Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0IfY02AVn_EuempYma3WJvc3uZY.roa
File:                     0IfY02AVn_EuempYma3WJvc3uZY.roa (raw, json)
Hash identifier:          Hc5KV1bMf1MNLTaRKiCMJLvty2F8DBpOGva19UeyhHU=
Subject key identifier:   D0:87:D8:D3:60:15:9F:F1:2E:7A:6A:58:99:AD:D6:26:F7:37:B9:96
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01931EA3C7E047168AF17FA3A1C673DE98CC
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0IfY02AVn_EuempYma3WJvc3uZY.roa
Signing time:             Tue 12 Nov 2024 04:31:10 +0000
ROA not before:           Tue 12 Nov 2024 04:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     272605
IP address blocks:        37.202.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1e:a3:c7:e0:47:16:8a:f1:7f:a3:a1:c6:73:de:98:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Nov 12 04:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d087d8d360159ff12e7a6a5899add626f737b996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c1:eb:e6:00:64:27:b8:78:60:d8:36:3e:32:
                    d3:6d:46:29:4d:c0:69:bd:11:f9:e0:3b:1c:f1:91:
                    23:68:05:9c:20:74:f2:1a:05:6b:a7:91:dd:6a:62:
                    56:1d:32:bd:67:cf:b1:65:9f:4e:50:a8:32:0d:e6:
                    20:80:1a:84:7f:17:7c:98:cf:af:bd:ba:28:40:19:
                    60:63:b0:77:ba:45:c2:27:fa:f3:b3:01:d5:cc:43:
                    04:60:8b:53:fb:95:16:bf:49:d3:a9:64:72:d6:5b:
                    2f:be:67:ed:82:6f:94:10:99:e1:f8:ac:4a:f9:09:
                    42:71:7a:85:35:27:6e:fb:05:92:63:1c:b3:49:b0:
                    06:1d:c5:b1:92:db:ae:0b:6f:51:cb:9a:21:6a:0c:
                    f6:0b:97:45:d9:1f:01:45:42:62:c6:2a:29:42:aa:
                    be:f3:c3:d6:bb:98:58:f3:5a:d7:36:b6:f1:93:11:
                    61:ee:dd:3d:7e:94:f8:a2:7e:b3:39:2c:98:fb:87:
                    71:4a:3c:f8:93:d5:57:e5:90:d1:ef:68:4e:87:d8:
                    a1:55:fb:9e:c4:12:87:d6:3f:b4:42:ce:22:ba:f8:
                    dc:71:bc:da:6f:d3:a7:34:a8:44:11:aa:07:e7:a6:
                    2e:96:35:55:74:9d:ca:a1:85:6f:b7:87:31:f8:be:
                    31:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:87:D8:D3:60:15:9F:F1:2E:7A:6A:58:99:AD:D6:26:F7:37:B9:96
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/0IfY02AVn_EuempYma3WJvc3uZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:c8:10:01:b4:a4:4c:cc:be:f5:6b:da:a0:1b:6a:a6:c6:2d:
         fe:5d:3f:22:de:74:dc:62:26:bd:99:40:c3:6a:28:c0:85:ab:
         a9:0a:8f:1a:2d:40:ed:ec:dd:f6:fa:85:7c:38:72:17:28:07:
         04:35:1b:f2:28:e4:1c:39:7b:d4:69:3a:94:8e:02:3b:fa:1a:
         72:87:ff:d2:be:b6:c0:9b:84:12:4c:43:ed:6f:27:cb:97:71:
         44:fe:ea:fd:46:42:ad:01:0b:27:93:02:5c:2c:c0:05:36:bf:
         71:c3:33:82:2d:7f:5f:8f:a8:d8:a1:18:ad:0d:18:ea:c3:80:
         db:16:b3:d2:24:e9:36:9e:74:0c:5c:fd:04:07:67:0b:f2:f7:
         cf:9c:98:1a:3e:57:b9:ea:22:f4:84:78:f5:46:5c:1e:b3:d7:
         52:a8:15:5d:f4:44:a5:25:db:50:c1:1f:8e:1f:42:88:88:dc:
         ac:11:70:5b:5f:72:52:03:78:f5:f8:4e:6f:3d:72:ce:df:81:
         78:a9:6f:8d:61:5a:51:ad:0b:33:5f:92:99:e1:0c:80:ef:80:
         b9:4b:e9:24:7f:9a:db:19:85:81:c5:37:d4:54:98:6f:9d:68:
         64:5d:30:b8:92:05:63:06:5c:8c:90:f6:a8:71:00:4e:14:f2:
         8b:b9:76:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMeo8fgRxaK8X+jocZz3pjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjQxMTEyMDQzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDg3ZDhkMzYwMTU5ZmYxMmU3YTZhNTg5OWFkZDYyNmY3MzdiOTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMHr5gBkJ7h4YNg2PjLTbUYpTcBp
vRH54Dsc8ZEjaAWcIHTyGgVrp5HdamJWHTK9Z8+xZZ9OUKgyDeYggBqEfxd8mM+v
vbooQBlgY7B3ukXCJ/rzswHVzEMEYItT+5UWv0nTqWRy1lsvvmftgm+UEJnh+KxK
+QlCcXqFNSdu+wWSYxyzSbAGHcWxktuuC29Ry5ohagz2C5dF2R8BRUJixiopQqq+
88PWu5hY81rXNrbxkxFh7t09fpT4on6zOSyY+4dxSjz4k9VX5ZDR72hOh9ihVfue
xBKH1j+0Qs4iuvjccbzab9OnNKhEEaoH56YuljVVdJ3KoYVvt4cx+L4x/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNCH2NNgFZ/xLnpqWJmt1ib3N7mWMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvMElmWTAyQVZuX0V1ZW1wWW1hM1dKdmMzdVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrQMA0G
CSqGSIb3DQEBCwUAA4IBAQB0yBABtKRMzL71a9qgG2qmxi3+XT8i3nTcYia9mUDD
aijAhaupCo8aLUDt7N32+oV8OHIXKAcENRvyKOQcOXvUaTqUjgI7+hpyh//SvrbA
m4QSTEPtbyfLl3FE/ur9RkKtAQsnkwJcLMAFNr9xwzOCLX9fj6jYoRitDRjqw4Db
FrPSJOk2nnQMXP0EB2cL8vfPnJgaPle56iL0hHj1Rlwes9dSqBVd9ESlJdtQwR+O
H0KIiNysEXBbX3JSA3j1+E5vPXLO34F4qW+NYVpRrQszX5KZ4QyA74C5S+kkf5rb
GYWBxTfUVJhvnWhkXTC4kgVjBlyMkPaocQBOFPKLuXam
-----END CERTIFICATE-----