVH7km+IDjty0cc36dARTi2wr9QIejR9iruqnwzYHNPT1XQpE7A34G
9InqrHDkUPs0cYlDskXuYZCErlLFgGO3q4WtpUdFX7eaLqipwOSr6nv+/QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIS2VwRaQrKN+HIi1ne4wwmV5HguMB8GA1UdIwQY
MBaAFLqXDeEms6C1SNrXb176iIVcbx/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXBjTjRTYXpvTFZJMnRkdlh2cUloVnh2SF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9hZjcyZTgtZjBkMi00ZDY2LWI1MjAt
M2FiYTU5NWI1OGE4LzEvaExaWEJGcENzbzM0Y2lMV2Q3akRDWlhrZUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9hZjcyZTgtZjBkMi00ZDY2LWI1MjAtM2FiYTU5NWI1OGE4
LzEvdXBjTjRTYXpvTFZJMnRkdlh2cUloVnh2SF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJT3kMA0E
AgACMAcDBQMqE/YAMA0GCSqGSIb3DQEBCwUAA4IBAQDHvGXuYDbkC9yZRYP7+fLd
U/bBzFh+I4fi4sxqcrmscEi9ELUYxKJaJ5URk+gM4xKU6fyHFsKnv5usnC9qRuht
3uCJn75Q1A4uSVKswqBH1jEJZYw+iAWFicnoBoVBIJa+WdSN5O9uPclU8BDe7B6p
BJyS2TLElWlwOuap3LzMOpTxrlBn+j8MuzjeWj9D6yxrTEI4lpEIPc+rd/LrMBz3
P0ZXUv10Pwph29shXH3WjzM5joROjejyooigVsqMtwrEKTsBsxdpzUMurgBB9WaI
2tijZRB6URyE9ZeRVf3RzR0mTyDrDN9OfbSKYmWqK2O5sbbzOHKXDW/dhwAs8Axq
-----END CERTIFICATE-----