Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iMnUvgG_3_BEkzEIT_vuxHxBKh0.roa
File:                     iMnUvgG_3_BEkzEIT_vuxHxBKh0.roa (raw, json)
Hash identifier:          gD3HY92XTG+pfgdGpBPqFIbtjzhibf4XyOs0q6gZVds=
Subject key identifier:   88:C9:D4:BE:01:BF:DF:F0:44:93:31:08:4F:FB:EE:C4:7C:41:2A:1D
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC98D26C2421A156ABB79B1BE90153
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iMnUvgG_3_BEkzEIT_vuxHxBKh0.roa
Signing time:             Mon 01 Jan 2024 16:30:17 +0000
ROA not before:           Mon 01 Jan 2024 16:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42532
IP address blocks:        37.128.204.0/22 maxlen: 22
                          188.64.12.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:98:d2:6c:24:21:a1:56:ab:b7:9b:1b:e9:01:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88c9d4be01bfdff0449331084ffbeec47c412a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8a:ca:84:44:a7:5f:cf:36:ae:4a:ed:af:54:
                    4a:b4:61:79:d6:b4:c8:a1:db:41:22:9f:3f:51:73:
                    bd:ce:b4:51:a9:4b:45:c5:43:46:27:b2:dc:06:23:
                    3e:80:62:0a:54:cd:7c:9b:1a:e1:41:d5:70:2e:36:
                    d0:04:e1:09:a5:cb:e5:32:e7:20:49:25:97:99:11:
                    ae:0b:64:1c:d6:e4:05:d4:8b:63:cb:f6:85:a1:31:
                    30:e8:18:2d:48:7a:8b:6d:58:61:ca:74:88:7a:cb:
                    e5:b7:6c:af:9b:3f:2f:e6:42:33:f9:09:1c:02:d0:
                    fc:33:40:6d:15:68:33:1c:fc:e6:d2:8a:8e:b0:ab:
                    39:f2:bd:55:58:e0:c5:ee:e0:84:de:9e:e9:88:d8:
                    77:75:2a:3d:79:2a:aa:53:dd:6a:32:32:1d:e5:08:
                    0c:e2:7e:13:46:7a:d3:17:21:e6:b2:c5:62:90:50:
                    f6:2a:a1:30:a3:40:45:27:d2:52:80:71:68:de:bb:
                    14:1a:ad:94:9d:20:5e:c5:98:89:3c:36:d5:a9:3b:
                    4c:f6:97:05:68:a4:2a:4d:ca:00:21:a0:63:5e:51:
                    cf:75:56:8b:86:5b:8e:60:75:b8:06:ac:6f:66:e3:
                    e8:b5:7f:fe:0f:ce:a2:e8:20:ec:3e:78:98:90:67:
                    f5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C9:D4:BE:01:BF:DF:F0:44:93:31:08:4F:FB:EE:C4:7C:41:2A:1D
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/iMnUvgG_3_BEkzEIT_vuxHxBKh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.128.204.0/22
                  188.64.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         db:3b:b0:45:f8:e7:d7:f0:1b:3e:a1:a7:cd:f2:e7:a5:73:ad:
         5a:83:d7:5d:0c:70:88:e4:e5:18:29:59:ce:f0:c3:b1:73:6d:
         d6:74:fc:e4:c1:71:67:48:cc:48:0f:ea:9b:5e:0c:88:81:5c:
         f3:79:62:4f:95:b9:80:64:55:75:70:3b:45:64:ea:51:75:de:
         1f:5a:bc:c4:b7:f7:dd:66:70:11:af:09:17:4d:93:e9:e5:7c:
         d8:0f:4d:72:e7:29:32:44:d0:6b:1e:63:11:ff:95:96:d8:dc:
         24:de:8e:66:f9:ea:cb:a5:b1:b3:73:0d:a1:2a:f7:10:78:06:
         09:b4:99:24:25:fb:e9:2f:94:94:a7:82:e9:6d:88:e4:64:44:
         b7:7e:28:4b:17:89:be:fc:56:93:8f:aa:32:56:4d:78:3e:31:
         7a:79:87:96:7c:22:a1:ff:e7:88:9f:4b:78:c2:32:5c:ed:fd:
         f3:6a:e8:74:22:98:ff:ce:cf:5e:f4:0a:8f:16:6e:a4:23:11:
         46:50:b8:58:d4:2a:88:38:54:48:ec:29:6b:f2:f6:f6:f9:ca:
         3c:81:23:59:bd:16:cc:bb:45:62:fc:c6:e7:0f:f2:20:ee:9c:
         7d:f3:24:9c:32:29:3d:42:55:71:c1:76:2b:85:59:b4:ea:dd:
         bc:73:01:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3JjSbCQhoVart5sb6QFTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGM5ZDRiZTAxYmZkZmYwNDQ5MzMxMDg0ZmZiZWVjNDdjNDEyYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4rKhESnX882rkrtr1RKtGF51rTI
odtBIp8/UXO9zrRRqUtFxUNGJ7LcBiM+gGIKVM18mxrhQdVwLjbQBOEJpcvlMucg
SSWXmRGuC2Qc1uQF1Itjy/aFoTEw6BgtSHqLbVhhynSIesvlt2yvmz8v5kIz+Qkc
AtD8M0BtFWgzHPzm0oqOsKs58r1VWODF7uCE3p7piNh3dSo9eSqqU91qMjId5QgM
4n4TRnrTFyHmssVikFD2KqEwo0BFJ9JSgHFo3rsUGq2UnSBexZiJPDbVqTtM9pcF
aKQqTcoAIaBjXlHPdVaLhluOYHW4BqxvZuPotX/+D86i6CDsPniYkGf1mwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIjJ1L4Bv9/wRJMxCE/77sR8QSodMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvaU1uVXZnR18zX0JFa3pFSVRfdnV4SHhCS2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCJYDMAwQC
vEAMMA0GCSqGSIb3DQEBCwUAA4IBAQDbO7BF+OfX8Bs+oafN8uelc61ag9ddDHCI
5OUYKVnO8MOxc23WdPzkwXFnSMxID+qbXgyIgVzzeWJPlbmAZFV1cDtFZOpRdd4f
WrzEt/fdZnARrwkXTZPp5XzYD01y5ykyRNBrHmMR/5WW2Nwk3o5m+erLpbGzcw2h
KvcQeAYJtJkkJfvpL5SUp4LpbYjkZES3fihLF4m+/FaTj6oyVk14PjF6eYeWfCKh
/+eIn0t4wjJc7f3zauh0Ipj/zs9e9AqPFm6kIxFGULhY1CqIOFRI7Clr8vb2+co8
gSNZvRbMu0Vi/MbnD/Ig7px98yScMik9QlVxwXYrhVm06t28cwFO
-----END CERTIFICATE-----