Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/KpiK1u-7oNlPqaGEOpva5tIqu80.roa
File:                     KpiK1u-7oNlPqaGEOpva5tIqu80.roa (raw, json)
Hash identifier:          vrDlG9Whj1tbq7/w82axxPtYLIGv7h9QKF7yo9wku/0=
Subject key identifier:   2A:98:8A:D6:EF:BB:A0:D9:4F:A9:A1:84:3A:9B:DA:E6:D2:2A:BB:CD
Certificate issuer:       /CN=56e8521e80f2f071a31385bcdfbc31a621c68f94
Certificate serial:       01944A44A00CC325BBF5B0611507A5B00035
Authority key identifier: 56:E8:52:1E:80:F2:F0:71:A3:13:85:BC:DF:BC:31:A6:21:C6:8F:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VuhSHoDy8HGjE4W837wxpiHGj5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/KpiK1u-7oNlPqaGEOpva5tIqu80.roa
Signing time:             Thu 09 Jan 2025 08:53:18 +0000
ROA not before:           Thu 09 Jan 2025 08:53:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        37.252.19.0/24 maxlen: 24
                          37.252.20.0/24 maxlen: 24
                          37.252.21.0/24 maxlen: 24
                          37.252.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/VuhSHoDy8HGjE4W837wxpiHGj5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/VuhSHoDy8HGjE4W837wxpiHGj5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VuhSHoDy8HGjE4W837wxpiHGj5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:44:a0:0c:c3:25:bb:f5:b0:61:15:07:a5:b0:00:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56e8521e80f2f071a31385bcdfbc31a621c68f94
        Validity
            Not Before: Jan  9 08:53:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2a988ad6efbba0d94fa9a1843a9bdae6d22abbcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:06:09:ba:9e:87:02:33:20:17:bc:2c:09:5b:
                    53:97:30:52:5e:22:fd:cd:94:0c:8d:90:bf:2a:73:
                    e9:3f:17:3b:57:3e:67:1e:4d:f3:59:55:bd:ea:3a:
                    01:68:77:d4:c0:92:23:e3:43:91:a2:cf:9b:4f:64:
                    8b:ca:d1:7c:bb:e5:40:96:4b:79:42:dc:b3:65:31:
                    53:ad:36:d8:4f:92:90:26:33:15:e1:45:bc:10:03:
                    22:d9:d2:0a:29:0b:c4:d8:12:81:51:d3:92:49:f0:
                    cc:6c:ba:60:62:2f:76:fb:56:33:ec:5a:85:5f:12:
                    40:36:93:09:94:dc:e9:25:47:a2:b1:d7:dc:3b:5d:
                    2e:7e:59:5d:ea:18:0d:bc:cb:8e:2e:3f:4f:44:44:
                    2a:08:d9:58:88:c5:54:da:6f:71:c6:30:67:c6:ee:
                    ba:de:bd:72:21:32:f4:af:41:a2:6e:eb:7f:a9:e5:
                    7f:bd:45:62:a9:5a:20:63:c6:34:9c:e1:3b:36:62:
                    2d:02:f2:73:fe:33:f8:3e:ec:84:07:47:9c:c4:b4:
                    10:1a:ef:71:81:0f:54:dd:28:07:95:8c:0c:0c:fc:
                    81:52:fa:09:52:97:41:63:34:d3:4e:c0:26:2c:4e:
                    cf:e3:3f:25:2f:2a:6c:f2:f5:a7:af:ca:76:aa:78:
                    21:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:98:8A:D6:EF:BB:A0:D9:4F:A9:A1:84:3A:9B:DA:E6:D2:2A:BB:CD
            X509v3 Authority Key Identifier:
                keyid:56:E8:52:1E:80:F2:F0:71:A3:13:85:BC:DF:BC:31:A6:21:C6:8F:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VuhSHoDy8HGjE4W837wxpiHGj5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/KpiK1u-7oNlPqaGEOpva5tIqu80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/VuhSHoDy8HGjE4W837wxpiHGj5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.19.0-37.252.21.255
                  37.252.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:a7:06:ec:f5:3c:f7:5e:2a:99:3a:76:5d:1e:eb:6f:ba:95:
         5a:db:20:91:43:86:09:47:8f:dc:3b:ae:6f:52:d4:bd:f9:fa:
         36:c1:37:6e:5a:05:d0:0f:82:bd:74:77:dd:ca:9f:94:18:8a:
         7e:40:3c:96:90:d5:83:02:5e:8e:9f:19:32:46:32:ea:81:c8:
         3f:07:b6:ce:98:de:fa:0e:4b:cc:62:d9:bb:66:80:fb:be:3f:
         66:81:5d:7a:7c:c0:37:18:57:c1:be:ad:8a:a3:95:fb:49:b7:
         40:40:56:d2:03:0b:a3:f2:36:c1:06:1d:eb:22:74:f5:5e:31:
         4b:55:d3:f1:d0:96:88:f5:18:e0:6f:f9:0a:36:fa:bf:65:e7:
         06:b6:a5:30:ab:02:5b:45:14:0d:9e:f4:11:b1:8e:8e:39:00:
         55:76:d3:fa:25:65:88:8d:21:57:96:85:3f:76:d7:0e:bb:b0:
         0f:dc:43:f9:58:59:cd:b1:e3:a6:2c:52:c5:e6:c9:c7:37:c7:
         20:43:f8:02:4e:5b:a9:fb:7e:21:77:e2:33:dc:de:dc:cc:1c:
         ca:82:c2:f7:71:78:62:f1:15:82:9e:ba:d6:ef:b1:25:34:e2:
         7c:dd:b0:12:95:bd:06:ac:a7:44:cf:6c:29:08:a2:b3:2f:03:
         5e:62:cc:94
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZRKRKAMwyW79bBhFQelsAA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZTg1MjFlODBmMmYwNzFhMzEzODViY2RmYmMzMWE2MjFj
NjhmOTQwHhcNMjUwMTA5MDg1MzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTk4OGFkNmVmYmJhMGQ5NGZhOWExODQzYTliZGFlNmQyMmFiYmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+gYJup6HAjMgF7wsCVtTlzBSXiL9
zZQMjZC/KnPpPxc7Vz5nHk3zWVW96joBaHfUwJIj40ORos+bT2SLytF8u+VAlkt5
QtyzZTFTrTbYT5KQJjMV4UW8EAMi2dIKKQvE2BKBUdOSSfDMbLpgYi92+1Yz7FqF
XxJANpMJlNzpJUeisdfcO10uflld6hgNvMuOLj9PREQqCNlYiMVU2m9xxjBnxu66
3r1yITL0r0Gibut/qeV/vUViqVogY8Y0nOE7NmItAvJz/jP4PuyEB0ecxLQQGu9x
gQ9U3SgHlYwMDPyBUvoJUpdBYzTTTsAmLE7P4z8lLyps8vWnr8p2qnghBwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCqYitbvu6DZT6mhhDqb2ubSKrvNMB8GA1UdIwQY
MBaAFFboUh6A8vBxoxOFvN+8MaYhxo+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnVoU0hvRHk4SEdqRTRXODM3d3hwaUhHajVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWYzOTktMGE4OS00OGNhLTk0NzMt
MGRhMGYyYWQ0Njg4LzEvS3BpSzF1LTdvTmxQcWFHRU9wdmE1dElxdTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWYzOTktMGE4OS00OGNhLTk0NzMtMGRhMGYyYWQ0Njg4
LzEvVnVoU0hvRHk4SEdqRTRXODM3d3hwaUhHajVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAl/BMD
BAEl/BQDBAAl/BcwDQYJKoZIhvcNAQELBQADggEBAHCnBuz1PPdeKpk6dl0e62+6
lVrbIJFDhglHj9w7rm9S1L35+jbBN25aBdAPgr10d93Kn5QYin5APJaQ1YMCXo6f
GTJGMuqByD8Hts6Y3voOS8xi2btmgPu+P2aBXXp8wDcYV8G+rYqjlftJt0BAVtID
C6PyNsEGHesidPVeMUtV0/HQloj1GOBv+Qo2+r9l5wa2pTCrAltFFA2e9BGxjo45
AFV20/olZYiNIVeWhT921w67sA/cQ/lYWc2x46YsUsXmycc3xyBD+AJOW6n7fiF3
4jPc3tzMHMqCwvdxeGLxFYKeutbvsSU04nzdsBKVvQasp0TPbCkIorMvA15izJQ=
-----END CERTIFICATE-----