Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/de956f-e55b-437e-85d9-686f836cbcad/1/PBYps83ldEJCmUJRCNAw8fjXkvM.roa
File:                     PBYps83ldEJCmUJRCNAw8fjXkvM.roa (raw, json)
Hash identifier:          dODmekDYHQSHoe9NEFo+ebH7jlcXe53mdZy3+yCtBqA=
Subject key identifier:   3C:16:29:B3:CD:E5:74:42:42:99:42:51:08:D0:30:F1:F8:D7:92:F3
Certificate issuer:       /CN=37b8221099486a3b133e0139e34b934264cdd700
Certificate serial:       018CC94D9D57E7EBAB03CF02BF5F4E56ECD9
Authority key identifier: 37:B8:22:10:99:48:6A:3B:13:3E:01:39:E3:4B:93:42:64:CD:D7:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N7giEJlIajsTPgE540uTQmTN1wA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/de956f-e55b-437e-85d9-686f836cbcad/1/PBYps83ldEJCmUJRCNAw8fjXkvM.roa
Signing time:             Tue 02 Jan 2024 08:32:36 +0000
ROA not before:           Tue 02 Jan 2024 08:32:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203541
IP address blocks:        37.61.184.0/21 maxlen: 21
                          2a06:c500::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/de956f-e55b-437e-85d9-686f836cbcad/1/N7giEJlIajsTPgE540uTQmTN1wA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/de956f-e55b-437e-85d9-686f836cbcad/1/N7giEJlIajsTPgE540uTQmTN1wA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N7giEJlIajsTPgE540uTQmTN1wA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9d:57:e7:eb:ab:03:cf:02:bf:5f:4e:56:ec:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37b8221099486a3b133e0139e34b934264cdd700
        Validity
            Not Before: Jan  2 08:32:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c1629b3cde574424299425108d030f1f8d792f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fc:76:c5:ec:b9:c0:6f:dc:77:20:cd:2c:52:
                    39:e3:9e:f5:20:03:21:e6:1d:02:75:c5:d0:17:07:
                    2e:ab:63:df:f5:fe:c8:72:23:3e:62:e4:20:56:38:
                    aa:a2:05:ad:56:15:07:8c:53:27:32:58:b6:7a:68:
                    eb:5b:44:22:1a:84:f6:c5:b0:d0:36:35:80:ca:82:
                    ae:b4:36:95:82:ac:d5:b3:f3:9a:42:94:cd:57:4a:
                    53:a5:41:b4:ff:b8:ab:7a:32:98:f4:5a:b0:8e:92:
                    36:15:34:1b:f4:f7:a7:8d:c1:55:3b:97:9e:39:61:
                    c4:f3:fd:94:38:1b:bd:c4:a3:6f:5d:e3:ca:aa:77:
                    a4:c0:b0:3f:99:96:b7:61:43:77:8e:75:23:d9:71:
                    27:a5:f6:83:73:41:24:87:f7:96:d9:86:53:e5:e6:
                    5b:a7:ea:c7:c4:c6:8d:d0:0b:aa:d9:28:e7:49:a0:
                    2b:66:28:87:13:6d:86:4d:4b:f4:18:a5:71:00:c3:
                    c0:2c:8b:44:bd:6c:0a:e9:7e:61:aa:f5:7a:80:8d:
                    d1:1d:e4:be:4e:23:d8:cc:c0:cb:19:c0:5f:6a:a1:
                    2d:73:e1:6d:ce:26:8d:c2:8c:97:1b:23:b1:33:06:
                    f9:31:91:62:02:49:de:57:c7:5f:39:0d:56:46:cd:
                    d1:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:16:29:B3:CD:E5:74:42:42:99:42:51:08:D0:30:F1:F8:D7:92:F3
            X509v3 Authority Key Identifier:
