Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/a3383a-04eb-43f8-a953-3bf04a2a93d8/1/hNybeu7KKTOOo-ofR4wAusRzRT4.roa
File:                     hNybeu7KKTOOo-ofR4wAusRzRT4.roa (raw, json)
Hash identifier:          boTnZQSW4KkTYdPqtXlvA5YoYyWEtE8IKlaLPUQ5af8=
Subject key identifier:   84:DC:9B:7A:EE:CA:29:33:8E:A3:EA:1F:47:8C:00:BA:C4:73:45:3E
Certificate issuer:       /CN=0526b03c717184c3680817e55e2455f85d73a413
Certificate serial:       019122CECF9BBA6B415C7EC2A3BBB0564F19
Authority key identifier: 05:26:B0:3C:71:71:84:C3:68:08:17:E5:5E:24:55:F8:5D:73:A4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BSawPHFxhMNoCBflXiRV-F1zpBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/a3383a-04eb-43f8-a953-3bf04a2a93d8/1/hNybeu7KKTOOo-ofR4wAusRzRT4.roa
Signing time:             Mon 05 Aug 2024 13:51:04 +0000
ROA not before:           Mon 05 Aug 2024 13:51:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215300
IP address blocks:        37.123.211.0/24 maxlen: 24
                          37.123.212.0/24 maxlen: 24
                          2a00:1678:5a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/a3383a-04eb-43f8-a953-3bf04a2a93d8/1/BSawPHFxhMNoCBflXiRV-F1zpBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/a3383a-04eb-43f8-a953-3bf04a2a93d8/1/BSawPHFxhMNoCBflXiRV-F1zpBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BSawPHFxhMNoCBflXiRV-F1zpBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:22:ce:cf:9b:ba:6b:41:5c:7e:c2:a3:bb:b0:56:4f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0526b03c717184c3680817e55e2455f85d73a413
        Validity
            Not Before: Aug  5 13:51:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84dc9b7aeeca29338ea3ea1f478c00bac473453e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:dc:f4:2b:e5:39:bd:0e:6c:f6:34:52:18:e0:
                    6d:35:74:6e:27:8e:c4:f1:42:b0:0f:6e:52:18:4c:
                    83:2e:a1:f1:a1:df:f4:38:50:06:eb:cd:f8:18:c5:
                    a9:f1:b5:db:9b:a3:96:26:1a:b8:f7:ae:97:b1:5d:
                    3a:0e:a8:51:4f:82:f7:31:cb:70:c6:f8:27:c2:8a:
                    bf:c1:8f:74:83:db:03:7e:76:5b:c3:d5:79:d3:96:
                    56:1e:9a:bd:c8:ef:b3:20:57:b9:e0:43:6b:e0:b7:
                    67:48:47:e6:f4:0f:9d:3c:a6:dd:d2:38:6d:d9:61:
                    67:dc:5f:fb:b1:0f:5c:2c:2c:82:99:ae:7e:4b:b8:
                    cd:b1:89:ee:72:05:35:6a:56:79:45:d5:d0:60:e8:
                    2d:86:5f:20:7a:98:f0:8b:cb:0d:81:8d:ef:08:53:
                    06:da:e4:68:10:a5:c2:85:64:b9:9b:79:06:91:7e:
                    b1:57:68:ad:0a:bc:a3:58:1d:21:e2:68:60:ff:f0:
                    dc:b9:b2:2b:db:39:bc:b2:9f:37:98:14:ac:1a:ab:
                    f1:4c:6e:88:e8:91:f1:ed:b9:3d:3c:72:8a:6a:63:
                    43:ba:4b:b4:cf:eb:95:47:e7:5d:bf:cb:97:e1:c1:
                    e7:21:f5:4d:1b:cb:2c:e4:e5:20:50:e1:53:3d:27:
                    51:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:DC:9B:7A:EE:CA:29:33:8E:A3:EA:1F:47:8C:00:BA:C4:73:45:3E
            X509v3 Authority Key Identifier:
                keyid:05:26:B0:3C:71:71:84:C3:68:08:17:E5:5E:24:55:F8:5D:73:A4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BSawPHFxhMNoCBflXiRV-F1zpBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/a3383a-04eb-43f8-a953-3bf04a2a93d8/1/hNybeu7KKTOOo-ofR4wAusRzRT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/a3383a-04eb-43f8-a953-3bf04a2a93d8/1/BSawPHFxhMNoCBflXiRV-F1zpBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.123.211.0-37.123.212.255
                IPv6:
                  2a00:1678:5a::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:39:b2:d0:72:e5:2b:91:09:1b:83:46:f5:15:73:4d:d2:8a:
         cf:cc:01:a6:80:b8:48:a8:50:ad:4d:81:01:2a:9a:18:25:eb:
         cf:36:43:71:04:c6:19:00:10:08:be:49:d3:83:fb:51:22:4e:
         22:12:5e:66:45:75:35:a7:02:aa:58:16:46:ac:99:ec:d4:d9:
         09:80:8e:8f:8f:68:fe:34:95:55:b9:00:9a:1a:9b:dc:ba:4d:
         58:b2:49:31:3b:fa:70:b9:b0:fa:ae:22:af:4e:78:e8:2c:6b:
         37:fc:3a:7a:fc:02:2f:c3:71:83:a4:38:21:80:96:1d:a2:01:
         22:4f:69:e0:25:f9:f0:38:bb:90:f3:36:50:41:19:5b:9f:9a:
         a1:bf:28:f4:32:2b:da:13:99:0f:1c:6b:40:82:3e:cc:76:66:
         8b:c7:d3:3a:65:e8:b8:da:d1:4a:b6:c2:f6:e0:3f:65:a9:4d:
         4b:1b:7a:3e:cb:15:bf:f9:9f:74:48:1e:88:36:a2:ee:4e:8d:
         06:a0:1e:75:a7:87:a8:25:a9:fc:23:da:36:27:49:9f:57:07:
         b3:1c:d4:2c:5e:aa:4a:52:0d:94:90:45:d2:03:cf:bd:0b:4a:
         1b:59:92:57:79:60:31:9a:8d:a2:30:90:b2:cc:e3:4d:47:e2:
         71:ca:fc:34
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZEizs+bumtBXH7Co7uwVk8ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MjZiMDNjNzE3MTg0YzM2ODA4MTdlNTVlMjQ1NWY4NWQ3
M2E0MTMwHhcNMjQwODA1MTM1MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGRjOWI3YWVlY2EyOTMzOGVhM2VhMWY0NzhjMDBiYWM0NzM0NTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNz0K+U5vQ5s9jRSGOBtNXRuJ47E
8UKwD25SGEyDLqHxod/0OFAG6834GMWp8bXbm6OWJhq4966XsV06DqhRT4L3Mctw
xvgnwoq/wY90g9sDfnZbw9V505ZWHpq9yO+zIFe54ENr4LdnSEfm9A+dPKbd0jht
2WFn3F/7sQ9cLCyCma5+S7jNsYnucgU1alZ5RdXQYOgthl8gepjwi8sNgY3vCFMG
2uRoEKXChWS5m3kGkX6xV2itCryjWB0h4mhg//DcubIr2zm8sp83mBSsGqvxTG6I
6JHx7bk9PHKKamNDuku0z+uVR+ddv8uX4cHnIfVNG8ss5OUgUOFTPSdR1wIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFITcm3ruyikzjqPqH0eMALrEc0U+MB8GA1UdIwQY
MBaAFAUmsDxxcYTDaAgX5V4kVfhdc6QTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlNhd1BIRnhoTU5vQ0JmbFhpUlYtRjF6cEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9hMzM4M2EtMDRlYi00M2Y4LWE5NTMt
M2JmMDRhMmE5M2Q4LzEvaE55YmV1N0tLVE9Pby1vZlI0d0F1c1J6UlQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9hMzM4M2EtMDRlYi00M2Y4LWE5NTMtM2JmMDRhMmE5M2Q4
LzEvQlNhd1BIRnhoTU5vQ0JmbFhpUlYtRjF6cEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAAle9MD
BAAle9QwDwQCAAIwCQMHACoAFngAWjANBgkqhkiG9w0BAQsFAAOCAQEACTmy0HLl
K5EJG4NG9RVzTdKKz8wBpoC4SKhQrU2BASqaGCXrzzZDcQTGGQAQCL5J04P7USJO
IhJeZkV1NacCqlgWRqyZ7NTZCYCOj49o/jSVVbkAmhqb3LpNWLJJMTv6cLmw+q4i
r0546CxrN/w6evwCL8Nxg6Q4IYCWHaIBIk9p4CX58Di7kPM2UEEZW5+aob8o9DIr
2hOZDxxrQII+zHZmi8fTOmXouNrRSrbC9uA/ZalNSxt6PssVv/mfdEgeiDai7k6N
BqAedaeHqCWp/CPaNidJn1cHsxzULF6qSlINlJBF0gPPvQtKG1mSV3lgMZqNojCQ
sszjTUficcr8NA==
-----END CERTIFICATE-----