Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/WiibqMnGvAv49AUiMEltt78UNss.roa
File:                     WiibqMnGvAv49AUiMEltt78UNss.roa (raw, json)
Hash identifier:          ESXzehv4NGjNJyK5dEvnpfJp8DIKSH24WYcX+P++Nic=
Subject key identifier:   5A:28:9B:A8:C9:C6:BC:0B:F8:F4:05:22:30:49:6D:B7:BF:14:36:CB
Certificate issuer:       /CN=560eff1d23161feaa08a1994e1dd4b46a8383f20
Certificate serial:       018CC8015304AE18CEDD5F0F093766BA9C18
Authority key identifier: 56:0E:FF:1D:23:16:1F:EA:A0:8A:19:94:E1:DD:4B:46:A8:38:3F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vg7_HSMWH-qgihmU4d1LRqg4PyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/WiibqMnGvAv49AUiMEltt78UNss.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211210
IP address blocks:        37.252.221.0/24 maxlen: 24
                          2a0b:96c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/Vg7_HSMWH-qgihmU4d1LRqg4PyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/Vg7_HSMWH-qgihmU4d1LRqg4PyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vg7_HSMWH-qgihmU4d1LRqg4PyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:53:04:ae:18:ce:dd:5f:0f:09:37:66:ba:9c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=560eff1d23161feaa08a1994e1dd4b46a8383f20
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a289ba8c9c6bc0bf8f4052230496db7bf1436cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dc:c3:54:ea:58:3c:8f:a7:81:01:95:d5:c1:
                    49:cf:81:de:5c:ae:0e:51:75:d9:6f:6b:e3:bd:24:
                    a1:f0:2f:8b:21:a3:19:3f:92:ee:ae:32:3e:ab:19:
                    8c:48:9c:ad:68:75:70:45:a6:24:c4:aa:f7:dd:80:
                    30:9a:2e:39:06:e2:03:ef:ef:6a:e6:48:0c:8b:1a:
                    9a:bf:99:c3:fd:78:c9:8a:f0:6d:f8:aa:d7:ec:7a:
                    cb:c0:8c:27:e9:30:1d:bb:bd:a9:9b:dc:6e:32:04:
                    73:e9:f6:5a:1e:44:8c:57:87:36:2a:b6:19:7c:93:
                    a2:99:fe:0b:3b:d2:56:9c:d8:ab:bb:9f:56:31:b9:
                    bf:20:76:6a:70:25:9c:66:90:fc:db:c5:6e:da:d8:
                    1f:e5:8e:d5:c6:41:57:91:a3:28:19:34:99:33:b9:
                    c0:c0:8e:b5:ea:f2:7c:48:e1:3e:3a:06:37:37:19:
                    f2:a9:3f:fe:f7:c8:da:d3:cd:ae:cf:2c:c0:bf:95:
                    3c:25:2b:ba:b4:a2:18:3d:69:d9:46:1a:2d:14:4d:
                    5b:63:d7:9f:ef:51:d8:f4:52:3a:1a:64:c8:7c:be:
                    dd:d7:9c:a4:7d:a8:5d:45:41:80:63:ac:44:8a:9a:
                    67:27:f4:a2:bb:76:08:40:aa:e7:50:2f:00:20:7c:
                    a7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:28:9B:A8:C9:C6:BC:0B:F8:F4:05:22:30:49:6D:B7:BF:14:36:CB
            X509v3 Authority Key Identifier:
                keyid:56:0E:FF:1D:23:16:1F:EA:A0:8A:19:94:E1:DD:4B:46:A8:38:3F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vg7_HSMWH-qgihmU4d1LRqg4PyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/WiibqMnGvAv49AUiMEltt78UNss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/Vg7_HSMWH-qgihmU4d1LRqg4PyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.221.0/24
                IPv6:
                  2a0b:96c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:a4:b6:f8:8b:00:c4:d3:a7:8b:aa:f4:06:9a:c2:cd:f3:78:
         86:38:b5:f2:c0:ec:15:85:48:7b:f0:58:58:23:6e:72:52:ca:
         ed:b6:a0:cd:14:a2:fa:67:f0:fe:cd:a5:84:ca:bb:ed:c1:43:
         a9:21:dc:7e:d7:62:fc:ad:29:b8:8a:86:56:c5:e2:a8:b1:79:
         0a:a1:3e:b1:e7:19:e1:32:91:12:ba:f1:85:01:e3:94:fa:57:
         90:c0:48:2c:9b:57:21:ca:72:a7:d2:94:5b:24:a5:71:ce:fe:
         4e:04:8c:49:c9:81:89:98:74:bd:7e:6e:94:d4:9c:21:5e:de:
         f3:09:65:f3:8e:f6:55:66:92:f9:67:19:e0:e2:7d:c9:4b:5d:
         bd:fb:d0:5a:c0:2c:3b:d7:c3:cd:59:38:42:30:16:3d:d0:bd:
         12:20:99:8b:2e:33:5b:96:ac:80:fb:a6:3c:cf:c9:2f:29:0a:
         78:44:35:16:4d:ee:c7:ea:51:17:eb:52:d6:23:4f:9f:8d:21:
         86:1c:81:6a:e8:26:11:a6:da:9a:ec:c7:fe:93:7c:3d:0c:11:
         56:3d:dc:6f:7c:87:cb:dd:6b:7f:aa:26:c7:4a:9b:5a:5b:76:
         b4:7d:09:b3:0a:21:90:e4:45:b0:52:dc:3d:9e:c6:04:38:9a:
         6c:1b:50:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAVMErhjO3V8PCTdmupwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2MGVmZjFkMjMxNjFmZWFhMDhhMTk5NGUxZGQ0YjQ2YTgz
ODNmMjAwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTI4OWJhOGM5YzZiYzBiZjhmNDA1MjIzMDQ5NmRiN2JmMTQzNmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtzDVOpYPI+ngQGV1cFJz4HeXK4O
UXXZb2vjvSSh8C+LIaMZP5LurjI+qxmMSJytaHVwRaYkxKr33YAwmi45BuID7+9q
5kgMixqav5nD/XjJivBt+KrX7HrLwIwn6TAdu72pm9xuMgRz6fZaHkSMV4c2KrYZ
fJOimf4LO9JWnNiru59WMbm/IHZqcCWcZpD828Vu2tgf5Y7VxkFXkaMoGTSZM7nA
wI616vJ8SOE+OgY3NxnyqT/+98ja082uzyzAv5U8JSu6tKIYPWnZRhotFE1bY9ef
71HY9FI6GmTIfL7d15ykfahdRUGAY6xEippnJ/Siu3YIQKrnUC8AIHynkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFoom6jJxrwL+PQFIjBJbbe/FDbLMB8GA1UdIwQY
MBaAFFYO/x0jFh/qoIoZlOHdS0aoOD8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmc3X0hTTVdILXFnaWhtVTRkMUxScWc0UHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hOTY3MDUtMWNiNy00M2I5LTk2ZGQt
NGMyZDRjNGI1ZjBhLzEvV2lpYnFNbkd2QXY0OUFVaU1FbHR0NzhVTnNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hOTY3MDUtMWNiNy00M2I5LTk2ZGQtNGMyZDRjNGI1ZjBh
LzEvVmc3X0hTTVdILXFnaWhtVTRkMUxScWc0UHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJfzdMA0E
AgACMAcDBQMqC5bAMA0GCSqGSIb3DQEBCwUAA4IBAQCFpLb4iwDE06eLqvQGmsLN
83iGOLXywOwVhUh78FhYI25yUsrttqDNFKL6Z/D+zaWEyrvtwUOpIdx+12L8rSm4
ioZWxeKosXkKoT6x5xnhMpESuvGFAeOU+leQwEgsm1chynKn0pRbJKVxzv5OBIxJ
yYGJmHS9fm6U1JwhXt7zCWXzjvZVZpL5Zxng4n3JS129+9BawCw718PNWThCMBY9
0L0SIJmLLjNblqyA+6Y8z8kvKQp4RDUWTe7H6lEX61LWI0+fjSGGHIFq6CYRptqa
7Mf+k3w9DBFWPdxvfIfL3Wt/qibHSptaW3a0fQmzCiGQ5EWwUtw9nsYEOJpsG1AB
-----END CERTIFICATE-----