Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/AP7i3LahdsovYM70eVMlu0H0VyQ.roa
File:                     AP7i3LahdsovYM70eVMlu0H0VyQ.roa (raw, json)
Hash identifier:          gGYT6xMXK+q6XWFTZbqb5glJj73Q26Rxlysft5i280U=
Subject key identifier:   00:FE:E2:DC:B6:A1:76:CA:2F:60:CE:F4:79:53:25:BB:41:F4:57:24
Certificate issuer:       /CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
Certificate serial:       0194258E49589E1B8CA530CF2533456D3BDE
Authority key identifier: E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/AP7i3LahdsovYM70eVMlu0H0VyQ.roa
Signing time:             Thu 02 Jan 2025 05:47:49 +0000
ROA not before:           Thu 02 Jan 2025 05:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34373
IP address blocks:        37.143.36.0/23 maxlen: 23
                          37.143.36.0/24 maxlen: 24
                          37.143.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:49:58:9e:1b:8c:a5:30:cf:25:33:45:6d:3b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e138ec242a43e9c9d4ceb25dc90e5453373d3f46
        Validity
            Not Before: Jan  2 05:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00fee2dcb6a176ca2f60cef4795325bb41f45724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4c:a2:a5:c5:65:44:ff:6c:c6:8b:56:40:8e:
                    43:51:49:5d:df:27:86:85:c9:4b:dc:b0:b8:a0:66:
                    65:d5:f0:61:fd:0a:98:e8:22:c6:ec:a0:3d:c8:49:
                    1c:50:dc:30:48:22:70:e6:cf:87:f9:de:64:0e:1d:
                    75:42:bc:f9:eb:2d:c2:bf:d6:1a:01:23:0d:99:3d:
                    af:8e:31:5b:65:a4:14:ff:90:dc:be:fd:5d:f4:70:
                    9d:48:31:83:ed:38:88:f7:d8:86:fe:1c:ef:79:99:
                    45:a0:eb:a4:5f:82:a6:82:5e:a7:61:c7:95:3a:f4:
                    34:ff:66:df:63:11:67:46:0f:af:a6:ec:2a:48:d9:
                    d8:d0:9d:f8:ab:f7:40:ad:af:08:9a:e0:a9:0a:7f:
                    d0:0f:93:a9:58:23:4c:15:5e:d9:24:57:a6:34:67:
                    2b:d6:25:82:4a:1e:3d:cd:80:76:90:03:f4:a1:e0:
                    b6:7f:ed:96:11:23:e2:83:1a:7c:cf:06:b7:70:09:
                    80:6d:18:bf:af:64:25:02:f2:c3:0b:b0:43:0e:55:
                    1b:d4:95:03:5f:98:98:a2:72:ac:22:02:42:ec:cc:
                    48:70:a6:56:6c:17:e1:97:0c:51:b5:c1:f5:6d:43:
                    cf:d7:4e:59:17:ed:da:c9:23:ff:b2:49:52:6f:c6:
                    2c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:FE:E2:DC:B6:A1:76:CA:2F:60:CE:F4:79:53:25:BB:41:F4:57:24
            X509v3 Authority Key Identifier:
