Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/0hFTuA6AYFpULfZQK-DJnDN4HTE.roa
File:                     0hFTuA6AYFpULfZQK-DJnDN4HTE.roa (raw, json)
Hash identifier:          ZWH8sUTXV7vc3XiT9tGW1AKcmChi4TaSnZLt2D9dIPY=
Subject key identifier:   D2:11:53:B8:0E:80:60:5A:54:2D:F6:50:2B:E0:C9:9C:33:78:1D:31
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0194228D6221190E7EB2588645887A3F0D60
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/0hFTuA6AYFpULfZQK-DJnDN4HTE.roa
Signing time:             Wed 01 Jan 2025 15:47:58 +0000
ROA not before:           Wed 01 Jan 2025 15:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29802
IP address blocks:        37.1.208.0/21 maxlen: 21
                          2a02:c6c1:f::/48 maxlen: 48
                          2a0f:4b41::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:62:21:19:0e:7e:b2:58:86:45:88:7a:3f:0d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 15:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d21153b80e80605a542df6502be0c99c33781d31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d2:4b:dc:78:fe:74:70:b7:78:0b:60:d2:5b:
                    91:42:e2:21:7f:27:0d:3e:fc:0e:fa:15:db:49:80:
                    a3:f7:3a:19:87:eb:75:48:9a:ae:fb:b3:c1:cf:4c:
                    da:b0:11:a9:14:b2:07:59:76:27:da:fb:b2:9d:39:
                    a9:d0:be:fc:95:74:bd:1b:78:2a:2a:79:21:3f:ae:
                    2c:6d:4e:b4:90:b5:52:76:cd:00:87:e7:7a:c5:bd:
                    35:ed:7e:83:77:68:ea:2f:85:29:b9:31:2d:24:14:
                    1e:5a:80:04:be:65:a7:2f:da:5a:f2:fb:cc:da:cc:
                    6a:5c:38:4a:85:f3:25:5c:a9:d2:18:4a:1a:40:67:
                    af:12:4d:c2:8c:fe:6a:cd:37:e7:80:80:b6:b0:09:
                    94:c5:87:fb:96:5a:57:8f:1a:44:ec:d0:9c:73:15:
                    82:b9:b5:19:5d:07:90:a7:5b:fc:0e:db:7a:34:82:
                    c6:41:fa:cc:f6:5a:66:08:68:f5:75:09:85:aa:5c:
                    39:93:b6:54:2d:47:f0:a5:68:bb:35:c9:79:7c:ee:
                    f6:02:88:ef:b0:69:dd:c9:de:2e:55:3d:cf:cb:86:
                    e0:ac:97:72:c0:c6:3f:c7:3d:4a:13:06:27:1a:71:
                    2a:d0:57:f7:d2:a1:95:a3:87:e0:3f:de:78:1c:c7:
                    a8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:11:53:B8:0E:80:60:5A:54:2D:F6:50:2B:E0:C9:9C:33:78:1D:31
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/0hFTuA6AYFpULfZQK-DJnDN4HTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.1.208.0/21
                IPv6:
                  2a02:c6c1:f::/48
                  2a0f:4b41::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:ae:83:1d:ab:cd:ae:7f:49:3a:ae:fc:8c:b8:9a:7c:f7:7b:
         38:7d:7a:74:4e:65:5b:0e:6f:c5:7e:06:ee:55:21:1f:7f:62:
         e3:a0:67:cc:c6:9a:d9:4e:22:2d:09:12:9e:40:d7:26:ac:4a:
         28:b6:95:69:8a:e8:d1:bb:ed:e4:ef:70:de:6e:39:6c:0b:7a:
         d2:0a:c2:b1:1d:7a:51:7c:a9:24:ea:19:57:3b:34:18:d6:77:
         73:29:8b:3e:92:b2:ef:f8:c2:1b:3f:17:f5:0b:2b:ed:d4:83:
         9f:77:f0:ae:4d:2b:16:5c:35:30:1d:d4:0f:69:60:c3:ce:39:
         e5:19:dc:99:cd:12:f0:22:07:42:64:bf:37:75:8d:9b:ab:8f:
         35:86:34:23:4e:74:4a:fb:d2:9c:66:24:f2:bb:7b:28:e8:4b:
         2d:27:2c:14:c0:32:cd:b8:0d:1a:09:fd:c6:ad:f9:a6:a5:11:
         f0:00:32:0c:61:90:7d:1a:f1:cb:6b:ee:ee:39:1e:7f:3b:ed:
         58:0b:29:51:d5:4a:21:8d:ef:9b:cb:f0:93:39:f7:e2:ae:75:
         b9:d8:b4:0f:c7:f8:1a:a7:4e:5f:32:76:eb:ca:e8:3a:55:4d:
         64:a4:e9:d5:55:e3:34:e5:3c:ea:1b:90:45:7b:b7:4d:00:9c:
         cf:cd:94:e9
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQijWIhGQ5+sliGRYh6Pw1gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwMTAxMTU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjExNTNiODBlODA2MDVhNTQyZGY2NTAyYmUwYzk5YzMzNzgxZDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNJL3Hj+dHC3eAtg0luRQuIhfycN
PvwO+hXbSYCj9zoZh+t1SJqu+7PBz0zasBGpFLIHWXYn2vuynTmp0L78lXS9G3gq
KnkhP64sbU60kLVSds0Ah+d6xb017X6Dd2jqL4UpuTEtJBQeWoAEvmWnL9pa8vvM
2sxqXDhKhfMlXKnSGEoaQGevEk3CjP5qzTfngIC2sAmUxYf7llpXjxpE7NCccxWC
ubUZXQeQp1v8Dtt6NILGQfrM9lpmCGj1dQmFqlw5k7ZULUfwpWi7Ncl5fO72Aojv
sGndyd4uVT3Py4bgrJdywMY/xz1KEwYnGnEq0Ff30qGVo4fgP954HMeoEwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNIRU7gOgGBaVC32UCvgyZwzeB0xMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvMGhGVHVBNkFZRnBVTGZaUUstREpuRE40SFRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQDJQHQMBYE
AgACMBADBwAqAsbBAA8DBQAqD0tBMA0GCSqGSIb3DQEBCwUAA4IBAQCOroMdq82u
f0k6rvyMuJp893s4fXp0TmVbDm/FfgbuVSEff2LjoGfMxprZTiItCRKeQNcmrEoo
tpVpiujRu+3k73DebjlsC3rSCsKxHXpRfKkk6hlXOzQY1ndzKYs+krLv+MIbPxf1
Cyvt1IOfd/CuTSsWXDUwHdQPaWDDzjnlGdyZzRLwIgdCZL83dY2bq481hjQjTnRK
+9KcZiTyu3so6EstJywUwDLNuA0aCf3GrfmmpRHwADIMYZB9GvHLa+7uOR5/O+1Y
CylR1Uohje+by/CTOffirnW52LQPx/gap05fMnbryug6VU1kpOnVVeM05TzqG5BF
e7dNAJzPzZTp
-----END CERTIFICATE-----