Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/4pllpFU6ki2GH9jATgnwhcGsDmI.roa
File:                     4pllpFU6ki2GH9jATgnwhcGsDmI.roa (raw, json)
Hash identifier:          gkLvjPhnKcbigRqQ4fMvbkKq2pYi+czaLbAg+4UDJz8=
Subject key identifier:   E2:99:65:A4:55:3A:92:2D:86:1F:D8:C0:4E:09:F0:85:C1:AC:0E:62
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       018CC7933B53EAC0910BF7B0D56AD134DA14
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/4pllpFU6ki2GH9jATgnwhcGsDmI.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34702
IP address blocks:        37.252.4.0/23 maxlen: 23
                          176.97.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3b:53:ea:c0:91:0b:f7:b0:d5:6a:d1:34:da:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e29965a4553a922d861fd8c04e09f085c1ac0e62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:c1:19:9b:5c:73:c7:7b:97:ec:18:44:05:a8:
                    ac:3a:41:37:4a:0d:d8:7f:10:28:33:49:ce:30:6e:
                    99:57:42:44:1c:81:f7:dd:ab:c8:91:29:33:0d:e2:
                    67:e4:a4:3c:92:ab:62:bb:ae:5a:e4:07:c4:f1:38:
                    3e:72:63:ab:07:0b:8a:4a:d7:32:f0:f2:5e:97:c7:
                    f1:30:24:af:6d:e0:54:60:66:14:5b:72:96:70:35:
                    ef:95:48:32:fd:c1:12:a4:6c:48:6a:c4:5b:d9:53:
                    e7:f6:a8:2d:f3:58:3f:d9:2e:a1:72:78:fd:2d:b6:
                    d6:4b:d8:ec:ce:31:77:20:86:85:4e:33:89:b5:f1:
                    fc:1f:da:65:32:c6:0e:a1:e9:01:3a:27:b7:9d:52:
                    d9:6b:54:03:f3:64:30:69:a7:67:ea:85:bd:2b:f9:
                    2e:f5:a4:a4:bf:5e:db:e8:8f:44:e1:d3:b7:54:37:
                    99:29:9f:13:84:3e:95:ee:df:fa:42:67:86:64:91:
                    6f:d8:7a:c7:8d:e1:10:42:12:e6:92:84:4c:9d:ee:
                    77:40:e7:37:be:8c:dc:bd:9f:f2:c5:1e:29:ba:bb:
                    dc:13:20:b8:49:1f:4e:35:75:16:16:f4:6b:78:ad:
                    48:76:4b:25:0d:52:d7:df:a4:17:eb:b9:a8:48:74:
                    a5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:99:65:A4:55:3A:92:2D:86:1F:D8:C0:4E:09:F0:85:C1:AC:0E:62
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/4pllpFU6ki2GH9jATgnwhcGsDmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.4.0/23
                  176.97.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:bf:59:06:e1:fd:4f:a8:a6:4f:93:72:0c:b8:40:0f:2c:f9:
         43:12:5c:0c:48:17:4d:74:0a:0b:38:0f:55:bd:e3:59:fa:dd:
         5d:01:79:45:b8:f4:cd:0e:3c:b9:07:a0:ec:c9:0b:93:34:cb:
         7c:86:b5:62:ba:a9:f4:56:b6:e1:b5:fa:27:db:e7:54:5d:22:
         5c:f9:63:1d:82:5e:88:c7:ef:bd:04:f9:80:6c:32:89:df:2a:
         76:4e:4e:36:ea:66:59:40:b5:90:f2:75:13:a1:a6:87:e2:25:
         79:fa:8a:3a:f9:c8:9a:1b:4a:ad:83:f7:c0:97:db:fd:50:b9:
         4e:47:de:1e:72:e8:74:5a:d6:cf:66:ce:ef:9c:55:f1:20:ac:
         c8:5a:21:b4:38:25:94:58:b2:e8:08:39:08:1b:5e:0f:5d:55:
         40:51:5a:e7:27:74:45:04:f9:9e:33:fc:68:df:fb:b2:16:79:
         33:15:b6:19:4a:87:ab:fc:3a:7e:9a:9f:6c:be:48:ba:69:14:
         36:4f:6c:4f:a5:31:09:67:5c:4a:bd:f6:78:63:fe:05:21:1c:
         1f:a8:41:61:b1:b5:7a:b9:28:b8:4d:35:c2:46:18:64:76:1d:
         7c:cc:a9:a2:49:1e:71:62:65:ca:5c:b2:d3:65:3e:cd:02:b6:
         57:22:a9:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHkztT6sCRC/ew1WrRNNoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjk5NjVhNDU1M2E5MjJkODYxZmQ4YzA0ZTA5ZjA4NWMxYWMwZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/cEZm1xzx3uX7BhEBaisOkE3Sg3Y
fxAoM0nOMG6ZV0JEHIH33avIkSkzDeJn5KQ8kqtiu65a5AfE8Tg+cmOrBwuKStcy
8PJel8fxMCSvbeBUYGYUW3KWcDXvlUgy/cESpGxIasRb2VPn9qgt81g/2S6hcnj9
LbbWS9jszjF3IIaFTjOJtfH8H9plMsYOoekBOie3nVLZa1QD82Qwaadn6oW9K/ku
9aSkv17b6I9E4dO3VDeZKZ8ThD6V7t/6QmeGZJFv2HrHjeEQQhLmkoRMne53QOc3
vozcvZ/yxR4purvcEyC4SR9ONXUWFvRreK1IdkslDVLX36QX67moSHSlOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOKZZaRVOpIthh/YwE4J8IXBrA5iMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvNHBsbHBGVTZraTJHSDlqQVRnbndoY0dzRG1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJfwEAwQA
sGFKMA0GCSqGSIb3DQEBCwUAA4IBAQCBv1kG4f1PqKZPk3IMuEAPLPlDElwMSBdN
dAoLOA9VveNZ+t1dAXlFuPTNDjy5B6DsyQuTNMt8hrViuqn0Vrbhtfon2+dUXSJc
+WMdgl6Ix++9BPmAbDKJ3yp2Tk426mZZQLWQ8nUToaaH4iV5+oo6+ciaG0qtg/fA
l9v9ULlOR94ecuh0WtbPZs7vnFXxIKzIWiG0OCWUWLLoCDkIG14PXVVAUVrnJ3RF
BPmeM/xo3/uyFnkzFbYZSoer/Dp+mp9svki6aRQ2T2xPpTEJZ1xKvfZ4Y/4FIRwf
qEFhsbV6uSi4TTXCRhhkdh18zKmiSR5xYmXKXLLTZT7NArZXIqnO
-----END CERTIFICATE-----