Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/1wVxE5GX7AJptrxDz02u6-CMHgo.roa
File:                     1wVxE5GX7AJptrxDz02u6-CMHgo.roa (raw, json)
Hash identifier:          WXuG3OrrTmHmJwSfv02VhsrJAxf8cxZnlv7hfTWPhQE=
Subject key identifier:   D7:05:71:13:91:97:EC:02:69:B6:BC:43:CF:4D:AE:EB:E0:8C:1E:0A
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       018CC500B29F263F5D6E9BD915CE5980E203
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/1wVxE5GX7AJptrxDz02u6-CMHgo.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61294
IP address blocks:        37.220.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b2:9f:26:3f:5d:6e:9b:d9:15:ce:59:80:e2:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d70571139197ec0269b6bc43cf4daeebe08c1e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3c:c5:f1:12:5c:7a:d0:7a:ba:a1:49:d8:63:
                    9b:e7:21:a9:2e:4d:54:35:6d:13:8d:41:82:29:54:
                    8b:b6:d7:7d:e0:28:ea:1f:dc:42:e8:dd:11:27:30:
                    a9:5b:b8:2b:6a:8f:81:68:9f:64:b6:2d:69:c6:c1:
                    24:97:21:a8:51:22:e4:a2:5b:ea:03:54:31:1d:fe:
                    5e:eb:05:66:1e:1f:9e:40:39:5d:d3:79:6b:3e:1e:
                    7b:07:3c:c1:88:c5:3b:46:3a:47:73:ce:7a:41:dd:
                    6d:16:93:34:b1:09:7f:c9:9d:7a:b2:3d:e1:1f:bd:
                    24:8d:8f:5c:cc:8b:bd:6a:73:3e:c4:4f:51:0f:ed:
                    09:b0:e8:b3:6c:79:9c:3a:43:9d:eb:7a:16:bc:ce:
                    f2:4a:61:9e:d3:c3:35:a2:a1:d6:99:9c:d2:0e:e8:
                    96:38:8a:41:cd:5d:e4:4f:94:0f:72:73:66:d2:0f:
                    c5:dc:d1:45:c2:da:00:f7:ff:db:98:99:e0:74:20:
                    ed:ff:f6:53:e6:2b:62:0e:d0:7b:a6:d7:c1:f9:a1:
                    9c:bc:76:cd:db:c1:ae:6e:f0:c6:ac:43:4a:57:ff:
                    f5:14:3b:93:5b:f2:41:a6:a2:13:81:31:66:17:c0:
                    65:ab:c4:f2:f3:b4:e1:5a:d3:85:e5:60:5a:35:b2:
                    9c:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:05:71:13:91:97:EC:02:69:B6:BC:43:CF:4D:AE:EB:E0:8C:1E:0A
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/1wVxE5GX7AJptrxDz02u6-CMHgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.220.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:c3:ae:14:0a:d3:65:ff:8d:39:c8:20:63:31:01:7b:9f:a5:
         ed:ee:b6:16:26:6b:77:13:8a:e0:26:e8:2a:e6:60:34:9a:07:
         59:e0:64:69:eb:51:52:33:49:b7:0b:18:b5:3f:4e:85:c2:b2:
         d5:ee:71:4e:3f:00:67:25:90:39:e6:cb:be:1f:1e:35:42:09:
         1e:7c:93:1b:97:c8:d5:8e:40:a1:6c:e0:ca:6c:a1:8a:2e:2d:
         19:38:53:ee:34:44:c8:d7:18:8e:51:b1:d3:bc:8f:e5:50:24:
         25:b1:71:64:e7:37:62:35:a9:6c:12:ad:31:b5:cf:a5:0f:71:
         79:4a:f9:ba:15:de:1a:62:ad:60:2d:b6:3a:2a:e3:ca:d1:5b:
         12:2b:02:fe:0a:fa:b3:fa:70:a1:93:1e:c2:f9:6f:a3:1d:3b:
         39:36:c2:b8:15:b4:1a:38:b4:a4:54:5d:e0:7c:b8:4f:c9:3e:
         d1:75:0b:a1:9a:0c:82:d5:c3:23:c7:4b:92:89:38:22:79:f9:
         e7:ac:b4:40:57:45:c3:d9:3b:52:39:1b:65:40:ee:ad:ca:73:
         9e:91:93:9e:40:00:f4:1f:b9:92:8e:7f:06:3f:e1:f6:2e:e4:
         4e:8f:01:24:ae:6f:fc:35:29:58:95:37:8c:d1:10:7c:41:56:
         9a:80:1d:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALKfJj9dbpvZFc5ZgOIDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzA1NzExMzkxOTdlYzAyNjliNmJjNDNjZjRkYWVlYmUwOGMxZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDzF8RJcetB6uqFJ2GOb5yGpLk1U
NW0TjUGCKVSLttd94CjqH9xC6N0RJzCpW7grao+BaJ9kti1pxsEklyGoUSLkolvq
A1QxHf5e6wVmHh+eQDld03lrPh57BzzBiMU7RjpHc856Qd1tFpM0sQl/yZ16sj3h
H70kjY9czIu9anM+xE9RD+0JsOizbHmcOkOd63oWvM7ySmGe08M1oqHWmZzSDuiW
OIpBzV3kT5QPcnNm0g/F3NFFwtoA9//bmJngdCDt//ZT5itiDtB7ptfB+aGcvHbN
28GubvDGrENKV//1FDuTW/JBpqITgTFmF8Blq8Ty87ThWtOF5WBaNbKcrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcFcRORl+wCaba8Q89NruvgjB4KMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvMXdWeEU1R1g3QUpwdHJ4RHowMnU2LUNNSGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJdyOMA0G
CSqGSIb3DQEBCwUAA4IBAQAUw64UCtNl/405yCBjMQF7n6Xt7rYWJmt3E4rgJugq
5mA0mgdZ4GRp61FSM0m3Cxi1P06FwrLV7nFOPwBnJZA55su+Hx41QgkefJMbl8jV
jkChbODKbKGKLi0ZOFPuNETI1xiOUbHTvI/lUCQlsXFk5zdiNalsEq0xtc+lD3F5
Svm6Fd4aYq1gLbY6KuPK0VsSKwL+Cvqz+nChkx7C+W+jHTs5NsK4FbQaOLSkVF3g
fLhPyT7RdQuhmgyC1cMjx0uSiTgiefnnrLRAV0XD2TtSORtlQO6tynOekZOeQAD0
H7mSjn8GP+H2LuROjwEkrm/8NSlYlTeM0RB8QVaagB2d
-----END CERTIFICATE-----