Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/P2ie-v_e1qakswKBkYe8ZLKWxEc.roa
File:                     P2ie-v_e1qakswKBkYe8ZLKWxEc.roa (raw, json)
Hash identifier:          Pu7A+yMkzaTHEk1fItsWmMW/+SCDTYOw3FWfhMAzaK4=
Subject key identifier:   3F:68:9E:FA:FF:DE:D6:A6:A4:B3:02:81:91:87:BC:64:B2:96:C4:47
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       0196E50101C4CD9FD97EA582ACA077AA4C2C
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/P2ie-v_e1qakswKBkYe8ZLKWxEc.roa
Signing time:             Sun 18 May 2025 20:06:10 +0000
ROA not before:           Sun 18 May 2025 20:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214957
IP address blocks:        37.32.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 05:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e5:01:01:c4:cd:9f:d9:7e:a5:82:ac:a0:77:aa:4c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: May 18 20:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f689efaffded6a6a4b302819187bc64b296c447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:7c:d4:dc:2e:6b:8b:86:38:2b:9e:6a:b5:44:
                    05:07:08:16:f4:67:f0:84:0a:f9:af:15:b3:98:f7:
                    25:86:17:5b:41:01:d7:f9:a6:a4:ea:ce:a6:dd:8e:
                    df:64:a6:85:e3:da:5f:d0:e4:2a:fe:e4:8c:44:de:
                    49:13:0b:a9:50:65:f3:78:d2:6c:9c:57:d8:f5:14:
                    c5:5a:82:46:8e:7c:28:8d:64:68:64:c4:2b:57:5d:
                    88:30:1f:aa:7c:09:10:3c:d4:44:35:0e:0b:c0:c0:
                    e8:1e:e9:6e:b4:c5:61:76:06:31:25:21:cd:f2:59:
                    2a:35:45:df:82:aa:f4:e0:c4:b0:a1:ab:9c:56:ac:
                    01:c0:74:78:6a:0e:f9:66:37:fc:92:4f:0c:1b:d9:
                    94:2b:35:90:9f:bb:f4:9e:50:a6:a3:c4:e1:9d:b2:
                    b0:51:92:9a:7f:f9:07:13:6a:ee:54:de:8c:8b:90:
                    6c:60:fc:76:a9:2b:aa:0e:d1:1b:97:4b:bf:5c:f9:
                    1b:c1:ff:11:e7:1b:a5:1e:60:f0:01:b8:7c:1b:96:
                    17:d0:1e:b3:56:2a:8e:db:86:3b:84:44:db:7c:e8:
                    7c:22:f4:a3:00:67:fa:e8:9d:94:26:b6:96:21:8b:
                    3e:a2:99:7c:ba:30:78:2e:d6:b2:b2:31:f2:24:d1:
                    0e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:68:9E:FA:FF:DE:D6:A6:A4:B3:02:81:91:87:BC:64:B2:96:C4:47
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/P2ie-v_e1qakswKBkYe8ZLKWxEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:bb:f9:97:fd:f4:ec:78:21:90:de:4b:92:29:38:5c:b9:80:
         0d:ce:b1:8b:75:36:c5:2e:cb:53:e4:31:e0:01:a1:13:e9:3b:
         af:e6:d3:f8:80:bd:4e:8a:95:11:94:72:21:98:1a:ba:d3:33:
         2e:4f:83:71:1c:73:ae:05:dd:93:76:b3:b0:07:58:cc:0b:57:
         c3:ae:1c:25:5a:d1:7b:bf:e5:38:12:79:aa:14:17:f6:24:39:
         e4:03:7e:79:c7:e6:b1:2d:e6:86:bd:ce:ba:87:28:02:bc:cf:
         b8:9b:19:b7:10:6c:d7:a6:8e:6b:19:3a:4c:40:33:c3:8a:a6:
         9e:bb:cf:47:ad:ac:57:b6:78:61:e2:fb:a4:47:f4:25:5e:5e:
         82:34:58:d5:5c:51:f7:16:51:0b:6d:b2:ca:68:d6:cc:66:e9:
         dc:b9:40:f2:de:28:56:8f:98:09:3d:1b:99:5f:32:95:8e:f0:
         e0:66:96:86:6c:f2:3e:4d:b1:8c:fd:2e:c8:6c:10:7a:8d:74:
         e6:a1:dc:5c:ad:59:5a:05:1c:b4:46:7f:ee:69:7b:63:38:6f:
         2d:67:ea:e9:2c:81:ed:a9:46:ea:55:29:a2:e5:f0:d3:27:b4:
         fe:cd:b2:82:9d:6a:09:e0:84:d2:1c:c4:e2:9d:f5:4f:3c:9a:
         07:0c:dc:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZblAQHEzZ/ZfqWCrKB3qkwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNTE4MjAwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjY4OWVmYWZmZGVkNmE2YTRiMzAyODE5MTg3YmM2NGIyOTZjNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXzU3C5ri4Y4K55qtUQFBwgW9Gfw
hAr5rxWzmPclhhdbQQHX+aak6s6m3Y7fZKaF49pf0OQq/uSMRN5JEwupUGXzeNJs
nFfY9RTFWoJGjnwojWRoZMQrV12IMB+qfAkQPNRENQ4LwMDoHulutMVhdgYxJSHN
8lkqNUXfgqr04MSwoaucVqwBwHR4ag75Zjf8kk8MG9mUKzWQn7v0nlCmo8ThnbKw
UZKaf/kHE2ruVN6Mi5BsYPx2qSuqDtEbl0u/XPkbwf8R5xulHmDwAbh8G5YX0B6z
ViqO24Y7hETbfOh8IvSjAGf66J2UJraWIYs+opl8ujB4LtaysjHyJNEOFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9onvr/3tampLMCgZGHvGSylsRHMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvUDJpZS12X2UxcWFrc3dLQmtZZThaTEtXeEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSArMA0G
CSqGSIb3DQEBCwUAA4IBAQCMu/mX/fTseCGQ3kuSKThcuYANzrGLdTbFLstT5DHg
AaET6Tuv5tP4gL1OipURlHIhmBq60zMuT4NxHHOuBd2TdrOwB1jMC1fDrhwlWtF7
v+U4EnmqFBf2JDnkA355x+axLeaGvc66hygCvM+4mxm3EGzXpo5rGTpMQDPDiqae
u89HraxXtnhh4vukR/QlXl6CNFjVXFH3FlELbbLKaNbMZuncuUDy3ihWj5gJPRuZ
XzKVjvDgZpaGbPI+TbGM/S7IbBB6jXTmodxcrVlaBRy0Rn/uaXtjOG8tZ+rpLIHt
qUbqVSmi5fDTJ7T+zbKCnWoJ4ITSHMTinfVPPJoHDNy6
-----END CERTIFICATE-----