                keyid:E1:38:EC:24:2A:43:E9:C9:D4:CE:B2:5D:C9:0E:54:53:37:3D:3F:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/AP7i3LahdsovYM70eVMlu0H0VyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/0b7fd3-90f0-45d1-8a58-6785cd456871/1/4TjsJCpD6cnUzrJdyQ5UUzc9P0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:ba:73:22:94:6d:db:aa:a8:28:ad:c4:70:e0:1e:32:09:90:
         38:0d:27:c3:49:9f:90:72:fa:ab:2b:14:19:91:6e:1c:e5:1f:
         5e:9c:64:c6:f8:a2:08:84:a6:d7:0e:aa:c9:3a:08:2f:64:6b:
         45:80:4d:6f:5c:d8:e5:3a:33:77:93:32:59:3d:f0:2a:a0:49:
         1d:d6:f7:a3:ac:45:9b:81:3c:12:c0:3a:6d:ed:c4:f7:4e:53:
         a7:70:f3:81:31:d4:3b:2f:6d:9d:56:ce:cd:b9:15:af:5d:50:
         11:d7:c2:3d:53:f8:68:d2:85:2a:8f:e2:8c:dc:68:8b:b9:bf:
         14:78:8b:1e:83:ea:a5:6f:68:16:02:10:15:4a:27:a7:bd:47:
         27:cb:c1:82:60:c3:7d:22:8e:b6:97:59:29:62:4c:5b:4b:ac:
         95:07:bb:54:40:d0:3a:be:08:e3:a1:ff:c1:59:49:e5:f8:93:
         54:06:fb:09:38:a6:ed:af:71:d7:80:22:fc:d8:e8:ed:c5:d7:
         f2:aa:5c:52:bb:96:b8:e5:eb:c7:fb:9b:fb:3a:0b:04:e6:0e:
         7c:df:aa:e5:c3:83:d1:c3:e7:1e:bb:ef:6f:36:ce:e4:7b:09:
         43:6e:5d:fa:aa:b6:70:87:9c:57:83:d6:6f:44:cb:de:0a:dd:
         fd:77:eb:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljklYnhuMpTDPJTNFbTveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMzhlYzI0MmE0M2U5YzlkNGNlYjI1ZGM5MGU1NDUzMzcz
ZDNmNDYwHhcNMjUwMTAyMDU0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGZlZTJkY2I2YTE3NmNhMmY2MGNlZjQ3OTUzMjViYjQxZjQ1NzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUyipcVlRP9sxotWQI5DUUld3yeG
hclL3LC4oGZl1fBh/QqY6CLG7KA9yEkcUNwwSCJw5s+H+d5kDh11Qrz56y3Cv9Ya
ASMNmT2vjjFbZaQU/5Dcvv1d9HCdSDGD7TiI99iG/hzveZlFoOukX4Kmgl6nYceV
OvQ0/2bfYxFnRg+vpuwqSNnY0J34q/dAra8ImuCpCn/QD5OpWCNMFV7ZJFemNGcr
1iWCSh49zYB2kAP0oeC2f+2WESPigxp8zwa3cAmAbRi/r2QlAvLDC7BDDlUb1JUD
X5iYonKsIgJC7MxIcKZWbBfhlwxRtcH1bUPP105ZF+3aySP/sklSb8YsQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAD+4ty2oXbKL2DO9HlTJbtB9FckMB8GA1UdIwQY
MBaAFOE47CQqQ+nJ1M6yXckOVFM3PT9GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgt
Njc4NWNkNDU2ODcxLzEvQVA3aTNMYWhkc292WU03MGVWTWx1MEgwVnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8wYjdmZDMtOTBmMC00NWQxLThhNTgtNjc4NWNkNDU2ODcx
LzEvNFRqc0pDcEQ2Y25VenJKZHlRNVVVemM5UDBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJY8kMA0G
CSqGSIb3DQEBCwUAA4IBAQATunMilG3bqqgorcRw4B4yCZA4DSfDSZ+QcvqrKxQZ
kW4c5R9enGTG+KIIhKbXDqrJOggvZGtFgE1vXNjlOjN3kzJZPfAqoEkd1vejrEWb
gTwSwDpt7cT3TlOncPOBMdQ7L22dVs7NuRWvXVAR18I9U/ho0oUqj+KM3GiLub8U
eIseg+qlb2gWAhAVSienvUcny8GCYMN9Io62l1kpYkxbS6yVB7tUQNA6vgjjof/B
WUnl+JNUBvsJOKbtr3HXgCL82OjtxdfyqlxSu5a45evH+5v7OgsE5g5836rlw4PR
w+ceu+9vNs7kewlDbl36qrZwh5xXg9ZvRMveCt39d+t1
-----END CERTIFICATE-----