Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/2iga0nlk79hsiXYssBRVEJUMzCk.roa
File:                     2iga0nlk79hsiXYssBRVEJUMzCk.roa (raw, json)
Hash identifier:          zNjDqRkr/NBAAcHU26E2dhZjP52AAgoYr8bc94c0dmE=
Subject key identifier:   DA:28:1A:D2:79:64:EF:D8:6C:89:76:2C:B0:14:55:10:95:0C:CC:29
Certificate issuer:       /CN=6596f0dc165b7cd209022b2964834c45e74d212c
Certificate serial:       0194464251E3D90869CCA188F9D9A7E41CB9
Authority key identifier: 65:96:F0:DC:16:5B:7C:D2:09:02:2B:29:64:83:4C:45:E7:4D:21:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZZbw3BZbfNIJAispZINMRedNISw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/2iga0nlk79hsiXYssBRVEJUMzCk.roa
Signing time:             Wed 08 Jan 2025 14:12:18 +0000
ROA not before:           Wed 08 Jan 2025 14:12:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35372
IP address blocks:        37.152.173.0/24 maxlen: 24
                          37.152.174.0/24 maxlen: 24
                          37.152.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZZbw3BZbfNIJAispZINMRedNISw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:42:51:e3:d9:08:69:cc:a1:88:f9:d9:a7:e4:1c:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6596f0dc165b7cd209022b2964834c45e74d212c
        Validity
            Not Before: Jan  8 14:12:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da281ad27964efd86c89762cb0145510950ccc29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:00:ae:ae:e3:4b:1e:90:f5:26:5d:be:0e:a2:
                    21:1d:b4:87:1b:32:c8:ef:5f:bd:38:47:cb:b3:56:
                    73:f3:d6:12:02:f3:f1:17:31:19:44:6c:38:27:5d:
                    1f:0d:48:b0:c1:db:95:d5:f2:d9:8a:1a:f1:05:14:
                    67:b7:c7:b6:e8:3b:8a:a8:69:a5:e0:f1:25:90:bf:
                    90:e0:b6:45:1d:92:6e:9d:7d:6f:99:80:5b:97:ed:
                    46:28:15:c3:bc:25:51:24:a1:da:fb:47:9c:83:76:
                    68:9b:8e:c2:49:66:0f:5e:83:4a:79:28:6d:c7:83:
                    c9:f5:f4:04:36:83:11:14:6a:99:0b:cc:8b:a3:1b:
                    67:9b:17:a3:66:03:92:df:5f:ad:5c:93:35:56:0e:
                    02:08:82:6f:ab:0b:a8:c5:6f:ef:58:6b:ab:7b:f5:
                    9a:64:5d:0d:7c:35:dc:c6:78:93:71:3d:41:c3:2d:
                    a0:1b:40:f9:e8:ad:42:69:57:82:2f:80:88:2c:27:
                    ed:79:43:2c:6b:9e:dc:26:a3:45:f4:b6:d4:96:10:
                    7b:c7:eb:fa:28:b8:6b:26:2b:32:af:24:ce:39:9d:
                    d2:d0:47:25:96:73:23:ae:25:3e:27:dc:37:0c:17:
                    ec:f1:3f:d6:26:7e:52:6a:a7:b9:3d:e9:d5:ae:ca:
                    bd:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:28:1A:D2:79:64:EF:D8:6C:89:76:2C:B0:14:55:10:95:0C:CC:29
            X509v3 Authority Key Identifier:
