Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/4CoVMMKw0iAY2WbvgdHQblv-YLI.roa
File:                     4CoVMMKw0iAY2WbvgdHQblv-YLI.roa (raw, json)
Hash identifier:          bPGOSQ6fTh78RE8OIALZzzCGD5F7zJ/rcPqgSt70E8I=
Subject key identifier:   E0:2A:15:30:C2:B0:D2:20:18:D9:66:EF:81:D1:D0:6E:5B:FE:60:B2
Certificate issuer:       /CN=5e1bf6a319da2489816aedba1b4fd0cc7ddf3e1e
Certificate serial:       01942521CA81EED51E5A06175E9FBFA4493A
Authority key identifier: 5E:1B:F6:A3:19:DA:24:89:81:6A:ED:BA:1B:4F:D0:CC:7D:DF:3E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/4CoVMMKw0iAY2WbvgdHQblv-YLI.roa
Signing time:             Thu 02 Jan 2025 03:49:19 +0000
ROA not before:           Thu 02 Jan 2025 03:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        37.224.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/Xhv2oxnaJImBau26G0_QzH3fPh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/Xhv2oxnaJImBau26G0_QzH3fPh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ca:81:ee:d5:1e:5a:06:17:5e:9f:bf:a4:49:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e1bf6a319da2489816aedba1b4fd0cc7ddf3e1e
        Validity
            Not Before: Jan  2 03:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e02a1530c2b0d22018d966ef81d1d06e5bfe60b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c8:08:b6:c0:b9:40:c5:2e:4a:7f:85:79:d8:
                    33:8e:65:2a:37:24:87:5f:cf:79:80:40:94:c2:fa:
                    e1:65:c6:f2:c9:59:bd:f6:44:cb:13:8c:a5:2c:ee:
                    a5:8b:2b:83:df:68:32:93:12:86:93:dd:f3:37:2b:
                    f6:77:b8:2b:0d:b5:92:9c:30:a1:09:55:ac:aa:15:
                    00:9c:62:38:27:e7:4c:bf:2d:85:df:bc:7e:3f:b9:
                    23:bc:46:97:ac:6f:d7:12:a5:53:cb:eb:06:ce:a1:
                    8c:d8:66:2a:ec:80:60:e5:99:cb:c9:0e:30:99:50:
                    d5:a8:a0:fb:bd:17:74:40:cb:a3:56:31:a8:6e:e5:
                    c2:ec:d0:78:8c:14:12:58:09:f7:97:c0:dc:31:48:
                    35:4c:66:f9:de:b2:14:8a:26:f6:76:89:f9:cf:63:
                    40:a8:14:a7:4a:3a:6b:29:2f:d9:af:75:5a:f0:a8:
                    c9:e8:8b:3f:eb:be:ab:81:d7:a8:33:a4:7b:07:8c:
                    e4:11:ee:76:69:95:0c:27:e4:9a:df:68:c9:3f:c9:
                    4f:18:7a:03:67:78:2e:00:ef:6c:e1:4f:63:86:53:
                    74:b3:e7:80:f1:ed:7a:2f:47:d0:5c:37:ea:3c:92:
                    5b:03:75:a3:a2:0b:95:7b:6c:e5:b4:8c:c9:67:90:
                    ef:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:2A:15:30:C2:B0:D2:20:18:D9:66:EF:81:D1:D0:6E:5B:FE:60:B2
            X509v3 Authority Key Identifier:
