Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/9Ua5w3i3hNnRvdugF5SVD2EHQUM.roa
File:                     9Ua5w3i3hNnRvdugF5SVD2EHQUM.roa (raw, json)
Hash identifier:          hp2nkCE+kTfI7GYFVeuU7M1nxKn9AfgdvE/PObht/nU=
Subject key identifier:   F5:46:B9:C3:78:B7:84:D9:D1:BD:DB:A0:17:94:95:0F:61:07:41:43
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018EECAB801733963D66D47AE457F70E99A1
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/9Ua5w3i3hNnRvdugF5SVD2EHQUM.roa
Signing time:             Wed 17 Apr 2024 15:27:26 +0000
ROA not before:           Wed 17 Apr 2024 15:27:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        37.153.132.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ec:ab:80:17:33:96:3d:66:d4:7a:e4:57:f7:0e:99:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Apr 17 15:27:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f546b9c378b784d9d1bddba01794950f61074143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:19:4a:a3:5c:29:b5:3c:27:65:67:bf:32:f6:
                    d6:3e:c0:ff:5e:af:8e:25:f5:aa:c2:34:cc:d4:4f:
                    ef:b5:3a:b9:92:20:cc:c9:0b:74:45:94:23:c9:16:
                    41:17:b6:0d:ef:1b:61:de:91:12:3c:39:3b:62:18:
                    0e:0d:27:f9:13:c6:6d:9b:e2:61:48:ac:ab:d2:c5:
                    05:44:00:46:77:fc:7f:20:f4:15:3a:b8:d3:d6:72:
                    4a:b4:b4:94:21:e2:b6:9d:9f:b0:7a:91:30:84:23:
                    f3:34:d2:c0:41:ff:41:ca:9b:86:51:fe:94:51:d4:
                    71:1d:d3:79:e4:df:cb:4c:60:6a:94:5f:f3:d5:58:
                    ba:88:4a:26:b8:41:f9:f6:63:5d:2e:64:69:10:df:
                    34:fe:ca:0d:c1:4c:61:89:00:b5:ec:9c:6a:51:14:
                    cb:5a:a9:bc:de:31:12:56:20:7b:9e:dd:2c:e7:34:
                    b7:36:17:89:c8:b9:e7:db:8d:d6:28:68:7e:e9:8c:
                    d6:a6:da:1e:2e:95:38:c6:70:ef:1d:15:52:43:10:
                    3a:d3:6d:cc:a4:02:0d:7d:44:72:b7:d0:df:7a:6d:
                    7f:7b:04:d7:7e:3c:21:14:d3:35:99:99:94:9e:07:
                    bb:dc:29:45:b7:d4:c4:d0:ac:f3:4e:4b:2d:99:17:
                    00:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:46:B9:C3:78:B7:84:D9:D1:BD:DB:A0:17:94:95:0F:61:07:41:43
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/9Ua5w3i3hNnRvdugF5SVD2EHQUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:44:26:70:43:89:0b:c0:e5:4c:ad:27:f7:1e:10:59:5b:3c:
         96:46:08:51:be:2c:28:f1:d7:6e:1d:68:47:15:9d:ad:a3:ee:
         8e:07:92:65:50:a4:7d:97:d9:7b:f9:31:1c:c2:a1:a2:94:77:
         f9:a0:a9:0e:c9:87:ab:e8:38:a8:8f:e1:63:e7:94:6d:2c:29:
         84:7c:3e:43:b1:e5:cc:95:9c:ee:cd:3b:47:68:b2:2c:14:4a:
         ca:85:95:53:3d:ee:8f:a2:1e:40:0d:fb:4a:d6:9a:d9:ca:46:
         a0:f7:57:f3:5e:25:d8:e9:58:47:f2:dd:eb:67:80:f9:27:ca:
         11:ca:22:00:09:a0:49:f0:89:c8:84:54:32:ca:ec:8c:25:95:
         0c:2c:df:ca:2a:64:2a:e6:98:3a:6d:82:f0:47:37:a3:8f:df:
         a8:04:aa:99:9b:4d:1e:7a:88:d1:8d:1e:ae:ad:54:46:5e:82:
         0b:80:bf:2f:93:d7:9c:83:1a:ee:08:6b:28:84:94:82:62:7c:
         a7:20:aa:89:0c:7f:56:bb:85:d7:7a:1c:53:3b:d6:21:05:69:
         4b:f0:12:5f:a4:7e:34:13:6e:ec:f5:64:be:ce:c8:01:fe:f1:
         40:ed:10:8a:27:53:d1:d5:e9:c5:9e:f9:06:a3:fd:d3:a7:86:
         af:2a:e3:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7sq4AXM5Y9ZtR65Ff3DpmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjQwNDE3MTUyNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQ2YjljMzc4Yjc4NGQ5ZDFiZGRiYTAxNzk0OTUwZjYxMDc0MTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthlKo1wptTwnZWe/MvbWPsD/Xq+O
JfWqwjTM1E/vtTq5kiDMyQt0RZQjyRZBF7YN7xth3pESPDk7YhgODSf5E8Ztm+Jh
SKyr0sUFRABGd/x/IPQVOrjT1nJKtLSUIeK2nZ+wepEwhCPzNNLAQf9BypuGUf6U
UdRxHdN55N/LTGBqlF/z1Vi6iEomuEH59mNdLmRpEN80/soNwUxhiQC17JxqURTL
Wqm83jESViB7nt0s5zS3NheJyLnn243WKGh+6YzWptoeLpU4xnDvHRVSQxA6023M
pAINfURyt9Dfem1/ewTXfjwhFNM1mZmUnge73ClFt9TE0KzzTkstmRcAfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVGucN4t4TZ0b3boBeUlQ9hB0FDMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvOVVhNXczaTNoTm5SdmR1Z0Y1U1ZEMkVIUVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmEMA0G
CSqGSIb3DQEBCwUAA4IBAQAQRCZwQ4kLwOVMrSf3HhBZWzyWRghRviwo8dduHWhH
FZ2to+6OB5JlUKR9l9l7+TEcwqGilHf5oKkOyYer6Dioj+Fj55RtLCmEfD5DseXM
lZzuzTtHaLIsFErKhZVTPe6Poh5ADftK1prZykag91fzXiXY6VhH8t3rZ4D5J8oR
yiIACaBJ8InIhFQyyuyMJZUMLN/KKmQq5pg6bYLwRzejj9+oBKqZm00eeojRjR6u
rVRGXoILgL8vk9ecgxruCGsohJSCYnynIKqJDH9Wu4XXehxTO9YhBWlL8BJfpH40
E27s9WS+zsgB/vFA7RCKJ1PR1enFnvkGo/3Tp4avKuNR
-----END CERTIFICATE-----