Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/83f977-82b8-4695-9c08-1896555a2f0e/1/InoulI9kYCfaCZnNunzFl07t2KY.roa
File:                     InoulI9kYCfaCZnNunzFl07t2KY.roa (raw, json)
Hash identifier:          R0wkw7ff3fI9Ih7ETm8XBHC2BxVJL8fDFMT1IaMfq2Q=
Subject key identifier:   22:7A:2E:94:8F:64:60:27:DA:09:99:CD:BA:7C:C5:97:4E:ED:D8:A6
Certificate issuer:       /CN=828bbad6f4916842bbe320284fafe10caf59edf0
Certificate serial:       0192D2371037626663E8BE6A572492774D1A
Authority key identifier: 82:8B:BA:D6:F4:91:68:42:BB:E3:20:28:4F:AF:E1:0C:AF:59:ED:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gou61vSRaEK74yAoT6_hDK9Z7fA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/83f977-82b8-4695-9c08-1896555a2f0e/1/InoulI9kYCfaCZnNunzFl07t2KY.roa
Signing time:             Mon 28 Oct 2024 08:21:16 +0000
ROA not before:           Mon 28 Oct 2024 08:21:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        37.228.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/83f977-82b8-4695-9c08-1896555a2f0e/1/gou61vSRaEK74yAoT6_hDK9Z7fA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/83f977-82b8-4695-9c08-1896555a2f0e/1/gou61vSRaEK74yAoT6_hDK9Z7fA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gou61vSRaEK74yAoT6_hDK9Z7fA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:37:10:37:62:66:63:e8:be:6a:57:24:92:77:4d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=828bbad6f4916842bbe320284fafe10caf59edf0
        Validity
            Not Before: Oct 28 08:21:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=227a2e948f646027da0999cdba7cc5974eedd8a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:40:1a:6e:90:7f:3b:45:1b:c3:d9:65:e7:8d:
                    4b:f7:45:bc:37:58:27:0c:98:fb:38:b3:ed:b7:5c:
                    91:80:df:7a:b2:cf:49:dd:d1:38:5a:db:1b:c2:39:
                    a3:8d:db:3e:59:57:6d:72:15:95:df:9c:03:45:71:
                    0b:bf:3e:a7:10:9f:fc:4e:c3:94:2c:3f:1d:38:13:
                    43:b8:8c:db:51:93:b4:07:b8:1d:31:75:e2:6f:4f:
                    7d:5a:7e:63:a9:a1:56:5f:d4:2f:bf:cc:aa:8d:3f:
                    c5:63:cd:7e:5a:86:9d:8b:fa:88:bc:07:47:04:72:
                    c9:a2:5c:ff:90:02:b6:e9:d8:89:6e:13:ec:a5:31:
                    77:fc:71:7b:5c:36:bb:c1:d3:38:5f:e1:5b:74:0d:
                    11:dc:46:8f:a4:b7:0f:63:db:85:59:fc:96:a7:71:
                    89:08:0e:c3:31:3a:47:c6:06:16:46:9d:54:fc:08:
                    df:88:c2:61:9a:85:dd:7d:8d:21:d2:49:20:d5:b0:
                    4c:1b:8c:f6:b2:32:27:73:08:a3:40:86:05:99:e9:
                    72:87:61:78:72:7f:49:1f:7d:43:30:bf:36:79:c3:
                    32:4d:65:b1:b1:44:7b:37:d2:83:f1:79:55:22:3d:
                    fd:2e:ee:5e:93:8b:37:d9:fe:9e:c3:3e:df:d6:36:
                    2a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:7A:2E:94:8F:64:60:27:DA:09:99:CD:BA:7C:C5:97:4E:ED:D8:A6
            X509v3 Authority Key Identifier:
                keyid:82:8B:BA:D6:F4:91:68:42:BB:E3:20:28:4F:AF:E1:0C:AF:59:ED:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gou61vSRaEK74yAoT6_hDK9Z7fA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/83f977-82b8-4695-9c08-1896555a2f0e/1/InoulI9kYCfaCZnNunzFl07t2KY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/83f977-82b8-4695-9c08-1896555a2f0e/1/gou61vSRaEK74yAoT6_hDK9Z7fA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.228.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:70:f3:cf:ee:4d:2e:02:1c:21:96:c2:38:5b:b2:1d:98:d6:
         43:48:65:9d:0f:a3:17:c4:05:e3:19:50:2d:64:3d:93:c9:34:
         51:a3:3c:31:21:25:83:77:95:66:b5:02:f6:b9:47:7e:34:b4:
         8d:14:02:3d:5a:e2:ba:e2:62:be:67:80:7c:e4:a3:a8:26:e4:
         7f:09:e2:81:72:17:5d:d2:0d:8c:d6:e2:6e:74:6a:2f:35:26:
         c5:23:c5:82:d5:3d:ff:ae:2b:68:44:1c:ba:fd:ea:61:d6:15:
         d6:14:6d:ff:e3:ab:0a:cf:db:16:27:00:74:1c:9c:15:fd:9e:
         45:8d:8a:05:cd:8e:96:53:9e:7f:f3:7e:d3:77:40:f3:8c:aa:
         56:1e:09:d9:c0:90:d8:5a:ae:03:65:b5:5b:c1:ee:49:b9:c4:
         ae:b2:46:c4:da:70:20:06:76:a9:3e:e6:c4:a4:88:8e:31:c4:
         d7:ce:ba:63:d7:58:e8:bf:e1:d8:11:78:46:9e:b3:39:fa:6a:
         a9:b4:5a:b2:b9:2b:b8:2f:a8:1c:44:0d:40:72:10:2f:c4:8e:
         a4:07:31:49:5b:6f:8c:6d:7d:b1:60:31:cd:47:e1:45:0c:d3:
         e6:e5:a4:c8:04:e6:e0:87:15:d6:b7:02:e7:96:7c:35:4c:bd:
         14:be:a5:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLSNxA3YmZj6L5qVySSd00aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyOGJiYWQ2ZjQ5MTY4NDJiYmUzMjAyODRmYWZlMTBjYWY1
OWVkZjAwHhcNMjQxMDI4MDgyMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjdhMmU5NDhmNjQ2MDI3ZGEwOTk5Y2RiYTdjYzU5NzRlZWRkOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEAabpB/O0Ubw9ll541L90W8N1gn
DJj7OLPtt1yRgN96ss9J3dE4Wtsbwjmjjds+WVdtchWV35wDRXELvz6nEJ/8TsOU
LD8dOBNDuIzbUZO0B7gdMXXib099Wn5jqaFWX9Qvv8yqjT/FY81+Woadi/qIvAdH
BHLJolz/kAK26diJbhPspTF3/HF7XDa7wdM4X+FbdA0R3EaPpLcPY9uFWfyWp3GJ
CA7DMTpHxgYWRp1U/AjfiMJhmoXdfY0h0kkg1bBMG4z2sjIncwijQIYFmelyh2F4
cn9JH31DML82ecMyTWWxsUR7N9KD8XlVIj39Lu5ek4s32f6ewz7f1jYqYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJ6LpSPZGAn2gmZzbp8xZdO7dimMB8GA1UdIwQY
MBaAFIKLutb0kWhCu+MgKE+v4QyvWe3wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ291NjF2U1JhRUs3NHlBb1Q2X2hESzlaN2ZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC84M2Y5NzctODJiOC00Njk1LTljMDgt
MTg5NjU1NWEyZjBlLzEvSW5vdWxJOWtZQ2ZhQ1puTnVuekZsMDd0MktZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC84M2Y5NzctODJiOC00Njk1LTljMDgtMTg5NjU1NWEyZjBl
LzEvZ291NjF2U1JhRUs3NHlBb1Q2X2hESzlaN2ZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeR5MA0G
CSqGSIb3DQEBCwUAA4IBAQBqcPPP7k0uAhwhlsI4W7IdmNZDSGWdD6MXxAXjGVAt
ZD2TyTRRozwxISWDd5VmtQL2uUd+NLSNFAI9WuK64mK+Z4B85KOoJuR/CeKBchdd
0g2M1uJudGovNSbFI8WC1T3/ritoRBy6/eph1hXWFG3/46sKz9sWJwB0HJwV/Z5F
jYoFzY6WU55/837Td0DzjKpWHgnZwJDYWq4DZbVbwe5JucSuskbE2nAgBnapPubE
pIiOMcTXzrpj11jov+HYEXhGnrM5+mqptFqyuSu4L6gcRA1AchAvxI6kBzFJW2+M
bX2xYDHNR+FFDNPm5aTIBObghxXWtwLnlnw1TL0UvqVM
-----END CERTIFICATE-----