Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/Yz2WA4YrokT5MNylkkePaMrbf2o.roa
File:                     Yz2WA4YrokT5MNylkkePaMrbf2o.roa (raw, json)
Hash identifier:          ziXl9mNJzbObSVi2cK+BC9zmxuWzXdJmKO6shLQNMdA=
Subject key identifier:   63:3D:96:03:86:2B:A2:44:F9:30:DC:A5:92:47:8F:68:CA:DB:7F:6A
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0194228D62742B2B7CCDC013A29EFF875F6C
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/Yz2WA4YrokT5MNylkkePaMrbf2o.roa
Signing time:             Wed 01 Jan 2025 15:47:58 +0000
ROA not before:           Wed 01 Jan 2025 15:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34702
IP address blocks:        37.252.4.0/23 maxlen: 23
                          176.97.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:62:74:2b:2b:7c:cd:c0:13:a2:9e:ff:87:5f:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 15:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=633d9603862ba244f930dca592478f68cadb7f6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3a:3a:84:c0:12:a2:e5:2a:42:bd:b1:b7:87:
                    16:dc:26:87:0f:70:bd:5d:73:ed:51:07:3c:20:04:
                    0b:d9:a0:16:f7:0b:75:7b:0f:77:94:ea:31:b3:a2:
                    0d:31:f5:69:d6:32:37:f0:3f:a0:ca:0a:3d:15:27:
                    99:c3:9d:2e:c6:0b:54:e6:a0:5e:08:b4:6a:e1:68:
                    7c:68:13:60:09:ec:e2:b3:03:48:74:86:93:f6:95:
                    af:7c:4c:c6:21:b9:67:47:65:6a:0e:50:28:a3:d6:
                    d7:4a:39:ec:5e:a7:46:22:c5:fd:82:f3:b7:93:1d:
                    b0:3a:a1:b7:65:02:3c:04:22:95:1a:a5:37:8a:f4:
                    26:e1:f2:37:8c:5c:d7:fd:c1:13:48:27:a8:5a:7e:
                    01:7f:cc:14:31:98:9a:d9:49:20:f8:a5:ac:a7:b7:
                    dd:8e:47:1e:25:6d:90:21:a7:2a:69:01:56:8e:cb:
                    19:2a:2a:ae:55:ed:2e:2a:75:ee:df:d2:b6:43:4f:
                    5d:77:51:99:2e:89:1e:fe:f4:9a:c6:e5:3e:b0:ad:
                    80:42:43:db:9a:58:2d:36:dd:e7:57:05:8d:9c:65:
                    d9:76:2b:04:80:a4:0a:f0:0e:f6:20:d8:d8:5a:c7:
                    d5:e6:90:ac:fa:bc:10:90:2f:f4:44:ba:0e:da:41:
                    ab:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:3D:96:03:86:2B:A2:44:F9:30:DC:A5:92:47:8F:68:CA:DB:7F:6A
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/Yz2WA4YrokT5MNylkkePaMrbf2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.4.0/23
                  176.97.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:09:3b:4d:09:cc:1f:48:c5:c5:ef:7a:69:19:86:be:88:83:
         47:9a:fd:06:4b:0a:a4:00:2a:d0:78:63:37:46:7a:11:89:5f:
         f5:03:40:0c:2a:69:cb:9e:6d:25:69:6a:c1:b3:7a:82:ab:60:
         0f:c2:d0:ed:df:ce:e5:f9:26:68:b6:ad:87:a1:4b:1a:b3:c9:
         b3:f1:ed:f4:c7:27:f7:0a:53:70:8f:bd:00:e4:f5:b6:21:28:
         0e:3a:22:a8:09:73:bc:77:9d:99:c9:6d:52:61:71:94:31:e2:
         d5:81:b9:00:b8:ba:b5:81:06:82:a8:fe:5e:36:67:a3:89:7f:
         72:82:a4:bd:3c:48:dc:b1:f6:62:1c:8b:88:0e:aa:21:0b:4e:
         bb:bd:01:09:63:03:d1:c3:29:4c:a3:a4:c0:75:e0:56:b8:99:
         ab:84:97:4f:f2:84:46:c3:9f:93:15:8b:24:69:f6:e2:84:52:
         15:50:59:09:48:01:24:a4:10:7a:6b:6e:7e:6f:75:03:22:b8:
         f8:1c:5a:0d:62:d2:d5:7a:d2:65:d2:75:9c:b6:f0:9d:99:1a:
         6a:6c:37:74:47:6e:af:7e:0c:6d:4f:0f:ff:5b:d7:ae:a6:5f:
         b5:7e:18:0c:b7:af:fe:96:ba:89:13:a9:bb:75:21:fe:67:d9:
         c8:db:dc:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijWJ0Kyt8zcATop7/h19sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwMTAxMTU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzNkOTYwMzg2MmJhMjQ0ZjkzMGRjYTU5MjQ3OGY2OGNhZGI3ZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDo6hMASouUqQr2xt4cW3CaHD3C9
XXPtUQc8IAQL2aAW9wt1ew93lOoxs6INMfVp1jI38D+gygo9FSeZw50uxgtU5qBe
CLRq4Wh8aBNgCeziswNIdIaT9pWvfEzGIblnR2VqDlAoo9bXSjnsXqdGIsX9gvO3
kx2wOqG3ZQI8BCKVGqU3ivQm4fI3jFzX/cETSCeoWn4Bf8wUMZia2Ukg+KWsp7fd
jkceJW2QIacqaQFWjssZKiquVe0uKnXu39K2Q09dd1GZLoke/vSaxuU+sK2AQkPb
mlgtNt3nVwWNnGXZdisEgKQK8A72INjYWsfV5pCs+rwQkC/0RLoO2kGrgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGM9lgOGK6JE+TDcpZJHj2jK239qMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvWXoyV0E0WXJva1Q1TU55bGtrZVBhTXJiZjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBJfwEAwQA
sGFKMA0GCSqGSIb3DQEBCwUAA4IBAQCuCTtNCcwfSMXF73ppGYa+iINHmv0GSwqk
ACrQeGM3RnoRiV/1A0AMKmnLnm0laWrBs3qCq2APwtDt387l+SZotq2HoUsas8mz
8e30xyf3ClNwj70A5PW2ISgOOiKoCXO8d52ZyW1SYXGUMeLVgbkAuLq1gQaCqP5e
NmejiX9ygqS9PEjcsfZiHIuIDqohC067vQEJYwPRwylMo6TAdeBWuJmrhJdP8oRG
w5+TFYskafbihFIVUFkJSAEkpBB6a25+b3UDIrj4HFoNYtLVetJl0nWctvCdmRpq
bDd0R26vfgxtTw//W9eupl+1fhgMt6/+lrqJE6m7dSH+Z9nI29yk
-----END CERTIFICATE-----