Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/1_cbJ_fdyY19R0AxdFqSHfn-Tm0.roa
File:                     1_cbJ_fdyY19R0AxdFqSHfn-Tm0.roa (raw, json)
Hash identifier:          JJ5vEMKidrIE2eBd4TMip731znYE4Ur53lwh8FDoi/U=
Subject key identifier:   D7:F7:1B:27:F7:DD:C9:8D:7D:47:40:31:74:5A:92:1D:F9:FE:4E:6D
Certificate issuer:       /CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
Certificate serial:       018CC801136CAA6C71340AA485483C894F9B
Authority key identifier: B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/1_cbJ_fdyY19R0AxdFqSHfn-Tm0.roa
Signing time:             Tue 02 Jan 2024 02:29:22 +0000
ROA not before:           Tue 02 Jan 2024 02:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34254
IP address blocks:        37.26.72.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:13:6c:aa:6c:71:34:0a:a4:85:48:3c:89:4f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b38bb62a47b1a2aedb70f32f58c979ba0c777f06
        Validity
            Not Before: Jan  2 02:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7f71b27f7ddc98d7d474031745a921df9fe4e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b3:2a:56:c5:83:f6:2b:15:be:93:31:07:b8:
                    ca:b5:fc:80:a8:f8:57:cf:4f:33:be:9e:f8:d7:69:
                    d0:d8:79:13:85:47:32:99:6e:ad:44:7c:3e:8d:e1:
                    26:8d:56:09:c8:ae:3d:e0:de:3b:1a:6d:e7:b4:89:
                    0b:fe:0f:d9:37:9b:a7:b0:04:f6:ff:f0:08:14:a0:
                    6b:4a:a4:09:ad:e4:3e:ef:00:5d:45:1b:2d:b5:e5:
                    22:0f:f7:29:e9:7d:08:b9:26:c1:7a:88:5f:97:ff:
                    dc:29:fb:4e:fe:04:f4:97:7e:c6:fd:d1:1d:96:b2:
                    a2:0f:8f:bd:84:99:f7:6b:19:75:27:ce:2e:78:39:
                    89:7c:57:5c:34:fc:e5:be:b7:e2:c0:a5:6f:9d:b7:
                    c3:80:29:1c:5a:6d:7f:c5:aa:82:8e:fe:d6:97:8d:
                    2e:c8:fa:04:44:11:32:f0:3c:50:47:30:33:cf:b7:
                    f6:90:44:ad:5b:1b:dc:3f:ee:c0:e0:95:06:98:2e:
                    48:dc:7d:56:fb:61:4a:dd:27:bb:2f:f0:7c:3e:d6:
                    6d:dc:a9:20:f3:60:aa:f7:83:f0:be:e1:da:d6:9f:
                    f6:06:92:ce:f6:b5:3a:14:f9:b5:93:78:11:73:ee:
                    91:ae:e9:8c:28:ac:9c:dc:ef:19:9a:31:8e:c2:41:
                    bf:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F7:1B:27:F7:DD:C9:8D:7D:47:40:31:74:5A:92:1D:F9:FE:4E:6D
            X509v3 Authority Key Identifier:
                keyid:B3:8B:B6:2A:47:B1:A2:AE:DB:70:F3:2F:58:C9:79:BA:0C:77:7F:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s4u2Kkexoq7bcPMvWMl5ugx3fwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/1_cbJ_fdyY19R0AxdFqSHfn-Tm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/9f682c-1c57-4ce5-bb98-0605c089fc38/1/s4u2Kkexoq7bcPMvWMl5ugx3fwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.26.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         97:75:13:bb:75:6e:c3:34:15:55:67:80:e3:45:03:8b:c3:86:
         35:2b:bc:f7:e5:c9:b3:23:88:ed:b4:41:f6:e7:8b:91:0f:00:
         cc:72:a8:3d:b3:23:8d:1d:33:5e:b7:a5:f5:d5:92:a7:64:bd:
         93:84:99:e7:b9:0c:56:f9:15:40:3a:35:17:21:cc:49:36:35:
         e5:ad:6f:df:3d:d1:bf:3f:9c:cb:6a:1a:9b:fe:2c:24:cc:7d:
         06:02:3d:d8:c0:65:3e:1c:40:53:8e:a7:c3:a8:3f:35:06:49:
         f9:d9:08:01:dd:b7:1c:fe:3f:28:ea:3f:cf:0e:5a:18:da:b2:
         69:9b:9e:f5:7c:00:ed:fe:d2:a4:41:7e:57:bf:b7:18:b0:c4:
         0e:2b:ba:03:17:d6:05:1f:25:9f:37:f3:c4:96:1d:ae:56:7e:
         eb:74:7c:b1:5e:f6:d3:b3:ba:03:17:37:d5:e6:24:a0:68:21:
         e0:9b:54:72:e0:19:e4:65:73:49:09:fa:db:b3:0d:a3:c0:a9:
         22:22:75:85:fd:03:88:ae:10:72:86:c2:da:9c:57:99:bc:61:
         7e:c7:1c:21:4d:d1:f6:69:ae:13:34:51:28:34:8e:e0:39:fc:
         5e:d4:31:e4:f7:5a:fd:fa:8a:b8:1d:e4:98:f7:b7:45:75:a8:
         b2:7c:92:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIARNsqmxxNAqkhUg8iU+bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOGJiNjJhNDdiMWEyYWVkYjcwZjMyZjU4Yzk3OWJhMGM3
NzdmMDYwHhcNMjQwMTAyMDIyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Y3MWIyN2Y3ZGRjOThkN2Q0NzQwMzE3NDVhOTIxZGY5ZmU0ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLMqVsWD9isVvpMxB7jKtfyAqPhX
z08zvp7412nQ2HkThUcymW6tRHw+jeEmjVYJyK494N47Gm3ntIkL/g/ZN5unsAT2
//AIFKBrSqQJreQ+7wBdRRstteUiD/cp6X0IuSbBeohfl//cKftO/gT0l37G/dEd
lrKiD4+9hJn3axl1J84ueDmJfFdcNPzlvrfiwKVvnbfDgCkcWm1/xaqCjv7Wl40u
yPoERBEy8DxQRzAzz7f2kEStWxvcP+7A4JUGmC5I3H1W+2FK3Se7L/B8PtZt3Kkg
82Cq94PwvuHa1p/2BpLO9rU6FPm1k3gRc+6RrumMKKyc3O8ZmjGOwkG/nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNf3Gyf33cmNfUdAMXRakh35/k5tMB8GA1UdIwQY
MBaAFLOLtipHsaKu23DzL1jJeboMd38GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgt
MDYwNWMwODlmYzM4LzEvMV9jYkpfZmR5WTE5UjBBeGRGcVNIZm4tVG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi85ZjY4MmMtMWM1Ny00Y2U1LWJiOTgtMDYwNWMwODlmYzM4
LzEvczR1MktrZXhvcTdiY1BNdldNbDV1Z3gzZndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJRpIMA0G
CSqGSIb3DQEBCwUAA4IBAQCXdRO7dW7DNBVVZ4DjRQOLw4Y1K7z35cmzI4jttEH2
54uRDwDMcqg9syONHTNet6X11ZKnZL2ThJnnuQxW+RVAOjUXIcxJNjXlrW/fPdG/
P5zLahqb/iwkzH0GAj3YwGU+HEBTjqfDqD81Bkn52QgB3bcc/j8o6j/PDloY2rJp
m571fADt/tKkQX5Xv7cYsMQOK7oDF9YFHyWfN/PElh2uVn7rdHyxXvbTs7oDFzfV
5iSgaCHgm1Ry4BnkZXNJCfrbsw2jwKkiInWF/QOIrhByhsLanFeZvGF+xxwhTdH2
aa4TNFEoNI7gOfxe1DHk91r9+oq4HeSY97dFdaiyfJIM
-----END CERTIFICATE-----