Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/UX7XCHr3VGla_Oz_-ioT0IokIO4.roa
File:                     UX7XCHr3VGla_Oz_-ioT0IokIO4.roa (raw, json)
Hash identifier:          pYJ60WBLVEDahaJgqGmSTgSA7dqoLCBZshVISdVxdA0=
Subject key identifier:   51:7E:D7:08:7A:F7:54:69:5A:FC:EC:FF:FA:2A:13:D0:8A:24:20:EE
Certificate issuer:       /CN=37dee6acbc782b8c7696a40b28e80339619d0f1b
Certificate serial:       018CC4247A1C55B872887A973EF1500A1D39
Authority key identifier: 37:DE:E6:AC:BC:78:2B:8C:76:96:A4:0B:28:E8:03:39:61:9D:0F:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N97mrLx4K4x2lqQLKOgDOWGdDxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/UX7XCHr3VGla_Oz_-ioT0IokIO4.roa
Signing time:             Mon 01 Jan 2024 08:29:34 +0000
ROA not before:           Mon 01 Jan 2024 08:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49173
IP address blocks:        185.6.32.0/22 maxlen: 22
                          37.26.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/N97mrLx4K4x2lqQLKOgDOWGdDxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/N97mrLx4K4x2lqQLKOgDOWGdDxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N97mrLx4K4x2lqQLKOgDOWGdDxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7a:1c:55:b8:72:88:7a:97:3e:f1:50:0a:1d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37dee6acbc782b8c7696a40b28e80339619d0f1b
        Validity
            Not Before: Jan  1 08:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=517ed7087af754695afcecfffa2a13d08a2420ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:43:8f:75:75:51:0d:bd:70:69:29:0e:6b:1d:
                    c8:3c:09:99:95:30:00:16:1b:eb:44:0b:e9:15:ab:
                    d5:29:65:d1:a1:d8:e3:fd:f7:fa:87:15:4c:21:43:
                    f9:a4:76:6a:c4:aa:5a:59:16:e2:d9:05:ec:32:17:
                    6a:7d:5d:46:75:12:99:30:a4:8b:cd:56:7a:36:e4:
                    6f:7c:b6:e6:24:2a:ec:3f:8f:92:bc:df:a3:a2:57:
                    19:f5:b6:8c:b8:24:11:ab:92:53:e4:17:45:bf:94:
                    f1:a9:53:34:64:9d:14:7e:d2:50:46:6f:29:0c:0c:
                    dc:61:3b:36:f8:16:7c:ea:ab:50:73:e3:6c:96:61:
                    ed:12:d2:f9:e0:98:28:8f:64:d6:da:d5:4b:21:4d:
                    85:ad:45:06:8e:62:a6:4c:85:44:21:96:9b:6d:03:
                    a3:95:94:9c:ab:68:5d:28:5a:a7:f2:13:55:96:86:
                    ca:18:6e:3c:fd:da:f1:7d:e3:78:fa:ae:73:c5:55:
                    cf:b8:0e:d5:5c:ca:a4:32:ea:1d:29:c7:43:8e:d5:
                    65:ff:22:ee:9c:c3:cd:9c:78:42:25:dc:26:af:d0:
                    af:d2:59:89:a7:b5:01:28:38:dd:6a:2e:2b:18:7f:
                    a3:38:78:b5:5f:4e:72:75:31:13:1b:04:1c:1f:ee:
                    2a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:7E:D7:08:7A:F7:54:69:5A:FC:EC:FF:FA:2A:13:D0:8A:24:20:EE
            X509v3 Authority Key Identifier:
                keyid:37:DE:E6:AC:BC:78:2B:8C:76:96:A4:0B:28:E8:03:39:61:9D:0F:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N97mrLx4K4x2lqQLKOgDOWGdDxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/UX7XCHr3VGla_Oz_-ioT0IokIO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/020d47-2cc0-436b-b9f9-b73bfccb4e08/1/N97mrLx4K4x2lqQLKOgDOWGdDxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.26.252.0/22
                  185.6.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:e1:53:ba:a4:32:8f:4f:51:e1:87:12:99:f5:3f:1a:0f:db:
         d5:59:37:c7:f1:28:4a:f3:aa:cf:3e:8f:e4:64:1f:35:ce:c1:
         1e:52:30:13:8d:d2:fb:ee:e1:84:a1:72:5d:3f:89:36:7a:2f:
         b3:4d:90:dc:04:b1:c8:c2:2c:f6:c8:3c:75:66:90:c5:c6:0d:
         e2:29:c0:ed:8d:59:1a:b4:d8:8f:2f:9f:1f:64:2e:c1:e7:79:
         1c:6c:38:90:cf:96:4c:2e:b7:5e:85:35:2e:62:41:6a:ff:03:
         62:a2:3d:1e:6e:49:15:9b:ff:05:b8:d1:1b:bd:08:54:e9:61:
         76:80:be:ae:9b:4e:fe:b2:c9:83:96:2e:a8:ee:4d:83:62:d5:
         b4:72:0b:84:55:c6:47:bd:66:5d:4c:da:55:61:04:0a:da:76:
         16:2b:bd:8d:da:09:04:a2:d4:cb:ff:8b:e1:95:ec:07:de:e0:
         e8:95:58:cc:a8:7f:71:74:93:c1:99:a2:d8:b1:e1:da:20:6e:
         58:60:3a:5a:44:2b:85:e6:40:34:5d:94:4a:f9:e8:0d:e5:ee:
         c0:6b:26:43:d4:50:37:68:31:0b:d4:0c:5b:f8:04:e7:f4:6a:
         3d:49:a7:7d:aa:c0:1d:81:a0:46:1f:6e:56:fe:6d:8d:a1:0f:
         17:90:fc:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJHocVbhyiHqXPvFQCh05MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZGVlNmFjYmM3ODJiOGM3Njk2YTQwYjI4ZTgwMzM5NjE5
ZDBmMWIwHhcNMjQwMTAxMDgyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTdlZDcwODdhZjc1NDY5NWFmY2VjZmZmYTJhMTNkMDhhMjQyMGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0OPdXVRDb1waSkOax3IPAmZlTAA
FhvrRAvpFavVKWXRodjj/ff6hxVMIUP5pHZqxKpaWRbi2QXsMhdqfV1GdRKZMKSL
zVZ6NuRvfLbmJCrsP4+SvN+jolcZ9baMuCQRq5JT5BdFv5TxqVM0ZJ0UftJQRm8p
DAzcYTs2+BZ86qtQc+NslmHtEtL54Jgoj2TW2tVLIU2FrUUGjmKmTIVEIZabbQOj
lZScq2hdKFqn8hNVlobKGG48/drxfeN4+q5zxVXPuA7VXMqkMuodKcdDjtVl/yLu
nMPNnHhCJdwmr9Cv0lmJp7UBKDjdai4rGH+jOHi1X05ydTETGwQcH+4qewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFF+1wh691RpWvzs//oqE9CKJCDuMB8GA1UdIwQY
MBaAFDfe5qy8eCuMdpakCyjoAzlhnQ8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjk3bXJMeDRLNHgybHFRTEtPZ0RPV0dkRHhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8wMjBkNDctMmNjMC00MzZiLWI5Zjkt
YjczYmZjY2I0ZTA4LzEvVVg3WENIcjNWR2xhX096Xy1pb1QwSW9rSU80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8wMjBkNDctMmNjMC00MzZiLWI5ZjktYjczYmZjY2I0ZTA4
LzEvTjk3bXJMeDRLNHgybHFRTEtPZ0RPV0dkRHhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCJRr8AwQC
uQYgMA0GCSqGSIb3DQEBCwUAA4IBAQAh4VO6pDKPT1HhhxKZ9T8aD9vVWTfH8ShK
86rPPo/kZB81zsEeUjATjdL77uGEoXJdP4k2ei+zTZDcBLHIwiz2yDx1ZpDFxg3i
KcDtjVkatNiPL58fZC7B53kcbDiQz5ZMLrdehTUuYkFq/wNioj0ebkkVm/8FuNEb
vQhU6WF2gL6um07+ssmDli6o7k2DYtW0cguEVcZHvWZdTNpVYQQK2nYWK72N2gkE
otTL/4vhlewH3uDolVjMqH9xdJPBmaLYseHaIG5YYDpaRCuF5kA0XZRK+egN5e7A
ayZD1FA3aDEL1Axb+ATn9Go9Sad9qsAdgaBGH25W/m2NoQ8XkPwv
-----END CERTIFICATE-----