Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/ac8e6f-5f83-449b-8c9d-77c1048422d8/1/z9nLEap4qDplCv4-cFwvbr75HAM.roa
File:                     z9nLEap4qDplCv4-cFwvbr75HAM.roa (raw, json)
Hash identifier:          UsAcUbMnck9wd6mg2X+ATY2NG/SwMJUuVVLgwSN86cQ=
Subject key identifier:   CF:D9:CB:11:AA:78:A8:3A:65:0A:FE:3E:70:5C:2F:6E:BE:F9:1C:03
Certificate issuer:       /CN=ac67c93b8225d04c3761c13cefee5f8329358e23
Certificate serial:       018CC7274BAD27767B8A3335B975F8E08C2C
Authority key identifier: AC:67:C9:3B:82:25:D0:4C:37:61:C1:3C:EF:EE:5F:83:29:35:8E:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rGfJO4Il0Ew3YcE87-5fgyk1jiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/ac8e6f-5f83-449b-8c9d-77c1048422d8/1/z9nLEap4qDplCv4-cFwvbr75HAM.roa
Signing time:             Mon 01 Jan 2024 22:31:30 +0000
ROA not before:           Mon 01 Jan 2024 22:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34592
IP address blocks:        37.137.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/ac8e6f-5f83-449b-8c9d-77c1048422d8/1/rGfJO4Il0Ew3YcE87-5fgyk1jiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/ac8e6f-5f83-449b-8c9d-77c1048422d8/1/rGfJO4Il0Ew3YcE87-5fgyk1jiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rGfJO4Il0Ew3YcE87-5fgyk1jiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:4b:ad:27:76:7b:8a:33:35:b9:75:f8:e0:8c:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac67c93b8225d04c3761c13cefee5f8329358e23
        Validity
            Not Before: Jan  1 22:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfd9cb11aa78a83a650afe3e705c2f6ebef91c03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:bf:c9:d0:5a:2e:67:cd:d8:a7:65:7b:e8:87:
                    69:f9:bf:a9:61:90:ee:75:6f:a7:10:6c:4b:5b:cc:
                    16:06:c3:43:72:0f:d2:f5:f5:e0:99:8b:b4:83:5f:
                    b5:dc:e7:b3:f6:db:b3:b2:59:af:b5:8a:c0:e9:ef:
                    bb:00:c7:6c:09:12:85:de:31:2d:fc:2f:80:7a:10:
                    b8:a7:40:b0:9e:64:80:c8:c8:fd:ac:25:8d:1a:c0:
                    6b:37:8d:7e:80:7f:9a:62:1a:0b:63:ef:14:9c:03:
                    ad:10:7d:07:20:02:db:9a:86:ff:4f:2c:05:91:fe:
                    3f:50:c5:b3:60:95:55:98:4f:6a:27:24:3e:56:e9:
                    b5:87:7c:31:e7:ee:50:62:f6:c9:d5:28:44:66:5f:
                    86:75:aa:a9:5e:51:62:c1:e1:13:83:69:7e:01:75:
                    94:21:bc:b7:33:8f:45:e0:56:5a:83:81:f5:65:f4:
                    5e:63:dc:d1:3e:c6:22:04:59:8a:a7:b9:0d:ed:05:
                    2f:1f:79:27:7f:65:49:37:fb:0b:30:cd:af:a8:04:
                    65:c2:31:97:f7:90:a8:9e:42:ce:50:49:1b:4d:27:
                    34:68:79:da:bc:8d:7f:6e:5f:8b:0d:0d:35:98:a5:
                    5f:9c:bc:64:2b:8b:0c:dd:ab:1e:b0:9c:87:b0:02:
                    28:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D9:CB:11:AA:78:A8:3A:65:0A:FE:3E:70:5C:2F:6E:BE:F9:1C:03
            X509v3 Authority Key Identifier:
