Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/da7oAMhGukjewt4Zpz2rkFxbMGo.roa
File:                     da7oAMhGukjewt4Zpz2rkFxbMGo.roa (raw, json)
Hash identifier:          EK6QZlU01aXxJRgJXPqgLpHX3bYC3P/oE0oBEPkTMHY=
Subject key identifier:   75:AE:E8:00:C8:46:BA:48:DE:C2:DE:19:A7:3D:AB:90:5C:5B:30:6A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019342CD96A5544D182BD6101DDD1C1B6209
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/da7oAMhGukjewt4Zpz2rkFxbMGo.roa
Signing time:             Tue 19 Nov 2024 05:03:09 +0000
ROA not before:           Tue 19 Nov 2024 05:03:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9232
IP address blocks:        37.202.205.0/24 maxlen: 24
                          37.202.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:42:cd:96:a5:54:4d:18:2b:d6:10:1d:dd:1c:1b:62:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Nov 19 05:03:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75aee800c846ba48dec2de19a73dab905c5b306a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:86:c6:56:c7:6f:fe:27:8e:4d:58:1b:60:3e:
                    e1:c8:1d:e1:70:2a:da:56:c2:e1:5b:1d:5a:39:1e:
                    86:02:51:91:0f:d2:28:0b:eb:ff:e2:27:84:46:d2:
                    06:41:ee:9c:48:72:a2:1d:26:d9:79:0a:34:de:f8:
                    e6:ca:1b:05:bb:f9:78:71:87:be:ca:19:9a:46:57:
                    8d:7b:30:6f:31:fd:b2:8c:17:20:56:bf:e3:7a:5d:
                    fc:a3:8f:85:1b:f3:8e:b1:bb:24:cf:21:47:6a:d6:
                    c3:a9:41:68:9d:2e:73:00:4c:12:c8:47:05:da:7d:
                    b7:dc:fe:77:71:e9:f1:74:c7:09:c9:2c:74:2b:1f:
                    10:e4:f2:2f:34:35:77:ee:84:bf:05:8f:4f:ba:6e:
                    da:27:f5:cd:00:1d:2d:95:50:d1:a6:c0:7e:2d:27:
                    c3:fa:08:29:4d:10:6e:30:03:df:1f:95:e6:77:21:
                    f1:9e:6e:45:5c:11:e9:de:39:a7:67:9c:6c:88:e1:
                    fc:e0:db:eb:8e:68:6b:7a:91:56:c5:5f:4e:a9:ac:
                    71:b1:f1:5b:13:fd:2c:11:0b:7a:c0:87:2a:1f:80:
                    e0:eb:c8:f4:1b:91:2d:6c:98:49:c0:b6:53:14:3d:
                    0e:79:79:53:9d:a4:ae:0b:e7:82:ab:e2:cb:c3:5b:
                    23:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:AE:E8:00:C8:46:BA:48:DE:C2:DE:19:A7:3D:AB:90:5C:5B:30:6A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/da7oAMhGukjewt4Zpz2rkFxbMGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.205.0/24
                  37.202.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d0:dc:72:8c:4d:f0:f2:07:1c:3c:d9:5d:bd:28:9f:59:eb:
         08:77:3e:82:c4:37:5c:5e:e8:c1:71:1b:8b:d9:1e:1e:c9:70:
         c2:d8:73:8e:b7:cc:55:26:4f:2d:64:56:0a:b6:59:7e:99:3f:
         1e:9d:ce:2c:61:64:07:bd:2e:0a:a5:16:36:69:d6:6f:4b:d8:
         9b:0c:8c:2e:02:ea:13:a8:18:84:60:a2:a6:43:38:8a:f5:d9:
         37:81:dc:81:5e:33:33:a0:76:8a:4b:37:b6:64:06:a1:5b:ad:
         45:5c:4d:92:26:3c:43:a1:f0:e6:97:fa:02:49:bd:5d:0d:55:
         db:4e:8e:d7:04:ff:74:b5:26:f3:24:18:a8:62:32:6e:fb:81:
         d2:e5:2c:23:1b:c4:87:57:86:32:d3:11:d7:4c:ac:4b:de:7b:
         2b:16:ef:ab:4a:33:e2:f2:f4:87:c9:29:b5:95:71:e0:1b:39:
         39:aa:18:7c:27:fc:75:1c:2d:92:d2:76:67:ab:ce:d4:c4:f8:
         7c:f0:14:e8:7b:e8:83:a8:33:6d:72:0c:79:53:e8:f2:6a:d4:
         88:b1:ea:83:ac:35:31:3f:79:fa:86:45:de:67:76:55:60:63:
         aa:9a:8b:e6:dd:39:9d:7a:eb:d4:fb:d2:fc:de:fb:6a:02:b9:
         7b:dd:07:32
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNCzZalVE0YK9YQHd0cG2IJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjQxMTE5MDUwMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWFlZTgwMGM4NDZiYTQ4ZGVjMmRlMTlhNzNkYWI5MDVjNWIzMDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9IbGVsdv/ieOTVgbYD7hyB3hcCra
VsLhWx1aOR6GAlGRD9IoC+v/4ieERtIGQe6cSHKiHSbZeQo03vjmyhsFu/l4cYe+
yhmaRleNezBvMf2yjBcgVr/jel38o4+FG/OOsbskzyFHatbDqUFonS5zAEwSyEcF
2n233P53cenxdMcJySx0Kx8Q5PIvNDV37oS/BY9Pum7aJ/XNAB0tlVDRpsB+LSfD
+ggpTRBuMAPfH5XmdyHxnm5FXBHp3jmnZ5xsiOH84NvrjmhrepFWxV9OqaxxsfFb
E/0sEQt6wIcqH4Dg68j0G5EtbJhJwLZTFD0OeXlTnaSuC+eCq+LLw1sjkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHWu6ADIRrpI3sLeGac9q5BcWzBqMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvZGE3b0FNaEd1a2pld3Q0WnB6MnJrRnhiTUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJcrNAwQA
JcrVMA0GCSqGSIb3DQEBCwUAA4IBAQCZ0NxyjE3w8gccPNldvSifWesIdz6CxDdc
XujBcRuL2R4eyXDC2HOOt8xVJk8tZFYKtll+mT8enc4sYWQHvS4KpRY2adZvS9ib
DIwuAuoTqBiEYKKmQziK9dk3gdyBXjMzoHaKSze2ZAahW61FXE2SJjxDofDml/oC
Sb1dDVXbTo7XBP90tSbzJBioYjJu+4HS5SwjG8SHV4Yy0xHXTKxL3nsrFu+rSjPi
8vSHySm1lXHgGzk5qhh8J/x1HC2S0nZnq87UxPh88BToe+iDqDNtcgx5U+jyatSI
seqDrDUxP3n6hkXeZ3ZVYGOqmovm3TmdeuvU+9L83vtqArl73Qcy
-----END CERTIFICATE-----