Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/cf2ebf-2a09-43d2-a225-a165359a6211/1/XygDUmy8rQTt6PDE_f8yU7n7AKo.roa
File:                     XygDUmy8rQTt6PDE_f8yU7n7AKo.roa (raw, json)
Hash identifier:          NFR2aGXboswQtjTkIS2ZVeQ/q48n/0ydauLvaIig5vU=
Subject key identifier:   5F:28:03:52:6C:BC:AD:04:ED:E8:F0:C4:FD:FF:32:53:B9:FB:00:AA
Certificate issuer:       /CN=4ee4057f9ea0140cef7ce4789369c5cf01f7c68e
Certificate serial:       018CC5DC278CFD0167AA7CF00EC747A9CC1F
Authority key identifier: 4E:E4:05:7F:9E:A0:14:0C:EF:7C:E4:78:93:69:C5:CF:01:F7:C6:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TuQFf56gFAzvfOR4k2nFzwH3xo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/cf2ebf-2a09-43d2-a225-a165359a6211/1/XygDUmy8rQTt6PDE_f8yU7n7AKo.roa
Signing time:             Mon 01 Jan 2024 16:29:48 +0000
ROA not before:           Mon 01 Jan 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202757
IP address blocks:        37.221.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/cf2ebf-2a09-43d2-a225-a165359a6211/1/TuQFf56gFAzvfOR4k2nFzwH3xo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/cf2ebf-2a09-43d2-a225-a165359a6211/1/TuQFf56gFAzvfOR4k2nFzwH3xo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TuQFf56gFAzvfOR4k2nFzwH3xo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:27:8c:fd:01:67:aa:7c:f0:0e:c7:47:a9:cc:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ee4057f9ea0140cef7ce4789369c5cf01f7c68e
        Validity
            Not Before: Jan  1 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f2803526cbcad04ede8f0c4fdff3253b9fb00aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0d:d6:bf:2c:39:f1:5f:ea:13:9f:8b:c1:83:
                    66:ba:0e:04:80:a4:35:2d:a3:f2:22:67:4c:44:d5:
                    bb:a1:77:fa:c4:c8:20:36:af:f9:94:36:d8:47:89:
                    56:50:fc:b8:ca:f7:0d:70:7b:e7:6a:6b:59:65:0c:
                    c8:f3:51:d3:88:17:2b:30:8d:34:3c:67:63:06:e0:
                    8e:1b:58:99:be:d6:50:d1:6b:8a:5e:3d:39:99:57:
                    91:52:97:ed:85:fb:29:6e:8b:3d:3f:1c:89:54:ef:
                    2a:e0:5e:b5:5a:66:a9:c5:20:88:21:f1:7e:46:7e:
                    e7:73:a1:7b:3b:b0:d1:64:ae:d2:e1:13:3e:25:c5:
                    83:e3:b5:0d:d3:13:30:80:f6:70:7d:5e:63:63:46:
                    f0:0f:2a:1b:8d:b6:eb:99:a2:56:c9:db:75:07:7b:
                    b8:96:44:65:4e:d3:24:45:1e:e6:60:c5:df:85:79:
                    f5:59:7d:f2:93:63:d8:ea:b2:b3:48:16:2f:45:43:
                    9c:ff:30:bf:06:b5:61:86:1b:27:31:39:0b:23:b8:
                    4c:49:e6:f0:17:a3:27:f1:cd:35:1a:9f:30:a5:d4:
                    8e:fc:86:3e:69:fb:52:ea:6a:c9:60:87:3f:97:59:
                    6c:60:e1:8c:e8:7c:61:b2:57:26:60:ad:d8:84:ae:
                    1b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:28:03:52:6C:BC:AD:04:ED:E8:F0:C4:FD:FF:32:53:B9:FB:00:AA
            X509v3 Authority Key Identifier:
                keyid:4E:E4:05:7F:9E:A0:14:0C:EF:7C:E4:78:93:69:C5:CF:01:F7:C6:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TuQFf56gFAzvfOR4k2nFzwH3xo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/cf2ebf-2a09-43d2-a225-a165359a6211/1/XygDUmy8rQTt6PDE_f8yU7n7AKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/cf2ebf-2a09-43d2-a225-a165359a6211/1/TuQFf56gFAzvfOR4k2nFzwH3xo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:1a:5b:cd:5b:db:1e:b2:6c:41:41:c3:71:c5:79:77:81:a5:
         9f:54:6b:89:55:a4:86:2c:19:38:eb:73:21:53:a7:d7:78:27:
         a1:8b:25:e7:44:c6:1e:7b:e0:c2:ba:03:15:5d:b7:55:4d:e4:
         32:0a:de:e2:5f:e6:4a:f8:dc:a3:dd:b7:56:83:06:08:f7:95:
         6f:c8:cb:23:c8:a4:a1:46:63:54:41:00:b9:da:6c:04:3f:88:
         62:cd:27:6a:7c:94:96:36:52:4a:2e:3e:ec:0c:19:5f:a4:09:
         f2:ce:49:6a:17:68:c9:d0:e8:07:cc:a8:21:b5:16:dc:d8:af:
         45:49:d9:0d:df:c8:07:44:6f:80:42:e6:72:ae:4f:4a:a0:f9:
         5b:d5:e4:d0:ab:31:80:8a:f4:1a:c5:2d:e1:9e:cd:cf:49:e5:
         ca:b1:05:71:c4:33:d9:6f:09:fc:9c:45:c5:d2:c8:1a:4c:5f:
         8b:80:d2:d8:67:fe:be:9c:86:c9:94:c8:f5:d0:7a:86:ce:a9:
         76:2a:bc:06:51:92:72:68:62:63:4a:33:dd:36:e7:2c:a5:66:
         5d:d7:ff:c3:5c:98:c1:59:e0:af:ce:93:85:c8:4d:4f:92:ff:
         94:7c:2f:69:dd:fa:e6:4e:8d:48:68:4b:f0:ac:1f:dc:b0:19:
         f0:ca:6d:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CeM/QFnqnzwDsdHqcwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZTQwNTdmOWVhMDE0MGNlZjdjZTQ3ODkzNjljNWNmMDFm
N2M2OGUwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjI4MDM1MjZjYmNhZDA0ZWRlOGYwYzRmZGZmMzI1M2I5ZmIwMGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlA3Wvyw58V/qE5+LwYNmug4EgKQ1
LaPyImdMRNW7oXf6xMggNq/5lDbYR4lWUPy4yvcNcHvnamtZZQzI81HTiBcrMI00
PGdjBuCOG1iZvtZQ0WuKXj05mVeRUpfthfspbos9PxyJVO8q4F61WmapxSCIIfF+
Rn7nc6F7O7DRZK7S4RM+JcWD47UN0xMwgPZwfV5jY0bwDyobjbbrmaJWydt1B3u4
lkRlTtMkRR7mYMXfhXn1WX3yk2PY6rKzSBYvRUOc/zC/BrVhhhsnMTkLI7hMSebw
F6Mn8c01Gp8wpdSO/IY+aftS6mrJYIc/l1lsYOGM6HxhslcmYK3YhK4bmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8oA1JsvK0E7ejwxP3/MlO5+wCqMB8GA1UdIwQY
MBaAFE7kBX+eoBQM73zkeJNpxc8B98aOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHVRRmY1NmdGQXp2Zk9SNGsybkZ6d0gzeG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi9jZjJlYmYtMmEwOS00M2QyLWEyMjUt
YTE2NTM1OWE2MjExLzEvWHlnRFVteThyUVR0NlBERV9mOHlVN243QUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi9jZjJlYmYtMmEwOS00M2QyLWEyMjUtYTE2NTM1OWE2MjEx
LzEvVHVRRmY1NmdGQXp2Zk9SNGsybkZ6d0gzeG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd1XMA0G
CSqGSIb3DQEBCwUAA4IBAQA4GlvNW9sesmxBQcNxxXl3gaWfVGuJVaSGLBk463Mh
U6fXeCehiyXnRMYee+DCugMVXbdVTeQyCt7iX+ZK+Nyj3bdWgwYI95VvyMsjyKSh
RmNUQQC52mwEP4hizSdqfJSWNlJKLj7sDBlfpAnyzklqF2jJ0OgHzKghtRbc2K9F
SdkN38gHRG+AQuZyrk9KoPlb1eTQqzGAivQaxS3hns3PSeXKsQVxxDPZbwn8nEXF
0sgaTF+LgNLYZ/6+nIbJlMj10HqGzql2KrwGUZJyaGJjSjPdNucspWZd1//DXJjB
WeCvzpOFyE1Pkv+UfC9p3frmTo1IaEvwrB/csBnwym1n
-----END CERTIFICATE-----