Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/eYNFH-29Oui3Th6TuJesedKkRKg.roa
File:                     eYNFH-29Oui3Th6TuJesedKkRKg.roa (raw, json)
Hash identifier:          e81cFoFLvA3o7qveJmmHFpvxM4a4ob0TGnWlEPqXMxI=
Subject key identifier:   79:83:45:1F:ED:BD:3A:E8:B7:4E:1E:93:B8:97:AC:79:D2:A4:44:A8
Certificate issuer:       /CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
Certificate serial:       018CC79581D52B5CA423D0EEA23E27F322CB
Authority key identifier: B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/eYNFH-29Oui3Th6TuJesedKkRKg.roa
Signing time:             Tue 02 Jan 2024 00:31:53 +0000
ROA not before:           Tue 02 Jan 2024 00:31:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198538
IP address blocks:        37.139.152.0/21 maxlen: 21
                          2a00:96c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:81:d5:2b:5c:a4:23:d0:ee:a2:3e:27:f3:22:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6a1654dae96c532578ce1df1ebb8221dbb68145
        Validity
            Not Before: Jan  2 00:31:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7983451fedbd3ae8b74e1e93b897ac79d2a444a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8e:aa:3a:ba:03:ca:c1:3d:14:57:cc:9b:a1:
                    4e:ba:f2:6b:ae:c6:27:2b:c0:ed:15:25:59:5a:b8:
                    92:76:b4:0b:1f:e6:6c:f9:4d:e5:ea:f6:10:f2:0b:
                    c0:d4:f7:89:af:01:b8:1c:20:be:cb:19:6d:db:89:
                    d9:04:c5:e6:1d:13:87:09:7c:c1:79:35:58:5d:41:
                    ef:71:7e:61:14:3d:2e:78:6e:be:ef:63:6c:4a:34:
                    13:41:44:81:b5:7b:38:cc:6c:8b:3b:09:8e:93:32:
                    8a:a8:c6:e2:88:fb:bd:82:62:2d:6e:a6:c9:15:ae:
                    fa:eb:85:b1:12:f8:a1:c7:8d:a1:7e:51:9d:71:ac:
                    72:66:c9:72:88:58:e1:ef:e6:1d:30:8e:8e:91:c5:
                    2b:c7:b7:35:8b:b4:c1:a7:89:91:66:d7:d5:fc:c0:
                    9b:fa:ad:30:2d:9d:62:09:25:3a:c0:b1:76:0b:15:
                    64:0a:4a:57:f8:13:6c:78:19:84:df:b4:0a:8a:6c:
                    4e:b7:35:df:09:95:b9:aa:0d:51:ac:62:00:16:2a:
                    e4:24:a6:bb:64:05:9f:a0:3c:1a:73:b2:e7:27:44:
                    a2:2c:01:28:8c:eb:92:c1:35:4c:71:88:f4:14:ff:
                    78:6e:be:7d:08:4d:c2:bf:ad:5b:05:5e:75:db:50:
                    86:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:83:45:1F:ED:BD:3A:E8:B7:4E:1E:93:B8:97:AC:79:D2:A4:44:A8
            X509v3 Authority Key Identifier:
                keyid:B6:A1:65:4D:AE:96:C5:32:57:8C:E1:DF:1E:BB:82:21:DB:B6:81:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tqFlTa6WxTJXjOHfHruCIdu2gUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/eYNFH-29Oui3Th6TuJesedKkRKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/b011d3-bdba-45cd-a8ac-e0be89c4f169/1/tqFlTa6WxTJXjOHfHruCIdu2gUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.152.0/21
