Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/wsI3xhQeYAq9xttTrrVPJvHR5uk.roa
File:                     wsI3xhQeYAq9xttTrrVPJvHR5uk.roa (raw, json)
Hash identifier:          vNyoBLaC8atmoI9XxAZeWo8JumNZ22NZpT9pohh8PQg=
Subject key identifier:   C2:C2:37:C6:14:1E:60:0A:BD:C6:DB:53:AE:B5:4F:26:F1:D1:E6:E9
Certificate issuer:       /CN=2182cd3ac5c4db67ea731a6b7198b7d6e4ff115c
Certificate serial:       018CC3496268702419FE3F84EA4A750DC533
Authority key identifier: 21:82:CD:3A:C5:C4:DB:67:EA:73:1A:6B:71:98:B7:D6:E4:FF:11:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYLNOsXE22fqcxprcZi31uT_EVw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/wsI3xhQeYAq9xttTrrVPJvHR5uk.roa
Signing time:             Mon 01 Jan 2024 04:30:15 +0000
ROA not before:           Mon 01 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211262
IP address blocks:        37.252.220.0/24 maxlen: 24
                          2a05:5180::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/IYLNOsXE22fqcxprcZi31uT_EVw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/IYLNOsXE22fqcxprcZi31uT_EVw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYLNOsXE22fqcxprcZi31uT_EVw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 01:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:62:68:70:24:19:fe:3f:84:ea:4a:75:0d:c5:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2182cd3ac5c4db67ea731a6b7198b7d6e4ff115c
        Validity
            Not Before: Jan  1 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2c237c6141e600abdc6db53aeb54f26f1d1e6e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:50:7d:b8:6e:98:5c:6d:73:9a:43:cb:fd:d6:
                    e4:cc:83:77:fd:cd:81:d5:c8:6b:4a:b5:bd:4e:44:
                    90:0f:3a:86:66:95:1c:dd:d5:19:e4:e8:a2:31:eb:
                    8c:7d:0b:a5:cd:37:09:e8:cf:7e:1a:5f:35:03:f7:
                    18:44:c6:7f:91:be:fe:62:51:5a:2a:05:0f:c2:5f:
                    5b:38:32:d8:60:a2:95:90:e4:c7:48:81:21:ca:02:
                    41:c8:45:97:a8:ae:f4:a9:ad:8d:9e:80:47:e6:2c:
                    8b:d0:1b:50:7e:23:1a:6f:8f:4c:9f:d6:9b:23:ce:
                    78:a9:19:f5:9a:a0:cf:47:ec:ba:ce:26:12:d5:75:
                    49:3b:a7:de:b2:ed:4c:20:1b:5f:a1:42:56:57:27:
                    70:12:d0:d2:74:21:6f:7c:ac:5c:84:29:f4:57:71:
                    ac:46:d7:6a:f8:5e:d0:9e:fb:74:1b:be:74:83:8e:
                    4e:78:7e:2d:b7:58:de:18:08:6d:7c:7c:95:a7:65:
                    cb:83:2f:fc:9d:26:12:1c:18:e9:34:99:e8:94:2d:
                    3d:8b:f4:41:22:34:5b:a2:e6:a0:0c:6f:23:4b:53:
                    4a:59:26:79:bc:5d:e0:2e:83:60:7a:08:92:74:58:
                    78:46:27:c1:2a:de:fd:ea:f1:fe:b1:70:bf:3c:8f:
                    28:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:C2:37:C6:14:1E:60:0A:BD:C6:DB:53:AE:B5:4F:26:F1:D1:E6:E9
            X509v3 Authority Key Identifier:
                keyid:21:82:CD:3A:C5:C4:DB:67:EA:73:1A:6B:71:98:B7:D6:E4:FF:11:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYLNOsXE22fqcxprcZi31uT_EVw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/wsI3xhQeYAq9xttTrrVPJvHR5uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/2faeb5-6a1d-4a13-ba1f-4663bc9da964/1/IYLNOsXE22fqcxprcZi31uT_EVw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.220.0/24
                IPv6:
                  2a05:5180::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:e4:c7:bb:d6:73:2f:31:bb:07:af:cd:c6:bb:9f:8b:4e:8e:
         ad:0b:2c:05:2a:2e:08:d2:ec:7a:ab:0c:e5:b8:16:32:eb:c1:
         52:22:0e:02:e0:5d:b1:bf:3b:dd:13:0e:3a:1e:00:10:e6:6b:
         a4:17:d4:3b:bc:37:67:83:06:51:15:04:7d:3e:08:46:fb:f1:
         22:6e:19:f1:08:1b:39:e1:3e:54:5e:ad:a1:af:48:41:91:a7:
         dd:59:41:4f:f1:61:18:f0:d3:f4:7f:d2:8f:89:f3:aa:8b:87:
         8c:25:d9:e6:4d:22:27:b6:57:74:2a:06:ae:18:f3:0b:05:a5:
         6c:77:fa:90:f9:fe:43:a5:60:71:69:23:36:a1:7d:b4:3c:04:
         8a:39:31:4a:33:c6:68:8e:fd:f7:ee:ca:e6:f9:f0:9b:a5:7c:
         57:e4:41:40:cc:e0:8b:fb:6b:59:00:c4:78:be:74:03:4d:2a:
         9a:40:96:51:0a:a7:6f:74:76:7c:a2:1a:f7:2a:c3:c2:f3:26:
         7f:fd:19:81:79:e8:4f:fa:d1:d1:f8:62:db:9d:14:ec:db:10:
         ff:5d:61:2a:c8:8b:94:fa:88:74:ed:88:66:80:14:b2:9e:70:
         38:a9:15:e7:74:01:a4:c2:4a:ba:1a:ab:39:b3:41:9b:26:17:
         f2:42:b1:1a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSWJocCQZ/j+E6kp1DcUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxODJjZDNhYzVjNGRiNjdlYTczMWE2YjcxOThiN2Q2ZTRm
ZjExNWMwHhcNMjQwMTAxMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmMyMzdjNjE0MWU2MDBhYmRjNmRiNTNhZWI1NGYyNmYxZDFlNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VB9uG6YXG1zmkPL/dbkzIN3/c2B
1chrSrW9TkSQDzqGZpUc3dUZ5OiiMeuMfQulzTcJ6M9+Gl81A/cYRMZ/kb7+YlFa
KgUPwl9bODLYYKKVkOTHSIEhygJByEWXqK70qa2NnoBH5iyL0BtQfiMab49Mn9ab
I854qRn1mqDPR+y6ziYS1XVJO6fesu1MIBtfoUJWVydwEtDSdCFvfKxchCn0V3Gs
Rtdq+F7Qnvt0G750g45OeH4tt1jeGAhtfHyVp2XLgy/8nSYSHBjpNJnolC09i/RB
IjRbouagDG8jS1NKWSZ5vF3gLoNgegiSdFh4RifBKt796vH+sXC/PI8o+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMLCN8YUHmAKvcbbU661Tybx0ebpMB8GA1UdIwQY
MBaAFCGCzTrFxNtn6nMaa3GYt9bk/xFcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVlMTk9zWEUyMmZxY3hwcmNaaTMxdVRfRVZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi8yZmFlYjUtNmExZC00YTEzLWJhMWYt
NDY2M2JjOWRhOTY0LzEvd3NJM3hoUWVZQXE5eHR0VHJyVlBKdkhSNXVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi8yZmFlYjUtNmExZC00YTEzLWJhMWYtNDY2M2JjOWRhOTY0
LzEvSVlMTk9zWEUyMmZxY3hwcmNaaTMxdVRfRVZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJfzcMA0E
AgACMAcDBQMqBVGAMA0GCSqGSIb3DQEBCwUAA4IBAQAH5Me71nMvMbsHr83Gu5+L
To6tCywFKi4I0ux6qwzluBYy68FSIg4C4F2xvzvdEw46HgAQ5mukF9Q7vDdngwZR
FQR9PghG+/EibhnxCBs54T5UXq2hr0hBkafdWUFP8WEY8NP0f9KPifOqi4eMJdnm
TSIntld0KgauGPMLBaVsd/qQ+f5DpWBxaSM2oX20PASKOTFKM8Zojv337srm+fCb
pXxX5EFAzOCL+2tZAMR4vnQDTSqaQJZRCqdvdHZ8ohr3KsPC8yZ//RmBeehP+tHR
+GLbnRTs2xD/XWEqyIuU+oh07YhmgBSynnA4qRXndAGkwkq6Gqs5s0GbJhfyQrEa
-----END CERTIFICATE-----