Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/oUhkxIulPtQeLWZAap9t1mlG6ec.roa
File:                     oUhkxIulPtQeLWZAap9t1mlG6ec.roa (raw, json)
Hash identifier:          ajp39CXFmDkVYsw0WCJ5aOTXiyIplQgAr9vcF3fe87o=
Subject key identifier:   A1:48:64:C4:8B:A5:3E:D4:1E:2D:66:40:6A:9F:6D:D6:69:46:E9:E7
Certificate issuer:       /CN=560eff1d23161feaa08a1994e1dd4b46a8383f20
Certificate serial:       019425FDC73920E16AB81883ED5A20BBBD94
Authority key identifier: 56:0E:FF:1D:23:16:1F:EA:A0:8A:19:94:E1:DD:4B:46:A8:38:3F:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vg7_HSMWH-qgihmU4d1LRqg4PyA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/oUhkxIulPtQeLWZAap9t1mlG6ec.roa
Signing time:             Thu 02 Jan 2025 07:49:36 +0000
ROA not before:           Thu 02 Jan 2025 07:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211210
IP address blocks:        37.252.221.0/24 maxlen: 24
                          2a0b:96c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/Vg7_HSMWH-qgihmU4d1LRqg4PyA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/Vg7_HSMWH-qgihmU4d1LRqg4PyA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vg7_HSMWH-qgihmU4d1LRqg4PyA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c7:39:20:e1:6a:b8:18:83:ed:5a:20:bb:bd:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=560eff1d23161feaa08a1994e1dd4b46a8383f20
        Validity
            Not Before: Jan  2 07:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a14864c48ba53ed41e2d66406a9f6dd66946e9e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:c1:ad:ff:b3:9f:b5:d8:05:fc:b1:8f:06:2f:
                    ae:6f:f7:b5:bf:d7:af:01:6f:3f:b2:02:f3:b3:c2:
                    d3:d8:06:cb:87:9a:f7:44:a9:df:57:69:34:83:c3:
                    cc:66:0b:a3:9b:ca:c5:fd:34:0a:e5:d7:9f:07:92:
                    01:8a:ae:2c:25:fc:b3:e4:51:27:dd:31:e3:93:00:
                    e6:51:49:6e:85:c2:2a:f0:0a:73:d9:58:f6:94:69:
                    c0:da:38:1a:e5:10:bf:ae:38:59:e6:7b:7d:93:c2:
                    48:92:60:18:9f:1e:0f:39:66:a5:11:59:fc:5d:1c:
                    62:3b:a9:e0:38:0d:0b:e5:a2:85:c0:02:44:ab:e0:
                    8b:d9:53:3f:84:e7:76:17:43:a0:2b:68:7e:7f:80:
                    93:eb:d8:81:f6:2d:c7:09:78:34:b0:7d:6e:f4:06:
                    cc:c1:c4:22:31:02:a9:00:71:18:96:cc:a2:28:0a:
                    a2:b6:0f:60:0c:84:cd:3f:4a:fc:21:ea:23:95:85:
                    1f:9e:71:d5:58:e6:91:9b:ca:e5:e4:dc:d2:01:40:
                    b2:9b:b9:12:cf:a1:ee:94:fd:d5:22:9e:30:b8:9b:
                    6b:02:2e:20:87:74:ad:25:67:52:d3:49:80:54:d2:
                    95:b0:25:41:b9:f7:2a:e1:4f:93:89:33:51:01:9c:
                    57:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:48:64:C4:8B:A5:3E:D4:1E:2D:66:40:6A:9F:6D:D6:69:46:E9:E7
            X509v3 Authority Key Identifier:
