Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/cccf8b-0274-4bb2-8dbb-d386d2049042/1/2R7WOXOiRVg1WjQQj6aCCqmKP8s.roa
File:                     2R7WOXOiRVg1WjQQj6aCCqmKP8s.roa (raw, json)
Hash identifier:          dgJwJoH5VGexwTLdr6nQ1zZG19ofJkQyENhBPgCHK4I=
Subject key identifier:   D9:1E:D6:39:73:A2:45:58:35:5A:34:10:8F:A6:82:0A:A9:8A:3F:CB
Certificate issuer:       /CN=3158a934189cf05891f8c4e599d0b98957e99729
Certificate serial:       018F2B3D831C9A4DE57CADE13C749CBB85DF
Authority key identifier: 31:58:A9:34:18:9C:F0:58:91:F8:C4:E5:99:D0:B9:89:57:E9:97:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MVipNBic8FiR-MTlmdC5iVfplyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/cccf8b-0274-4bb2-8dbb-d386d2049042/1/2R7WOXOiRVg1WjQQj6aCCqmKP8s.roa
Signing time:             Mon 29 Apr 2024 19:03:22 +0000
ROA not before:           Mon 29 Apr 2024 19:03:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        37.18.192.0/19 maxlen: 24
                          185.140.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/cccf8b-0274-4bb2-8dbb-d386d2049042/1/MVipNBic8FiR-MTlmdC5iVfplyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/cccf8b-0274-4bb2-8dbb-d386d2049042/1/MVipNBic8FiR-MTlmdC5iVfplyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MVipNBic8FiR-MTlmdC5iVfplyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 13:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2b:3d:83:1c:9a:4d:e5:7c:ad:e1:3c:74:9c:bb:85:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3158a934189cf05891f8c4e599d0b98957e99729
        Validity
            Not Before: Apr 29 19:03:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d91ed63973a24558355a34108fa6820aa98a3fcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:06:d0:2f:12:26:11:e8:73:d7:78:48:68:93:
                    c3:00:0d:75:61:91:e1:96:09:72:dd:12:27:e6:2e:
                    ff:c2:97:c7:06:cd:3a:1b:bc:d0:11:57:96:f6:e9:
                    58:99:4a:72:61:3d:53:5d:ad:b9:06:d2:1f:81:01:
                    0e:cb:55:35:43:a9:5d:6f:e3:0d:cc:77:8b:79:a1:
                    31:03:f4:2c:c0:90:7e:df:ad:63:e5:33:59:b2:d0:
                    43:52:30:48:00:c7:75:9c:82:d4:8a:e9:d1:14:96:
                    15:42:8d:71:fa:bb:b7:5b:c7:4c:62:4e:68:44:b0:
                    ff:97:b3:3b:59:d9:91:0e:8e:27:d1:41:1c:9f:e1:
                    be:72:bc:f9:f8:3a:84:5d:12:9f:b2:1a:29:78:05:
                    60:5e:5d:e3:3f:e8:88:46:3c:fc:e7:80:3c:9f:d1:
                    e9:39:78:5c:26:67:2e:41:a5:04:a3:17:10:39:a0:
                    16:94:b2:6f:4d:cb:16:e1:91:eb:bc:13:e4:b5:b5:
                    f0:e7:39:bd:95:d3:89:25:a9:a8:55:51:29:4d:fe:
                    f0:a3:29:39:3e:97:7c:9d:29:8e:06:51:02:96:ad:
                    74:6f:cc:f5:4e:48:2b:6b:05:0a:43:f7:63:4e:99:
                    48:1b:85:3f:bd:04:d7:45:4f:2d:23:3a:50:f2:4c:
                    4d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:1E:D6:39:73:A2:45:58:35:5A:34:10:8F:A6:82:0A:A9:8A:3F:CB
            X509v3 Authority Key Identifier:
