Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/WVc2CMMzl3OxTazniKfgsA94UX8.roa
File:                     WVc2CMMzl3OxTazniKfgsA94UX8.roa (raw, json)
Hash identifier:          oI3YDyrSL6PU5Wku37K2bFNDUgHLVbR5NcKy+jwV1Rk=
Subject key identifier:   59:57:36:08:C3:33:97:73:B1:4D:AC:E7:88:A7:E0:B0:0F:78:51:7F
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       019425FDBEC12C3E8F987BF9FC0CF4DEBA62
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/WVc2CMMzl3OxTazniKfgsA94UX8.roa
Signing time:             Thu 02 Jan 2025 07:49:33 +0000
ROA not before:           Thu 02 Jan 2025 07:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207645
IP address blocks:        37.148.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:be:c1:2c:3e:8f:98:7b:f9:fc:0c:f4:de:ba:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: Jan  2 07:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59573608c3339773b14dace788a7e0b00f78517f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:35:8e:12:bb:ac:44:5b:71:57:96:db:45:cb:
                    80:cb:af:fb:98:84:b5:8c:22:8d:ec:c8:40:c3:54:
                    8a:fd:ce:ed:b9:b9:6e:c7:8b:76:d1:3d:d3:01:b1:
                    00:52:bb:82:1d:8a:f1:0c:8d:43:d7:57:a9:e8:a7:
                    3e:85:22:a3:5b:e2:2b:5f:a4:4a:db:53:6a:75:c8:
                    08:15:24:ec:9d:53:03:0b:72:2c:00:d0:14:a3:56:
                    3e:be:58:4b:32:1b:0b:94:15:cc:dc:47:b3:b2:e2:
                    1c:e0:da:e4:2e:39:a7:cc:b8:45:dd:54:a1:3e:1c:
                    67:a9:b7:67:76:36:c8:de:39:56:96:24:25:ce:53:
                    dc:4f:31:d5:48:67:9c:8e:61:cb:ca:49:9a:ce:e3:
                    6f:ab:2a:79:15:b5:43:4d:67:23:ed:47:2f:bd:ce:
                    bf:52:39:6d:ef:2c:8a:86:b3:3c:78:ae:e1:ed:c2:
                    e9:4f:20:22:9c:56:92:5e:8f:af:52:7e:4a:b7:ed:
                    64:10:2c:02:42:52:46:7f:af:05:15:a3:8d:4b:9c:
                    9c:17:b9:ab:0e:1f:42:84:69:44:c1:1b:ed:ce:5e:
                    d8:d4:ee:dc:5c:95:6d:fc:cd:0d:82:44:41:72:3d:
                    b2:d6:2e:58:53:7c:fa:c6:ff:6f:61:0e:84:b9:46:
                    21:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:57:36:08:C3:33:97:73:B1:4D:AC:E7:88:A7:E0:B0:0F:78:51:7F
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/WVc2CMMzl3OxTazniKfgsA94UX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:16:ed:b9:e9:18:13:6f:5b:cd:3f:0e:c3:47:db:8a:39:ad:
         6a:58:42:63:1d:92:4b:60:78:4a:be:29:fb:00:cb:2a:2e:4e:
         02:d0:3a:67:18:f6:d0:82:18:31:93:b7:59:b5:9a:76:72:83:
         56:eb:39:27:bd:f8:da:b2:67:1e:25:24:c5:35:22:78:2a:cc:
         7f:57:c6:06:23:a1:58:78:44:26:31:8a:c9:dc:72:3a:86:9d:
         ee:4b:e5:05:ae:d1:f6:49:46:4b:95:f4:23:d4:e8:fd:6d:ec:
         4a:bb:60:bb:e5:b7:47:57:77:eb:8e:fa:2b:08:1d:7c:1e:3f:
         06:d3:e5:c3:7f:80:f1:39:c6:1d:8a:9e:12:cb:5b:4c:63:97:
         8c:03:e5:7e:ef:8e:ab:7c:5a:8c:30:06:02:a8:d8:c6:37:df:
         3e:74:54:9d:f0:53:aa:fb:b5:37:82:49:9a:9c:51:86:69:3a:
         17:b9:ed:cc:de:45:33:86:88:c9:26:09:ed:88:e3:70:1e:43:
         de:28:06:1c:01:8e:ad:45:69:38:6b:6a:ba:56:b5:74:f5:9e:
         21:f9:10:6e:a7:13:49:23:97:d8:e4:7f:26:af:34:2d:7d:c5:
         5e:d5:c0:c8:4b:18:22:e4:f0:a4:cc:01:af:7e:b8:b2:38:75:
         d9:ef:23:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/b7BLD6PmHv5/Az03rpiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjUwMTAyMDc0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTU3MzYwOGMzMzM5NzczYjE0ZGFjZTc4OGE3ZTBiMDBmNzg1MTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TWOErusRFtxV5bbRcuAy6/7mIS1
jCKN7MhAw1SK/c7tublux4t20T3TAbEAUruCHYrxDI1D11ep6Kc+hSKjW+IrX6RK
21NqdcgIFSTsnVMDC3IsANAUo1Y+vlhLMhsLlBXM3EezsuIc4NrkLjmnzLhF3VSh
PhxnqbdndjbI3jlWliQlzlPcTzHVSGecjmHLykmazuNvqyp5FbVDTWcj7Ucvvc6/
Ujlt7yyKhrM8eK7h7cLpTyAinFaSXo+vUn5Kt+1kECwCQlJGf68FFaONS5ycF7mr
Dh9ChGlEwRvtzl7Y1O7cXJVt/M0NgkRBcj2y1i5YU3z6xv9vYQ6EuUYh+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlXNgjDM5dzsU2s54in4LAPeFF/MB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvV1ZjMkNNTXpsM094VGF6bmlLZmdzQTk0VVg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJZTcMA0G
CSqGSIb3DQEBCwUAA4IBAQA5Fu256RgTb1vNPw7DR9uKOa1qWEJjHZJLYHhKvin7
AMsqLk4C0DpnGPbQghgxk7dZtZp2coNW6zknvfjasmceJSTFNSJ4Ksx/V8YGI6FY
eEQmMYrJ3HI6hp3uS+UFrtH2SUZLlfQj1Oj9bexKu2C75bdHV3frjvorCB18Hj8G
0+XDf4DxOcYdip4Sy1tMY5eMA+V+746rfFqMMAYCqNjGN98+dFSd8FOq+7U3gkma
nFGGaToXue3M3kUzhojJJgntiONwHkPeKAYcAY6tRWk4a2q6VrV09Z4h+RBupxNJ
I5fY5H8mrzQtfcVe1cDISxgi5PCkzAGvfriyOHXZ7yPq
-----END CERTIFICATE-----