                keyid:37:B8:22:10:99:48:6A:3B:13:3E:01:39:E3:4B:93:42:64:CD:D7:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N7giEJlIajsTPgE540uTQmTN1wA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/de956f-e55b-437e-85d9-686f836cbcad/1/PBYps83ldEJCmUJRCNAw8fjXkvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/de956f-e55b-437e-85d9-686f836cbcad/1/N7giEJlIajsTPgE540uTQmTN1wA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.184.0/21
                IPv6:
                  2a06:c500::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:d8:65:61:ed:c8:22:70:12:46:cb:6f:21:e1:1d:b3:1d:d9:
         35:04:a8:fa:08:59:dc:78:62:7f:f9:27:c2:32:09:f2:88:8a:
         f7:70:32:58:68:c1:88:36:96:48:be:6b:1f:9d:26:57:8b:82:
         a0:55:10:e2:29:0a:86:de:5e:4b:e1:b0:aa:c8:51:94:82:8b:
         9e:45:c9:5d:56:46:30:5b:f5:b6:4c:23:b0:c9:35:5c:08:00:
         3f:81:1f:bd:e0:d4:28:ea:bb:06:a1:4a:89:64:54:91:eb:74:
         6f:23:a7:d5:9b:98:15:fe:b2:3d:79:90:35:91:d8:a6:08:d6:
         b8:63:bd:59:2b:ef:8c:c3:94:1f:f6:55:d4:01:0f:7e:77:75:
         0d:f5:9f:91:b9:05:70:e8:90:f8:e9:47:da:19:40:27:30:1e:
         4c:79:a2:2e:db:b2:cc:ad:3b:4f:42:51:de:0d:61:62:d2:a5:
         6f:04:f7:d4:0d:23:65:5b:b1:2f:47:1d:75:bf:60:b8:58:46:
         93:5e:38:81:e1:5e:d5:45:23:f2:70:01:21:b6:5d:cd:e1:22:
         7d:93:36:af:27:cb:eb:36:da:b8:65:6f:c6:f0:6d:0a:7b:3e:
         7d:83:79:e1:e9:63:dd:64:55:df:02:e0:54:b7:b3:63:bb:9e:
         7c:61:f7:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTZ1X5+urA88Cv19OVuzZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3YjgyMjEwOTk0ODZhM2IxMzNlMDEzOWUzNGI5MzQyNjRj
ZGQ3MDAwHhcNMjQwMTAyMDgzMjM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzE2MjliM2NkZTU3NDQyNDI5OTQyNTEwOGQwMzBmMWY4ZDc5MmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPx2xey5wG/cdyDNLFI54571IAMh
5h0CdcXQFwcuq2Pf9f7IciM+YuQgVjiqogWtVhUHjFMnMli2emjrW0QiGoT2xbDQ
NjWAyoKutDaVgqzVs/OaQpTNV0pTpUG0/7irejKY9FqwjpI2FTQb9PenjcFVO5ee
OWHE8/2UOBu9xKNvXePKqnekwLA/mZa3YUN3jnUj2XEnpfaDc0Ekh/eW2YZT5eZb
p+rHxMaN0Auq2SjnSaArZiiHE22GTUv0GKVxAMPALItEvWwK6X5hqvV6gI3RHeS+
TiPYzMDLGcBfaqEtc+FtziaNwoyXGyOxMwb5MZFiAkneV8dfOQ1WRs3RwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDwWKbPN5XRCQplCUQjQMPH415LzMB8GA1UdIwQY
MBaAFDe4IhCZSGo7Ez4BOeNLk0JkzdcAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjdnaUVKbElhanNUUGdFNTQwdVRRbVROMXdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kZTk1NmYtZTU1Yi00MzdlLTg1ZDkt
Njg2ZjgzNmNiY2FkLzEvUEJZcHM4M2xkRUpDbVVKUkNOQXc4ZmpYa3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kZTk1NmYtZTU1Yi00MzdlLTg1ZDktNjg2ZjgzNmNiY2Fk
LzEvTjdnaUVKbElhanNUUGdFNTQwdVRRbVROMXdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDJT24MA0E
AgACMAcDBQMqBsUAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ2GVh7cgicBJGy28h4R2z
Hdk1BKj6CFnceGJ/+SfCMgnyiIr3cDJYaMGINpZIvmsfnSZXi4KgVRDiKQqG3l5L
4bCqyFGUgoueRcldVkYwW/W2TCOwyTVcCAA/gR+94NQo6rsGoUqJZFSR63RvI6fV
m5gV/rI9eZA1kdimCNa4Y71ZK++Mw5Qf9lXUAQ9+d3UN9Z+RuQVw6JD46UfaGUAn
MB5MeaIu27LMrTtPQlHeDWFi0qVvBPfUDSNlW7EvRx11v2C4WEaTXjiB4V7VRSPy
cAEhtl3N4SJ9kzavJ8vrNtq4ZW/G8G0Kez59g3nh6WPdZFXfAuBUt7Nju558Yffi
-----END CERTIFICATE-----