Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/zfYBzyR4XCbBgM1ilkxfdwCQIbQ.roa
File:                     zfYBzyR4XCbBgM1ilkxfdwCQIbQ.roa (raw, json)
Hash identifier:          ZQ37lZflawjbgxhO2eI1Uv+5KVEl1Uecz8BJ0COt2xk=
Subject key identifier:   CD:F6:01:CF:24:78:5C:26:C1:80:CD:62:96:4C:5F:77:00:90:21:B4
Certificate issuer:       /CN=56e8521e80f2f071a31385bcdfbc31a621c68f94
Certificate serial:       019686744BC603F21F9DA5BEF00E47A1BBC2
Authority key identifier: 56:E8:52:1E:80:F2:F0:71:A3:13:85:BC:DF:BC:31:A6:21:C6:8F:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VuhSHoDy8HGjE4W837wxpiHGj5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/zfYBzyR4XCbBgM1ilkxfdwCQIbQ.roa
Signing time:             Wed 30 Apr 2025 11:28:10 +0000
ROA not before:           Wed 30 Apr 2025 11:28:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58095
IP address blocks:        37.252.16.0/24 maxlen: 24
                          37.252.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/VuhSHoDy8HGjE4W837wxpiHGj5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/VuhSHoDy8HGjE4W837wxpiHGj5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VuhSHoDy8HGjE4W837wxpiHGj5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 11:28:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:86:74:4b:c6:03:f2:1f:9d:a5:be:f0:0e:47:a1:bb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56e8521e80f2f071a31385bcdfbc31a621c68f94
        Validity
            Not Before: Apr 30 11:28:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdf601cf24785c26c180cd62964c5f77009021b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6a:37:ac:f4:12:6e:53:d7:54:ac:c2:4b:c3:
                    3f:8e:8c:89:9d:6b:38:9a:8c:49:24:1d:0a:b3:2c:
                    47:a0:4e:bc:76:f2:c5:d0:ff:90:0d:10:6b:7a:ce:
                    a4:64:86:9f:61:ed:7d:f0:dc:54:b5:9c:ce:f3:6e:
                    24:3b:11:5a:12:99:e7:e4:18:16:51:6c:e1:26:af:
                    7a:5a:e5:6b:c1:0a:0f:55:2c:be:a0:fb:12:99:74:
                    aa:12:f7:e0:dc:f6:78:bf:b2:57:1c:39:fa:b8:b9:
                    58:0d:22:11:62:72:c9:bc:96:a0:1c:fe:bb:09:7c:
                    2b:a8:99:a5:46:6f:53:e6:39:4a:82:30:25:99:0a:
                    75:85:0c:6e:ba:2a:fc:21:d3:44:07:14:18:c9:65:
                    4c:b4:ea:33:5f:a8:81:4f:5e:6d:3e:59:6f:d5:54:
                    22:a6:31:1f:1b:67:7e:b4:70:be:b0:dd:e3:74:22:
                    3e:d1:e2:38:b7:6e:b5:54:34:f4:21:27:ec:f3:a3:
                    10:2c:e7:18:af:7e:4d:50:0d:8c:e2:6d:7e:3a:ce:
                    f2:89:90:c1:49:b6:be:33:53:e2:a4:e5:a2:be:77:
                    e0:60:31:09:cf:05:37:a7:71:05:d6:2c:85:66:e0:
                    86:8f:ac:e2:2c:c5:bd:19:54:a6:39:c8:b4:d8:fc:
                    88:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F6:01:CF:24:78:5C:26:C1:80:CD:62:96:4C:5F:77:00:90:21:B4
            X509v3 Authority Key Identifier:
