Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/xHPbbeon1SNsE_0gmuT8lFya0kY.roa
File:                     xHPbbeon1SNsE_0gmuT8lFya0kY.roa (raw, json)
Hash identifier:          m7FtBUaCPAlNvC/LFbXZEFv5bG9Pb/Vc9bKRiuxNTq8=
Subject key identifier:   C4:73:DB:6D:EA:27:D5:23:6C:13:FD:20:9A:E4:FC:94:5C:9A:D2:46
Certificate issuer:       /CN=44e888a76e99851b01fb86cec537d4d8e610de16
Certificate serial:       019427B58FCC6CD9BF3BA6F38DF6F833ED1D
Authority key identifier: 44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/xHPbbeon1SNsE_0gmuT8lFya0kY.roa
Signing time:             Thu 02 Jan 2025 15:49:57 +0000
ROA not before:           Thu 02 Jan 2025 15:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39737
IP address blocks:        37.153.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:8f:cc:6c:d9:bf:3b:a6:f3:8d:f6:f8:33:ed:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44e888a76e99851b01fb86cec537d4d8e610de16
        Validity
            Not Before: Jan  2 15:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c473db6dea27d5236c13fd209ae4fc945c9ad246
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f6:55:20:17:95:8f:cc:33:db:8d:3d:24:04:
                    38:c7:fc:1c:25:ea:9f:92:0e:e2:48:22:cf:3d:7a:
                    6c:13:09:f5:99:39:82:2a:2c:27:46:28:b6:19:6f:
                    77:35:4b:4b:e9:ae:da:32:54:bf:b0:19:93:bb:d2:
                    37:3b:40:f1:1e:66:a8:0b:35:7b:9e:6c:07:1b:fa:
                    ef:7e:52:df:67:cc:a6:e2:74:fc:cf:62:88:f7:74:
                    8c:b6:58:84:49:b5:20:02:31:32:a1:9e:1a:1f:37:
                    ee:b4:7d:53:c8:68:f8:a4:0d:8e:aa:7b:fb:8e:3b:
                    32:4c:79:b4:48:ab:1f:4c:fd:25:92:52:bd:b4:ec:
                    3c:33:d6:75:46:21:3a:24:22:94:93:51:24:c0:8e:
                    b2:2a:6a:33:40:74:dc:a0:45:e0:08:0a:4e:ac:c9:
                    0b:73:1d:41:87:95:73:dc:3e:a0:36:b6:eb:fe:18:
                    f0:13:66:98:89:26:73:a5:db:f8:74:fe:ce:40:4f:
                    28:b7:6b:53:5d:0b:e6:af:54:12:20:95:bf:b4:79:
                    a1:9f:15:7c:95:49:28:32:8f:db:fc:b9:cb:3e:8a:
                    94:01:f9:f1:26:da:69:f1:fa:1a:e4:ca:89:9c:17:
                    33:2d:ef:8f:b4:b7:33:49:25:29:e1:34:80:fb:f0:
                    ec:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:73:DB:6D:EA:27:D5:23:6C:13:FD:20:9A:E4:FC:94:5C:9A:D2:46
            X509v3 Authority Key Identifier:
                keyid:44:E8:88:A7:6E:99:85:1B:01:FB:86:CE:C5:37:D4:D8:E6:10:DE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/xHPbbeon1SNsE_0gmuT8lFya0kY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/82e2ba-442c-42b0-9315-bc0dba932b35/1/ROiIp26ZhRsB-4bOxTfU2OYQ3hY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d9:f8:82:a5:bc:66:8f:5b:57:41:52:93:6b:d6:99:66:8e:
         40:21:24:43:7c:83:66:fa:75:4b:bd:f5:b3:e0:61:00:8b:16:
         44:3d:ea:2f:00:cf:a9:d5:25:93:43:30:a7:7f:8c:c3:20:4d:
         29:25:07:a6:19:4c:1a:34:d1:6c:ec:52:ca:93:40:23:98:6e:
         d9:62:de:0f:9a:30:0a:4d:c7:46:47:18:54:b2:54:7a:f5:cc:
         03:6d:c9:3a:b2:b3:86:9d:bc:38:c4:37:5b:16:87:bc:db:b2:
         b8:7c:69:3e:fd:6c:22:e7:ee:2f:ce:68:c3:47:fb:79:fa:0c:
         b8:dc:44:42:00:7c:bb:cf:e5:65:67:f0:c9:63:da:a6:1f:d4:
         17:48:8e:18:9e:c4:76:02:67:92:75:b1:4d:05:78:a8:d6:8b:
         46:14:b9:f0:9f:e8:f4:d9:11:45:a9:ea:3c:0d:25:39:8b:77:
         d0:43:2a:d9:34:0a:81:6b:54:dd:aa:05:43:5b:af:b4:a5:fb:
         14:bf:97:ad:93:d1:b1:c3:27:c0:4d:ff:b6:c3:07:a6:29:0b:
         31:3d:da:d4:3a:3e:30:04:f2:90:75:74:51:e1:1c:c6:0c:9d:
         cf:1a:f7:49:71:ca:fd:e0:8c:95:26:7e:1b:e3:71:8c:64:fe:
         50:e9:80:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntY/MbNm/O6bzjfb4M+0dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZTg4OGE3NmU5OTg1MWIwMWZiODZjZWM1MzdkNGQ4ZTYx
MGRlMTYwHhcNMjUwMTAyMTU0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDczZGI2ZGVhMjdkNTIzNmMxM2ZkMjA5YWU0ZmM5NDVjOWFkMjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/ZVIBeVj8wz2409JAQ4x/wcJeqf
kg7iSCLPPXpsEwn1mTmCKiwnRii2GW93NUtL6a7aMlS/sBmTu9I3O0DxHmaoCzV7
nmwHG/rvflLfZ8ym4nT8z2KI93SMtliESbUgAjEyoZ4aHzfutH1TyGj4pA2Oqnv7
jjsyTHm0SKsfTP0lklK9tOw8M9Z1RiE6JCKUk1EkwI6yKmozQHTcoEXgCApOrMkL
cx1Bh5Vz3D6gNrbr/hjwE2aYiSZzpdv4dP7OQE8ot2tTXQvmr1QSIJW/tHmhnxV8
lUkoMo/b/LnLPoqUAfnxJtpp8foa5MqJnBczLe+PtLczSSUp4TSA+/DstQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRz223qJ9UjbBP9IJrk/JRcmtJGMB8GA1UdIwQY
MBaAFEToiKdumYUbAfuGzsU31NjmEN4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUt
YmMwZGJhOTMyYjM1LzEveEhQYmJlb24xU05zRV8wZ211VDhsRnlhMGtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84MmUyYmEtNDQyYy00MmIwLTkzMTUtYmMwZGJhOTMyYjM1
LzEvUk9pSXAyNlpoUnNCLTRiT3hUZlUyT1lRM2hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmIMA0G
CSqGSIb3DQEBCwUAA4IBAQAF2fiCpbxmj1tXQVKTa9aZZo5AISRDfINm+nVLvfWz
4GEAixZEPeovAM+p1SWTQzCnf4zDIE0pJQemGUwaNNFs7FLKk0AjmG7ZYt4PmjAK
TcdGRxhUslR69cwDbck6srOGnbw4xDdbFoe827K4fGk+/Wwi5+4vzmjDR/t5+gy4
3ERCAHy7z+VlZ/DJY9qmH9QXSI4YnsR2AmeSdbFNBXio1otGFLnwn+j02RFFqeo8
DSU5i3fQQyrZNAqBa1TdqgVDW6+0pfsUv5etk9GxwyfATf+2wwemKQsxPdrUOj4w
BPKQdXRR4RzGDJ3PGvdJccr94IyVJn4b43GMZP5Q6YAh
-----END CERTIFICATE-----