                keyid:31:58:A9:34:18:9C:F0:58:91:F8:C4:E5:99:D0:B9:89:57:E9:97:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MVipNBic8FiR-MTlmdC5iVfplyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/cccf8b-0274-4bb2-8dbb-d386d2049042/1/2R7WOXOiRVg1WjQQj6aCCqmKP8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/cccf8b-0274-4bb2-8dbb-d386d2049042/1/MVipNBic8FiR-MTlmdC5iVfplyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.192.0/19
                  185.140.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:95:07:ad:81:50:9a:eb:c0:e0:9d:ad:8d:49:61:4e:1a:bb:
         e4:b9:04:cc:5a:53:8b:eb:90:98:1a:03:49:72:8c:e8:81:15:
         fe:26:8f:4d:fa:0e:66:71:96:82:3a:25:ba:c2:e6:02:a9:85:
         4b:ec:31:a0:7d:58:6b:a7:d0:76:45:91:fd:1b:ed:45:39:bb:
         26:80:7d:7a:02:b1:ce:7c:c1:d8:ae:b8:4a:01:3c:42:7e:d1:
         00:c6:b7:fb:39:53:85:97:d7:17:ec:56:67:d5:c0:b9:1e:c1:
         35:85:43:e5:6a:3e:05:bf:62:4f:b7:6d:9f:b4:07:7b:70:c4:
         d7:56:f7:a2:95:7d:bb:d6:29:50:79:ca:2f:db:5f:7a:bb:db:
         b5:7b:4d:46:3f:67:e9:c9:e2:05:ae:c1:53:6c:54:5c:54:07:
         65:14:d4:64:6b:06:22:0a:c8:72:41:89:a4:1c:ae:3c:c5:ab:
         38:9a:2f:f3:e1:88:e2:59:c0:fc:03:7a:14:96:74:6f:54:74:
         a4:4f:6d:0c:50:50:a8:03:6e:66:52:a5:3a:60:d9:6d:76:8a:
         6e:eb:f9:ee:f3:47:e0:d6:37:39:d7:30:c5:7c:9b:17:69:f6:
         74:12:32:fe:1a:e3:b3:0c:e6:51:09:d5:1d:49:a2:7f:b9:da:
         73:2b:a0:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8rPYMcmk3lfK3hPHScu4XfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNThhOTM0MTg5Y2YwNTg5MWY4YzRlNTk5ZDBiOTg5NTdl
OTk3MjkwHhcNMjQwNDI5MTkwMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTFlZDYzOTczYTI0NTU4MzU1YTM0MTA4ZmE2ODIwYWE5OGEzZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgbQLxImEehz13hIaJPDAA11YZHh
lgly3RIn5i7/wpfHBs06G7zQEVeW9ulYmUpyYT1TXa25BtIfgQEOy1U1Q6ldb+MN
zHeLeaExA/QswJB+361j5TNZstBDUjBIAMd1nILUiunRFJYVQo1x+ru3W8dMYk5o
RLD/l7M7WdmRDo4n0UEcn+G+crz5+DqEXRKfshopeAVgXl3jP+iIRjz854A8n9Hp
OXhcJmcuQaUEoxcQOaAWlLJvTcsW4ZHrvBPktbXw5zm9ldOJJamoVVEpTf7woyk5
Ppd8nSmOBlEClq10b8z1TkgrawUKQ/djTplIG4U/vQTXRU8tIzpQ8kxN0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNke1jlzokVYNVo0EI+mggqpij/LMB8GA1UdIwQY
MBaAFDFYqTQYnPBYkfjE5ZnQuYlX6ZcpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVZpcE5CaWM4RmlSLU1UbG1kQzVpVmZwbHlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9jY2NmOGItMDI3NC00YmIyLThkYmIt
ZDM4NmQyMDQ5MDQyLzEvMlI3V09YT2lSVmcxV2pRUWo2YUNDcW1LUDhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9jY2NmOGItMDI3NC00YmIyLThkYmItZDM4NmQyMDQ5MDQy
LzEvTVZpcE5CaWM4RmlSLU1UbG1kQzVpVmZwbHlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFJRLAAwQC
uYwkMA0GCSqGSIb3DQEBCwUAA4IBAQBalQetgVCa68Dgna2NSWFOGrvkuQTMWlOL
65CYGgNJcozogRX+Jo9N+g5mcZaCOiW6wuYCqYVL7DGgfVhrp9B2RZH9G+1FObsm
gH16ArHOfMHYrrhKATxCftEAxrf7OVOFl9cX7FZn1cC5HsE1hUPlaj4Fv2JPt22f
tAd7cMTXVveilX271ilQecov2196u9u1e01GP2fpyeIFrsFTbFRcVAdlFNRkawYi
CshyQYmkHK48xas4mi/z4YjiWcD8A3oUlnRvVHSkT20MUFCoA25mUqU6YNltdopu
6/nu80fg1jc51zDFfJsXafZ0EjL+GuOzDOZRCdUdSaJ/udpzK6AC
-----END CERTIFICATE-----