Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/uF7cOII8CmHBLYxrkhE_h3VsGdo.roa
File:                     uF7cOII8CmHBLYxrkhE_h3VsGdo.roa (raw, json)
Hash identifier:          12RQvYNJouvmzZ4jXCo6It0AZJXWMXbedeipaRSRJ3Q=
Subject key identifier:   B8:5E:DC:38:82:3C:0A:61:C1:2D:8C:6B:92:11:3F:87:75:6C:19:DA
Certificate issuer:       /CN=6596f0dc165b7cd209022b2964834c45e74d212c
Certificate serial:       018DD4A2628293746A63D040AA88C60EC16D
Authority key identifier: 65:96:F0:DC:16:5B:7C:D2:09:02:2B:29:64:83:4C:45:E7:4D:21:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZZbw3BZbfNIJAispZINMRedNISw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/uF7cOII8CmHBLYxrkhE_h3VsGdo.roa
Signing time:             Fri 23 Feb 2024 06:23:48 +0000
ROA not before:           Fri 23 Feb 2024 06:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203895
IP address blocks:        37.152.165.0/24 maxlen: 24
                          37.152.166.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZZbw3BZbfNIJAispZINMRedNISw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d4:a2:62:82:93:74:6a:63:d0:40:aa:88:c6:0e:c1:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6596f0dc165b7cd209022b2964834c45e74d212c
        Validity
            Not Before: Feb 23 06:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b85edc38823c0a61c12d8c6b92113f87756c19da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:ee:1d:22:58:33:0a:ed:3b:0c:36:12:5b:11:
                    1d:9f:c3:a6:91:f1:80:6d:8f:2a:4d:13:96:fb:fe:
                    8c:c7:b1:1e:ec:d4:ed:2e:43:b5:8e:72:3b:08:d4:
                    75:d1:3f:2b:74:77:67:a1:26:db:2e:ec:70:46:f7:
                    8c:69:81:3c:4e:bb:4e:10:9f:bd:97:2c:6b:82:dc:
                    0c:1d:1c:ed:44:76:23:45:4b:f3:ba:8c:f1:6c:56:
                    cc:da:d4:c2:0a:81:f8:e2:8f:b2:fe:81:ad:34:1d:
                    a0:f0:ff:83:f0:b9:03:df:d8:77:b5:1f:53:52:29:
                    ea:d5:4e:4b:29:b7:b9:dd:89:d3:0f:32:38:8f:2b:
                    01:4e:e5:fc:7b:1a:30:92:a7:37:d0:2b:c8:f1:3d:
                    23:26:bc:09:b2:98:8a:6f:46:1f:3b:be:11:24:b3:
                    c5:f0:80:03:ff:ea:72:2e:3e:8f:15:76:f4:00:e6:
                    4e:2d:2a:da:5e:c6:2c:b2:6d:1d:31:1b:01:dd:ea:
                    8c:f4:ea:8d:33:03:0e:76:4a:1d:08:a4:53:15:ed:
                    eb:36:bd:53:e0:e1:04:f6:df:fb:5d:ca:ee:8c:c4:
                    f3:8b:d2:88:cf:d5:fb:54:49:e0:0f:2b:c6:51:6d:
                    d5:d1:6c:20:5d:68:77:58:4e:cd:36:64:95:b3:25:
                    ee:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:5E:DC:38:82:3C:0A:61:C1:2D:8C:6B:92:11:3F:87:75:6C:19:DA
            X509v3 Authority Key Identifier:
