Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/2sYNum2z_CwIm1hDREF2h0rvV3E.roa
File:                     2sYNum2z_CwIm1hDREF2h0rvV3E.roa (raw, json)
Hash identifier:          FK1/a5QKa3sXf5Qi+nsHGkoJT4jy8ti3DAQ47nr9VkI=
Subject key identifier:   DA:C6:0D:BA:6D:B3:FC:2C:08:9B:58:43:44:41:76:87:4A:EF:57:71
Certificate issuer:       /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial:       018CC94CC7C622CE6E73740004131BF696F6
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/2sYNum2z_CwIm1hDREF2h0rvV3E.roa
Signing time:             Tue 02 Jan 2024 08:31:41 +0000
ROA not before:           Tue 02 Jan 2024 08:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12871
IP address blocks:        37.188.64.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:c7:c6:22:ce:6e:73:74:00:04:13:1b:f6:96:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
        Validity
            Not Before: Jan  2 08:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dac60dba6db3fc2c089b5843444176874aef5771
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a3:b8:35:5b:b1:e2:b2:39:55:30:42:15:4d:
                    fb:4b:55:78:94:e1:fe:24:c4:c8:8c:14:5c:d4:17:
                    80:b6:55:7f:56:93:12:93:f3:b3:9a:54:54:78:13:
                    c3:11:74:83:2d:dc:9a:59:1b:54:00:36:6b:81:60:
                    d4:78:cc:bd:85:6f:48:92:7f:17:57:68:8d:cb:57:
                    26:c2:0c:fd:72:d7:84:a0:e2:90:36:18:7a:a1:30:
                    68:cf:6d:7f:70:31:76:30:ec:6b:b3:85:db:5e:09:
                    fa:17:af:43:51:7a:2a:be:1d:aa:d7:0f:17:f8:16:
                    da:5b:5f:41:9a:bc:e1:5a:09:f2:fd:4d:41:bc:af:
                    85:d4:a5:54:6d:cd:3c:72:5a:03:c0:6b:58:55:f0:
                    83:4c:0f:51:4a:d4:d7:59:00:54:ca:96:96:2d:0b:
                    8e:63:5a:88:2c:82:13:74:38:3a:c6:d4:1f:89:46:
                    3f:a4:9e:a2:e4:44:bc:44:af:c0:a8:4d:a4:ce:e7:
                    43:5d:47:8e:03:3e:89:d1:56:76:20:4a:45:ce:0e:
                    5a:4f:75:89:cb:20:50:95:06:9e:fa:3a:89:f1:0a:
                    87:d1:c9:91:14:07:27:8f:29:bf:ee:aa:76:44:93:
                    62:b5:84:57:e5:e8:e2:19:59:cb:f6:1b:ae:51:34:
                    0e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:C6:0D:BA:6D:B3:FC:2C:08:9B:58:43:44:41:76:87:4A:EF:57:71
            X509v3 Authority Key Identifier:
                keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/2sYNum2z_CwIm1hDREF2h0rvV3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.188.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         65:37:d4:77:8f:f3:ac:fa:7f:1e:89:9b:e9:b4:4f:b0:95:20:
         02:30:2a:51:b4:86:38:dc:9b:cf:2a:5c:e2:b7:ca:ee:c3:ea:
         9e:8c:fa:42:00:1a:38:e9:a3:fa:dc:7c:1c:46:31:ec:56:76:
         48:e0:6b:22:cd:f3:15:bb:a1:ee:f7:d5:34:37:6f:48:32:4e:
         5a:40:05:3c:91:1a:3d:48:02:70:27:b4:6e:5f:38:52:c8:41:
         27:07:76:17:fa:c8:07:e7:a4:17:d8:71:5d:f7:3a:5c:73:f6:
         50:9a:27:f7:fa:62:29:ef:1d:d1:c4:38:1b:02:c9:37:c0:ea:
         73:2d:33:af:02:ed:32:f1:89:37:9c:6c:00:91:a0:22:07:21:
         d1:c1:88:42:7a:73:1f:4c:c6:f2:db:e5:c5:c9:1b:98:e3:2d:
         e8:22:d1:f1:5a:89:5f:f0:04:be:e5:c2:b5:f3:7b:23:29:e3:
         48:3d:57:a7:c1:f3:1f:da:c3:be:c5:2c:d6:54:96:12:4a:d7:
         d4:ff:c3:12:f3:f9:3f:01:08:f7:49:91:12:f6:ac:b6:1b:5e:
         ca:e7:b9:1d:dd:e3:47:a7:35:bd:5f:f3:18:93:98:c2:7c:30:
         29:49:d5:a1:e5:d2:84:56:56:a9:7f:19:34:7a:17:3d:10:bc:
         30:22:0c:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTMfGIs5uc3QABBMb9pb2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjQwMTAyMDgzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWM2MGRiYTZkYjNmYzJjMDg5YjU4NDM0NDQxNzY4NzRhZWY1NzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6O4NVux4rI5VTBCFU37S1V4lOH+
JMTIjBRc1BeAtlV/VpMSk/OzmlRUeBPDEXSDLdyaWRtUADZrgWDUeMy9hW9Ikn8X
V2iNy1cmwgz9cteEoOKQNhh6oTBoz21/cDF2MOxrs4XbXgn6F69DUXoqvh2q1w8X
+BbaW19BmrzhWgny/U1BvK+F1KVUbc08cloDwGtYVfCDTA9RStTXWQBUypaWLQuO
Y1qILIITdDg6xtQfiUY/pJ6i5ES8RK/AqE2kzudDXUeOAz6J0VZ2IEpFzg5aT3WJ
yyBQlQae+jqJ8QqH0cmRFAcnjym/7qp2RJNitYRX5ejiGVnL9huuUTQOBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrGDbpts/wsCJtYQ0RBdodK71dxMB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvMnNZTnVtMnpfQ3dJbTFoRFJFRjJoMHJ2VjNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEJbxAMA0G
CSqGSIb3DQEBCwUAA4IBAQBlN9R3j/Os+n8eiZvptE+wlSACMCpRtIY43JvPKlzi
t8ruw+qejPpCABo46aP63HwcRjHsVnZI4GsizfMVu6Hu99U0N29IMk5aQAU8kRo9
SAJwJ7RuXzhSyEEnB3YX+sgH56QX2HFd9zpcc/ZQmif3+mIp7x3RxDgbAsk3wOpz
LTOvAu0y8Yk3nGwAkaAiByHRwYhCenMfTMby2+XFyRuY4y3oItHxWolf8AS+5cK1
83sjKeNIPVenwfMf2sO+xSzWVJYSStfU/8MS8/k/AQj3SZES9qy2G17K57kd3eNH
pzW9X/MYk5jCfDApSdWh5dKEVlapfxk0ehc9ELwwIgza
-----END CERTIFICATE-----