Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/Tnv9tm27_aRw7gIu_4dLSm7uZTQ.roa
File:                     Tnv9tm27_aRw7gIu_4dLSm7uZTQ.roa (raw, json)
Hash identifier:          ws+faqUn44taqtfl9OSJtYMKTJrksdnBu2trOoYcgVw=
Subject key identifier:   4E:7B:FD:B6:6D:BB:FD:A4:70:EE:02:2E:FF:87:4B:4A:6E:EE:65:34
Certificate issuer:       /CN=084059a0ca6078a9b75daa66db806ff22c0eaad9
Certificate serial:       018CC7271A9E19575E6EB4C5828366278994
Authority key identifier: 08:40:59:A0:CA:60:78:A9:B7:5D:AA:66:DB:80:6F:F2:2C:0E:AA:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/Tnv9tm27_aRw7gIu_4dLSm7uZTQ.roa
Signing time:             Mon 01 Jan 2024 22:31:17 +0000
ROA not before:           Mon 01 Jan 2024 22:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36236
IP address blocks:        185.37.38.0/24 maxlen: 24
                          185.37.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1a:9e:19:57:5e:6e:b4:c5:82:83:66:27:89:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=084059a0ca6078a9b75daa66db806ff22c0eaad9
        Validity
            Not Before: Jan  1 22:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e7bfdb66dbbfda470ee022eff874b4a6eee6534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:99:dd:89:b1:98:22:c1:7e:0a:6d:06:c1:c7:
                    ce:31:f9:9b:d8:f7:38:c8:c6:a2:9f:cc:c1:e8:12:
                    da:7e:44:91:af:fa:c9:27:aa:5e:f2:58:1a:50:26:
                    a0:59:e2:83:26:80:19:c8:25:a4:db:23:b4:0c:cc:
                    4c:02:dd:a7:86:39:f4:1c:b4:96:3d:2b:0f:5b:ea:
                    74:0b:c1:e3:fb:de:d3:9b:6f:b0:ec:77:16:b3:f5:
                    26:18:91:32:32:61:01:8f:e9:8a:23:db:f4:71:51:
                    94:6d:6d:16:c3:43:2c:75:d4:19:85:12:10:cd:9a:
                    75:3c:32:4d:29:7e:4c:40:26:1c:6d:be:30:c7:0e:
                    97:4a:0e:f5:35:74:aa:d9:fe:ab:57:5d:e8:ee:9f:
                    82:4f:e4:3d:bf:7f:54:8d:41:13:be:54:5d:dc:0f:
                    90:b0:9a:04:37:c9:09:2e:65:7f:97:91:cd:60:93:
                    a9:dd:88:59:91:e6:bb:bb:a5:b7:99:5d:36:fb:5f:
                    74:21:71:da:68:52:b2:1b:74:ca:97:5f:0b:98:8a:
                    9d:4d:ad:d6:4e:9c:f5:b5:fd:38:5c:d8:85:fb:a7:
                    34:fa:a2:ef:fd:47:ea:94:98:41:18:8f:5d:07:60:
                    0d:30:30:cf:4f:32:b4:75:e0:67:fe:ee:e2:23:f0:
                    f4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:7B:FD:B6:6D:BB:FD:A4:70:EE:02:2E:FF:87:4B:4A:6E:EE:65:34
            X509v3 Authority Key Identifier:
                keyid:08:40:59:A0:CA:60:78:A9:B7:5D:AA:66:DB:80:6F:F2:2C:0E:AA:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/Tnv9tm27_aRw7gIu_4dLSm7uZTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:e6:11:ed:9d:9c:be:e7:5e:10:ea:66:21:b7:7d:8d:9c:55:
         0a:27:d1:70:d3:f0:3d:f4:9a:1c:36:68:43:28:a4:8f:db:9c:
         f5:fc:db:95:14:e8:43:d8:e4:0c:2d:e6:85:c0:c7:04:99:70:
         50:63:28:51:fd:c9:c3:03:c8:4f:dd:44:ec:fc:b3:9e:65:b8:
         79:40:63:0d:f5:d5:4f:0f:01:e0:f1:ac:ac:b1:2f:75:b3:18:
         cb:be:f4:22:65:5e:b1:5b:cd:47:53:df:75:97:b0:8c:ff:f1:
         67:5a:3e:b8:8a:7c:ba:de:8f:cb:93:2b:51:4c:c6:15:a0:8f:
         0d:91:f5:2c:df:fe:c5:df:87:3e:f4:7c:10:16:5d:06:03:23:
         64:e6:26:c2:0f:a3:a9:39:24:bd:c9:0f:c0:27:80:2e:4d:c6:
         1a:f2:47:4f:3b:8f:d0:3d:7b:2d:81:27:c9:96:70:35:cd:d1:
         44:97:a5:4b:86:5a:1d:bf:fe:24:08:f3:be:e3:03:e2:90:37:
         5a:20:21:d9:7d:fe:38:47:e5:3e:cb:44:45:9d:7c:51:27:35:
         80:25:7c:70:d6:fa:ac:07:8e:0e:3a:00:5c:2e:09:2a:26:2a:
         c6:0c:3f:18:f3:c9:66:4d:e3:40:71:1c:93:25:d7:bd:67:06:
         96:e6:f2:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJxqeGVdebrTFgoNmJ4mUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDA1OWEwY2E2MDc4YTliNzVkYWE2NmRiODA2ZmYyMmMw
ZWFhZDkwHhcNMjQwMTAxMjIzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTdiZmRiNjZkYmJmZGE0NzBlZTAyMmVmZjg3NGI0YTZlZWU2NTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJndibGYIsF+Cm0GwcfOMfmb2Pc4
yMain8zB6BLafkSRr/rJJ6pe8lgaUCagWeKDJoAZyCWk2yO0DMxMAt2nhjn0HLSW
PSsPW+p0C8Hj+97Tm2+w7HcWs/UmGJEyMmEBj+mKI9v0cVGUbW0Ww0MsddQZhRIQ
zZp1PDJNKX5MQCYcbb4wxw6XSg71NXSq2f6rV13o7p+CT+Q9v39UjUETvlRd3A+Q
sJoEN8kJLmV/l5HNYJOp3YhZkea7u6W3mV02+190IXHaaFKyG3TKl18LmIqdTa3W
Tpz1tf04XNiF+6c0+qLv/UfqlJhBGI9dB2ANMDDPTzK0deBn/u7iI/D02QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE57/bZtu/2kcO4CLv+HS0pu7mU0MB8GA1UdIwQY
MBaAFAhAWaDKYHipt12qZtuAb/IsDqrZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VCWm9NcGdlS20zWGFwbTI0QnY4aXdPcXRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jNGM4NjEtYjMyNy00MWYyLTgyMGMt
NGMwYTFjMzNmYThhLzEvVG52OXRtMjdfYVJ3N2dJdV80ZExTbTd1WlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jNGM4NjEtYjMyNy00MWYyLTgyMGMtNGMwYTFjMzNmYThh
LzEvQ0VCWm9NcGdlS20zWGFwbTI0QnY4aXdPcXRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSUmMA0G
CSqGSIb3DQEBCwUAA4IBAQB+5hHtnZy+514Q6mYht32NnFUKJ9Fw0/A99JocNmhD
KKSP25z1/NuVFOhD2OQMLeaFwMcEmXBQYyhR/cnDA8hP3UTs/LOeZbh5QGMN9dVP
DwHg8ayssS91sxjLvvQiZV6xW81HU991l7CM//FnWj64iny63o/LkytRTMYVoI8N
kfUs3/7F34c+9HwQFl0GAyNk5ibCD6OpOSS9yQ/AJ4AuTcYa8kdPO4/QPXstgSfJ
lnA1zdFEl6VLhlodv/4kCPO+4wPikDdaICHZff44R+U+y0RFnXxRJzWAJXxw1vqs
B44OOgBcLgkqJirGDD8Y88lmTeNAcRyTJde9ZwaW5vKc
-----END CERTIFICATE-----