Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/L-T4EXbVXc8BdrplQeoMZd55pQg.roa
File:                     L-T4EXbVXc8BdrplQeoMZd55pQg.roa (raw, json)
Hash identifier:          jzMHdVTREkGF8F7/G3nfiT0Wc+lp6V0OnNI7KQYGVp8=
Subject key identifier:   2F:E4:F8:11:76:D5:5D:CF:01:76:BA:65:41:EA:0C:65:DE:79:A5:08
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       0194F94DF2AF36FD3B6F544B07DF1174C9AF
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/L-T4EXbVXc8BdrplQeoMZd55pQg.roa
Signing time:             Wed 12 Feb 2025 08:37:02 +0000
ROA not before:           Wed 12 Feb 2025 08:37:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213548
IP address blocks:        37.44.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f9:4d:f2:af:36:fd:3b:6f:54:4b:07:df:11:74:c9:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Feb 12 08:37:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fe4f81176d55dcf0176ba6541ea0c65de79a508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f7:86:99:d4:86:a3:fb:26:c9:90:20:1b:61:
                    cd:44:6c:f4:09:1d:5f:cb:fc:ce:d5:f1:42:79:70:
                    2c:69:eb:f6:05:e7:1c:0e:06:38:5a:1a:ca:c0:b4:
                    0b:e6:34:aa:f3:85:ab:25:76:25:92:74:6c:3c:da:
                    a6:ab:71:28:dc:53:43:67:87:e1:3c:24:ef:50:2f:
                    d2:01:67:a5:64:b6:37:93:70:94:70:5e:17:08:e0:
                    06:bc:c0:83:3b:9f:02:28:f9:ef:96:15:90:ce:06:
                    0f:1c:ac:be:8c:6d:40:83:b8:ef:b1:5b:b7:7e:5c:
                    6f:3d:10:a7:dc:f4:7b:ed:df:4b:f9:60:5d:07:3c:
                    34:3c:88:3b:8d:8b:72:a6:2e:3a:88:95:94:cf:4a:
                    7d:81:b4:03:21:64:aa:d3:52:f2:2e:30:9f:7b:28:
                    c6:37:8a:4a:8c:92:22:2d:51:87:23:82:34:37:98:
                    22:3b:35:cc:32:ff:52:be:2f:5e:ef:97:b4:43:5e:
                    f6:9b:53:75:98:9f:21:30:b9:ba:38:95:f6:3f:6d:
                    62:68:80:2b:8e:9a:df:fd:bc:c3:5c:3c:f6:62:50:
                    4b:d6:59:49:79:92:3c:7f:d1:b6:39:71:19:40:9f:
                    d4:f8:a8:a6:ce:e9:45:00:63:fc:a7:98:f4:30:f7:
                    bd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E4:F8:11:76:D5:5D:CF:01:76:BA:65:41:EA:0C:65:DE:79:A5:08
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/L-T4EXbVXc8BdrplQeoMZd55pQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:da:7b:08:79:c3:68:b5:9f:c8:26:2c:5c:d4:d7:2c:1d:af:
         72:0f:89:0c:65:69:f7:29:a4:c8:20:33:17:92:93:ce:71:f1:
         0c:20:b4:58:3a:d2:ae:9a:f5:4f:8a:50:85:ae:8d:a9:01:3c:
         c5:97:38:b3:7d:90:68:bf:42:8d:dd:0d:af:2f:54:2e:0e:96:
         a3:e5:db:2d:95:8d:4f:0f:8f:41:5b:75:ac:cb:45:9b:1b:df:
         c9:d7:77:66:de:51:27:64:4a:f5:0d:fc:3d:0d:ed:c4:6d:a4:
         57:56:84:58:4f:5f:f1:bd:41:08:6e:cf:2e:a8:d9:3c:7e:04:
         17:bf:e7:a2:ad:b4:8f:41:da:b9:73:da:b7:28:20:25:b5:ce:
         ea:b6:42:07:67:48:98:e6:77:0d:48:19:2f:df:e0:ae:01:ea:
         45:78:a7:d2:04:86:2c:ab:02:dd:0d:28:a6:29:f4:e0:69:5c:
         86:1e:07:0c:14:b3:20:8d:06:1b:1c:fc:6a:47:38:12:30:d7:
         35:d1:c9:76:27:66:12:a4:6c:4b:56:76:5c:93:c1:d3:e0:0f:
         27:c9:77:22:d3:82:84:c5:77:de:1c:fb:1a:b5:18:9b:93:cf:
         5f:1a:d1:ad:5d:9e:61:e0:de:3d:f9:1e:c4:d2:40:d4:29:b0:
         17:56:bf:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZT5TfKvNv07b1RLB98RdMmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUwMjEyMDgzNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmU0ZjgxMTc2ZDU1ZGNmMDE3NmJhNjU0MWVhMGM2NWRlNzlhNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/eGmdSGo/smyZAgG2HNRGz0CR1f
y/zO1fFCeXAsaev2BeccDgY4WhrKwLQL5jSq84WrJXYlknRsPNqmq3Eo3FNDZ4fh
PCTvUC/SAWelZLY3k3CUcF4XCOAGvMCDO58CKPnvlhWQzgYPHKy+jG1Ag7jvsVu3
flxvPRCn3PR77d9L+WBdBzw0PIg7jYtypi46iJWUz0p9gbQDIWSq01LyLjCfeyjG
N4pKjJIiLVGHI4I0N5giOzXMMv9Svi9e75e0Q172m1N1mJ8hMLm6OJX2P21iaIAr
jprf/bzDXDz2YlBL1llJeZI8f9G2OXEZQJ/U+KimzulFAGP8p5j0MPe9lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/k+BF21V3PAXa6ZUHqDGXeeaUIMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvTC1UNEVYYlZYYzhCZHJwbFFlb01aZDU1cFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSzlMA0G
CSqGSIb3DQEBCwUAA4IBAQAE2nsIecNotZ/IJixc1NcsHa9yD4kMZWn3KaTIIDMX
kpPOcfEMILRYOtKumvVPilCFro2pATzFlzizfZBov0KN3Q2vL1QuDpaj5dstlY1P
D49BW3Wsy0WbG9/J13dm3lEnZEr1Dfw9De3EbaRXVoRYT1/xvUEIbs8uqNk8fgQX
v+eirbSPQdq5c9q3KCAltc7qtkIHZ0iY5ncNSBkv3+CuAepFeKfSBIYsqwLdDSim
KfTgaVyGHgcMFLMgjQYbHPxqRzgSMNc10cl2J2YSpGxLVnZck8HT4A8nyXci04KE
xXfeHPsatRibk89fGtGtXZ5h4N49+R7E0kDUKbAXVr9E
-----END CERTIFICATE-----