                keyid:65:96:F0:DC:16:5B:7C:D2:09:02:2B:29:64:83:4C:45:E7:4D:21:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZZbw3BZbfNIJAispZINMRedNISw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/uF7cOII8CmHBLYxrkhE_h3VsGdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.152.165.0-37.152.166.255

    Signature Algorithm: sha256WithRSAEncryption
         3d:1d:6a:60:0a:ab:ba:b3:a3:a4:b1:89:97:1a:cc:0f:0d:28:
         51:7a:00:40:4d:83:73:2b:0e:2d:d5:ec:c7:9e:1c:1e:26:38:
         e6:5b:0c:82:ac:a7:45:d7:c3:f7:bd:03:75:31:23:b6:65:d9:
         29:2f:f3:2b:bf:41:c4:ed:f7:38:94:70:cf:93:79:6e:26:ff:
         fa:1a:77:fc:1e:3a:a7:b0:79:cd:0e:de:45:28:83:89:96:ae:
         27:78:96:a8:f4:f5:c3:56:d8:be:12:e5:4d:29:01:ca:5c:80:
         8b:b1:e0:cd:f4:7c:fe:e7:0b:10:a6:d4:46:c9:83:f9:11:74:
         4b:70:22:e8:d6:b6:fd:a7:6d:18:5d:32:b4:42:09:0b:8f:25:
         d1:88:44:b8:b9:d1:37:6f:0f:6c:e3:03:5d:0d:92:36:7c:a0:
         46:1d:2f:be:1a:a0:8b:a8:e4:29:30:91:b6:8c:e8:55:88:5e:
         31:65:d6:27:38:6a:2f:c5:03:ab:10:2c:3e:ba:81:91:58:86:
         42:77:d0:ac:74:fb:2a:d7:74:f8:b3:e0:e7:8e:39:8c:84:0c:
         1e:07:9c:41:ab:9b:87:0e:29:5c:a4:c2:3f:87:34:05:f3:06:
         0c:1f:e0:ca:87:c3:d3:d0:ec:3e:cb:b6:24:4c:7c:7e:3c:45:
         8e:05:e7:ff
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY3UomKCk3RqY9BAqojGDsFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OTZmMGRjMTY1YjdjZDIwOTAyMmIyOTY0ODM0YzQ1ZTc0
ZDIxMmMwHhcNMjQwMjIzMDYyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODVlZGMzODgyM2MwYTYxYzEyZDhjNmI5MjExM2Y4Nzc1NmMxOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAge4dIlgzCu07DDYSWxEdn8OmkfGA
bY8qTROW+/6Mx7Ee7NTtLkO1jnI7CNR10T8rdHdnoSbbLuxwRveMaYE8TrtOEJ+9
lyxrgtwMHRztRHYjRUvzuozxbFbM2tTCCoH44o+y/oGtNB2g8P+D8LkD39h3tR9T
Uinq1U5LKbe53YnTDzI4jysBTuX8exowkqc30CvI8T0jJrwJspiKb0YfO74RJLPF
8IAD/+pyLj6PFXb0AOZOLSraXsYssm0dMRsB3eqM9OqNMwMOdkodCKRTFe3rNr1T
4OEE9t/7XcrujMTzi9KIz9X7VEngDyvGUW3V0WwgXWh3WE7NNmSVsyXuNwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLhe3DiCPAphwS2Ma5IRP4d1bBnaMB8GA1UdIwQY
MBaAFGWW8NwWW3zSCQIrKWSDTEXnTSEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlpidzNCWmJmTklKQWlzcFpJTk1SZWROSVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC85OTA0YjMtOGNhMC00OTQ2LTg3NjYt
MmQxM2NmOWI0NWMwLzEvdUY3Y09JSThDbUhCTFl4cmtoRV9oM1ZzR2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC85OTA0YjMtOGNhMC00OTQ2LTg3NjYtMmQxM2NmOWI0NWMw
LzEvWlpidzNCWmJmTklKQWlzcFpJTk1SZWROSVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAlmKUD
BAAlmKYwDQYJKoZIhvcNAQELBQADggEBAD0damAKq7qzo6SxiZcazA8NKFF6AEBN
g3MrDi3V7MeeHB4mOOZbDIKsp0XXw/e9A3UxI7Zl2Skv8yu/QcTt9ziUcM+TeW4m
//oad/weOqewec0O3kUog4mWrid4lqj09cNW2L4S5U0pAcpcgIux4M30fP7nCxCm
1EbJg/kRdEtwIujWtv2nbRhdMrRCCQuPJdGIRLi50TdvD2zjA10NkjZ8oEYdL74a
oIuo5CkwkbaM6FWIXjFl1ic4ai/FA6sQLD66gZFYhkJ30Kx0+yrXdPiz4OeOOYyE
DB4HnEGrm4cOKVykwj+HNAXzBgwf4MqHw9PQ7D7LtiRMfH48RY4F5/8=
-----END CERTIFICATE-----