Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/Xt3T22cAyNAfx6uMEu7CwzoAqrk.roa
File:                     Xt3T22cAyNAfx6uMEu7CwzoAqrk.roa (raw, json)
Hash identifier:          rRMYxYu3pA2gBQErHXGOIHO2KMOBz6sZ2MNR2Agapa0=
Subject key identifier:   5E:DD:D3:DB:67:00:C8:D0:1F:C7:AB:8C:12:EE:C2:C3:3A:00:AA:B9
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       018F3D8AC977F7ED26C3C3153E338E670997
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/Xt3T22cAyNAfx6uMEu7CwzoAqrk.roa
Signing time:             Fri 03 May 2024 08:20:56 +0000
ROA not before:           Fri 03 May 2024 08:20:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47376
IP address blocks:        37.32.44.0/24 maxlen: 24
                          37.32.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:8a:c9:77:f7:ed:26:c3:c3:15:3e:33:8e:67:09:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: May  3 08:20:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5eddd3db6700c8d01fc7ab8c12eec2c33a00aab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:66:4f:5d:f3:1d:e2:11:55:00:92:21:3e:0f:
                    2a:fc:83:eb:7d:c4:bb:61:9e:a1:2a:4f:67:4a:7f:
                    8e:3b:92:20:fa:49:8e:83:f1:0d:e6:80:0f:7e:37:
                    c1:2f:e6:5a:96:c3:f3:f1:c2:65:6d:49:9e:91:d1:
                    93:39:f2:33:0f:75:a5:05:76:d3:71:ab:0f:a3:8f:
                    4f:10:c0:e2:10:cd:1e:4f:2c:b0:a4:2f:64:00:5e:
                    a5:3d:33:4e:03:cf:bf:ad:21:54:10:e9:48:f7:c4:
                    e5:0b:b5:55:15:6d:b5:33:35:5f:6a:ac:e6:77:b5:
                    15:b2:7c:82:a5:f7:3f:75:49:4a:4a:2f:91:3e:a0:
                    d2:79:83:ff:74:2f:e0:33:07:ec:44:6c:26:6d:09:
                    33:aa:2c:40:16:25:ca:a7:ed:5e:5c:13:db:72:fb:
                    3c:44:61:28:c5:23:ce:5f:15:c3:5c:fa:23:18:a4:
                    64:f2:ba:a7:a9:4e:a2:5a:00:a0:90:ce:45:f8:61:
                    ad:cc:c5:6d:99:d9:18:32:98:56:58:7b:43:d1:6e:
                    60:c8:8e:24:e1:b5:90:24:84:8d:cd:ca:e9:82:06:
                    9d:2f:e8:d4:e8:a0:4c:54:1e:a7:84:4e:86:22:de:
                    76:d2:3c:5a:80:c8:69:fd:8c:58:e1:d0:2a:79:c9:
                    81:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:DD:D3:DB:67:00:C8:D0:1F:C7:AB:8C:12:EE:C2:C3:3A:00:AA:B9
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/Xt3T22cAyNAfx6uMEu7CwzoAqrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:6e:b6:02:5e:c8:22:fa:e7:94:52:21:0d:34:f0:cb:e2:3e:
         3c:66:23:ac:ca:82:3a:e9:4f:3e:f5:2e:08:5a:a9:84:a7:dc:
         31:44:26:45:88:2f:32:88:76:93:aa:02:7e:23:89:5e:1f:41:
         e6:28:33:40:b7:1a:3a:d5:39:f0:c3:53:b9:9c:a7:67:dd:b3:
         05:06:78:40:6a:e1:19:02:fa:ed:81:38:a5:ef:82:89:41:47:
         5a:5e:97:6e:1c:99:de:f8:c3:04:cf:df:0f:c8:ee:90:7d:7e:
         c3:89:5e:75:59:63:fe:45:3f:d2:d7:d8:2e:94:71:c9:35:17:
         d1:7c:66:e5:d5:01:71:b9:d0:c3:35:d2:18:82:ba:2d:7b:cd:
         25:a6:31:9d:81:62:dd:fe:4a:87:e6:6f:11:8d:bf:72:2c:b5:
         d7:b5:56:75:4a:a3:a0:ed:51:ff:5e:f4:ee:b8:04:a8:c1:b3:
         2d:99:73:89:da:5d:ea:d7:9a:e2:ec:a5:22:ea:7f:c9:13:eb:
         39:aa:94:11:d1:6d:a8:bf:f1:ab:dc:26:de:fb:2e:b7:de:20:
         1a:75:44:8e:60:48:de:77:77:4f:4c:9c:29:72:c4:18:da:f6:
         b0:11:ec:27:dd:5f:d8:72:d8:4f:a1:92:b8:61:e6:25:24:7a:
         76:ed:31:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY89isl39+0mw8MVPjOOZwmXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjQwNTAzMDgyMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWRkZDNkYjY3MDBjOGQwMWZjN2FiOGMxMmVlYzJjMzNhMDBhYWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WZPXfMd4hFVAJIhPg8q/IPrfcS7
YZ6hKk9nSn+OO5Ig+kmOg/EN5oAPfjfBL+ZalsPz8cJlbUmekdGTOfIzD3WlBXbT
casPo49PEMDiEM0eTyywpC9kAF6lPTNOA8+/rSFUEOlI98TlC7VVFW21MzVfaqzm
d7UVsnyCpfc/dUlKSi+RPqDSeYP/dC/gMwfsRGwmbQkzqixAFiXKp+1eXBPbcvs8
RGEoxSPOXxXDXPojGKRk8rqnqU6iWgCgkM5F+GGtzMVtmdkYMphWWHtD0W5gyI4k
4bWQJISNzcrpggadL+jU6KBMVB6nhE6GIt520jxagMhp/YxY4dAqecmB8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7d09tnAMjQH8erjBLuwsM6AKq5MB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvWHQzVDIyY0F5TkFmeDZ1TUV1N0N3em9BcXJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJSAsMA0G
CSqGSIb3DQEBCwUAA4IBAQCCbrYCXsgi+ueUUiENNPDL4j48ZiOsyoI66U8+9S4I
WqmEp9wxRCZFiC8yiHaTqgJ+I4leH0HmKDNAtxo61Tnww1O5nKdn3bMFBnhAauEZ
AvrtgTil74KJQUdaXpduHJne+MMEz98PyO6QfX7DiV51WWP+RT/S19gulHHJNRfR
fGbl1QFxudDDNdIYgrote80lpjGdgWLd/kqH5m8Rjb9yLLXXtVZ1SqOg7VH/XvTu
uASowbMtmXOJ2l3q15ri7KUi6n/JE+s5qpQR0W2ov/Gr3Cbe+y633iAadUSOYEje
d3dPTJwpcsQY2vawEewn3V/YcthPoZK4YeYlJHp27TFL
-----END CERTIFICATE-----