Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/yKH8Jin6M64_pJ5NYMmWdETN_Bg.roa
File:                     yKH8Jin6M64_pJ5NYMmWdETN_Bg.roa (raw, json)
Hash identifier:          NbR9rV4UQ+a/fQcAxHzSG2DIKDJrXu1+CuTtsXgjwdA=
Subject key identifier:   C8:A1:FC:26:29:FA:33:AE:3F:A4:9E:4D:60:C9:96:74:44:CD:FC:18
Certificate issuer:       /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial:       018CC9BB090F7A324C5002148F7363EA5AE4
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/yKH8Jin6M64_pJ5NYMmWdETN_Bg.roa
Signing time:             Tue 02 Jan 2024 10:32:07 +0000
ROA not before:           Tue 02 Jan 2024 10:32:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29286
IP address blocks:        37.46.18.0/24 maxlen: 24
                          37.46.18.0/23 maxlen: 23
                          37.46.19.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:09:0f:7a:32:4c:50:02:14:8f:73:63:ea:5a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
        Validity
            Not Before: Jan  2 10:32:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8a1fc2629fa33ae3fa49e4d60c9967444cdfc18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:8b:2a:f1:3a:2b:cd:ba:58:cd:1d:4e:40:dc:
                    10:5b:2e:b0:90:7c:72:28:36:70:d3:20:7e:f1:78:
                    7f:ab:5e:1a:84:62:de:16:32:45:dd:4e:75:e4:c3:
                    00:39:93:5f:ee:70:7a:ee:9c:4f:56:0c:1c:14:d1:
                    f3:61:45:e4:65:41:2d:8f:11:ad:50:60:7a:3e:9d:
                    d5:97:22:70:44:33:b0:9c:12:0c:95:8c:39:5c:43:
                    6b:7b:03:fb:2b:f7:c7:ee:41:57:a0:41:e2:7f:5d:
                    83:34:c6:3a:bc:ef:b3:96:7b:3a:14:a3:d1:0d:1b:
                    46:b5:0f:aa:f7:46:88:80:9b:2e:fb:bc:71:34:97:
                    5f:9f:2a:33:94:f1:c3:02:a3:59:65:75:47:d0:a8:
                    61:06:ad:82:ed:ef:59:f6:5d:49:fb:b8:52:41:45:
                    6c:33:9d:7a:19:86:78:58:9c:4c:60:77:11:ec:0d:
                    79:70:5e:26:3c:d1:dd:07:6d:39:45:78:81:04:4a:
                    34:6d:70:eb:02:e7:c9:7a:97:bc:64:35:75:fe:c0:
                    68:e8:75:cb:92:b9:08:ff:dc:89:05:a1:ca:ec:5c:
                    b5:c3:bd:d0:c9:26:a8:27:e2:68:59:43:04:eb:29:
                    46:52:35:aa:66:99:db:b6:1b:b1:22:47:bb:0e:59:
                    37:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A1:FC:26:29:FA:33:AE:3F:A4:9E:4D:60:C9:96:74:44:CD:FC:18
            X509v3 Authority Key Identifier:
                keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/yKH8Jin6M64_pJ5NYMmWdETN_Bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a6:58:66:4c:75:4f:f7:a7:a2:08:12:4b:f7:90:6c:a3:d2:7e:
         71:e8:eb:af:bd:e5:7f:26:6e:fd:cb:5e:3b:8e:43:24:4a:ac:
         85:ee:5f:55:66:5e:ac:6e:66:e7:cb:b1:cf:4b:40:5e:0e:c3:
         18:04:11:62:7e:c9:82:ee:d4:d6:b5:bb:c1:00:ec:d9:ba:95:
         2f:d8:84:21:0d:9b:98:9c:ca:85:06:d2:bc:f3:4f:15:45:76:
         d8:c8:85:6f:f7:88:25:f1:b3:e6:d2:8d:f3:2c:f4:e6:a4:92:
         65:ce:de:08:e3:49:88:3b:c1:8a:18:59:07:a6:84:d9:ab:d8:
         e2:13:ac:32:1f:5e:26:54:e7:d6:b5:0d:f8:3a:ef:f3:3e:bd:
         9d:bb:bb:ad:8d:d5:de:e2:14:03:6e:3c:ad:2b:20:1a:86:f2:
         86:44:0d:dc:86:5d:07:99:c9:58:16:c9:f9:88:a4:a2:93:82:
         70:fe:c4:55:47:8c:63:4b:f8:93:09:dc:fd:4f:cd:86:ab:ec:
         ee:65:fc:d3:d4:28:46:71:93:81:f6:e4:78:a4:8e:09:33:14:
         5c:f9:02:2e:ff:7d:3d:37:83:a1:e8:10:2f:97:83:26:b3:6e:
         39:02:2f:8c:a2:b5:aa:16:cf:b2:6e:04:1a:df:62:f0:ed:49:
         df:f9:ec:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJuwkPejJMUAIUj3Nj6lrkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwMTAyMTAzMjA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGExZmMyNjI5ZmEzM2FlM2ZhNDllNGQ2MGM5OTY3NDQ0Y2RmYzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA94sq8TorzbpYzR1OQNwQWy6wkHxy
KDZw0yB+8Xh/q14ahGLeFjJF3U515MMAOZNf7nB67pxPVgwcFNHzYUXkZUEtjxGt
UGB6Pp3VlyJwRDOwnBIMlYw5XENrewP7K/fH7kFXoEHif12DNMY6vO+zlns6FKPR
DRtGtQ+q90aIgJsu+7xxNJdfnyozlPHDAqNZZXVH0KhhBq2C7e9Z9l1J+7hSQUVs
M516GYZ4WJxMYHcR7A15cF4mPNHdB205RXiBBEo0bXDrAufJepe8ZDV1/sBo6HXL
krkI/9yJBaHK7Fy1w73QySaoJ+JoWUME6ylGUjWqZpnbthuxIke7Dlk33wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMih/CYp+jOuP6SeTWDJlnREzfwYMB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEveUtIOEppbjZNNjRfcEo1TllNbVdkRVROX0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEtMTgyMjg2N2UxNTk2
LzEvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJS4SMA0G
CSqGSIb3DQEBCwUAA4IBAQCmWGZMdU/3p6IIEkv3kGyj0n5x6OuvveV/Jm79y147
jkMkSqyF7l9VZl6sbmbny7HPS0BeDsMYBBFifsmC7tTWtbvBAOzZupUv2IQhDZuY
nMqFBtK8808VRXbYyIVv94gl8bPm0o3zLPTmpJJlzt4I40mIO8GKGFkHpoTZq9ji
E6wyH14mVOfWtQ34Ou/zPr2du7utjdXe4hQDbjytKyAahvKGRA3chl0HmclYFsn5
iKSik4Jw/sRVR4xjS/iTCdz9T82Gq+zuZfzT1ChGcZOB9uR4pI4JMxRc+QIu/309
N4Oh6BAvl4Mms245Ai+MorWqFs+ybgQa32Lw7Unf+ew4
-----END CERTIFICATE-----