Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/fNae6M71mV294ZXPAPike0PbceE.roa
File:                     fNae6M71mV294ZXPAPike0PbceE.roa (raw, json)
Hash identifier:          yK1vBYE3EmPb37wOJedAwxWWRQFUDScm3ZCALz4wEUs=
Subject key identifier:   7C:D6:9E:E8:CE:F5:99:5D:BD:E1:95:CF:00:F8:A4:7B:43:DB:71:E1
Certificate issuer:       /CN=29993007c7c92df6178e7cb43183fd7f52a526d8
Certificate serial:       019470956616B72F47516C564FBC7DAADAE7
Authority key identifier: 29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/fNae6M71mV294ZXPAPike0PbceE.roa
Signing time:             Thu 16 Jan 2025 19:27:06 +0000
ROA not before:           Thu 16 Jan 2025 19:27:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12735
IP address blocks:        37.77.28.0/24 maxlen: 24
                          37.77.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:70:95:66:16:b7:2f:47:51:6c:56:4f:bc:7d:aa:da:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29993007c7c92df6178e7cb43183fd7f52a526d8
        Validity
            Not Before: Jan 16 19:27:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cd69ee8cef5995dbde195cf00f8a47b43db71e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:76:b8:5b:ef:44:b4:38:3b:d6:08:b1:1d:2e:
                    87:29:db:63:6d:d2:33:5c:97:b2:82:c8:50:46:dc:
                    e0:1b:01:8d:2b:66:ad:dc:00:04:18:a4:e8:bb:11:
                    18:6c:10:c3:f4:35:75:8a:56:71:f8:85:96:36:3b:
                    36:81:81:66:d2:6f:31:68:79:54:7d:31:50:18:86:
                    ea:30:f0:dd:a4:08:ae:6c:11:bb:f7:ee:be:df:c5:
                    5b:f6:73:f4:38:f2:eb:41:74:b4:86:ea:62:66:a6:
                    74:bf:a4:93:94:df:25:f9:db:d6:aa:c7:1b:e8:b1:
                    f9:16:3b:ec:bd:a9:80:83:4a:d2:e9:1b:28:34:b1:
                    36:5e:31:3e:ff:89:ca:68:4c:ad:19:5e:8d:1c:3b:
                    8a:5e:90:b1:b3:27:6d:e5:cd:c9:87:98:34:c8:6f:
                    a3:be:8d:07:43:ff:99:be:0f:44:23:6b:ed:93:e0:
                    e9:d8:63:1c:f7:53:91:58:8f:63:75:dc:2a:1e:d1:
                    c8:5f:6d:a7:2e:a5:13:7d:a7:07:c6:3e:ac:fd:2e:
                    c9:be:54:9e:9d:ae:51:9a:64:70:e4:85:63:4a:57:
                    13:e5:72:cc:6b:a4:e0:2b:8d:03:9f:48:05:dc:58:
                    6f:36:cb:05:be:dc:a7:4e:10:71:3f:1f:92:ce:e0:
                    f3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:D6:9E:E8:CE:F5:99:5D:BD:E1:95:CF:00:F8:A4:7B:43:DB:71:E1
            X509v3 Authority Key Identifier:
                keyid:29:99:30:07:C7:C9:2D:F6:17:8E:7C:B4:31:83:FD:7F:52:A5:26:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZkwB8fJLfYXjny0MYP9f1KlJtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/fNae6M71mV294ZXPAPike0PbceE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dc9b6f-3a6d-449f-8b89-1e829ffa1c3a/1/KZkwB8fJLfYXjny0MYP9f1KlJtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:a1:07:e4:23:93:79:44:47:1c:4c:cd:51:9c:83:05:3c:38:
         8f:0f:a5:bf:e3:dc:27:20:b5:59:d2:21:c4:d5:4d:bd:c5:ac:
         b1:94:f6:40:2a:b8:6f:7a:1d:4e:44:4c:c2:30:41:53:a6:d3:
         79:c1:6e:44:2d:36:b2:82:6c:ac:e9:3b:ff:b6:0b:d7:80:07:
         27:e4:c5:96:0e:7f:1e:52:08:8f:34:44:c4:c9:67:3e:54:c1:
         c9:26:0e:0a:93:55:61:0b:d0:01:77:a5:6e:32:3e:10:87:e3:
         b5:04:e0:75:db:03:3e:69:9f:14:5a:94:bc:cf:a4:1f:c2:9f:
         39:4e:0d:4a:da:e5:b9:87:df:44:72:55:dc:81:32:26:b0:c2:
         6c:1e:30:89:20:73:3c:6b:c0:2e:5e:fd:6c:e2:cd:3c:34:17:
         25:bf:c9:6b:2d:38:83:8a:74:39:4f:bc:79:3f:7c:57:88:cc:
         95:9c:e2:ae:8f:7e:f0:d6:c2:aa:a4:d7:14:82:8a:9a:21:be:
         c5:17:10:13:87:69:3b:c5:4e:9e:0d:69:11:70:04:70:19:6d:
         b5:d4:f0:5e:92:fb:23:e2:5e:40:cf:1f:97:85:f3:4a:dc:44:
         3f:3b:5e:54:48:71:51:01:a1:c9:bc:86:78:07:de:14:be:fd:
         14:9d:31:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRwlWYWty9HUWxWT7x9qtrnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTkzMDA3YzdjOTJkZjYxNzhlN2NiNDMxODNmZDdmNTJh
NTI2ZDgwHhcNMjUwMTE2MTkyNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2Q2OWVlOGNlZjU5OTVkYmRlMTk1Y2YwMGY4YTQ3YjQzZGI3MWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuna4W+9EtDg71gixHS6HKdtjbdIz
XJeygshQRtzgGwGNK2at3AAEGKTouxEYbBDD9DV1ilZx+IWWNjs2gYFm0m8xaHlU
fTFQGIbqMPDdpAiubBG79+6+38Vb9nP0OPLrQXS0hupiZqZ0v6STlN8l+dvWqscb
6LH5FjvsvamAg0rS6RsoNLE2XjE+/4nKaEytGV6NHDuKXpCxsydt5c3Jh5g0yG+j
vo0HQ/+Zvg9EI2vtk+Dp2GMc91ORWI9jddwqHtHIX22nLqUTfacHxj6s/S7JvlSe
na5RmmRw5IVjSlcT5XLMa6TgK40Dn0gF3FhvNssFvtynThBxPx+SzuDzmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzWnujO9ZldveGVzwD4pHtD23HhMB8GA1UdIwQY
MBaAFCmZMAfHyS32F458tDGD/X9SpSbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODkt
MWU4MjlmZmExYzNhLzEvZk5hZTZNNzFtVjI5NFpYUEFQaWtlMFBiY2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kYzliNmYtM2E2ZC00NDlmLThiODktMWU4MjlmZmExYzNh
LzEvS1prd0I4ZkpMZllYam55ME1ZUDlmMUtsSnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJU0cMA0G
CSqGSIb3DQEBCwUAA4IBAQCSoQfkI5N5REccTM1RnIMFPDiPD6W/49wnILVZ0iHE
1U29xayxlPZAKrhveh1OREzCMEFTptN5wW5ELTaygmys6Tv/tgvXgAcn5MWWDn8e
UgiPNETEyWc+VMHJJg4Kk1VhC9ABd6VuMj4Qh+O1BOB12wM+aZ8UWpS8z6Qfwp85
Tg1K2uW5h99EclXcgTImsMJsHjCJIHM8a8AuXv1s4s08NBclv8lrLTiDinQ5T7x5
P3xXiMyVnOKuj37w1sKqpNcUgoqaIb7FFxATh2k7xU6eDWkRcARwGW211PBekvsj
4l5Azx+XhfNK3EQ/O15USHFRAaHJvIZ4B94Uvv0UnTGs
-----END CERTIFICATE-----