                IPv6:
                  2a00:96c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:20:b4:6b:fc:07:88:2a:59:28:72:f3:56:8c:23:fc:bc:5b:
         fa:f3:f0:a4:c0:b7:68:ac:87:eb:11:0b:f2:ae:f6:02:e5:4f:
         67:5b:b1:f1:6d:72:f7:a4:5e:17:b0:1e:a3:12:df:c7:1c:ab:
         80:fb:b6:28:d4:01:bb:58:91:00:da:60:12:5c:9f:63:23:78:
         4b:7a:95:36:2e:56:8f:19:72:61:75:10:da:81:4c:63:ee:f7:
         e4:43:35:fc:b2:5b:09:06:ce:56:3b:8c:85:5b:7b:20:ab:c8:
         0b:ea:c0:7e:2f:98:15:a4:0e:4e:f5:1e:47:94:89:c1:12:4a:
         c5:14:fa:47:9f:05:32:ec:2d:6f:3d:d7:63:1f:ab:4b:7e:da:
         5d:76:95:1a:1e:43:60:13:31:6d:54:d7:6e:87:b9:14:64:2f:
         e1:b8:f4:d1:1e:ed:ea:19:83:17:39:70:37:2c:28:fa:d4:ba:
         e8:7a:4d:7e:d6:88:c8:e4:ae:b1:55:5f:8d:94:c8:83:1e:e1:
         4c:24:8f:06:3b:4a:bf:31:c7:e8:e5:2e:8c:47:e0:7c:d7:b9:
         5c:ef:2e:54:d8:cb:f6:68:b3:04:64:6d:e2:d6:0a:03:55:3c:
         62:2a:fd:ab:68:ff:0b:26:0e:eb:56:ca:d5:07:96:ed:47:47:
         71:1d:69:fb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlYHVK1ykI9Duoj4n8yLLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YTE2NTRkYWU5NmM1MzI1NzhjZTFkZjFlYmI4MjIxZGJi
NjgxNDUwHhcNMjQwMTAyMDAzMTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTgzNDUxZmVkYmQzYWU4Yjc0ZTFlOTNiODk3YWM3OWQyYTQ0NGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp46qOroDysE9FFfMm6FOuvJrrsYn
K8DtFSVZWriSdrQLH+Zs+U3l6vYQ8gvA1PeJrwG4HCC+yxlt24nZBMXmHROHCXzB
eTVYXUHvcX5hFD0ueG6+72NsSjQTQUSBtXs4zGyLOwmOkzKKqMbiiPu9gmItbqbJ
Fa7664WxEvihx42hflGdcaxyZslyiFjh7+YdMI6OkcUrx7c1i7TBp4mRZtfV/MCb
+q0wLZ1iCSU6wLF2CxVkCkpX+BNseBmE37QKimxOtzXfCZW5qg1RrGIAFirkJKa7
ZAWfoDwac7LnJ0SiLAEojOuSwTVMcYj0FP94br59CE3Cv61bBV5121CGPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHmDRR/tvTrot04ek7iXrHnSpESoMB8GA1UdIwQY
MBaAFLahZU2ulsUyV4zh3x67giHbtoFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMt
ZTBiZTg5YzRmMTY5LzEvZVlORkgtMjlPdWkzVGg2VHVKZXNlZEtrUktnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9iMDExZDMtYmRiYS00NWNkLWE4YWMtZTBiZTg5YzRmMTY5
LzEvdHFGbFRhNld4VEpYak9IZkhydUNJZHUyZ1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDJYuYMA0E
AgACMAcDBQAqAJbAMA0GCSqGSIb3DQEBCwUAA4IBAQBrILRr/AeIKlkocvNWjCP8
vFv68/CkwLdorIfrEQvyrvYC5U9nW7HxbXL3pF4XsB6jEt/HHKuA+7Yo1AG7WJEA
2mASXJ9jI3hLepU2LlaPGXJhdRDagUxj7vfkQzX8slsJBs5WO4yFW3sgq8gL6sB+
L5gVpA5O9R5HlInBEkrFFPpHnwUy7C1vPddjH6tLftpddpUaHkNgEzFtVNduh7kU
ZC/huPTRHu3qGYMXOXA3LCj61Lroek1+1ojI5K6xVV+NlMiDHuFMJI8GO0q/Mcfo
5S6MR+B817lc7y5U2Mv2aLMEZG3i1goDVTxiKv2raP8LJg7rVsrVB5btR0dxHWn7
-----END CERTIFICATE-----