Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/d78IMKVOcYTET1hTbeXKZI6zMyo.roa
File:                     d78IMKVOcYTET1hTbeXKZI6zMyo.roa (raw, json)
Hash identifier:          LiEGKzhdIYrWQQXx6W1hJbjCx4lhZKe/wNIib2h4pio=
Subject key identifier:   77:BF:08:30:A5:4E:71:84:C4:4F:58:53:6D:E5:CA:64:8E:B3:33:2A
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018F76E00DFF8B0EEA3B66CD2C0C12698FF8
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/d78IMKVOcYTET1hTbeXKZI6zMyo.roa
Signing time:             Tue 14 May 2024 11:32:25 +0000
ROA not before:           Tue 14 May 2024 11:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34653
IP address blocks:        37.157.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:e0:0d:ff:8b:0e:ea:3b:66:cd:2c:0c:12:69:8f:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: May 14 11:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77bf0830a54e7184c44f58536de5ca648eb3332a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:61:95:d8:8f:ea:c3:4d:7f:71:97:52:78:7d:
                    9b:be:a0:2b:5e:50:80:1c:54:fc:6f:76:a3:99:c3:
                    e9:8d:13:73:d6:f9:02:0f:97:25:54:b0:c0:42:7b:
                    bd:20:d3:03:80:ab:79:43:4a:6c:c6:df:17:e4:9c:
                    ab:76:d9:00:d5:c2:3f:77:ea:d1:5a:f9:97:61:f9:
                    c2:6a:05:3d:14:87:6f:e9:ee:99:2a:c0:3c:13:2f:
                    88:3e:f8:07:f1:18:10:39:97:0c:c7:fa:2c:b0:3a:
                    58:84:d3:79:54:a1:42:85:e1:b3:b1:97:a3:41:ac:
                    95:2c:ea:cb:4f:53:91:2f:14:24:7b:d8:d0:a8:0b:
                    98:1e:23:cf:55:cf:00:9e:0d:49:0e:ee:08:b9:6d:
                    bf:95:60:02:31:6d:5d:d1:c8:04:2e:33:42:b9:f1:
                    f5:1c:5f:b0:30:ad:93:1b:ee:aa:98:a6:56:8a:dd:
                    14:17:11:4d:5b:62:8e:21:f2:a4:7c:93:85:3e:50:
                    54:3f:45:49:44:3e:61:48:61:d0:e0:9b:94:c8:ab:
                    4a:11:5e:6a:96:bf:2d:34:d6:fb:71:93:33:64:c2:
                    91:ba:9c:43:ac:b8:4d:2a:a9:d6:3e:16:b6:13:dc:
                    e1:ab:03:7e:c4:c6:bb:9c:80:f5:b6:0c:28:4c:d0:
                    84:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:BF:08:30:A5:4E:71:84:C4:4F:58:53:6D:E5:CA:64:8E:B3:33:2A
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/d78IMKVOcYTET1hTbeXKZI6zMyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:d7:62:28:fe:0c:c6:bb:72:da:7b:9a:87:3d:aa:24:d0:34:
         7f:6b:cb:50:d4:32:17:c1:ba:e5:a0:68:c9:ad:95:a7:b9:12:
         db:10:f1:d6:25:8c:13:17:a0:b0:bd:ba:46:cb:dc:b4:e2:80:
         b7:dd:a0:56:55:ac:ec:89:de:7f:b4:49:0d:a6:12:7b:9d:e0:
         72:cd:36:19:7e:b5:2e:09:04:11:dd:d5:7f:a1:10:65:11:07:
         6f:75:bb:ac:ca:94:56:d0:7a:4c:20:dc:a6:57:fb:91:7e:ed:
         8f:17:61:b4:2a:09:48:1b:e1:a9:bb:09:26:d9:26:0d:d8:be:
         a8:b9:ae:1d:0d:2d:1e:55:7f:fa:68:b8:20:1d:f9:4f:4c:c7:
         76:a3:dc:8e:df:08:1f:ac:6e:8c:21:49:19:93:e6:86:f0:0b:
         ed:87:d5:53:46:cb:34:6c:bf:8a:0e:04:6f:eb:60:0e:54:c0:
         6f:5f:ef:5b:18:c4:ab:2c:17:e5:bf:37:82:6f:52:8d:27:55:
         62:1a:7e:4a:5c:b0:10:72:5b:3b:fc:9a:2e:ae:7e:5c:df:76:
         3a:e4:28:aa:c9:cc:80:e3:9d:13:33:dd:63:44:ac:eb:75:d6:
         b8:99:bb:5b:c2:1d:c1:47:19:8d:64:e9:71:4d:92:23:8e:6c:
         86:1b:95:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY924A3/iw7qO2bNLAwSaY/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwNTE0MTEzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2JmMDgzMGE1NGU3MTg0YzQ0ZjU4NTM2ZGU1Y2E2NDhlYjMzMzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWGV2I/qw01/cZdSeH2bvqArXlCA
HFT8b3ajmcPpjRNz1vkCD5clVLDAQnu9INMDgKt5Q0psxt8X5JyrdtkA1cI/d+rR
WvmXYfnCagU9FIdv6e6ZKsA8Ey+IPvgH8RgQOZcMx/ossDpYhNN5VKFCheGzsZej
QayVLOrLT1ORLxQke9jQqAuYHiPPVc8Ang1JDu4IuW2/lWACMW1d0cgELjNCufH1
HF+wMK2TG+6qmKZWit0UFxFNW2KOIfKkfJOFPlBUP0VJRD5hSGHQ4JuUyKtKEV5q
lr8tNNb7cZMzZMKRupxDrLhNKqnWPha2E9zhqwN+xMa7nID1tgwoTNCEswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHe/CDClTnGExE9YU23lymSOszMqMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvZDc4SU1LVk9jWVRFVDFoVGJlWEtaSTZ6TXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZ2gMA0G
CSqGSIb3DQEBCwUAA4IBAQCh12Io/gzGu3Lae5qHPaok0DR/a8tQ1DIXwbrloGjJ
rZWnuRLbEPHWJYwTF6CwvbpGy9y04oC33aBWVazsid5/tEkNphJ7neByzTYZfrUu
CQQR3dV/oRBlEQdvdbusypRW0HpMINymV/uRfu2PF2G0KglIG+Gpuwkm2SYN2L6o
ua4dDS0eVX/6aLggHflPTMd2o9yO3wgfrG6MIUkZk+aG8Avth9VTRss0bL+KDgRv
62AOVMBvX+9bGMSrLBflvzeCb1KNJ1ViGn5KXLAQcls7/Journ5c33Y65CiqycyA
450TM91jRKzrdda4mbtbwh3BRxmNZOlxTZIjjmyGG5VE
-----END CERTIFICATE-----