Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/9ZB-22Cnw9i3n3OSR6D9EEjW0bg.roa
File:                     9ZB-22Cnw9i3n3OSR6D9EEjW0bg.roa (raw, json)
Hash identifier:          8UMpt/Nk662F4eJ3c9gCqZTTRWVgdhfHTCVziU+N5oo=
Subject key identifier:   F5:90:7E:DB:60:A7:C3:D8:B7:9F:73:92:47:A0:FD:10:48:D6:D1:B8
Certificate issuer:       /CN=c82bedbcf7b5360fee245b7a255f6640b7276968
Certificate serial:       018CC2DABCE15C12F7CDF650D027579E2DD5
Authority key identifier: C8:2B:ED:BC:F7:B5:36:0F:EE:24:5B:7A:25:5F:66:40:B7:27:69:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/9ZB-22Cnw9i3n3OSR6D9EEjW0bg.roa
Signing time:             Mon 01 Jan 2024 02:29:24 +0000
ROA not before:           Mon 01 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43756
IP address blocks:        194.37.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 04:03:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bc:e1:5c:12:f7:cd:f6:50:d0:27:57:9e:2d:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c82bedbcf7b5360fee245b7a255f6640b7276968
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5907edb60a7c3d8b79f739247a0fd1048d6d1b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:59:48:0b:9b:d9:4b:b8:b2:35:a1:cb:e0:4d:
                    6c:7b:d5:0d:5b:90:65:54:c9:7e:19:0b:6c:9c:06:
                    d1:ac:d3:40:f7:e6:c8:52:76:02:21:32:1d:54:05:
                    44:db:ec:5e:36:23:fc:aa:a3:36:87:61:d9:92:0c:
                    16:c6:41:9d:6f:5f:a2:17:87:2a:d0:9b:c2:26:4f:
                    58:57:e9:48:25:42:97:f2:53:8d:c6:fc:c1:0f:f4:
                    17:8d:09:07:2a:87:c0:bf:c1:e5:e3:3f:e9:6a:b4:
                    68:0a:7b:25:01:38:26:a1:21:82:f3:ae:97:c3:fe:
                    c2:e3:2d:7d:75:75:52:f3:05:67:b5:4f:44:4c:47:
                    c6:81:13:6c:1e:71:29:45:ee:77:d2:13:4a:09:d2:
                    6c:23:a1:07:7d:1c:2f:63:8b:06:2b:dc:67:50:5e:
                    3f:f3:dd:57:ba:9e:fe:a2:7c:9c:47:45:c4:00:26:
                    6c:29:81:7b:99:73:8a:83:70:f5:9b:a4:fd:8b:67:
                    90:04:5a:c9:e6:e3:bc:e5:4e:08:a0:15:4d:c5:8e:
                    59:32:f7:09:5d:a4:75:e2:a2:a1:79:24:fc:5a:95:
                    89:7e:41:ad:86:b5:cc:1d:bb:3e:9f:b8:b8:b9:1f:
                    7d:fa:64:0c:ab:17:6e:d6:a7:3b:86:5f:8d:6c:da:
                    dd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:90:7E:DB:60:A7:C3:D8:B7:9F:73:92:47:A0:FD:10:48:D6:D1:B8
            X509v3 Authority Key Identifier:
                keyid:C8:2B:ED:BC:F7:B5:36:0F:EE:24:5B:7A:25:5F:66:40:B7:27:69:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/9ZB-22Cnw9i3n3OSR6D9EEjW0bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/dd59d9-eadf-4713-8977-42fa3cfbb503/1/yCvtvPe1Ng_uJFt6JV9mQLcnaWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.37.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:f1:ae:7b:15:e2:8f:5c:65:fc:cf:84:04:97:bf:56:dd:2f:
         be:28:7c:b7:90:40:a5:8d:bf:3f:16:8e:28:68:e3:df:b8:2b:
         9e:01:cb:20:e1:df:9f:6e:46:ac:db:11:9e:80:89:d0:21:f8:
         10:df:d9:67:e9:87:2f:5a:97:40:25:75:77:d8:d3:6e:b5:bc:
         60:2c:34:78:a8:29:95:34:9a:65:f0:cd:dc:96:9f:e7:0e:1c:
         64:0f:03:53:eb:eb:ba:02:55:c5:5b:2c:0f:35:89:bd:ee:65:
         c0:2f:92:7c:1b:d6:8f:76:5b:50:20:23:18:a7:3d:0a:c3:cf:
         0c:76:32:d5:38:49:e7:43:5e:9d:24:6e:a9:6c:ff:bc:1c:fe:
         da:a0:fe:d8:80:c8:70:43:28:91:51:d5:94:9b:f1:21:11:ea:
         bf:52:a2:f1:27:50:82:cd:bc:25:43:5f:92:ad:2a:c7:f2:b9:
         5a:44:e6:bc:c6:d0:70:43:19:b8:78:09:8f:1e:7b:9b:85:62:
         93:a5:64:23:51:ce:57:fb:4d:1d:15:f4:e7:21:d2:65:01:b4:
         ea:b0:83:e9:3a:00:d1:0f:fc:a5:39:3a:f0:6f:3b:9a:ff:b8:
         02:3e:ea:f7:17:df:e4:fe:b0:a4:b9:29:d7:92:f0:b9:e0:91:
         72:e7:df:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2rzhXBL3zfZQ0CdXni3VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MmJlZGJjZjdiNTM2MGZlZTI0NWI3YTI1NWY2NjQwYjcy
NzY5NjgwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTkwN2VkYjYwYTdjM2Q4Yjc5ZjczOTI0N2EwZmQxMDQ4ZDZkMWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFlIC5vZS7iyNaHL4E1se9UNW5Bl
VMl+GQtsnAbRrNNA9+bIUnYCITIdVAVE2+xeNiP8qqM2h2HZkgwWxkGdb1+iF4cq
0JvCJk9YV+lIJUKX8lONxvzBD/QXjQkHKofAv8Hl4z/parRoCnslATgmoSGC866X
w/7C4y19dXVS8wVntU9ETEfGgRNsHnEpRe530hNKCdJsI6EHfRwvY4sGK9xnUF4/
891Xup7+onycR0XEACZsKYF7mXOKg3D1m6T9i2eQBFrJ5uO85U4IoBVNxY5ZMvcJ
XaR14qKheST8WpWJfkGthrXMHbs+n7i4uR99+mQMqxdu1qc7hl+NbNrd6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWQfttgp8PYt59zkkeg/RBI1tG4MB8GA1UdIwQY
MBaAFMgr7bz3tTYP7iRbeiVfZkC3J2loMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUN2dHZQZTFOZ191SkZ0NkpWOW1RTGNuYVdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9kZDU5ZDktZWFkZi00NzEzLTg5Nzct
NDJmYTNjZmJiNTAzLzEvOVpCLTIyQ253OWkzbjNPU1I2RDlFRWpXMGJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9kZDU5ZDktZWFkZi00NzEzLTg5NzctNDJmYTNjZmJiNTAz
LzEveUN2dHZQZTFOZ191SkZ0NkpWOW1RTGNuYVdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiX8MA0G
CSqGSIb3DQEBCwUAA4IBAQA98a57FeKPXGX8z4QEl79W3S++KHy3kECljb8/Fo4o
aOPfuCueAcsg4d+fbkas2xGegInQIfgQ39ln6YcvWpdAJXV32NNutbxgLDR4qCmV
NJpl8M3clp/nDhxkDwNT6+u6AlXFWywPNYm97mXAL5J8G9aPdltQICMYpz0Kw88M
djLVOEnnQ16dJG6pbP+8HP7aoP7YgMhwQyiRUdWUm/EhEeq/UqLxJ1CCzbwlQ1+S
rSrH8rlaROa8xtBwQxm4eAmPHnubhWKTpWQjUc5X+00dFfTnIdJlAbTqsIPpOgDR
D/ylOTrwbzua/7gCPur3F9/k/rCkuSnXkvC54JFy599E
-----END CERTIFICATE-----