Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/nqK8kpSYyrSKMaEvvDzkkm62DuY.roa
File:                     nqK8kpSYyrSKMaEvvDzkkm62DuY.roa (raw, json)
Hash identifier:          GiB9efPeR8VDxJjx4X5Yp7E1DvjQkRODPO17/HFGvF0=
Subject key identifier:   9E:A2:BC:92:94:98:CA:B4:8A:31:A1:2F:BC:3C:E4:92:6E:B6:0E:E6
Certificate issuer:       /CN=02930f8c688c04d17433a2b9c7249bc625bce316
Certificate serial:       0194244550CE832D52A2CD6CA765BB9F9400
Authority key identifier: 02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/nqK8kpSYyrSKMaEvvDzkkm62DuY.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50889
IP address blocks:        37.186.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:50:ce:83:2d:52:a2:cd:6c:a7:65:bb:9f:94:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02930f8c688c04d17433a2b9c7249bc625bce316
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ea2bc929498cab48a31a12fbc3ce4926eb60ee6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f1:a5:6a:15:42:26:66:08:8c:00:64:bb:b8:
                    26:73:85:b7:24:8d:7a:83:6d:30:bc:77:c1:49:58:
                    55:38:0e:28:63:51:ee:69:2c:63:86:6c:93:99:4f:
                    c1:27:94:28:de:a1:c2:06:1a:e4:69:56:f2:b8:09:
                    2d:e6:3a:50:79:0a:88:b9:2d:50:66:d0:e0:55:f1:
                    23:3f:9a:e4:05:df:e5:7e:4c:60:96:ce:13:bc:fc:
                    0a:d6:3a:1e:97:ce:8e:54:6a:ca:ae:34:be:57:ae:
                    0b:a9:98:27:47:71:53:8e:0c:f5:3e:18:8c:b4:3f:
                    4c:07:3c:15:ad:de:f0:e0:2f:97:4c:9a:aa:a5:18:
                    5c:cf:13:5e:e4:71:67:20:18:fa:47:03:e7:f1:58:
                    36:d5:8f:0a:af:5f:4d:28:29:61:9e:45:a9:10:4b:
                    fe:4c:dd:d0:4e:62:6f:8e:be:4d:32:62:e8:34:44:
                    9d:c9:58:e7:83:0f:c0:c8:14:3d:06:f1:4a:19:b2:
                    8d:69:1f:a0:7c:96:65:ce:fd:42:5b:1f:62:48:c3:
                    51:f7:34:10:d7:19:86:a7:9d:a2:23:e9:b6:36:eb:
                    f9:b3:23:c8:1a:66:77:96:66:79:88:4f:3e:6d:bc:
                    44:1f:90:3f:74:10:e0:16:62:49:32:58:cb:92:5f:
                    3a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A2:BC:92:94:98:CA:B4:8A:31:A1:2F:BC:3C:E4:92:6E:B6:0E:E6
            X509v3 Authority Key Identifier:
                keyid:02:93:0F:8C:68:8C:04:D1:74:33:A2:B9:C7:24:9B:C6:25:BC:E3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ApMPjGiMBNF0M6K5xySbxiW84xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/nqK8kpSYyrSKMaEvvDzkkm62DuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/b2064b-be09-43d9-b087-a4e991b0f144/1/ApMPjGiMBNF0M6K5xySbxiW84xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.186.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:aa:97:0c:d5:b2:f1:93:f9:8a:3e:41:24:90:82:70:b0:f3:
         97:8a:2e:02:8f:ef:7a:bc:a8:9f:37:c3:19:7a:59:02:65:44:
         ea:a2:aa:40:4b:d2:40:0c:3e:0d:11:b4:e4:3e:e1:29:53:4a:
         8e:63:d2:39:de:07:f3:b9:d0:b0:56:8d:9b:2e:74:bc:2e:44:
         0b:c3:ca:90:ec:e4:e8:64:0f:d4:17:ef:a0:19:85:aa:d4:b4:
         de:18:3d:8c:4b:b1:9b:33:e5:51:0f:95:45:68:10:db:9b:7f:
         b5:29:67:ab:f4:b1:10:92:b7:87:0f:23:c1:b9:32:58:15:33:
         1c:f9:68:bd:96:4f:7e:61:8e:4e:47:7a:5f:90:64:9a:f7:be:
         0f:e0:aa:83:53:86:20:d7:46:cb:32:18:a6:38:b2:76:63:91:
         37:bf:9d:0e:8e:f1:b2:fd:93:74:8d:4e:4f:93:f5:19:44:f5:
         26:71:0d:7d:63:68:2d:d7:1c:7b:41:4c:28:dc:df:61:c8:56:
         56:13:67:e6:70:88:d4:ca:69:00:55:97:79:b2:41:30:90:38:
         68:49:99:ca:33:52:05:42:7f:18:20:cd:a5:b5:33:54:21:67:
         55:ad:03:42:f1:98:e2:ac:1d:09:e2:f1:05:44:a2:cc:43:7e:
         ef:01:a7:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVDOgy1Sos1sp2W7n5QAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyOTMwZjhjNjg4YzA0ZDE3NDMzYTJiOWM3MjQ5YmM2MjVi
Y2UzMTYwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWEyYmM5Mjk0OThjYWI0OGEzMWExMmZiYzNjZTQ5MjZlYjYwZWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/GlahVCJmYIjABku7gmc4W3JI16
g20wvHfBSVhVOA4oY1HuaSxjhmyTmU/BJ5Qo3qHCBhrkaVbyuAkt5jpQeQqIuS1Q
ZtDgVfEjP5rkBd/lfkxgls4TvPwK1joel86OVGrKrjS+V64LqZgnR3FTjgz1PhiM
tD9MBzwVrd7w4C+XTJqqpRhczxNe5HFnIBj6RwPn8Vg21Y8Kr19NKClhnkWpEEv+
TN3QTmJvjr5NMmLoNESdyVjngw/AyBQ9BvFKGbKNaR+gfJZlzv1CWx9iSMNR9zQQ
1xmGp52iI+m2Nuv5syPIGmZ3lmZ5iE8+bbxEH5A/dBDgFmJJMljLkl86yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6ivJKUmMq0ijGhL7w85JJutg7mMB8GA1UdIwQY
MBaAFAKTD4xojATRdDOiucckm8YlvOMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODct
YTRlOTkxYjBmMTQ0LzEvbnFLOGtwU1l5clNLTWFFdnZEemtrbTYyRHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9iMjA2NGItYmUwOS00M2Q5LWIwODctYTRlOTkxYjBmMTQ0
LzEvQXBNUGpHaU1CTkYwTTZLNXh5U2J4aVc4NHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJbpvMA0G
CSqGSIb3DQEBCwUAA4IBAQB5qpcM1bLxk/mKPkEkkIJwsPOXii4Cj+96vKifN8MZ
elkCZUTqoqpAS9JADD4NEbTkPuEpU0qOY9I53gfzudCwVo2bLnS8LkQLw8qQ7OTo
ZA/UF++gGYWq1LTeGD2MS7GbM+VRD5VFaBDbm3+1KWer9LEQkreHDyPBuTJYFTMc
+Wi9lk9+YY5OR3pfkGSa974P4KqDU4Yg10bLMhimOLJ2Y5E3v50OjvGy/ZN0jU5P
k/UZRPUmcQ19Y2gt1xx7QUwo3N9hyFZWE2fmcIjUymkAVZd5skEwkDhoSZnKM1IF
Qn8YIM2ltTNUIWdVrQNC8ZjirB0J4vEFRKLMQ37vAaf7
-----END CERTIFICATE-----