Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/mArrhtMFHu6uyjqxZX8Dp4AH-BE.roa
File:                     mArrhtMFHu6uyjqxZX8Dp4AH-BE.roa (raw, json)
Hash identifier:          zQziqnBRL7YR5leeCaVqrsGOG74ycsP677MRPyuRq70=
Subject key identifier:   98:0A:EB:86:D3:05:1E:EE:AE:CA:3A:B1:65:7F:03:A7:80:07:F8:11
Certificate issuer:       /CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
Certificate serial:       018CC3B73E7A1BC7CFA2174CDD2A86542473
Authority key identifier: B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/mArrhtMFHu6uyjqxZX8Dp4AH-BE.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200154
IP address blocks:        37.32.77.0/24 maxlen: 24
                          37.32.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3e:7a:1b:c7:cf:a2:17:4c:dd:2a:86:54:24:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4e82ba1715d6aeae5b0102725ffe0c834735d7d
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=980aeb86d3051eeeaeca3ab1657f03a78007f811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:53:07:37:bb:de:2f:a3:36:f2:9d:86:02:a2:
                    bd:90:e7:2e:7b:92:63:8b:d1:38:e3:66:79:e5:c4:
                    d3:cd:ca:28:f3:03:3c:20:1c:37:7c:fe:d8:41:fe:
                    f8:eb:e2:09:46:5a:4c:4e:9a:ab:8f:0f:fb:b7:85:
                    1a:57:5d:60:67:cb:45:ad:24:a9:e3:29:7f:41:89:
                    ad:2f:48:31:b0:50:d0:5b:b5:1f:61:a5:80:b2:34:
                    ae:67:d9:ac:95:d8:c2:8e:eb:db:16:5b:30:3b:99:
                    c5:da:49:15:79:de:d8:ff:8a:da:fa:8e:e9:dc:37:
                    3a:ab:cd:cd:84:8b:26:d3:e2:0a:a0:29:e6:ef:dd:
                    22:d5:c0:5a:54:53:fb:e0:81:98:1c:03:44:ba:31:
                    52:bf:1c:f0:20:36:63:bd:8a:07:b1:56:85:42:02:
                    74:ae:01:85:98:3c:79:98:d4:91:78:c9:9b:ec:e7:
                    53:a1:ce:c7:c5:dd:de:0d:87:1f:f5:4b:af:9e:60:
                    3c:15:50:02:65:e7:b8:54:98:29:1a:b3:ce:f4:a1:
                    06:4c:02:94:4b:36:90:b5:65:12:a1:e1:44:72:ab:
                    4e:23:19:d7:cf:4f:98:34:be:ba:10:c5:0c:ab:c4:
                    f5:8b:95:5c:64:0a:58:9e:db:f5:c8:80:35:ea:71:
                    7e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:0A:EB:86:D3:05:1E:EE:AE:CA:3A:B1:65:7F:03:A7:80:07:F8:11
            X509v3 Authority Key Identifier:
                keyid:B4:E8:2B:A1:71:5D:6A:EA:E5:B0:10:27:25:FF:E0:C8:34:73:5D:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tOgroXFdaurlsBAnJf_gyDRzXX0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/mArrhtMFHu6uyjqxZX8Dp4AH-BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9151c0-3326-4801-9363-c7d19930d66d/1/tOgroXFdaurlsBAnJf_gyDRzXX0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.77.0/24
