Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/f89IkbsT4t8xQ8Vr8r9EM5nSnpM.roa
File:                     f89IkbsT4t8xQ8Vr8r9EM5nSnpM.roa (raw, json)
Hash identifier:          bYMkqRm/XIBC4pGyPYMxXyN5mvSRhEimuvJb89lZFUE=
Subject key identifier:   7F:CF:48:91:BB:13:E2:DF:31:43:C5:6B:F2:BF:44:33:99:D2:9E:93
Certificate issuer:       /CN=d44de659759b0274124a7b481d0976840b7ade06
Certificate serial:       0194258F5B1002732317203DFADB923E11AC
Authority key identifier: D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/f89IkbsT4t8xQ8Vr8r9EM5nSnpM.roa
Signing time:             Thu 02 Jan 2025 05:48:59 +0000
ROA not before:           Thu 02 Jan 2025 05:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51793
IP address blocks:        37.143.160.0/23 maxlen: 23
                          2a03:8f87:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:5b:10:02:73:23:17:20:3d:fa:db:92:3e:11:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d44de659759b0274124a7b481d0976840b7ade06
        Validity
            Not Before: Jan  2 05:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fcf4891bb13e2df3143c56bf2bf443399d29e93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:22:df:37:1a:da:b4:61:ba:56:e8:93:dc:70:
                    5f:05:7a:35:a0:16:48:17:6e:45:7f:3f:a8:bb:db:
                    06:ab:58:cd:63:a0:0f:71:4b:da:a0:16:51:75:49:
                    99:1a:88:7a:b7:bc:58:60:b1:be:86:0b:e0:d6:46:
                    e8:f9:88:8c:93:1d:3f:5a:56:2f:8f:97:b5:a2:00:
                    ff:00:95:0a:2e:b7:4c:a1:67:c1:54:b4:63:25:85:
                    78:c4:9d:c4:1e:91:d6:6f:84:9f:82:3d:ba:0b:a7:
                    15:68:4f:43:16:2d:ed:ef:05:de:19:73:eb:1b:3a:
                    45:8c:70:4e:b5:c3:d9:6b:cc:71:d8:1e:00:80:0a:
                    25:5d:40:73:7f:0c:03:0e:34:39:f3:fa:41:3c:59:
                    fa:a6:ac:7b:54:26:89:d7:5a:50:d8:00:ae:fb:1c:
                    77:7f:01:03:b0:ae:b6:91:67:c9:82:96:17:18:8d:
                    d9:c5:5a:0d:20:be:b3:66:5b:8e:ea:f5:dd:dc:cd:
                    92:14:86:e6:f0:65:55:f7:a4:34:80:89:6f:fc:fc:
                    f1:9a:0f:c8:95:37:15:70:83:b6:a3:e2:ba:f4:a9:
                    a1:b8:b1:0b:f2:6c:93:f6:43:c1:70:39:a2:8c:97:
                    72:1c:b3:b7:95:22:7f:83:21:1b:e8:2f:a0:84:4d:
                    c6:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:CF:48:91:BB:13:E2:DF:31:43:C5:6B:F2:BF:44:33:99:D2:9E:93
            X509v3 Authority Key Identifier:
                keyid:D4:4D:E6:59:75:9B:02:74:12:4A:7B:48:1D:09:76:84:0B:7A:DE:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1E3mWXWbAnQSSntIHQl2hAt63gY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/f89IkbsT4t8xQ8Vr8r9EM5nSnpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/75216d-684b-47cc-a95e-db4d39dc4ec7/1/1E3mWXWbAnQSSntIHQl2hAt63gY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.143.160.0/23
