Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lQ9jw6Mj-IVXuhO74eAiy5tWPs0.roa
File:                     lQ9jw6Mj-IVXuhO74eAiy5tWPs0.roa (raw, json)
Hash identifier:          h4Md4thCjTNIlqqkcdQbpdYwOeYbaKfzklpF9Kr+FhU=
Subject key identifier:   95:0F:63:C3:A3:23:F8:85:57:BA:13:BB:E1:E0:22:CB:9B:56:3E:CD
Certificate issuer:       /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial:       018CC8DE2CA1F523AC3115DFF1E1E8DF1738
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lQ9jw6Mj-IVXuhO74eAiy5tWPs0.roa
Signing time:             Tue 02 Jan 2024 06:30:52 +0000
ROA not before:           Tue 02 Jan 2024 06:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47447
IP address blocks:        37.247.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2c:a1:f5:23:ac:31:15:df:f1:e1:e8:df:17:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
        Validity
            Not Before: Jan  2 06:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=950f63c3a323f88557ba13bbe1e022cb9b563ecd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3d:54:24:5b:bc:64:0e:12:42:f4:80:aa:6d:
                    c7:49:68:6c:87:b9:99:0d:53:a2:e6:9e:2f:f4:60:
                    e9:39:ad:2c:8c:78:1f:69:31:94:51:9f:66:3b:d6:
                    94:53:09:0e:28:29:1c:48:33:ea:07:47:2e:64:bf:
                    5f:5e:db:59:d0:7b:16:77:40:83:9d:5a:04:63:b4:
                    0d:eb:5d:26:a0:80:85:7e:3e:51:49:2c:54:74:fd:
                    eb:24:53:35:f9:55:12:4a:2c:97:40:54:f2:b4:6c:
                    14:6a:0b:26:f3:0d:07:d4:f5:17:ab:d8:c4:89:2e:
                    06:02:1c:08:da:bb:e6:51:c6:04:d4:25:1d:f7:bb:
                    43:04:4e:28:d9:6c:31:8f:a7:9d:71:3a:a5:fd:55:
                    f7:a4:41:14:d0:ad:5a:57:9a:7e:93:a7:9e:06:5a:
                    f8:fa:12:3b:5c:72:28:7d:98:9f:ac:b5:61:a8:fc:
                    90:ed:65:3c:56:1b:07:5a:97:cd:f7:69:df:72:95:
                    c5:98:9c:54:0f:09:d6:fc:89:b9:74:5b:5a:47:d9:
                    f5:5e:06:cd:eb:87:25:ca:e2:87:1c:7b:9e:91:1c:
                    81:04:8c:44:8a:d7:91:25:6a:3f:fa:f2:75:18:34:
                    cb:56:81:dc:a4:4b:19:a3:d3:73:8f:79:27:8d:86:
                    7b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:0F:63:C3:A3:23:F8:85:57:BA:13:BB:E1:E0:22:CB:9B:56:3E:CD
            X509v3 Authority Key Identifier:
                keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lQ9jw6Mj-IVXuhO74eAiy5tWPs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.247.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         df:29:e1:d9:69:53:6e:72:dd:8a:d7:7a:03:7a:3a:e2:de:35:
         27:83:8b:56:4a:c0:96:7d:5c:f0:97:0e:41:70:28:06:ef:b6:
         98:d1:af:4c:3a:fe:7d:4e:cd:42:94:41:c7:e6:87:28:3d:c9:
         8e:75:0a:72:0c:c7:fe:91:bc:d2:4f:02:4d:88:92:b9:a5:c3:
         1f:87:7e:68:8c:50:9c:8a:08:71:8d:2d:00:ba:b8:b4:cd:c2:
         84:09:eb:a7:38:d6:64:1a:17:9c:39:11:4c:71:dd:86:d7:f1:
         a1:4f:9b:6e:e7:b0:76:f4:84:8d:6d:95:b8:bb:0a:36:5b:4d:
         30:dd:69:da:0b:90:5d:9f:71:27:61:e5:24:bf:f6:a2:b7:26:
         5b:62:5d:b2:01:c2:dd:3e:da:13:fe:f1:6f:5d:2b:c9:25:1f:
         ec:dd:41:03:f0:18:75:7b:4e:ac:48:de:54:64:85:25:99:55:
         dc:81:8b:6e:2c:d1:25:77:af:9a:bf:08:77:b7:38:9b:92:63:
         a4:bc:df:1c:8d:c2:d5:d8:e2:b7:07:6c:1e:60:c6:84:5d:d3:
         09:9f:25:dd:62:67:2c:79:ae:80:1e:84:50:a1:dd:f2:bf:e7:
         15:73:7e:11:77:a4:d0:4a:61:f1:c0:e4:c0:f3:8a:50:5d:44:
         d2:90:e3:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3iyh9SOsMRXf8eHo3xc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjQwMTAyMDYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTBmNjNjM2EzMjNmODg1NTdiYTEzYmJlMWUwMjJjYjliNTYzZWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgT1UJFu8ZA4SQvSAqm3HSWhsh7mZ
DVOi5p4v9GDpOa0sjHgfaTGUUZ9mO9aUUwkOKCkcSDPqB0cuZL9fXttZ0HsWd0CD
nVoEY7QN610moICFfj5RSSxUdP3rJFM1+VUSSiyXQFTytGwUagsm8w0H1PUXq9jE
iS4GAhwI2rvmUcYE1CUd97tDBE4o2Wwxj6edcTql/VX3pEEU0K1aV5p+k6eeBlr4
+hI7XHIofZifrLVhqPyQ7WU8VhsHWpfN92nfcpXFmJxUDwnW/Im5dFtaR9n1XgbN
64clyuKHHHuekRyBBIxEiteRJWo/+vJ1GDTLVoHcpEsZo9Nzj3knjYZ7ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUPY8OjI/iFV7oTu+HgIsubVj7NMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvbFE5anc2TWotSVZYdWhPNzRlQWl5NXRXUHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJfd3MA0G
CSqGSIb3DQEBCwUAA4IBAQDfKeHZaVNuct2K13oDejri3jUng4tWSsCWfVzwlw5B
cCgG77aY0a9MOv59Ts1ClEHH5ocoPcmOdQpyDMf+kbzSTwJNiJK5pcMfh35ojFCc
ighxjS0Auri0zcKECeunONZkGhecORFMcd2G1/GhT5tu57B29ISNbZW4uwo2W00w
3WnaC5Bdn3EnYeUkv/aityZbYl2yAcLdPtoT/vFvXSvJJR/s3UED8Bh1e06sSN5U
ZIUlmVXcgYtuLNEld6+avwh3tzibkmOkvN8cjcLV2OK3B2weYMaEXdMJnyXdYmcs
ea6AHoRQod3yv+cVc34Rd6TQSmHxwOTA84pQXUTSkOOV
-----END CERTIFICATE-----