Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/e4bd6a-adaf-48c8-b999-53570a1abd04/1/LGYf5QqJ9NkzHzDgUQKoJ2kh7qg.roa
File:                     LGYf5QqJ9NkzHzDgUQKoJ2kh7qg.roa (raw, json)
Hash identifier:          CwiAieFrMIUeBf5tO2B9cCKr2q6MQBmss/UXGfsDAq8=
Subject key identifier:   2C:66:1F:E5:0A:89:F4:D9:33:1F:30:E0:51:02:A8:27:69:21:EE:A8
Certificate issuer:       /CN=ef78bc969a8307336ef4044f3dfef1fe136382b3
Certificate serial:       018CC2DAEFEA9B742A9CB912351361AF14F4
Authority key identifier: EF:78:BC:96:9A:83:07:33:6E:F4:04:4F:3D:FE:F1:FE:13:63:82:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73i8lpqDBzNu9ARPPf7x_hNjgrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/e4bd6a-adaf-48c8-b999-53570a1abd04/1/LGYf5QqJ9NkzHzDgUQKoJ2kh7qg.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8749
IP address blocks:        37.32.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/e4bd6a-adaf-48c8-b999-53570a1abd04/1/73i8lpqDBzNu9ARPPf7x_hNjgrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/e4bd6a-adaf-48c8-b999-53570a1abd04/1/73i8lpqDBzNu9ARPPf7x_hNjgrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73i8lpqDBzNu9ARPPf7x_hNjgrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ef:ea:9b:74:2a:9c:b9:12:35:13:61:af:14:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef78bc969a8307336ef4044f3dfef1fe136382b3
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c661fe50a89f4d9331f30e05102a8276921eea8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:82:9d:9b:be:c4:60:88:e2:48:67:90:2f:b3:
                    a4:5f:14:a6:82:d8:f7:53:d9:95:2b:ad:96:69:1c:
                    6b:85:5e:0c:20:6b:a1:03:29:d9:12:9b:99:f1:a1:
                    44:c5:6e:97:e1:ec:fe:b6:b2:a1:ed:c2:ba:5b:ad:
                    92:4a:cc:04:e6:ad:a1:f5:8c:3d:35:64:b6:65:a5:
                    3d:36:0d:41:23:d2:77:53:b0:43:ca:62:e2:0f:af:
                    f9:48:7c:2f:55:5b:a1:0f:a5:c5:df:3d:26:21:5a:
                    8d:72:d4:47:2f:69:60:3e:bc:b7:f5:3f:00:02:32:
                    e7:35:a7:66:77:1c:c2:3f:07:d1:0a:b5:e2:3d:93:
                    ac:69:0e:3a:0e:9d:0c:29:24:67:93:cb:67:b9:57:
                    46:af:db:01:43:43:b1:42:05:7c:d0:1f:a8:f8:a3:
                    70:f8:b5:59:16:3a:42:6f:0b:40:59:8d:d7:c3:b1:
                    2e:8a:4a:41:97:5d:92:7a:70:2f:77:a5:7c:85:3b:
                    01:0d:7a:6f:9b:85:dd:34:e3:56:65:b5:6c:38:0c:
                    2b:88:48:08:d2:27:62:c6:e0:4a:34:55:e4:81:5e:
                    b5:b5:f9:40:43:df:5f:cd:47:7e:85:3e:bb:85:66:
                    2a:84:e9:cf:57:97:12:6b:dc:ff:ee:c2:ac:3d:75:
                    f0:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:66:1F:E5:0A:89:F4:D9:33:1F:30:E0:51:02:A8:27:69:21:EE:A8
            X509v3 Authority Key Identifier:
                keyid:EF:78:BC:96:9A:83:07:33:6E:F4:04:4F:3D:FE:F1:FE:13:63:82:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73i8lpqDBzNu9ARPPf7x_hNjgrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/e4bd6a-adaf-48c8-b999-53570a1abd04/1/LGYf5QqJ9NkzHzDgUQKoJ2kh7qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/e4bd6a-adaf-48c8-b999-53570a1abd04/1/73i8lpqDBzNu9ARPPf7x_hNjgrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:20:24:7c:da:e1:18:64:bd:44:a3:c1:fb:ac:64:e5:6b:99:
         ee:40:45:b0:fb:cf:73:b1:6a:c9:ef:ee:75:20:4d:72:07:f3:
         aa:46:d4:27:3c:db:0d:ce:bc:19:4d:5b:94:8c:f9:61:05:92:
         35:5f:16:f0:61:ef:13:6b:43:c8:13:2c:ff:c8:60:98:49:73:
         03:ef:ac:9e:e5:30:e6:f3:f8:44:e6:52:a9:c3:c6:88:3b:57:
         d7:50:c6:ce:30:b3:3a:aa:83:d2:12:00:73:81:3b:40:91:54:
         f1:a8:9c:ae:45:b1:b2:87:05:15:1d:59:e0:e6:60:7d:0b:2a:
         93:9e:f8:5b:32:c6:96:a7:82:91:36:df:a3:a0:ab:a4:30:29:
         16:3d:5c:9d:6f:eb:2c:2a:e8:71:fd:5d:a1:4d:ef:de:7b:43:
         e3:5b:12:44:fd:19:8d:45:74:72:8b:3e:f7:4c:96:2e:29:5e:
         37:c4:20:98:4e:fe:81:41:e4:40:30:e3:01:f2:f5:f7:19:d6:
         55:10:6b:2a:37:e9:2e:38:fd:83:77:59:bd:52:62:23:50:ad:
         d8:78:00:88:07:e1:3c:94:12:92:4e:b3:96:8d:b7:4a:67:a8:
         43:a3:b1:fa:06:c2:98:77:79:08:e4:cd:56:fe:04:29:ff:91:
         b8:99:2d:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2u/qm3QqnLkSNRNhrxT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNzhiYzk2OWE4MzA3MzM2ZWY0MDQ0ZjNkZmVmMWZlMTM2
MzgyYjMwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzY2MWZlNTBhODlmNGQ5MzMxZjMwZTA1MTAyYTgyNzY5MjFlZWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgoKdm77EYIjiSGeQL7OkXxSmgtj3
U9mVK62WaRxrhV4MIGuhAynZEpuZ8aFExW6X4ez+trKh7cK6W62SSswE5q2h9Yw9
NWS2ZaU9Ng1BI9J3U7BDymLiD6/5SHwvVVuhD6XF3z0mIVqNctRHL2lgPry39T8A
AjLnNadmdxzCPwfRCrXiPZOsaQ46Dp0MKSRnk8tnuVdGr9sBQ0OxQgV80B+o+KNw
+LVZFjpCbwtAWY3Xw7EuikpBl12SenAvd6V8hTsBDXpvm4XdNONWZbVsOAwriEgI
0idixuBKNFXkgV61tflAQ99fzUd+hT67hWYqhOnPV5cSa9z/7sKsPXXw4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxmH+UKifTZMx8w4FECqCdpIe6oMB8GA1UdIwQY
MBaAFO94vJaagwczbvQETz3+8f4TY4KzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzNpOGxwcURCek51OUFSUFBmN3hfaE5qZ3JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9lNGJkNmEtYWRhZi00OGM4LWI5OTkt
NTM1NzBhMWFiZDA0LzEvTEdZZjVRcUo5Tmt6SHpEZ1VRS29KMmtoN3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9lNGJkNmEtYWRhZi00OGM4LWI5OTktNTM1NzBhMWFiZDA0
LzEvNzNpOGxwcURCek51OUFSUFBmN3hfaE5qZ3JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSBlMA0G
CSqGSIb3DQEBCwUAA4IBAQA7ICR82uEYZL1Eo8H7rGTla5nuQEWw+89zsWrJ7+51
IE1yB/OqRtQnPNsNzrwZTVuUjPlhBZI1XxbwYe8Ta0PIEyz/yGCYSXMD76ye5TDm
8/hE5lKpw8aIO1fXUMbOMLM6qoPSEgBzgTtAkVTxqJyuRbGyhwUVHVng5mB9CyqT
nvhbMsaWp4KRNt+joKukMCkWPVydb+ssKuhx/V2hTe/ee0PjWxJE/RmNRXRyiz73
TJYuKV43xCCYTv6BQeRAMOMB8vX3GdZVEGsqN+kuOP2Dd1m9UmIjUK3YeACIB+E8
lBKSTrOWjbdKZ6hDo7H6BsKYd3kI5M1W/gQp/5G4mS1G
-----END CERTIFICATE-----