Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/LxcaHYo96dm5tq0a5JNbqt6I2L8.roa
File:                     LxcaHYo96dm5tq0a5JNbqt6I2L8.roa (raw, json)
Hash identifier:          iSbN4Giyt6svc61dZVwtAB8TA363DOIUw51J1MeAOyI=
Subject key identifier:   2F:17:1A:1D:8A:3D:E9:D9:B9:B6:AD:1A:E4:93:5B:AA:DE:88:D8:BF
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       018CC3B73F489939EDD799C67AFC35CFFD83
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/LxcaHYo96dm5tq0a5JNbqt6I2L8.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203622
IP address blocks:        37.32.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3f:48:99:39:ed:d7:99:c6:7a:fc:35:cf:fd:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f171a1d8a3de9d9b9b6ad1ae4935baade88d8bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:3f:ec:62:a9:2f:d1:9a:6e:12:95:34:44:b8:
                    01:96:83:46:8b:87:56:b7:e0:ee:e2:2e:d6:88:0c:
                    b0:90:25:f9:48:6b:15:8a:83:e7:3a:2c:b3:73:45:
                    5c:73:c3:fe:a6:84:81:de:60:98:90:46:de:e9:e1:
                    34:5a:1b:c1:da:3b:cb:9d:c9:72:64:5c:ec:29:42:
                    55:2e:b7:93:65:73:1c:33:5e:5a:de:29:9e:56:c6:
                    63:fe:bd:fc:d4:c5:ca:2d:32:a2:1d:ac:5a:f7:4a:
                    a5:61:5d:8f:db:3a:1f:2b:00:1e:81:99:24:5e:a6:
                    72:f5:a9:6b:cc:41:0d:c5:48:b0:91:98:83:37:29:
                    0e:00:2f:3b:ad:d7:64:61:06:12:9e:ea:64:94:35:
                    d2:4b:98:5a:66:67:3f:3f:57:ff:bc:68:28:88:8c:
                    b5:ae:d3:c5:52:33:59:cf:88:0b:e2:e2:ea:03:45:
                    f0:01:e4:cd:e4:46:9e:0a:35:75:9f:16:3f:bc:7c:
                    8d:71:d6:40:ab:be:72:15:27:9d:63:66:b0:71:3d:
                    e6:f5:c4:cf:b8:97:62:14:e0:06:c3:99:3e:07:29:
                    ec:c0:a4:d7:81:43:05:f1:cb:e8:16:ea:a9:14:14:
                    36:50:87:07:90:99:3f:46:2c:27:b9:bf:cc:5f:05:
                    4f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:17:1A:1D:8A:3D:E9:D9:B9:B6:AD:1A:E4:93:5B:AA:DE:88:D8:BF
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/LxcaHYo96dm5tq0a5JNbqt6I2L8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:c4:f6:61:7f:d8:39:3f:13:30:19:8a:e1:3a:3b:68:ed:48:
         6b:4b:02:28:50:2a:1e:0c:14:d7:27:4b:fb:5e:96:c8:a6:a2:
         f0:84:fe:9b:aa:e6:3a:ab:6a:9d:9f:25:29:a6:bc:ce:be:77:
         ae:85:b2:7b:53:6c:6a:46:09:5e:2c:1d:e5:f1:f2:52:0f:4d:
         19:a8:6a:a6:4b:3f:0f:5b:17:85:19:05:c0:53:1c:ca:cd:2a:
         3e:7b:e8:5f:1e:3c:d0:b2:fc:13:9c:35:a2:b9:ef:32:7d:29:
         4a:d5:bb:37:b4:45:72:41:7d:09:6b:2e:25:25:1a:33:e1:f4:
         23:23:ff:81:3a:85:6e:0b:d0:d9:38:5d:66:84:5e:f1:7e:9b:
         19:9a:ad:5c:55:01:63:a9:c8:98:5d:59:8f:82:d2:cc:96:ce:
         9d:aa:57:31:96:95:f6:c8:81:d1:5d:8c:50:ff:20:fd:b3:93:
         c0:08:f0:19:5f:d9:84:69:d7:c2:2e:e0:e6:fb:6d:f5:51:20:
         56:87:fc:c9:cf:46:a2:12:34:ff:31:9c:60:16:c1:b8:16:fa:
         c2:72:e7:ff:6c:f6:a7:9d:60:d0:d8:e4:8e:17:02:73:c4:6d:
         d1:4f:b8:b4:3d:73:69:57:6c:b4:84:83:65:3e:e5:0c:c7:89:
         45:c2:b4:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtz9ImTnt15nGevw1z/2DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjE3MWExZDhhM2RlOWQ5YjliNmFkMWFlNDkzNWJhYWRlODhkOGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnz/sYqkv0ZpuEpU0RLgBloNGi4dW
t+Du4i7WiAywkCX5SGsVioPnOiyzc0Vcc8P+poSB3mCYkEbe6eE0WhvB2jvLncly
ZFzsKUJVLreTZXMcM15a3imeVsZj/r381MXKLTKiHaxa90qlYV2P2zofKwAegZkk
XqZy9alrzEENxUiwkZiDNykOAC87rddkYQYSnupklDXSS5haZmc/P1f/vGgoiIy1
rtPFUjNZz4gL4uLqA0XwAeTN5EaeCjV1nxY/vHyNcdZAq75yFSedY2awcT3m9cTP
uJdiFOAGw5k+BynswKTXgUMF8cvoFuqpFBQ2UIcHkJk/Riwnub/MXwVP+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8XGh2KPenZubatGuSTW6reiNi/MB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvTHhjYUhZbzk2ZG01dHEwYTVKTmJxdDZJMkw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBIMA0G
CSqGSIb3DQEBCwUAA4IBAQA8xPZhf9g5PxMwGYrhOjto7UhrSwIoUCoeDBTXJ0v7
XpbIpqLwhP6bquY6q2qdnyUpprzOvneuhbJ7U2xqRgleLB3l8fJSD00ZqGqmSz8P
WxeFGQXAUxzKzSo+e+hfHjzQsvwTnDWiue8yfSlK1bs3tEVyQX0Jay4lJRoz4fQj
I/+BOoVuC9DZOF1mhF7xfpsZmq1cVQFjqciYXVmPgtLMls6dqlcxlpX2yIHRXYxQ
/yD9s5PACPAZX9mEadfCLuDm+231USBWh/zJz0aiEjT/MZxgFsG4FvrCcuf/bPan
nWDQ2OSOFwJzxG3RT7i0PXNpV2y0hINlPuUMx4lFwrRD
-----END CERTIFICATE-----