Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/R-yr__D8H7MP9PScPKEilF73LO0.roa
File:                     R-yr__D8H7MP9PScPKEilF73LO0.roa (raw, json)
Hash identifier:          nvt4z74nDeI7TVi+pk9xj2FnIVd/rCnmLiaN7owjvJE=
Subject key identifier:   47:EC:AB:FF:F0:FC:1F:B3:0F:F4:F4:9C:3C:A1:22:94:5E:F7:2C:ED
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0194228D632B6B615FB9B197D1A20F0A285C
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/R-yr__D8H7MP9PScPKEilF73LO0.roa
Signing time:             Wed 01 Jan 2025 15:47:58 +0000
ROA not before:           Wed 01 Jan 2025 15:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42708
IP address blocks:        37.252.8.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 07:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:63:2b:6b:61:5f:b9:b1:97:d1:a2:0f:0a:28:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 15:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47ecabfff0fc1fb30ff4f49c3ca122945ef72ced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c0:22:0c:2f:79:77:93:7e:5c:9f:da:f4:fe:
                    81:b6:43:24:2f:b5:95:60:3a:d2:27:f5:a0:f9:d6:
                    c0:46:23:cd:49:a2:d5:96:6a:a6:96:14:ad:d5:be:
                    89:84:7e:ef:fc:ff:c9:98:0c:51:6b:f4:be:fc:b4:
                    4b:48:f1:4e:5f:d4:ff:27:af:c6:00:d6:63:a8:60:
                    99:b3:10:22:de:dd:48:17:bb:be:c6:2b:30:0f:ee:
                    6c:c0:14:b4:51:0c:c2:9b:5b:62:9f:dc:df:61:43:
                    fe:75:80:3b:4b:f3:78:23:b6:8e:90:da:17:cf:74:
                    e3:d8:81:99:a9:31:de:c2:28:24:7c:68:75:c7:dc:
                    76:f4:79:e9:2c:17:9d:f8:c1:69:e4:a4:b3:99:03:
                    65:73:aa:eb:0c:bb:2e:dd:5a:2f:ac:be:cc:c9:62:
                    4e:41:58:6b:95:55:da:b4:da:09:7f:dc:40:79:ec:
                    a7:bd:51:9b:66:b6:af:ed:9f:15:be:ee:d1:d9:b9:
                    18:a8:40:a3:10:79:41:de:34:82:76:75:39:4a:d1:
                    75:10:e5:30:96:11:18:de:51:ab:55:97:d5:f2:97:
                    8c:e6:0d:89:f5:b4:35:0c:a5:f9:5b:50:5b:fb:83:
                    93:18:32:98:bd:07:74:e5:92:ce:ff:69:13:8f:73:
                    3b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EC:AB:FF:F0:FC:1F:B3:0F:F4:F4:9C:3C:A1:22:94:5E:F7:2C:ED
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/R-yr__D8H7MP9PScPKEilF73LO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b2:37:a8:1a:0c:e2:5a:42:ee:7a:c8:7d:34:7a:13:f0:f6:24:
         bb:71:d7:d5:65:c5:63:f0:94:e1:60:71:e5:95:7f:ed:bb:8a:
         01:70:a0:3d:4c:b1:bd:37:93:86:5c:73:54:98:77:e5:16:75:
         ff:e6:fb:f5:ef:fb:bd:75:a9:5e:f2:f3:09:f2:d4:66:6b:32:
         af:0a:f4:0f:20:31:e3:63:fa:87:9f:5e:c6:c3:e6:5e:97:86:
         22:2f:bd:1f:5a:ed:b9:7b:70:7f:62:a3:0b:42:d4:a2:cc:ac:
         8d:e6:f3:df:04:c1:49:58:c5:2f:f6:9a:6f:96:09:da:b9:7b:
         67:a1:4f:fe:d4:1b:9b:86:30:2a:ef:b2:30:1b:d4:82:04:97:
         18:9a:a5:d5:f3:16:34:04:30:9a:06:7b:3e:9f:a1:5b:4b:89:
         03:fc:45:7d:9e:73:8a:43:b1:c2:1f:96:a4:36:85:52:a9:fe:
         82:b2:ed:98:8f:96:6d:e3:e5:72:e5:5c:b4:40:a4:be:f2:9b:
         33:f5:38:55:13:da:31:da:c8:53:c6:1f:ee:6a:7e:95:6d:1f:
         4e:98:58:c0:5e:08:d4:e8:38:a8:eb:5a:e7:dc:75:44:63:24:
         06:09:ff:26:a1:5e:b2:4e:a3:b0:49:39:d1:a7:7e:48:11:cd:
         41:76:07:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijWMra2FfubGX0aIPCihcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwMTAxMTU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2VjYWJmZmYwZmMxZmIzMGZmNGY0OWMzY2ExMjI5NDVlZjcyY2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8AiDC95d5N+XJ/a9P6BtkMkL7WV
YDrSJ/Wg+dbARiPNSaLVlmqmlhSt1b6JhH7v/P/JmAxRa/S+/LRLSPFOX9T/J6/G
ANZjqGCZsxAi3t1IF7u+xiswD+5swBS0UQzCm1tin9zfYUP+dYA7S/N4I7aOkNoX
z3Tj2IGZqTHewigkfGh1x9x29HnpLBed+MFp5KSzmQNlc6rrDLsu3VovrL7MyWJO
QVhrlVXatNoJf9xAeeynvVGbZrav7Z8Vvu7R2bkYqECjEHlB3jSCdnU5StF1EOUw
lhEY3lGrVZfV8peM5g2J9bQ1DKX5W1Bb+4OTGDKYvQd05ZLO/2kTj3M75wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfsq//w/B+zD/T0nDyhIpRe9yztMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvUi15cl9fRDhIN01QOVBTY1BLRWlsRjczTE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJfwIMA0G
CSqGSIb3DQEBCwUAA4IBAQCyN6gaDOJaQu56yH00ehPw9iS7cdfVZcVj8JThYHHl
lX/tu4oBcKA9TLG9N5OGXHNUmHflFnX/5vv17/u9dale8vMJ8tRmazKvCvQPIDHj
Y/qHn17Gw+Zel4YiL70fWu25e3B/YqMLQtSizKyN5vPfBMFJWMUv9ppvlgnauXtn
oU/+1BubhjAq77IwG9SCBJcYmqXV8xY0BDCaBns+n6FbS4kD/EV9nnOKQ7HCH5ak
NoVSqf6Csu2Yj5Zt4+Vy5Vy0QKS+8psz9ThVE9ox2shTxh/uan6VbR9OmFjAXgjU
6Dio61rn3HVEYyQGCf8moV6yTqOwSTnRp35IEc1BdgdS
-----END CERTIFICATE-----