Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/e22dc2-f406-40c9-ba5f-bf69b12a6744/1/2TwnY5S7g_G8nADxFjdu_Givsa4.roa
File:                     2TwnY5S7g_G8nADxFjdu_Givsa4.roa (raw, json)
Hash identifier:          OFS4RQYxu759td6vA0V0FevIfwXebgDzJsMe7GLRhOQ=
Subject key identifier:   D9:3C:27:63:94:BB:83:F1:BC:9C:00:F1:16:37:6E:FC:68:AF:B1:AE
Certificate issuer:       /CN=9e81ddaad88f7071612d7c3b7618e24d1a5233bb
Certificate serial:       018CCA2A52B34152A597D833787FE9AFB4CE
Authority key identifier: 9E:81:DD:AA:D8:8F:70:71:61:2D:7C:3B:76:18:E2:4D:1A:52:33:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/noHdqtiPcHFhLXw7dhjiTRpSM7s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/e22dc2-f406-40c9-ba5f-bf69b12a6744/1/2TwnY5S7g_G8nADxFjdu_Givsa4.roa
Signing time:             Tue 02 Jan 2024 12:33:40 +0000
ROA not before:           Tue 02 Jan 2024 12:33:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61060
IP address blocks:        37.44.8.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/e22dc2-f406-40c9-ba5f-bf69b12a6744/1/noHdqtiPcHFhLXw7dhjiTRpSM7s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/e22dc2-f406-40c9-ba5f-bf69b12a6744/1/noHdqtiPcHFhLXw7dhjiTRpSM7s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/noHdqtiPcHFhLXw7dhjiTRpSM7s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:52:b3:41:52:a5:97:d8:33:78:7f:e9:af:b4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e81ddaad88f7071612d7c3b7618e24d1a5233bb
        Validity
            Not Before: Jan  2 12:33:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d93c276394bb83f1bc9c00f116376efc68afb1ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9e:23:9a:17:1c:34:9e:82:8d:63:b2:4b:aa:
                    0e:15:cb:fc:ea:40:15:55:f0:6f:d2:10:a4:36:10:
                    a9:02:c7:da:e7:27:7b:03:f9:eb:a7:0b:8a:9d:91:
                    20:77:d3:dd:8e:16:6f:40:48:f4:b4:25:c6:0d:53:
                    a3:ee:f1:16:f0:fe:8d:e2:fb:67:75:4a:54:b4:ac:
                    5c:82:6b:96:a4:fb:85:8f:49:08:37:65:1d:f1:c2:
                    f9:49:cd:16:44:54:b6:38:5e:20:12:55:66:62:52:
                    f4:13:ef:52:49:5e:19:b8:3c:9e:c4:22:dc:d6:ba:
                    ad:f3:39:5d:b2:6a:14:fe:b5:b4:de:da:9b:30:2e:
                    e3:d5:f4:9c:ba:56:e0:89:f1:0a:6a:30:10:99:ec:
                    8b:8a:7f:f1:37:5b:15:46:72:00:9d:ad:c1:1f:c0:
                    39:f2:21:82:b5:0b:f3:0a:92:f2:b9:84:47:81:55:
                    df:ac:37:13:dd:f0:62:ff:28:80:21:1a:12:b8:41:
                    ae:d9:3b:5d:5e:e8:d6:3c:8e:ec:af:66:0e:e3:2b:
                    f8:3b:0f:fa:99:f7:70:be:8e:b9:bc:7f:20:e4:9f:
                    60:a1:83:8c:85:83:d8:b7:a3:25:df:7a:58:55:02:
                    44:f8:e2:20:75:94:9e:7f:84:6f:ca:9f:67:ba:0a:
                    e6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:3C:27:63:94:BB:83:F1:BC:9C:00:F1:16:37:6E:FC:68:AF:B1:AE
            X509v3 Authority Key Identifier:
                keyid:9E:81:DD:AA:D8:8F:70:71:61:2D:7C:3B:76:18:E2:4D:1A:52:33:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/noHdqtiPcHFhLXw7dhjiTRpSM7s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e22dc2-f406-40c9-ba5f-bf69b12a6744/1/2TwnY5S7g_G8nADxFjdu_Givsa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e22dc2-f406-40c9-ba5f-bf69b12a6744/1/noHdqtiPcHFhLXw7dhjiTRpSM7s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1d:6a:7e:ce:3e:d3:6d:cc:03:ff:00:db:4e:e6:7f:f7:19:de:
         80:08:5a:03:bd:31:80:29:ee:3d:e2:8c:5c:26:ba:a5:f0:29:
         d3:7f:3e:4b:d2:20:b7:68:4e:3d:ef:ce:33:80:be:a6:93:87:
         b3:51:8c:0b:53:23:40:38:e2:eb:13:63:37:3b:fa:1b:2d:bf:
         3f:66:6f:f4:b8:05:d1:63:4d:2c:ca:25:e7:6a:85:b6:3c:c2:
         ee:05:69:25:75:4c:bf:16:ce:a5:14:ab:42:43:54:09:fc:4b:
         89:72:85:16:18:f7:fa:52:8b:51:c3:ad:46:4c:df:16:b3:71:
         0e:29:ca:de:6f:ae:db:bf:a1:df:fe:67:b2:8e:99:57:6b:23:
         d9:16:7c:1e:df:d1:5b:1a:f7:39:37:a4:82:3d:69:f1:08:0a:
         6d:46:3b:90:7d:a2:c4:39:89:3f:1e:bb:31:59:5d:fb:a4:61:
         de:cd:4c:56:95:d5:1d:76:42:48:96:8a:18:22:ef:d6:d8:04:
         8d:8e:ed:a7:de:2a:89:54:0b:72:2e:f0:2e:b0:ad:40:b5:d2:
         b0:0f:13:ed:2d:34:3f:fa:af:f6:62:a4:b1:af:0d:76:d2:2d:
         ea:f4:b8:2b:ec:1d:24:5c:18:54:23:0f:91:84:d8:4f:a1:b3:
         bf:f5:6f:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlKzQVKll9gzeH/pr7TOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllODFkZGFhZDg4ZjcwNzE2MTJkN2MzYjc2MThlMjRkMWE1
MjMzYmIwHhcNMjQwMTAyMTIzMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTNjMjc2Mzk0YmI4M2YxYmM5YzAwZjExNjM3NmVmYzY4YWZiMWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm54jmhccNJ6CjWOyS6oOFcv86kAV
VfBv0hCkNhCpAsfa5yd7A/nrpwuKnZEgd9PdjhZvQEj0tCXGDVOj7vEW8P6N4vtn
dUpUtKxcgmuWpPuFj0kIN2Ud8cL5Sc0WRFS2OF4gElVmYlL0E+9SSV4ZuDyexCLc
1rqt8zldsmoU/rW03tqbMC7j1fSculbgifEKajAQmeyLin/xN1sVRnIAna3BH8A5
8iGCtQvzCpLyuYRHgVXfrDcT3fBi/yiAIRoSuEGu2TtdXujWPI7sr2YO4yv4Ow/6
mfdwvo65vH8g5J9goYOMhYPYt6Ml33pYVQJE+OIgdZSef4Rvyp9nugrm4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNk8J2OUu4PxvJwA8RY3bvxor7GuMB8GA1UdIwQY
MBaAFJ6B3arYj3BxYS18O3YY4k0aUjO7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm9IZHF0aVBjSEZoTFh3N2RoamlUUnBTTTdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lMjJkYzItZjQwNi00MGM5LWJhNWYt
YmY2OWIxMmE2NzQ0LzEvMlR3blk1UzdnX0c4bkFEeEZqZHVfR2l2c2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lMjJkYzItZjQwNi00MGM5LWJhNWYtYmY2OWIxMmE2NzQ0
LzEvbm9IZHF0aVBjSEZoTFh3N2RoamlUUnBTTTdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJSwIMA0G
CSqGSIb3DQEBCwUAA4IBAQAdan7OPtNtzAP/ANtO5n/3Gd6ACFoDvTGAKe494oxc
Jrql8CnTfz5L0iC3aE49784zgL6mk4ezUYwLUyNAOOLrE2M3O/obLb8/Zm/0uAXR
Y00syiXnaoW2PMLuBWkldUy/Fs6lFKtCQ1QJ/EuJcoUWGPf6UotRw61GTN8Ws3EO
Kcreb67bv6Hf/meyjplXayPZFnwe39FbGvc5N6SCPWnxCAptRjuQfaLEOYk/Hrsx
WV37pGHezUxWldUddkJIlooYIu/W2ASNju2n3iqJVAtyLvAusK1AtdKwDxPtLTQ/
+q/2YqSxrw120i3q9Lgr7B0kXBhUIw+RhNhPobO/9W82
-----END CERTIFICATE-----