Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/aeb84a-7e75-48f5-ba38-0cb218e5e707/1/GQxkJdIQ2mMnuH7dZw47ZjRqiOY.roa
File:                     GQxkJdIQ2mMnuH7dZw47ZjRqiOY.roa (raw, json)
Hash identifier:          j81MHjapkMDfvn23UflaNVCyJQMSfhc/nd+jMYFAbFo=
Subject key identifier:   19:0C:64:25:D2:10:DA:63:27:B8:7E:DD:67:0E:3B:66:34:6A:88:E6
Certificate issuer:       /CN=8f6c424cfe92703100d50a2832253744dd756452
Certificate serial:       0194252196533DEE1978CC72FF4BA05F1B43
Authority key identifier: 8F:6C:42:4C:FE:92:70:31:00:D5:0A:28:32:25:37:44:DD:75:64:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j2xCTP6ScDEA1QooMiU3RN11ZFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/aeb84a-7e75-48f5-ba38-0cb218e5e707/1/GQxkJdIQ2mMnuH7dZw47ZjRqiOY.roa
Signing time:             Thu 02 Jan 2025 03:49:05 +0000
ROA not before:           Thu 02 Jan 2025 03:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210588
IP address blocks:        37.200.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/aeb84a-7e75-48f5-ba38-0cb218e5e707/1/j2xCTP6ScDEA1QooMiU3RN11ZFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/aeb84a-7e75-48f5-ba38-0cb218e5e707/1/j2xCTP6ScDEA1QooMiU3RN11ZFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j2xCTP6ScDEA1QooMiU3RN11ZFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:96:53:3d:ee:19:78:cc:72:ff:4b:a0:5f:1b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f6c424cfe92703100d50a2832253744dd756452
        Validity
            Not Before: Jan  2 03:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=190c6425d210da6327b87edd670e3b66346a88e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:6b:78:c1:c5:6d:9a:f7:3e:55:65:cd:5c:a5:
                    eb:2d:d2:a9:46:7b:a6:b7:13:85:cd:97:3c:a2:9a:
                    94:b1:24:b8:30:4f:d9:e1:f7:c1:92:ce:b9:b2:1d:
                    22:52:ca:88:cf:71:c1:7b:00:7b:46:ce:d5:6f:c1:
                    45:4f:58:70:e8:c6:a9:7a:6c:07:c7:d0:35:74:ae:
                    9a:cc:e6:76:2a:52:29:05:ec:4a:b3:9e:dc:b1:c5:
                    20:35:3a:7c:b2:20:58:8a:7d:c4:49:87:e3:76:77:
                    60:84:04:49:59:de:08:50:cc:7f:4d:02:d3:d3:e2:
                    70:6e:88:a4:32:52:50:77:f5:e0:79:4f:37:49:dc:
                    c6:06:f5:69:bd:bc:ed:76:1a:85:dd:2d:e5:0a:2e:
                    b3:99:a5:11:ba:5c:f1:a5:74:18:8e:91:4a:0d:46:
                    99:0a:7d:d1:e1:e1:92:14:6b:b9:ce:77:76:ed:10:
                    f5:88:a2:5a:f2:96:5d:15:80:01:8a:ab:02:a7:de:
                    cf:13:89:85:12:64:eb:0f:f1:6d:d6:21:1d:0a:88:
                    38:e2:0a:26:8e:60:24:2d:99:a4:78:af:a7:77:af:
                    83:6d:52:67:00:fd:37:bd:74:7a:d1:eb:8d:e7:6d:
                    42:d0:83:6a:f6:1b:80:32:17:82:25:42:ea:6f:56:
                    50:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:0C:64:25:D2:10:DA:63:27:B8:7E:DD:67:0E:3B:66:34:6A:88:E6
            X509v3 Authority Key Identifier:
                keyid:8F:6C:42:4C:FE:92:70:31:00:D5:0A:28:32:25:37:44:DD:75:64:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j2xCTP6ScDEA1QooMiU3RN11ZFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/aeb84a-7e75-48f5-ba38-0cb218e5e707/1/GQxkJdIQ2mMnuH7dZw47ZjRqiOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/aeb84a-7e75-48f5-ba38-0cb218e5e707/1/j2xCTP6ScDEA1QooMiU3RN11ZFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.200.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:bb:64:8d:7f:a7:b7:b0:5d:bc:99:b5:e8:e5:2b:1a:3e:8f:
         8d:df:ce:8c:d0:a0:1f:5f:60:6d:ee:0c:4a:9b:85:ea:e7:3e:
         a8:d3:48:61:83:2b:6b:52:9c:72:42:01:87:c2:1c:bf:98:85:
         14:eb:15:87:03:3d:f3:be:f0:33:71:7d:f0:b9:d5:4c:af:f7:
         3a:12:bf:7d:1c:21:77:86:c9:b9:69:61:65:83:ae:31:48:79:
         54:05:1a:a1:22:6c:57:cb:63:87:8c:00:ec:d7:86:c4:14:ed:
         c3:ab:6c:a3:45:30:84:93:f1:65:93:7d:45:44:75:1a:cc:11:
         1e:53:d4:13:bc:dd:1f:8d:0f:9f:f2:6d:a4:dd:8a:ca:2a:d6:
         12:0c:31:e1:e7:9b:ba:c8:d0:24:da:4a:f9:27:ae:2a:e8:17:
         13:61:a1:c6:19:99:af:44:89:45:c8:bd:bb:8c:e6:f8:3f:41:
         4d:e7:0b:33:00:5f:d7:ae:a2:97:45:bb:19:d9:1d:3e:87:6a:
         94:2a:91:36:3a:9f:51:23:f1:00:57:2a:9d:29:b6:ed:5e:14:
         07:91:2f:01:f9:9d:99:90:b5:04:6c:d4:3e:7b:cc:a0:8a:05:
         ff:c1:7b:22:17:d7:ce:70:d9:2a:c3:f6:cf:b6:0d:c3:26:c5:
         31:8a:5b:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIZZTPe4ZeMxy/0ugXxtDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNmM0MjRjZmU5MjcwMzEwMGQ1MGEyODMyMjUzNzQ0ZGQ3
NTY0NTIwHhcNMjUwMTAyMDM0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTBjNjQyNWQyMTBkYTYzMjdiODdlZGQ2NzBlM2I2NjM0NmE4OGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWt4wcVtmvc+VWXNXKXrLdKpRnum
txOFzZc8opqUsSS4ME/Z4ffBks65sh0iUsqIz3HBewB7Rs7Vb8FFT1hw6MapemwH
x9A1dK6azOZ2KlIpBexKs57cscUgNTp8siBYin3ESYfjdndghARJWd4IUMx/TQLT
0+JwboikMlJQd/XgeU83SdzGBvVpvbztdhqF3S3lCi6zmaURulzxpXQYjpFKDUaZ
Cn3R4eGSFGu5znd27RD1iKJa8pZdFYABiqsCp97PE4mFEmTrD/Ft1iEdCog44gom
jmAkLZmkeK+nd6+DbVJnAP03vXR60euN521C0INq9huAMheCJULqb1ZQbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkMZCXSENpjJ7h+3WcOO2Y0aojmMB8GA1UdIwQY
MBaAFI9sQkz+knAxANUKKDIlN0TddWRSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajJ4Q1RQNlNjREVBMVFvb01pVTNSTjExWkZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9hZWI4NGEtN2U3NS00OGY1LWJhMzgt
MGNiMjE4ZTVlNzA3LzEvR1F4a0pkSVEybU1udUg3ZFp3NDdaalJxaU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9hZWI4NGEtN2U3NS00OGY1LWJhMzgtMGNiMjE4ZTVlNzA3
LzEvajJ4Q1RQNlNjREVBMVFvb01pVTNSTjExWkZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJchXMA0G
CSqGSIb3DQEBCwUAA4IBAQAXu2SNf6e3sF28mbXo5SsaPo+N386M0KAfX2Bt7gxK
m4Xq5z6o00hhgytrUpxyQgGHwhy/mIUU6xWHAz3zvvAzcX3wudVMr/c6Er99HCF3
hsm5aWFlg64xSHlUBRqhImxXy2OHjADs14bEFO3Dq2yjRTCEk/Flk31FRHUazBEe
U9QTvN0fjQ+f8m2k3YrKKtYSDDHh55u6yNAk2kr5J64q6BcTYaHGGZmvRIlFyL27
jOb4P0FN5wszAF/XrqKXRbsZ2R0+h2qUKpE2Op9RI/EAVyqdKbbtXhQHkS8B+Z2Z
kLUEbNQ+e8ygigX/wXsiF9fOcNkqw/bPtg3DJsUxiltb
-----END CERTIFICATE-----