Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/1-wFvZSVaYAk4-OJLjghJJJB-KFs.roa
File:                     1-wFvZSVaYAk4-OJLjghJJJB-KFs.roa (raw, json)
Hash identifier:          G73RFwzOuvwpy2Fax8kUBKTVbiJHAsCx38gx97b2BRE=
Subject key identifier:   FB:01:6F:65:25:5A:60:09:38:F8:E2:4B:8E:08:49:24:90:7E:28:5B
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0B4762237FE233D46286913BB68E
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/1-wFvZSVaYAk4-OJLjghJJJB-KFs.roa
Signing time:             Mon 01 Jan 2024 14:29:32 +0000
ROA not before:           Mon 01 Jan 2024 14:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57010
IP address blocks:        37.139.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0b:47:62:23:7f:e2:33:d4:62:86:91:3b:b6:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb016f65255a600938f8e24b8e084924907e285b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:29:c2:0a:11:18:ee:f7:0f:24:c9:2b:94:6a:
                    8e:77:1a:4f:3d:b1:56:d7:51:ae:09:ba:bf:f6:23:
                    ff:c4:aa:c5:ef:e5:e6:9d:db:3f:50:14:f2:1b:08:
                    9a:29:08:a1:a5:8a:3c:cc:f3:ce:5a:cb:5a:ad:aa:
                    74:de:5d:e4:11:6a:ad:29:fd:77:31:98:6c:f7:31:
                    55:32:b0:77:62:bd:f1:da:a5:9e:97:ca:a8:3f:04:
                    20:d8:88:d9:43:64:93:88:94:38:40:b7:e9:6f:53:
                    38:f2:80:d3:74:80:1a:b2:aa:7f:ff:48:58:97:15:
                    f9:19:e7:ac:94:c4:3f:ba:8b:9c:f0:97:c8:77:1b:
                    2d:85:62:d6:cf:c0:77:0e:3e:95:48:4c:1c:e2:2d:
                    55:df:c7:b2:05:a7:ab:cd:77:25:b3:9b:bf:32:15:
                    9d:56:10:a0:76:e9:ee:62:7a:7f:b4:d7:47:ee:57:
                    8b:3a:c8:f0:e2:71:76:1f:2b:be:a3:30:4c:6d:fc:
                    e7:b4:77:b4:b1:06:e1:88:93:2c:ff:f9:0e:ce:29:
                    0d:2e:75:40:05:83:87:d7:5b:a3:21:8d:c2:3f:31:
                    96:4a:09:66:fd:81:9a:ca:aa:85:cf:59:e4:d2:a5:
                    6c:d0:49:23:aa:9b:bf:c7:f3:c3:33:dd:ef:a9:31:
                    cd:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:01:6F:65:25:5A:60:09:38:F8:E2:4B:8E:08:49:24:90:7E:28:5B
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/1-wFvZSVaYAk4-OJLjghJJJB-KFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:5b:b6:78:fe:b0:fa:aa:c7:2c:34:8d:2e:58:e6:02:59:19:
         fa:2c:84:de:07:69:cc:2d:d5:94:8b:3d:23:cd:2e:0c:fe:fe:
         09:b7:ea:48:50:b6:c8:df:33:82:d8:36:bf:ba:90:aa:79:f1:
         2c:5a:c9:f4:7d:64:c0:d1:19:ba:7b:99:7d:86:71:32:cf:3f:
         2b:12:7a:39:8b:39:70:b2:66:7c:18:b6:b1:d3:04:c9:fd:57:
         48:60:b5:dc:1e:73:2c:f2:93:af:74:92:09:52:d0:da:23:b5:
         d2:56:3c:e0:dc:0e:d4:98:14:38:d2:77:67:01:88:96:54:a1:
         bd:1f:57:f2:2b:6f:0c:d9:a0:86:c7:49:c4:54:49:e1:97:32:
         d1:28:82:3d:ae:06:48:f4:cb:d6:d7:1e:2d:bf:2d:d4:fc:71:
         a7:52:70:cd:7d:0e:b9:59:40:2b:cd:33:20:bc:ab:b9:a9:42:
         61:6a:05:52:78:04:bd:b1:7e:96:05:b8:0e:51:6a:c1:e4:dc:
         20:9f:fb:95:cf:2c:f1:f0:c7:cb:1a:89:49:16:81:e9:a3:78:
         1f:97:e3:93:2f:2d:e8:02:f5:a9:34:73:82:28:5e:f9:c5:50:
         ff:3b:4f:22:b0:18:3a:25:d8:af:a7:36:3b:02:76:f3:62:d7:
         79:85:e5:a7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFbgtHYiN/4jPUYoaRO7aOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjAxNmY2NTI1NWE2MDA5MzhmOGUyNGI4ZTA4NDkyNDkwN2UyODViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgCnCChEY7vcPJMkrlGqOdxpPPbFW
11GuCbq/9iP/xKrF7+Xmnds/UBTyGwiaKQihpYo8zPPOWstarap03l3kEWqtKf13
MZhs9zFVMrB3Yr3x2qWel8qoPwQg2IjZQ2STiJQ4QLfpb1M48oDTdIAasqp//0hY
lxX5GeeslMQ/uouc8JfIdxsthWLWz8B3Dj6VSEwc4i1V38eyBaerzXcls5u/MhWd
VhCgdunuYnp/tNdH7leLOsjw4nF2Hyu+ozBMbfzntHe0sQbhiJMs//kOzikNLnVA
BYOH11ujIY3CPzGWSglm/YGayqqFz1nk0qVs0Ekjqpu/x/PDM93vqTHNFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsBb2UlWmAJOPjiS44ISSSQfihbMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvMS13RnZaU1ZhWUFrNC1PSkxqZ2hKSkpCLUtGcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMWMvMjkzMmRmLWE0YmQtNGFmNS1hNGQ0LTg5ZDA5MjQwYzQz
Yi8xLzZxcUtDbF9mMXBqaEJMNDJvcTdzZ1Ryc29IRS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEACWLLzAN
BgkqhkiG9w0BAQsFAAOCAQEApVu2eP6w+qrHLDSNLljmAlkZ+iyE3gdpzC3VlIs9
I80uDP7+CbfqSFC2yN8zgtg2v7qQqnnxLFrJ9H1kwNEZunuZfYZxMs8/KxJ6OYs5
cLJmfBi2sdMEyf1XSGC13B5zLPKTr3SSCVLQ2iO10lY84NwO1JgUONJ3ZwGIllSh
vR9X8itvDNmghsdJxFRJ4Zcy0SiCPa4GSPTL1tceLb8t1Pxxp1JwzX0OuVlAK80z
ILyrualCYWoFUngEvbF+lgW4DlFqweTcIJ/7lc8s8fDHyxqJSRaB6aN4H5fjky8t
6AL1qTRzgihe+cVQ/ztPIrAYOiXYr6c2OwJ282LXeYXlpw==
-----END CERTIFICATE-----