Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/FEkBfySsNPnCf2nZ9bxuQ8YgvBw.roa
File:                     FEkBfySsNPnCf2nZ9bxuQ8YgvBw.roa (raw, json)
Hash identifier:          VdRNXavrP/zAIj8PouGVIJJENVXXCEiFN5D7sXKeqX8=
Subject key identifier:   14:49:01:7F:24:AC:34:F9:C2:7F:69:D9:F5:BC:6E:43:C6:20:BC:1C
Certificate issuer:       /CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
Certificate serial:       018F8DC7AD4AAA79786921F8794F629CC638
Authority key identifier: D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/FEkBfySsNPnCf2nZ9bxuQ8YgvBw.roa
Signing time:             Sat 18 May 2024 22:17:04 +0000
ROA not before:           Sat 18 May 2024 22:17:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41000
IP address blocks:        37.61.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 19:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:8d:c7:ad:4a:aa:79:78:69:21:f8:79:4f:62:9c:c6:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7219ec7383fa0610480ddfa62c3f82c400cd56f
        Validity
            Not Before: May 18 22:17:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1449017f24ac34f9c27f69d9f5bc6e43c620bc1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b4:3e:49:47:f6:bc:a9:90:73:70:2d:24:0c:
                    42:65:f6:c4:a5:f5:55:17:5b:bf:9d:95:d3:a9:37:
                    10:63:44:c9:45:0c:59:87:65:76:67:c0:4f:b3:24:
                    ab:90:a6:98:3d:df:f4:8d:ad:e4:c6:d9:b5:7c:5b:
                    60:50:47:e6:8f:2d:5b:d3:cf:84:60:4f:74:1d:ed:
                    69:44:9c:5b:21:d8:8c:cd:c2:f3:95:98:76:52:b1:
                    29:a9:f5:79:45:f0:34:6d:83:1c:61:f1:dd:f6:33:
                    4c:d0:93:0e:a3:bf:21:9d:e5:a2:ca:65:f9:9f:c2:
                    c2:82:e4:ce:90:25:14:c9:27:80:fd:cb:96:14:cf:
                    e4:86:a6:7b:b2:bb:d1:e7:67:99:94:f2:88:ce:86:
                    15:32:5e:8f:8d:06:bb:11:e0:e3:1e:75:d4:e8:2f:
                    5e:8f:e3:30:b4:c4:a4:45:d8:fe:fa:51:95:26:83:
                    ba:5f:ae:cc:96:27:51:12:c9:71:d6:59:c5:e7:0c:
                    16:24:94:01:c4:98:68:39:68:9c:5d:10:d7:05:dc:
                    e2:12:e4:64:83:a5:d0:95:49:46:8b:70:49:14:d5:
                    44:c4:28:eb:d1:f4:71:f9:9b:7a:8c:af:dd:44:d6:
                    40:0b:aa:ec:a1:2e:0f:f8:09:50:77:09:69:a1:47:
                    a1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:49:01:7F:24:AC:34:F9:C2:7F:69:D9:F5:BC:6E:43:C6:20:BC:1C
            X509v3 Authority Key Identifier:
                keyid:D7:21:9E:C7:38:3F:A0:61:04:80:DD:FA:62:C3:F8:2C:40:0C:D5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1yGexzg_oGEEgN36YsP4LEAM1W8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/FEkBfySsNPnCf2nZ9bxuQ8YgvBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fbffbc-ab82-4058-b8b7-d0c82a3cf4b6/1/1yGexzg_oGEEgN36YsP4LEAM1W8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:4b:31:df:01:26:89:86:2a:df:1f:9b:08:0e:6b:e8:91:f6:
         5f:22:be:79:1c:fb:61:38:7c:ed:7b:b1:51:1c:8d:5e:a7:dc:
         21:47:72:24:fe:9a:4d:ab:d8:d1:ac:3c:98:9a:29:33:25:45:
         80:bf:2f:97:fc:e0:bd:4f:d8:6a:28:ae:20:99:e5:72:51:c8:
         53:6f:02:93:12:77:aa:3b:94:62:16:4d:5a:69:49:c9:5a:a8:
         d4:3e:a3:1d:8c:0f:78:0c:d9:d9:f1:3f:00:69:94:bc:ae:8b:
         bf:29:0c:8c:98:10:93:14:d0:a9:cd:dc:40:57:04:be:8e:32:
         6d:53:e6:85:f3:e6:f1:71:32:ee:05:92:5d:01:6c:b7:24:70:
         bf:1c:09:64:e1:1a:a3:81:53:64:6d:04:a1:d9:73:7d:b0:54:
         d6:1f:d5:ae:e5:fd:76:ad:fb:25:26:da:af:21:37:90:d3:8d:
         0d:11:43:62:3e:9c:46:49:a8:83:f0:b8:62:aa:fe:8d:54:e3:
         7e:6e:12:2f:e6:b7:77:5b:2f:79:a5:55:9f:18:0f:8d:07:4b:
         85:51:59:c3:e4:bd:46:ed:c9:62:c3:9d:61:76:ac:c7:5a:a1:
         f3:39:8a:07:ec:63:73:d8:98:86:d2:44:89:70:41:fd:49:f0:
         a0:47:e1:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+Nx61Kqnl4aSH4eU9inMY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MjE5ZWM3MzgzZmEwNjEwNDgwZGRmYTYyYzNmODJjNDAw
Y2Q1NmYwHhcNMjQwNTE4MjIxNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQ5MDE3ZjI0YWMzNGY5YzI3ZjY5ZDlmNWJjNmU0M2M2MjBiYzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbQ+SUf2vKmQc3AtJAxCZfbEpfVV
F1u/nZXTqTcQY0TJRQxZh2V2Z8BPsySrkKaYPd/0ja3kxtm1fFtgUEfmjy1b08+E
YE90He1pRJxbIdiMzcLzlZh2UrEpqfV5RfA0bYMcYfHd9jNM0JMOo78hneWiymX5
n8LCguTOkCUUySeA/cuWFM/khqZ7srvR52eZlPKIzoYVMl6PjQa7EeDjHnXU6C9e
j+MwtMSkRdj++lGVJoO6X67MlidREslx1lnF5wwWJJQBxJhoOWicXRDXBdziEuRk
g6XQlUlGi3BJFNVExCjr0fRx+Zt6jK/dRNZAC6rsoS4P+AlQdwlpoUehKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRJAX8krDT5wn9p2fW8bkPGILwcMB8GA1UdIwQY
MBaAFNchnsc4P6BhBIDd+mLD+CxADNVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4Yjct
ZDBjODJhM2NmNGI2LzEvRkVrQmZ5U3NOUG5DZjJuWjlieHVROFlndkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mYmZmYmMtYWI4Mi00MDU4LWI4YjctZDBjODJhM2NmNGI2
LzEvMXlHZXh6Z19vR0VFZ04zNllzUDRMRUFNMVc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJT3tMA0G
CSqGSIb3DQEBCwUAA4IBAQCFSzHfASaJhirfH5sIDmvokfZfIr55HPthOHzte7FR
HI1ep9whR3Ik/ppNq9jRrDyYmikzJUWAvy+X/OC9T9hqKK4gmeVyUchTbwKTEneq
O5RiFk1aaUnJWqjUPqMdjA94DNnZ8T8AaZS8rou/KQyMmBCTFNCpzdxAVwS+jjJt
U+aF8+bxcTLuBZJdAWy3JHC/HAlk4RqjgVNkbQSh2XN9sFTWH9Wu5f12rfslJtqv
ITeQ040NEUNiPpxGSaiD8Lhiqv6NVON+bhIv5rd3Wy95pVWfGA+NB0uFUVnD5L1G
7cliw51hdqzHWqHzOYoH7GNz2JiG0kSJcEH9SfCgR+HO
-----END CERTIFICATE-----