Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ADklfN8ws0o161ALWcK4nvNaM7U.roa
File:                     ADklfN8ws0o161ALWcK4nvNaM7U.roa (raw, json)
Hash identifier:          JpZJA0RkCjbhOXeBhgxCpj9twflgRm01cI6SsSuX5Ak=
Subject key identifier:   00:39:25:7C:DF:30:B3:4A:35:EB:50:0B:59:C2:B8:9E:F3:5A:33:B5
Certificate issuer:       /CN=02930f8c688c04d17433a2b9c7249bc625bce316
Certificate serial:       018CC801705D5C489810803A8322BFFB6759
Authority key identifier: 02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ADklfN8ws0o161ALWcK4nvNaM7U.roa
Signing time:             Tue 02 Jan 2024 02:29:46 +0000
ROA not before:           Tue 02 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50889
IP address blocks:        37.186.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:03:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:70:5d:5c:48:98:10:80:3a:83:22:bf:fb:67:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02930f8c688c04d17433a2b9c7249bc625bce316
        Validity
            Not Before: Jan  2 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0039257cdf30b34a35eb500b59c2b89ef35a33b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:2e:14:ed:9b:0e:81:19:7e:55:e3:03:df:6d:
                    12:8a:b9:72:79:67:ff:9b:69:1d:55:d4:ec:3d:34:
                    ba:7e:1c:bb:60:b8:e1:b9:0f:68:06:50:92:d2:8e:
                    8b:07:d6:ee:05:fb:72:38:21:78:14:eb:c8:22:29:
                    86:79:1d:39:76:5b:20:64:d7:d2:0e:73:c3:68:3a:
                    a4:34:db:2b:91:3e:b2:e4:43:6e:91:fb:f9:7b:3a:
                    4f:78:f8:72:cc:20:09:53:19:aa:b8:9b:06:2b:38:
                    00:18:22:e7:09:c0:79:f1:12:44:6d:19:95:e8:c0:
                    78:86:09:ac:66:aa:31:ad:a4:ae:7b:60:e8:d7:66:
                    b4:87:7a:3c:12:7f:ab:8c:1c:c3:f3:28:f7:79:a4:
                    42:ce:4d:17:7f:e7:71:36:d6:82:8a:05:68:6a:21:
                    40:8c:a1:63:95:a5:db:47:26:76:73:23:dc:38:7f:
                    51:6b:f0:78:71:ad:1f:a9:9e:df:23:90:ba:5f:8e:
                    37:b1:54:fb:30:82:77:79:91:13:54:39:68:f3:21:
                    2d:7b:7c:88:26:17:01:e0:31:11:ad:57:ef:f8:b7:
                    ad:31:1d:97:2e:4b:70:0f:e3:81:8e:b7:64:b1:97:
                    4e:e1:85:c8:68:02:ac:33:83:16:b5:c1:bb:7f:d1:
                    83:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:39:25:7C:DF:30:B3:4A:35:EB:50:0B:59:C2:B8:9E:F3:5A:33:B5
            X509v3 Authority Key Identifier:
                keyid:02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ADklfN8ws0o161ALWcK4nvNaM7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.186.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:7a:19:02:1d:66:42:35:97:e7:6d:a4:f2:ad:81:a1:20:83:
         56:bd:21:5e:aa:fa:df:12:8a:06:ab:28:2a:03:28:88:5d:bb:
         26:a1:3f:54:33:c3:89:20:59:93:a1:30:0f:e4:e2:86:87:6b:
         ab:c1:84:a0:ab:87:d8:9b:d1:fe:2c:79:e3:a9:30:03:ab:60:
         44:ec:c0:13:07:a8:52:cb:8d:16:70:04:20:f2:8b:85:91:e5:
         e1:e7:0b:cb:50:86:92:ba:51:9d:5f:d6:af:e8:a9:33:2e:b7:
         5b:90:e2:01:0c:a8:fc:29:19:60:df:b4:2b:17:19:ea:b0:e3:
         47:b1:e2:9a:e3:ba:62:e0:51:29:28:80:a8:3b:d1:8c:a5:8f:
         7b:7e:f1:da:4a:48:85:09:79:88:cc:d9:af:a5:1c:e3:f0:80:
         34:26:ff:41:21:43:0e:d1:54:44:62:8a:fa:1a:7a:a8:08:cf:
         64:e3:68:6c:c8:75:d7:1e:cc:c5:f8:c3:f7:df:8a:b9:87:b2:
         11:23:f4:18:20:00:eb:02:b6:e0:6e:02:2e:87:da:d0:dc:8b:
         19:ce:50:50:8b:31:8e:71:8b:93:36:e0:52:a4:0d:69:18:fe:
         46:af:65:3b:19:1b:5b:bd:94:6e:f8:f3:86:be:ac:ac:dd:d1:
         93:20:77:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAXBdXEiYEIA6gyK/+2dZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOTMwZjhjNjg4YzA0ZDE3NDMzYTJiOWM3MjQ5YmM2MjVi
Y2UzMTYwHhcNMjQwMTAyMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDM5MjU3Y2RmMzBiMzRhMzVlYjUwMGI1OWMyYjg5ZWYzNWEzM2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiS4U7ZsOgRl+VeMD320SirlyeWf/
m2kdVdTsPTS6fhy7YLjhuQ9oBlCS0o6LB9buBftyOCF4FOvIIimGeR05dlsgZNfS
DnPDaDqkNNsrkT6y5ENukfv5ezpPePhyzCAJUxmquJsGKzgAGCLnCcB58RJEbRmV
6MB4hgmsZqoxraSue2Do12a0h3o8En+rjBzD8yj3eaRCzk0Xf+dxNtaCigVoaiFA
jKFjlaXbRyZ2cyPcOH9Ra/B4ca0fqZ7fI5C6X443sVT7MIJ3eZETVDlo8yEte3yI
JhcB4DERrVfv+LetMR2XLktwD+OBjrdksZdO4YXIaAKsM4MWtcG7f9GD6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAA5JXzfMLNKNetQC1nCuJ7zWjO1MB8GA1UdIwQY
MBaAFAKTD4xojATRdDOiucckm8YlvOMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODct
YTRlOTkxYjBmMTQ0LzEvQURrbGZOOHdzMG8xNjFBTFdjSzRudk5hTTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODctYTRlOTkxYjBmMTQ0
LzEvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJbpvMA0G
CSqGSIb3DQEBCwUAA4IBAQDCehkCHWZCNZfnbaTyrYGhIINWvSFeqvrfEooGqygq
AyiIXbsmoT9UM8OJIFmToTAP5OKGh2urwYSgq4fYm9H+LHnjqTADq2BE7MATB6hS
y40WcAQg8ouFkeXh5wvLUIaSulGdX9av6KkzLrdbkOIBDKj8KRlg37QrFxnqsONH
seKa47pi4FEpKICoO9GMpY97fvHaSkiFCXmIzNmvpRzj8IA0Jv9BIUMO0VREYor6
GnqoCM9k42hsyHXXHszF+MP334q5h7IRI/QYIADrArbgbgIuh9rQ3IsZzlBQizGO
cYuTNuBSpA1pGP5Gr2U7GRtbvZRu+POGvqys3dGTIHeg
-----END CERTIFICATE-----