Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/bM2-VyfDytezhMkkPP84yhmUfIM.roa
File:                     bM2-VyfDytezhMkkPP84yhmUfIM.roa (raw, json)
Hash identifier:          Ty1j3ftxovvQMBCZIlIgsTUyQKG7uk7ctvpnTJte21c=
Subject key identifier:   6C:CD:BE:57:27:C3:CA:D7:B3:84:C9:24:3C:FF:38:CA:19:94:7C:83
Certificate issuer:       /CN=29db7ca4eee1e453d26fab99c8201adf894612be
Certificate serial:       018CC5DCA102D6A143A736180F2175AB021C
Authority key identifier: 29:DB:7C:A4:EE:E1:E4:53:D2:6F:AB:99:C8:20:1A:DF:89:46:12:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/bM2-VyfDytezhMkkPP84yhmUfIM.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        37.123.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:a1:02:d6:a1:43:a7:36:18:0f:21:75:ab:02:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29db7ca4eee1e453d26fab99c8201adf894612be
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ccdbe5727c3cad7b384c9243cff38ca19947c83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:45:2b:9f:5c:3a:7d:1b:9d:59:8c:25:41:2d:
                    8a:4a:ad:62:5c:82:a1:78:dc:93:81:29:23:fe:04:
                    e8:ff:58:e2:79:72:bd:2b:3d:be:af:76:27:4b:51:
                    71:e5:df:18:6a:04:7b:fa:1a:89:76:a0:3d:bd:01:
                    0d:c1:88:94:07:82:5e:43:36:a6:e4:15:d9:73:95:
                    93:cd:02:b4:96:f8:2d:cd:93:8b:45:4f:1c:7c:50:
                    de:0f:68:1a:a5:a9:d3:2d:19:de:33:63:a0:9e:55:
                    3a:c4:e0:5b:ff:88:40:4c:bf:f6:5e:7e:71:5b:8c:
                    ad:43:72:ea:e8:95:4e:32:57:01:35:80:d8:d5:92:
                    ed:85:df:48:fd:7d:7a:22:a5:a7:23:3f:7b:1f:b5:
                    93:b2:83:07:01:ba:ee:f5:93:82:20:d7:8e:26:77:
                    73:62:c9:dc:46:5d:64:08:bc:49:54:1e:ec:3b:bc:
                    0b:3e:52:a5:85:35:4a:5a:5f:7d:3a:4a:59:01:33:
                    0e:81:aa:6b:80:19:be:11:74:a9:65:bb:ef:00:14:
                    48:49:d2:21:91:d3:ee:ca:be:2a:7e:1c:0e:e9:60:
                    fe:09:3a:d9:e8:0e:6a:77:ac:23:25:29:5d:87:65:
                    77:b1:0e:a5:d0:51:b4:c2:86:6f:c6:c5:c4:13:87:
                    94:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:CD:BE:57:27:C3:CA:D7:B3:84:C9:24:3C:FF:38:CA:19:94:7C:83
            X509v3 Authority Key Identifier:
                keyid:29:DB:7C:A4:EE:E1:E4:53:D2:6F:AB:99:C8:20:1A:DF:89:46:12:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kdt8pO7h5FPSb6uZyCAa34lGEr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/bM2-VyfDytezhMkkPP84yhmUfIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/7f290b-81c7-42b7-947f-d33fa1605ae1/1/Kdt8pO7h5FPSb6uZyCAa34lGEr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.123.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:90:7b:5f:67:ed:df:4b:18:c2:8e:bf:bc:58:e3:e9:24:5b:
         32:92:4f:66:41:47:05:9d:99:f2:6c:f1:85:79:ec:38:9b:e9:
         73:e3:bc:e7:ac:fa:61:af:8d:7a:aa:3b:e8:d7:9e:62:47:18:
         a8:a6:a1:0f:58:c1:ea:ec:15:80:31:00:01:18:f3:74:c8:03:
         60:f9:57:e6:b6:5b:7f:ba:4b:cc:e4:c8:fa:00:cc:82:70:59:
         02:d5:f7:bc:0c:06:c6:1b:b0:63:76:c7:58:28:e0:f0:8e:43:
         d9:62:e7:39:c5:e2:e3:17:b2:15:d1:e3:15:e2:52:bf:39:d0:
         95:7d:68:f7:2c:5b:ac:c1:9a:98:b7:4e:10:b5:7f:04:19:53:
         98:38:18:61:3f:46:76:8f:d6:be:4b:ff:f8:69:1f:59:ce:69:
         3b:5f:ba:2c:11:46:1f:5e:13:d7:90:fe:19:0a:3f:f4:09:3a:
         00:da:d3:78:79:d3:e4:0c:59:e6:86:bc:42:6d:eb:78:a4:67:
         d9:72:e1:3e:ef:89:71:0e:7b:4a:dc:02:03:8a:9e:81:d3:15:
         14:e0:83:00:aa:d9:e7:fe:0a:3a:e8:41:97:3d:45:99:d7:5a:
         e1:e4:d1:76:c3:16:15:80:26:66:e9:36:57:15:f5:b1:2f:1d:
         58:7b:69:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3KEC1qFDpzYYDyF1qwIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZGI3Y2E0ZWVlMWU0NTNkMjZmYWI5OWM4MjAxYWRmODk0
NjEyYmUwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2NkYmU1NzI3YzNjYWQ3YjM4NGM5MjQzY2ZmMzhjYTE5OTQ3YzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskUrn1w6fRudWYwlQS2KSq1iXIKh
eNyTgSkj/gTo/1jieXK9Kz2+r3YnS1Fx5d8YagR7+hqJdqA9vQENwYiUB4JeQzam
5BXZc5WTzQK0lvgtzZOLRU8cfFDeD2gapanTLRneM2OgnlU6xOBb/4hATL/2Xn5x
W4ytQ3Lq6JVOMlcBNYDY1ZLthd9I/X16IqWnIz97H7WTsoMHAbru9ZOCINeOJndz
YsncRl1kCLxJVB7sO7wLPlKlhTVKWl99OkpZATMOgaprgBm+EXSpZbvvABRISdIh
kdPuyr4qfhwO6WD+CTrZ6A5qd6wjJSldh2V3sQ6l0FG0woZvxsXEE4eUrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzNvlcnw8rXs4TJJDz/OMoZlHyDMB8GA1UdIwQY
MBaAFCnbfKTu4eRT0m+rmcggGt+JRhK+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2R0OHBPN2g1RlBTYjZ1WnlDQWEzNGxHRXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy83ZjI5MGItODFjNy00MmI3LTk0N2Yt
ZDMzZmExNjA1YWUxLzEvYk0yLVZ5ZkR5dGV6aE1ra1BQODR5aG1VZklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy83ZjI5MGItODFjNy00MmI3LTk0N2YtZDMzZmExNjA1YWUx
LzEvS2R0OHBPN2g1RlBTYjZ1WnlDQWEzNGxHRXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXv+MA0G
CSqGSIb3DQEBCwUAA4IBAQBjkHtfZ+3fSxjCjr+8WOPpJFsykk9mQUcFnZnybPGF
eew4m+lz47znrPphr416qjvo155iRxiopqEPWMHq7BWAMQABGPN0yANg+Vfmtlt/
ukvM5Mj6AMyCcFkC1fe8DAbGG7BjdsdYKODwjkPZYuc5xeLjF7IV0eMV4lK/OdCV
fWj3LFuswZqYt04QtX8EGVOYOBhhP0Z2j9a+S//4aR9Zzmk7X7osEUYfXhPXkP4Z
Cj/0CToA2tN4edPkDFnmhrxCbet4pGfZcuE+74lxDntK3AIDip6B0xUU4IMAqtnn
/go66EGXPUWZ11rh5NF2wxYVgCZm6TZXFfWxLx1Ye2mb
-----END CERTIFICATE-----