Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pOr7fgwELpz05qM8mzaZ1FzpdRo.roa
File:                     pOr7fgwELpz05qM8mzaZ1FzpdRo.roa (raw, json)
Hash identifier:          cHr5tLO31T3cZZvjwODQzyuLlSoqw5gZZt54am7igMg=
Subject key identifier:   A4:EA:FB:7E:0C:04:2E:9C:F4:E6:A3:3C:9B:36:99:D4:5C:E9:75:1A
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       01931FBDC2048ECF35B7A55D42E1184F8973
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pOr7fgwELpz05qM8mzaZ1FzpdRo.roa
Signing time:             Tue 12 Nov 2024 09:39:09 +0000
ROA not before:           Tue 12 Nov 2024 09:39:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        37.202.206.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1f:bd:c2:04:8e:cf:35:b7:a5:5d:42:e1:18:4f:89:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Nov 12 09:39:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4eafb7e0c042e9cf4e6a33c9b3699d45ce9751a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:19:42:2f:af:30:fb:19:bc:f7:bc:2d:2a:3f:
                    a2:01:80:ba:a4:7f:67:80:34:53:20:9d:3e:92:ee:
                    2a:e2:1f:cb:78:fb:58:40:c4:95:56:31:79:9b:b1:
                    de:2b:06:cf:00:d9:07:63:23:3e:f8:31:16:0e:86:
                    7e:b1:16:59:db:5a:4f:ff:42:64:09:5e:93:ae:83:
                    62:1d:e1:e4:ef:de:53:53:73:17:f5:71:d4:51:89:
                    67:d9:04:ef:8e:6b:65:62:48:83:80:d9:13:09:04:
                    ab:3d:fe:d1:17:b0:ee:b1:21:77:42:1a:3d:c9:e5:
                    70:c2:ab:7b:d0:41:47:dc:7c:3c:f9:64:4f:90:2a:
                    8e:c9:93:0d:f2:1f:d7:0d:7a:86:f7:04:70:a2:70:
                    a0:7a:58:ec:6a:97:8d:8d:12:57:08:be:82:1f:45:
                    31:e7:53:62:06:15:a9:db:bc:9a:5d:97:67:b6:39:
                    0b:73:20:eb:27:32:05:ab:b0:da:e3:7f:73:37:48:
                    c0:f0:d9:e7:74:2f:9b:7f:70:c9:03:d7:7e:34:2e:
                    ab:77:91:6d:6d:17:87:fa:f4:44:9b:ac:2e:47:32:
                    b6:ac:69:e7:8e:9f:f7:4d:3c:1a:76:ea:2d:da:79:
                    e5:23:62:49:e2:67:c1:49:6d:d7:61:80:ba:52:45:
                    04:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:EA:FB:7E:0C:04:2E:9C:F4:E6:A3:3C:9B:36:99:D4:5C:E9:75:1A
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/pOr7fgwELpz05qM8mzaZ1FzpdRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:6f:ab:24:4b:a4:5a:e5:4f:df:87:af:90:7c:fb:69:14:a9:
         0e:25:33:4d:92:e9:11:83:29:09:2d:30:97:e3:aa:f3:c9:cc:
         6c:cb:39:2a:6d:7e:c6:56:0e:e1:71:82:42:1e:65:76:7e:f4:
         08:fd:ad:a9:03:07:c6:e6:9e:1e:5d:52:c0:2c:d5:bc:cd:4e:
         d2:2d:ad:f1:0e:59:3c:8e:07:f1:e5:52:7b:07:83:af:71:ff:
         bb:bd:2d:03:a7:83:c7:46:85:99:e1:51:dd:e9:a9:6a:9b:e1:
         73:c4:d2:fc:6c:5e:c1:ea:30:80:5b:69:c6:08:ad:d7:25:44:
         3b:9d:e5:a0:9e:0c:ea:cf:85:4b:ab:10:07:0f:82:8e:f3:c4:
         97:2b:8d:c5:e1:7b:28:25:05:5e:c0:3b:0d:fb:a2:94:ba:98:
         a8:39:b1:de:8b:dc:f2:60:b2:85:77:85:cf:c2:92:3c:a3:ed:
         2e:4b:0d:1a:f1:b0:d6:dc:bf:7c:c4:6b:7b:14:22:ed:b8:4e:
         f0:aa:f5:cd:b7:40:72:59:56:d0:56:1d:7f:07:73:e6:fc:a0:
         c1:71:5b:78:1e:e9:ec:11:69:7d:22:ed:7e:0e:a8:4d:81:b8:
         f9:d9:5b:4e:1f:bd:ec:57:8d:5e:25:ac:13:e3:85:62:9b:8e:
         06:1a:47:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMfvcIEjs81t6VdQuEYT4lzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjQxMTEyMDkzOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGVhZmI3ZTBjMDQyZTljZjRlNmEzM2M5YjM2OTlkNDVjZTk3NTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRlCL68w+xm897wtKj+iAYC6pH9n
gDRTIJ0+ku4q4h/LePtYQMSVVjF5m7HeKwbPANkHYyM++DEWDoZ+sRZZ21pP/0Jk
CV6TroNiHeHk795TU3MX9XHUUYln2QTvjmtlYkiDgNkTCQSrPf7RF7DusSF3Qho9
yeVwwqt70EFH3Hw8+WRPkCqOyZMN8h/XDXqG9wRwonCgeljsapeNjRJXCL6CH0Ux
51NiBhWp27yaXZdntjkLcyDrJzIFq7Da439zN0jA8NnndC+bf3DJA9d+NC6rd5Ft
bReH+vREm6wuRzK2rGnnjp/3TTwaduot2nnlI2JJ4mfBSW3XYYC6UkUEcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTq+34MBC6c9OajPJs2mdRc6XUaMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvcE9yN2Znd0VMcHowNXFNOG16YVoxRnpwZFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrOMA0G
CSqGSIb3DQEBCwUAA4IBAQCSb6skS6Ra5U/fh6+QfPtpFKkOJTNNkukRgykJLTCX
46rzycxsyzkqbX7GVg7hcYJCHmV2fvQI/a2pAwfG5p4eXVLALNW8zU7SLa3xDlk8
jgfx5VJ7B4Ovcf+7vS0Dp4PHRoWZ4VHd6alqm+FzxNL8bF7B6jCAW2nGCK3XJUQ7
neWgngzqz4VLqxAHD4KO88SXK43F4XsoJQVewDsN+6KUupioObHei9zyYLKFd4XP
wpI8o+0uSw0a8bDW3L98xGt7FCLtuE7wqvXNt0ByWVbQVh1/B3Pm/KDBcVt4Huns
EWl9Iu1+DqhNgbj52VtOH73sV41eJawT44Vim44GGkdW
-----END CERTIFICATE-----