                keyid:56:0E:FF:1D:23:16:1F:EA:A0:8A:19:94:E1:DD:4B:46:A8:38:3F:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vg7_HSMWH-qgihmU4d1LRqg4PyA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/oUhkxIulPtQeLWZAap9t1mlG6ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/a96705-1cb7-43b9-96dd-4c2d4c4b5f0a/1/Vg7_HSMWH-qgihmU4d1LRqg4PyA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.221.0/24
                IPv6:
                  2a0b:96c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:7e:ef:f2:f4:ad:51:53:30:ab:48:7a:79:e3:1e:4f:e7:86:
         f1:f6:c7:cd:b0:1b:c1:db:10:48:24:c5:54:ce:d7:a9:8d:97:
         ce:66:e1:27:e8:12:ec:26:ae:0c:9b:e4:ee:eb:a7:3f:82:11:
         87:ab:f1:b1:7d:ae:51:6b:c0:c3:4e:b0:36:75:bd:ca:d1:09:
         53:95:a0:cb:20:f3:23:b7:dc:38:38:3a:29:1b:8a:1b:19:dc:
         42:9d:95:c5:25:73:21:2f:d6:d2:ea:36:e4:fa:b8:fd:4d:b1:
         30:9a:af:d3:7e:e3:0d:9c:29:4c:af:4d:cf:fe:e7:d7:5f:bd:
         a5:31:7d:03:a4:57:1b:dc:db:82:e3:97:bc:02:24:5d:5a:76:
         9e:01:3c:b5:70:6e:28:3c:f8:b2:b4:b4:d9:34:34:af:74:0f:
         5b:06:a1:d5:b3:32:e3:1a:b3:a8:90:20:43:4b:7b:aa:b7:f3:
         01:04:4d:e7:4c:a5:f4:1c:f4:1b:42:5c:f3:23:52:19:f7:70:
         2c:49:1c:0c:2b:70:0b:69:de:8b:78:49:10:f2:d8:60:c9:0e:
         17:98:35:14:e4:9c:42:37:6f:e0:5a:03:55:ef:b2:60:b2:22:
         c1:2e:7f:6b:d5:86:63:74:83:dd:28:8d:58:d2:bb:44:3c:fa:
         5b:11:4c:14
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/cc5IOFquBiD7Vogu72UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2MGVmZjFkMjMxNjFmZWFhMDhhMTk5NGUxZGQ0YjQ2YTgz
ODNmMjAwHhcNMjUwMTAyMDc0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTQ4NjRjNDhiYTUzZWQ0MWUyZDY2NDA2YTlmNmRkNjY5NDZlOWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2MGt/7OftdgF/LGPBi+ub/e1v9ev
AW8/sgLzs8LT2AbLh5r3RKnfV2k0g8PMZgujm8rF/TQK5defB5IBiq4sJfyz5FEn
3THjkwDmUUluhcIq8Apz2Vj2lGnA2jga5RC/rjhZ5nt9k8JIkmAYnx4POWalEVn8
XRxiO6ngOA0L5aKFwAJEq+CL2VM/hOd2F0OgK2h+f4CT69iB9i3HCXg0sH1u9AbM
wcQiMQKpAHEYlsyiKAqitg9gDITNP0r8IeojlYUfnnHVWOaRm8rl5NzSAUCym7kS
z6HulP3VIp4wuJtrAi4gh3StJWdS00mAVNKVsCVBufcq4U+TiTNRAZxX3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKFIZMSLpT7UHi1mQGqfbdZpRunnMB8GA1UdIwQY
MBaAFFYO/x0jFh/qoIoZlOHdS0aoOD8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmc3X0hTTVdILXFnaWhtVTRkMUxScWc0UHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9hOTY3MDUtMWNiNy00M2I5LTk2ZGQt
NGMyZDRjNGI1ZjBhLzEvb1Voa3hJdWxQdFFlTFdaQWFwOXQxbWxHNmVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9hOTY3MDUtMWNiNy00M2I5LTk2ZGQtNGMyZDRjNGI1ZjBh
LzEvVmc3X0hTTVdILXFnaWhtVTRkMUxScWc0UHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJfzdMA0E
AgACMAcDBQMqC5bAMA0GCSqGSIb3DQEBCwUAA4IBAQCAfu/y9K1RUzCrSHp54x5P
54bx9sfNsBvB2xBIJMVUztepjZfOZuEn6BLsJq4Mm+Tu66c/ghGHq/Gxfa5Ra8DD
TrA2db3K0QlTlaDLIPMjt9w4ODopG4obGdxCnZXFJXMhL9bS6jbk+rj9TbEwmq/T
fuMNnClMr03P/ufXX72lMX0DpFcb3NuC45e8AiRdWnaeATy1cG4oPPiytLTZNDSv
dA9bBqHVszLjGrOokCBDS3uqt/MBBE3nTKX0HPQbQlzzI1IZ93AsSRwMK3ALad6L
eEkQ8thgyQ4XmDUU5JxCN2/gWgNV77JgsiLBLn9r1YZjdIPdKI1Y0rtEPPpbEUwU
-----END CERTIFICATE-----