                keyid:AC:67:C9:3B:82:25:D0:4C:37:61:C1:3C:EF:EE:5F:83:29:35:8E:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rGfJO4Il0Ew3YcE87-5fgyk1jiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ac8e6f-5f83-449b-8c9d-77c1048422d8/1/z9nLEap4qDplCv4-cFwvbr75HAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/ac8e6f-5f83-449b-8c9d-77c1048422d8/1/rGfJO4Il0Ew3YcE87-5fgyk1jiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.137.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:30:38:f2:50:a6:a5:ad:8d:12:4d:5f:70:6f:6d:e4:56:40:
         ed:77:e0:b1:db:4d:5f:03:5f:02:43:a5:6b:90:ba:dc:76:9d:
         4d:1d:40:ed:25:16:28:52:b0:f7:20:8d:1b:73:4f:10:ab:3b:
         6e:1d:a3:fd:b0:af:6a:cd:31:7d:f2:20:d7:e6:24:a5:0c:97:
         11:ed:2a:c0:16:d9:65:37:ba:fb:e3:0d:6a:9a:5c:50:8c:62:
         a2:ae:96:1b:4f:d4:c6:84:27:5b:95:32:40:2f:ee:bd:61:c7:
         37:cf:1a:7a:98:35:be:d0:25:5c:ac:a6:e3:37:c1:9a:fe:4a:
         05:ac:db:5e:70:94:04:5a:33:e1:9b:f5:f5:be:fc:31:27:ce:
         d6:58:e2:32:dc:8c:cc:1f:e4:f5:3f:69:ac:38:d6:37:09:f1:
         77:fc:ef:af:d2:69:b5:26:1c:40:ef:bf:c0:78:a4:11:2d:05:
         0d:7f:b5:dd:71:03:bd:c2:15:06:0f:44:af:ea:e2:d9:10:43:
         c5:5d:bb:17:9c:1a:c2:1a:80:8e:64:a1:22:20:88:66:81:a0:
         1e:66:72:4e:dc:d7:17:5e:b1:48:e9:18:89:0f:45:a5:9e:79:
         90:8b:ae:5c:06:35:dd:53:c2:f9:24:f8:22:66:d0:c8:27:7a:
         c5:ae:cc:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0utJ3Z7ijM1uXX44IwsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNjdjOTNiODIyNWQwNGMzNzYxYzEzY2VmZWU1ZjgzMjkz
NThlMjMwHhcNMjQwMTAxMjIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQ5Y2IxMWFhNzhhODNhNjUwYWZlM2U3MDVjMmY2ZWJlZjkxYzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsL/J0FouZ83Yp2V76Idp+b+pYZDu
dW+nEGxLW8wWBsNDcg/S9fXgmYu0g1+13Oez9tuzslmvtYrA6e+7AMdsCRKF3jEt
/C+AehC4p0CwnmSAyMj9rCWNGsBrN41+gH+aYhoLY+8UnAOtEH0HIALbmob/TywF
kf4/UMWzYJVVmE9qJyQ+Vum1h3wx5+5QYvbJ1ShEZl+GdaqpXlFiweETg2l+AXWU
Iby3M49F4FZag4H1ZfReY9zRPsYiBFmKp7kN7QUvH3knf2VJN/sLMM2vqARlwjGX
95ConkLOUEkbTSc0aHnavI1/bl+LDQ01mKVfnLxkK4sM3asesJyHsAIoFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/ZyxGqeKg6ZQr+PnBcL26++RwDMB8GA1UdIwQY
MBaAFKxnyTuCJdBMN2HBPO/uX4MpNY4jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckdmSk80SWwwRXczWWNFODctNWZneWsxamlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hYzhlNmYtNWY4My00NDliLThjOWQt
NzdjMTA0ODQyMmQ4LzEvejluTEVhcDRxRHBsQ3Y0LWNGd3Zicjc1SEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hYzhlNmYtNWY4My00NDliLThjOWQtNzdjMTA0ODQyMmQ4
LzEvckdmSk80SWwwRXczWWNFODctNWZneWsxamlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYklMA0G
CSqGSIb3DQEBCwUAA4IBAQAAMDjyUKalrY0STV9wb23kVkDtd+Cx201fA18CQ6Vr
kLrcdp1NHUDtJRYoUrD3II0bc08QqztuHaP9sK9qzTF98iDX5iSlDJcR7SrAFtll
N7r74w1qmlxQjGKirpYbT9TGhCdblTJAL+69Ycc3zxp6mDW+0CVcrKbjN8Ga/koF
rNtecJQEWjPhm/X1vvwxJ87WWOIy3IzMH+T1P2msONY3CfF3/O+v0mm1JhxA77/A
eKQRLQUNf7XdcQO9whUGD0Sv6uLZEEPFXbsXnBrCGoCOZKEiIIhmgaAeZnJO3NcX
XrFI6RiJD0WlnnmQi65cBjXdU8L5JPgiZtDIJ3rFrsxC
-----END CERTIFICATE-----