                  37.32.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:72:3e:bc:f5:08:63:ce:c3:58:60:d9:9b:d8:e5:ec:dc:82:
         1c:68:da:16:3c:1f:a6:e2:c6:2f:cc:3f:ca:92:f9:e1:63:58:
         68:35:59:77:e3:fe:96:15:41:09:f0:80:a5:dc:95:f2:6f:9d:
         2b:81:b6:d5:21:f1:cd:97:07:72:48:57:4a:50:f2:90:43:39:
         86:42:db:81:fc:af:c7:71:58:61:a6:6c:a2:dc:3b:15:e5:6f:
         f4:55:7e:f6:1a:77:89:27:02:6b:ae:e6:67:87:81:4e:36:7e:
         6a:22:39:c9:f6:4d:d6:98:36:17:cd:1f:5b:44:4c:d5:58:d0:
         37:e7:9e:56:0c:23:ff:23:26:06:2c:d8:c8:2a:ba:ed:ef:6c:
         46:e7:1b:f3:07:03:04:f6:aa:5e:a0:0a:eb:b8:a0:d4:13:4d:
         0d:23:ae:6b:dc:7d:ae:a8:1d:fa:e4:5c:2f:86:42:2e:13:77:
         74:c5:89:87:54:4c:f1:5c:b0:2e:77:66:d7:a7:09:35:1d:a2:
         e2:0e:01:d9:5f:4b:73:6a:e3:91:21:99:80:27:a6:c8:2f:65:
         b3:6d:a0:8d:71:4c:d1:e4:62:a0:2f:fb:c0:22:2c:1a:4c:c0:
         36:61:71:90:d4:9c:8b:66:d1:d7:34:56:f6:97:91:6a:bc:e2:
         70:76:a5:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtz56G8fPohdM3SqGVCRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZTgyYmExNzE1ZDZhZWFlNWIwMTAyNzI1ZmZlMGM4MzQ3
MzVkN2QwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODBhZWI4NmQzMDUxZWVlYWVjYTNhYjE2NTdmMDNhNzgwMDdmODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1MHN7veL6M28p2GAqK9kOcue5Jj
i9E442Z55cTTzcoo8wM8IBw3fP7YQf746+IJRlpMTpqrjw/7t4UaV11gZ8tFrSSp
4yl/QYmtL0gxsFDQW7UfYaWAsjSuZ9msldjCjuvbFlswO5nF2kkVed7Y/4ra+o7p
3Dc6q83NhIsm0+IKoCnm790i1cBaVFP74IGYHANEujFSvxzwIDZjvYoHsVaFQgJ0
rgGFmDx5mNSReMmb7OdToc7Hxd3eDYcf9UuvnmA8FVACZee4VJgpGrPO9KEGTAKU
SzaQtWUSoeFEcqtOIxnXz0+YNL66EMUMq8T1i5VcZApYntv1yIA16nF+xQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJgK64bTBR7urso6sWV/A6eAB/gRMB8GA1UdIwQY
MBaAFLToK6FxXWrq5bAQJyX/4Mg0c119MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMt
YzdkMTk5MzBkNjZkLzEvbUFycmh0TUZIdTZ1eWpxeFpYOERwNEFILUJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85MTUxYzAtMzMyNi00ODAxLTkzNjMtYzdkMTk5MzBkNjZk
LzEvdE9ncm9YRmRhdXJsc0JBbkpmX2d5RFJ6WFgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJSBNAwQA
JSBPMA0GCSqGSIb3DQEBCwUAA4IBAQBwcj689QhjzsNYYNmb2OXs3IIcaNoWPB+m
4sYvzD/KkvnhY1hoNVl34/6WFUEJ8ICl3JXyb50rgbbVIfHNlwdySFdKUPKQQzmG
QtuB/K/HcVhhpmyi3DsV5W/0VX72GneJJwJrruZnh4FONn5qIjnJ9k3WmDYXzR9b
REzVWNA3555WDCP/IyYGLNjIKrrt72xG5xvzBwME9qpeoArruKDUE00NI65r3H2u
qB365FwvhkIuE3d0xYmHVEzxXLAud2bXpwk1HaLiDgHZX0tzauORIZmAJ6bIL2Wz
baCNcUzR5GKgL/vAIiwaTMA2YXGQ1JyLZtHXNFb2l5FqvOJwdqVi
-----END CERTIFICATE-----