Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/K9HE4jGHKBvlLBBQ4Y9VAQ8w7hI.roa
File:                     K9HE4jGHKBvlLBBQ4Y9VAQ8w7hI.roa (raw, json)
Hash identifier:          01KaQenRXeDZ19B+zemhlgL0rea4/zskIhaW0lWAlRY=
Subject key identifier:   2B:D1:C4:E2:31:87:28:1B:E5:2C:10:50:E1:8F:55:01:0F:30:EE:12
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       018F38504927A7C1A7B4BD83C89C4294C506
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/K9HE4jGHKBvlLBBQ4Y9VAQ8w7hI.roa
Signing time:             Thu 02 May 2024 07:58:56 +0000
ROA not before:           Thu 02 May 2024 07:58:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214990
IP address blocks:        37.32.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:38:50:49:27:a7:c1:a7:b4:bd:83:c8:9c:42:94:c5:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: May  2 07:58:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bd1c4e23187281be52c1050e18f55010f30ee12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:67:78:44:a7:92:e1:64:cd:37:d7:13:dc:4e:
                    14:ed:bd:9d:c7:32:b7:71:bb:52:73:02:a0:75:c0:
                    3d:db:c5:d3:e5:63:d5:b7:7e:0d:ac:0d:05:96:00:
                    be:45:db:f6:bf:03:eb:c1:3b:d4:ae:14:71:66:d4:
                    63:cd:12:9a:bc:33:b8:16:0a:37:88:85:cd:d5:b0:
                    1f:28:ef:dc:0f:60:85:dd:95:8e:c9:2b:ef:79:a6:
                    df:7a:10:5f:8b:fb:51:94:35:10:de:2c:59:fd:28:
                    ff:ba:2a:d7:cc:7b:64:6f:39:b0:f7:6b:b8:84:80:
                    0b:7c:26:d7:9c:6a:f6:e4:46:7d:77:87:0c:bb:01:
                    f0:04:bb:3a:24:cc:df:6b:3b:b0:32:c1:7e:eb:1c:
                    ab:3c:e6:3b:a2:69:78:22:49:dc:1d:7d:8f:fd:d9:
                    4d:ab:58:e1:14:8a:0a:5c:3e:8a:1a:a7:63:fe:59:
                    11:f3:23:71:cc:0d:d5:63:7c:4d:f8:07:38:59:41:
                    94:3f:72:20:8c:20:b0:e7:a8:dc:58:a7:e6:6b:85:
                    a2:69:df:63:9f:d3:57:e6:ed:32:f6:44:0a:c0:9e:
                    ce:72:e3:37:77:2a:05:8e:ea:87:59:64:10:19:84:
                    ee:3b:50:8d:c2:63:39:5d:6c:76:86:e1:c2:bc:92:
                    51:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D1:C4:E2:31:87:28:1B:E5:2C:10:50:E1:8F:55:01:0F:30:EE:12
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/K9HE4jGHKBvlLBBQ4Y9VAQ8w7hI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:16:f9:0a:14:41:24:5a:28:2e:97:3a:62:9f:16:eb:7b:87:
         59:df:96:e0:be:80:29:d7:70:99:2c:18:9a:5c:fc:e5:fd:fe:
         bc:55:8a:91:e1:a7:b9:59:44:3a:9c:1b:5f:af:8b:38:5b:5f:
         a9:60:a4:02:a7:58:85:4f:58:11:3e:e9:09:d2:5e:f5:f9:3c:
         05:19:f8:dc:61:a0:e0:76:08:04:e5:43:7e:a1:df:57:1e:d2:
         7f:13:b7:27:91:e1:5c:30:78:f9:e8:a8:6c:fb:c6:aa:62:50:
         32:50:ab:85:cd:68:93:e8:df:32:dd:38:34:ba:55:54:35:87:
         34:8d:46:c3:58:ca:f7:7e:1b:b9:3d:9b:7f:18:10:ee:96:02:
         3f:94:12:31:90:f6:94:b8:ff:74:e3:58:f6:1a:f7:ec:2e:19:
         1b:52:98:53:a9:9f:ac:2f:21:f1:a7:ce:59:f3:12:8d:da:ca:
         90:ed:88:4e:e0:9b:3c:6a:20:8f:20:3c:c5:51:10:0b:8e:2d:
         e3:55:c4:71:13:59:6a:41:5c:28:2c:48:1a:f8:b8:c8:4f:d1:
         ca:a4:a9:08:5c:27:61:87:a6:ad:0f:7c:10:aa:a3:f8:93:48:
         3d:25:4b:58:0d:d1:6b:19:4a:98:b3:82:f7:26:bf:3b:0c:77:
         d7:61:5e:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY84UEknp8GntL2DyJxClMUGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQwNTAyMDc1ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQxYzRlMjMxODcyODFiZTUyYzEwNTBlMThmNTUwMTBmMzBlZTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWd4RKeS4WTNN9cT3E4U7b2dxzK3
cbtScwKgdcA928XT5WPVt34NrA0FlgC+Rdv2vwPrwTvUrhRxZtRjzRKavDO4Fgo3
iIXN1bAfKO/cD2CF3ZWOySvveabfehBfi/tRlDUQ3ixZ/Sj/uirXzHtkbzmw92u4
hIALfCbXnGr25EZ9d4cMuwHwBLs6JMzfazuwMsF+6xyrPOY7oml4IkncHX2P/dlN
q1jhFIoKXD6KGqdj/lkR8yNxzA3VY3xN+Ac4WUGUP3IgjCCw56jcWKfma4Wiad9j
n9NX5u0y9kQKwJ7OcuM3dyoFjuqHWWQQGYTuO1CNwmM5XWx2huHCvJJRpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvRxOIxhygb5SwQUOGPVQEPMO4SMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvSzlIRTRqR0hLQnZsTEJCUTRZOVZBUTh3N2hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBHMA0G
CSqGSIb3DQEBCwUAA4IBAQA7FvkKFEEkWigulzpinxbre4dZ35bgvoAp13CZLBia
XPzl/f68VYqR4ae5WUQ6nBtfr4s4W1+pYKQCp1iFT1gRPukJ0l71+TwFGfjcYaDg
dggE5UN+od9XHtJ/E7cnkeFcMHj56Khs+8aqYlAyUKuFzWiT6N8y3Tg0ulVUNYc0
jUbDWMr3fhu5PZt/GBDulgI/lBIxkPaUuP9041j2GvfsLhkbUphTqZ+sLyHxp85Z
8xKN2sqQ7YhO4Js8aiCPIDzFURALji3jVcRxE1lqQVwoLEga+LjIT9HKpKkIXCdh
h6atD3wQqqP4k0g9JUtYDdFrGUqYs4L3Jr87DHfXYV7O
-----END CERTIFICATE-----