                IPv6:
                  2a03:8f87:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:ea:ff:6d:b0:c7:e2:28:1e:44:69:c1:87:bc:20:93:ad:91:
         f6:b1:27:1f:5d:43:63:ec:a2:a1:52:a2:30:c1:e3:b7:2b:30:
         e0:0c:23:d1:61:f8:93:6e:c3:e0:c2:48:50:ed:5a:db:87:8a:
         7b:fe:4f:99:5b:80:89:be:9b:9d:bf:86:69:47:72:68:24:40:
         ec:bc:25:c2:18:76:ad:d8:89:56:3f:a7:86:a2:9d:e8:ce:a7:
         0f:03:02:76:cf:da:20:ed:4d:fb:43:b2:b1:89:48:66:05:77:
         95:16:79:a7:07:47:b0:f7:60:be:dc:d3:cd:4c:a1:53:e0:e8:
         fc:ce:af:21:cd:60:23:08:49:f6:06:a8:83:ae:8b:08:fb:63:
         7e:a3:28:a9:b6:46:2e:1e:df:5e:c2:e7:da:b3:d9:35:d9:7e:
         09:d7:18:88:79:52:cc:a1:bb:3d:dc:9c:ad:ce:e6:f5:e6:4a:
         d2:59:b7:fa:dc:62:47:61:bb:45:c0:07:38:00:b5:7d:cc:e9:
         7d:f4:62:7d:fb:1e:2b:b8:4e:e4:53:d8:95:88:4c:dd:26:67:
         56:34:26:77:24:e6:0e:32:55:a7:93:13:e3:6f:88:f7:36:2e:
         77:79:12:bf:3a:cf:39:84:cd:15:ad:e9:4f:f3:1f:f0:1e:c3:
         10:43:e5:7b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj1sQAnMjFyA9+tuSPhGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NGRlNjU5NzU5YjAyNzQxMjRhN2I0ODFkMDk3Njg0MGI3
YWRlMDYwHhcNMjUwMTAyMDU0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmNmNDg5MWJiMTNlMmRmMzE0M2M1NmJmMmJmNDQzMzk5ZDI5ZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2CLfNxratGG6VuiT3HBfBXo1oBZI
F25Ffz+ou9sGq1jNY6APcUvaoBZRdUmZGoh6t7xYYLG+hgvg1kbo+YiMkx0/WlYv
j5e1ogD/AJUKLrdMoWfBVLRjJYV4xJ3EHpHWb4Sfgj26C6cVaE9DFi3t7wXeGXPr
GzpFjHBOtcPZa8xx2B4AgAolXUBzfwwDDjQ58/pBPFn6pqx7VCaJ11pQ2ACu+xx3
fwEDsK62kWfJgpYXGI3ZxVoNIL6zZluO6vXd3M2SFIbm8GVV96Q0gIlv/Pzxmg/I
lTcVcIO2o+K69KmhuLEL8myT9kPBcDmijJdyHLO3lSJ/gyEb6C+ghE3G6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH/PSJG7E+LfMUPFa/K/RDOZ0p6TMB8GA1UdIwQY
MBaAFNRN5ll1mwJ0Ekp7SB0JdoQLet4GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUt
ZGI0ZDM5ZGM0ZWM3LzEvZjg5SWtic1Q0dDh4UThWcjhyOUVNNW5TbnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy83NTIxNmQtNjg0Yi00N2NjLWE5NWUtZGI0ZDM5ZGM0ZWM3
LzEvMUUzbVdYV2JBblFTU250SUhRbDJoQXQ2M2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBJY+gMA8E
AgACMAkDBwAqA4+HAAEwDQYJKoZIhvcNAQELBQADggEBAJrq/22wx+IoHkRpwYe8
IJOtkfaxJx9dQ2PsoqFSojDB47crMOAMI9Fh+JNuw+DCSFDtWtuHinv+T5lbgIm+
m52/hmlHcmgkQOy8JcIYdq3YiVY/p4ainejOpw8DAnbP2iDtTftDsrGJSGYFd5UW
eacHR7D3YL7c081MoVPg6PzOryHNYCMISfYGqIOuiwj7Y36jKKm2Ri4e317C59qz
2TXZfgnXGIh5Usyhuz3cnK3O5vXmStJZt/rcYkdhu0XABzgAtX3M6X30Yn37Hiu4
TuRT2JWITN0mZ1Y0Jnck5g4yVaeTE+NviPc2Lnd5Er86zzmEzRWt6U/zH/AewxBD
5Xs=
-----END CERTIFICATE-----