                keyid:65:96:F0:DC:16:5B:7C:D2:09:02:2B:29:64:83:4C:45:E7:4D:21:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZZbw3BZbfNIJAispZINMRedNISw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/2iga0nlk79hsiXYssBRVEJUMzCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.152.173.0-37.152.175.255

    Signature Algorithm: sha256WithRSAEncryption
         02:45:ac:52:72:e5:f7:d0:cd:72:53:4a:6a:74:7e:03:06:96:
         d8:a5:b9:02:3a:e7:3c:06:f2:23:43:b1:de:56:bb:0c:8c:be:
         27:dd:f2:e1:0b:d1:27:d6:8a:b3:cb:1e:d0:82:26:0d:31:15:
         44:b0:d0:92:28:fa:eb:bc:89:3b:0e:58:91:b0:dc:9e:71:9e:
         01:9c:5a:15:f0:31:4d:d2:c0:85:4e:b1:34:c6:3c:c9:c1:7a:
         6a:ad:28:c4:c4:9c:28:04:c3:70:89:28:e3:ff:72:a7:74:81:
         8d:54:b5:9c:1f:6c:b9:15:64:53:98:68:37:e2:43:21:41:d8:
         d0:f0:d4:2c:1e:45:10:9c:ef:d4:6e:7e:e7:da:47:89:fa:48:
         4a:d8:a6:b0:b1:76:34:0f:11:a1:4f:4f:6d:07:d4:51:96:7e:
         c0:c5:6c:94:e8:76:a7:7d:81:b6:94:f2:ae:2b:24:31:ce:4e:
         9c:ba:4e:f5:f5:46:6b:74:da:80:cc:14:38:e6:b6:c2:6c:7b:
         66:c7:93:74:19:b5:b1:62:3f:c6:26:aa:60:6b:e2:5e:0e:f3:
         11:3a:3f:1f:d5:a3:83:4c:c8:00:4a:0b:c2:69:54:9d:4c:1e:
         c9:a6:f1:2a:22:c4:6e:f4:3c:de:da:f5:2a:59:a6:a0:0e:35:
         dd:69:98:27
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZRGQlHj2QhpzKGI+dmn5By5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OTZmMGRjMTY1YjdjZDIwOTAyMmIyOTY0ODM0YzQ1ZTc0
ZDIxMmMwHhcNMjUwMTA4MTQxMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTI4MWFkMjc5NjRlZmQ4NmM4OTc2MmNiMDE0NTUxMDk1MGNjYzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ACuruNLHpD1Jl2+DqIhHbSHGzLI
71+9OEfLs1Zz89YSAvPxFzEZRGw4J10fDUiwwduV1fLZihrxBRRnt8e26DuKqGml
4PElkL+Q4LZFHZJunX1vmYBbl+1GKBXDvCVRJKHa+0ecg3Zom47CSWYPXoNKeSht
x4PJ9fQENoMRFGqZC8yLoxtnmxejZgOS31+tXJM1Vg4CCIJvqwuoxW/vWGure/Wa
ZF0NfDXcxniTcT1Bwy2gG0D56K1CaVeCL4CILCfteUMsa57cJqNF9LbUlhB7x+v6
KLhrJisyryTOOZ3S0EcllnMjriU+J9w3DBfs8T/WJn5Saqe5PenVrsq9IQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNooGtJ5ZO/YbIl2LLAUVRCVDMwpMB8GA1UdIwQY
MBaAFGWW8NwWW3zSCQIrKWSDTEXnTSEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlpidzNCWmJmTklKQWlzcFpJTk1SZWROSVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC85OTA0YjMtOGNhMC00OTQ2LTg3NjYt
MmQxM2NmOWI0NWMwLzEvMmlnYTBubGs3OWhzaVhZc3NCUlZFSlVNekNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC85OTA0YjMtOGNhMC00OTQ2LTg3NjYtMmQxM2NmOWI0NWMw
LzEvWlpidzNCWmJmTklKQWlzcFpJTk1SZWROSVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAlmK0D
BAQlmKAwDQYJKoZIhvcNAQELBQADggEBAAJFrFJy5ffQzXJTSmp0fgMGltiluQI6
5zwG8iNDsd5WuwyMvifd8uEL0SfWirPLHtCCJg0xFUSw0JIo+uu8iTsOWJGw3J5x
ngGcWhXwMU3SwIVOsTTGPMnBemqtKMTEnCgEw3CJKOP/cqd0gY1UtZwfbLkVZFOY
aDfiQyFB2NDw1CweRRCc79RufufaR4n6SErYprCxdjQPEaFPT20H1FGWfsDFbJTo
dqd9gbaU8q4rJDHOTpy6TvX1Rmt02oDMFDjmtsJse2bHk3QZtbFiP8YmqmBr4l4O
8xE6Px/Vo4NMyABKC8JpVJ1MHsmm8SoixG70PN7a9SpZpqAONd1pmCc=
-----END CERTIFICATE-----