                keyid:5E:1B:F6:A3:19:DA:24:89:81:6A:ED:BA:1B:4F:D0:CC:7D:DF:3E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/4CoVMMKw0iAY2WbvgdHQblv-YLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/Xhv2oxnaJImBau26G0_QzH3fPh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.224.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:a5:90:41:47:0a:67:e7:56:dd:55:f5:b7:ea:cd:cd:e6:7f:
         07:26:8b:aa:5d:6f:a4:3b:19:c2:e5:f8:bd:5c:9e:87:41:1f:
         98:b8:ae:ab:d1:e5:5d:f3:29:27:47:6a:70:fa:56:f7:c4:51:
         1b:73:cf:21:d5:5d:72:ba:eb:d4:6a:c9:ad:81:db:36:c2:da:
         3a:7b:38:9f:02:fe:d2:cc:30:20:42:da:52:51:ea:4d:44:79:
         18:21:dd:31:53:64:26:f8:32:17:da:91:41:0e:28:e3:62:50:
         40:5d:25:3f:af:37:45:98:84:a8:e4:94:49:c9:a0:11:8a:16:
         cc:3b:d6:ea:9d:49:7a:54:5a:36:a5:44:d9:fc:07:25:07:53:
         3e:aa:59:3e:01:c6:2d:9f:d7:a9:30:5a:52:32:09:fd:cb:b8:
         a4:7d:a4:60:52:bd:4b:f1:23:15:1f:bd:14:71:80:56:03:2e:
         94:c9:d4:52:a9:22:2c:55:03:00:38:c1:37:7c:60:cd:c9:7e:
         39:59:ee:9b:6b:67:19:32:b5:64:da:02:b8:9e:f5:87:5e:a1:
         5b:8d:4c:e3:7f:88:6f:39:f7:6f:b8:aa:ac:0b:8c:f9:8f:8d:
         a4:58:12:59:07:c6:43:a4:34:59:60:0f:10:4f:db:f0:d0:71:
         5a:a3:f8:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIcqB7tUeWgYXXp+/pEk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMWJmNmEzMTlkYTI0ODk4MTZhZWRiYTFiNGZkMGNjN2Rk
ZjNlMWUwHhcNMjUwMTAyMDM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDJhMTUzMGMyYjBkMjIwMThkOTY2ZWY4MWQxZDA2ZTViZmU2MGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcgItsC5QMUuSn+FedgzjmUqNySH
X895gECUwvrhZcbyyVm99kTLE4ylLO6liyuD32gykxKGk93zNyv2d7grDbWSnDCh
CVWsqhUAnGI4J+dMvy2F37x+P7kjvEaXrG/XEqVTy+sGzqGM2GYq7IBg5ZnLyQ4w
mVDVqKD7vRd0QMujVjGobuXC7NB4jBQSWAn3l8DcMUg1TGb53rIUiib2don5z2NA
qBSnSjprKS/Zr3Va8KjJ6Is/676rgdeoM6R7B4zkEe52aZUMJ+Sa32jJP8lPGHoD
Z3guAO9s4U9jhlN0s+eA8e16L0fQXDfqPJJbA3WjoguVe2zltIzJZ5DvfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAqFTDCsNIgGNlm74HR0G5b/mCyMB8GA1UdIwQY
MBaAFF4b9qMZ2iSJgWrtuhtP0Mx93z4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGh2Mm94bmFKSW1CYXUyNkcwX1F6SDNmUGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84OGZkZDEtOGI3Yi00MTAxLWFjNjYt
YjU5MDk1N2Q5NDE1LzEvNENvVk1NS3cwaUFZMldidmdkSFFibHYtWUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84OGZkZDEtOGI3Yi00MTAxLWFjNjYtYjU5MDk1N2Q5NDE1
LzEvWGh2Mm94bmFKSW1CYXUyNkcwX1F6SDNmUGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeBNMA0G
CSqGSIb3DQEBCwUAA4IBAQA7pZBBRwpn51bdVfW36s3N5n8HJouqXW+kOxnC5fi9
XJ6HQR+YuK6r0eVd8yknR2pw+lb3xFEbc88h1V1yuuvUasmtgds2wto6ezifAv7S
zDAgQtpSUepNRHkYId0xU2Qm+DIX2pFBDijjYlBAXSU/rzdFmISo5JRJyaARihbM
O9bqnUl6VFo2pUTZ/AclB1M+qlk+AcYtn9epMFpSMgn9y7ikfaRgUr1L8SMVH70U
cYBWAy6UydRSqSIsVQMAOME3fGDNyX45We6ba2cZMrVk2gK4nvWHXqFbjUzjf4hv
OfdvuKqsC4z5j42kWBJZB8ZDpDRZYA8QT9vw0HFao/hH
-----END CERTIFICATE-----