                keyid:56:E8:52:1E:80:F2:F0:71:A3:13:85:BC:DF:BC:31:A6:21:C6:8F:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VuhSHoDy8HGjE4W837wxpiHGj5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/zfYBzyR4XCbBgM1ilkxfdwCQIbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9f399-0a89-48ca-9473-0da0f2ad4688/1/VuhSHoDy8HGjE4W837wxpiHGj5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.252.16.0/24
                  37.252.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:3d:99:ed:a9:a2:32:23:0c:4b:d4:b6:eb:d2:7e:88:c9:8a:
         21:db:92:b2:be:5c:0b:70:6f:6e:21:94:c3:f5:0a:dd:7b:f4:
         ab:65:64:4a:1d:ec:79:23:6c:9e:be:e5:a2:a1:f7:3a:81:f8:
         0d:b3:16:cc:05:11:5f:51:bf:37:87:94:49:ca:8b:b3:9b:d0:
         68:33:7c:35:dc:89:96:b2:c9:0a:de:6b:66:c7:a8:31:35:df:
         c7:0c:7b:60:d1:97:a3:e3:3e:f1:be:d0:d5:c5:6f:01:47:ca:
         96:92:85:5f:a7:91:e1:3a:12:c5:08:90:a5:4e:ae:cc:1a:10:
         31:3a:c7:e3:c7:1a:2a:bb:a6:17:91:ea:df:77:e4:16:b1:b8:
         9c:99:60:e3:a7:1a:b9:14:67:9c:af:f9:77:51:6c:95:29:ae:
         8b:13:56:56:98:52:c4:e7:99:d6:f2:42:b0:73:6c:0e:42:e2:
         3c:1d:3a:5b:b4:dd:bd:23:c3:c1:36:eb:07:b2:8e:34:2a:fa:
         c2:c7:04:d3:de:85:b1:28:fc:ac:94:73:1c:dc:27:4e:33:d9:
         f3:0f:33:92:b7:9e:7b:81:5d:2d:25:03:13:0d:fd:12:a0:89:
         a2:02:72:67:13:60:38:aa:2a:ce:09:81:6b:80:92:55:84:fc:
         eb:25:8b:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaGdEvGA/IfnaW+8A5HobvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZTg1MjFlODBmMmYwNzFhMzEzODViY2RmYmMzMWE2MjFj
NjhmOTQwHhcNMjUwNDMwMTEyODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGY2MDFjZjI0Nzg1YzI2YzE4MGNkNjI5NjRjNWY3NzAwOTAyMWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGo3rPQSblPXVKzCS8M/joyJnWs4
moxJJB0KsyxHoE68dvLF0P+QDRBres6kZIafYe198NxUtZzO824kOxFaEpnn5BgW
UWzhJq96WuVrwQoPVSy+oPsSmXSqEvfg3PZ4v7JXHDn6uLlYDSIRYnLJvJagHP67
CXwrqJmlRm9T5jlKgjAlmQp1hQxuuir8IdNEBxQYyWVMtOozX6iBT15tPllv1VQi
pjEfG2d+tHC+sN3jdCI+0eI4t261VDT0ISfs86MQLOcYr35NUA2M4m1+Os7yiZDB
Sba+M1PipOWivnfgYDEJzwU3p3EF1iyFZuCGj6ziLMW9GVSmOci02PyI5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM32Ac8keFwmwYDNYpZMX3cAkCG0MB8GA1UdIwQY
MBaAFFboUh6A8vBxoxOFvN+8MaYhxo+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnVoU0hvRHk4SEdqRTRXODM3d3hwaUhHajVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWYzOTktMGE4OS00OGNhLTk0NzMt
MGRhMGYyYWQ0Njg4LzEvemZZQnp5UjRYQ2JCZ00xaWxreGZkd0NRSWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWYzOTktMGE4OS00OGNhLTk0NzMtMGRhMGYyYWQ0Njg4
LzEvVnVoU0hvRHk4SEdqRTRXODM3d3hwaUhHajVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJfwQAwQA
JfwSMA0GCSqGSIb3DQEBCwUAA4IBAQBTPZntqaIyIwxL1Lbr0n6IyYoh25KyvlwL
cG9uIZTD9Qrde/SrZWRKHex5I2yevuWiofc6gfgNsxbMBRFfUb83h5RJyouzm9Bo
M3w13ImWsskK3mtmx6gxNd/HDHtg0Zej4z7xvtDVxW8BR8qWkoVfp5HhOhLFCJCl
Tq7MGhAxOsfjxxoqu6YXkerfd+QWsbicmWDjpxq5FGecr/l3UWyVKa6LE1ZWmFLE
55nW8kKwc2wOQuI8HTpbtN29I8PBNusHso40KvrCxwTT3oWxKPyslHMc3CdOM9nz
DzOSt557gV0tJQMTDf0SoImiAnJnE2A4qirOCYFrgJJVhPzrJYtM
-----END CERTIFICATE-----