Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/7H-hTJvo-RGcCbZWCAVLy4kJlfs.roa
File:                     7H-hTJvo-RGcCbZWCAVLy4kJlfs.roa (raw, json)
Hash identifier:          5fmsD3U3BTjhYn+BS1CF2IFNfhwMJQKOU33odBTU+Co=
Subject key identifier:   EC:7F:A1:4C:9B:E8:F9:11:9C:09:B6:56:08:05:4B:CB:89:09:95:FB
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E1453BEA828D96133308BC92EAF8C
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/7H-hTJvo-RGcCbZWCAVLy4kJlfs.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216236
IP address blocks:        37.139.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:14:53:be:a8:28:d9:61:33:30:8b:c9:2e:af:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec7fa14c9be8f9119c09b65608054bcb890995fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:fb:b3:59:ed:53:8f:e7:54:7f:44:89:52:ad:
                    00:02:51:cb:cd:7e:8e:b0:b3:65:c5:49:0e:4f:bd:
                    dd:14:a0:da:3e:04:10:6e:a0:6f:37:4b:72:53:a8:
                    ad:e6:e3:87:cc:e4:7f:bc:08:69:2b:67:d1:0a:b0:
                    c5:32:60:02:3d:d3:2a:08:84:4c:a1:fd:71:9c:0c:
                    3c:5f:4b:96:04:30:35:41:40:f0:5b:5b:7c:1f:e2:
                    43:15:e3:7a:7f:d1:71:a2:e7:ad:5e:62:61:8a:06:
                    32:9d:de:6f:8e:68:82:4f:78:74:65:cd:43:a7:ce:
                    e4:72:01:e3:be:3a:bc:40:9f:0e:a1:eb:7c:ef:57:
                    9c:9a:dd:87:3a:ac:dd:ca:03:45:ad:7d:b0:dc:bc:
                    35:d0:4d:87:51:22:4f:2c:c9:cf:71:95:1a:d2:68:
                    2b:db:32:eb:70:5b:87:04:56:02:a8:8d:40:84:71:
                    71:8f:51:70:e6:76:30:b1:19:24:42:35:34:8e:69:
                    18:59:c3:78:5a:0e:b0:8f:f5:01:fa:31:a4:b0:22:
                    a6:79:fe:1d:d3:b2:f6:53:92:14:70:54:ef:e2:70:
                    3e:a9:07:7b:7d:6a:19:1f:11:a5:e4:39:19:cd:16:
                    ad:c0:54:ad:c0:a3:87:b9:36:25:7b:c1:be:c4:5a:
                    97:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:7F:A1:4C:9B:E8:F9:11:9C:09:B6:56:08:05:4B:CB:89:09:95:FB
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/7H-hTJvo-RGcCbZWCAVLy4kJlfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:07:91:21:70:9b:5d:3e:39:c2:c4:a0:a5:d3:53:95:3f:1f:
         e1:3d:ec:7a:4f:e2:f7:22:bb:aa:84:ce:c1:d9:50:9e:8f:99:
         29:1e:a1:6a:a5:9b:4b:42:8c:e3:b8:60:32:7a:59:5b:52:82:
         fe:e6:e8:7f:92:43:e2:be:76:e6:bd:c6:7b:25:aa:5d:95:d8:
         32:86:cb:81:18:9a:9e:e2:7d:0f:67:0d:c0:79:11:b0:48:50:
         0c:89:08:2a:a6:84:19:3e:94:9f:aa:54:9e:86:9b:d4:be:91:
         fd:43:f6:e5:a8:6c:a7:13:e5:9f:aa:eb:e3:a0:ef:fb:84:bd:
         d2:f7:77:a6:2c:8f:52:55:2e:d2:b7:88:cc:90:01:59:4f:e2:
         be:44:05:b0:ed:1c:ef:f4:14:78:2d:49:55:d2:e3:ab:dd:f7:
         f2:17:ac:78:ee:8d:92:82:54:21:6d:2c:bf:42:29:b0:eb:af:
         d2:b8:8a:bf:b3:b3:1f:6e:57:9c:04:89:04:79:97:ef:7b:43:
         0a:39:77:f1:e8:ff:0b:87:67:d1:57:e9:24:6e:d7:b0:40:3a:
         e8:e5:43:f6:7a:4b:c2:1f:ad:da:a0:6d:7a:48:6d:d8:ab:d1:
         17:f3:f7:4b:10:2c:dd:c6:be:aa:61:de:33:0a:33:4a:19:be:
         0a:65:ea:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhRTvqgo2WEzMIvJLq+MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzdmYTE0YzliZThmOTExOWMwOWI2NTYwODA1NGJjYjg5MDk5NWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfuzWe1Tj+dUf0SJUq0AAlHLzX6O
sLNlxUkOT73dFKDaPgQQbqBvN0tyU6it5uOHzOR/vAhpK2fRCrDFMmACPdMqCIRM
of1xnAw8X0uWBDA1QUDwW1t8H+JDFeN6f9FxouetXmJhigYynd5vjmiCT3h0Zc1D
p87kcgHjvjq8QJ8Ooet871ecmt2HOqzdygNFrX2w3Lw10E2HUSJPLMnPcZUa0mgr
2zLrcFuHBFYCqI1AhHFxj1Fw5nYwsRkkQjU0jmkYWcN4Wg6wj/UB+jGksCKmef4d
07L2U5IUcFTv4nA+qQd7fWoZHxGl5DkZzRatwFStwKOHuTYle8G+xFqXMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOx/oUyb6PkRnAm2VggFS8uJCZX7MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvN0gtaFRKdm8tUkdjQ2JaV0NBVkx5NGtKbGZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYsmMA0G
CSqGSIb3DQEBCwUAA4IBAQC6B5EhcJtdPjnCxKCl01OVPx/hPex6T+L3IruqhM7B
2VCej5kpHqFqpZtLQozjuGAyellbUoL+5uh/kkPivnbmvcZ7JapdldgyhsuBGJqe
4n0PZw3AeRGwSFAMiQgqpoQZPpSfqlSehpvUvpH9Q/blqGynE+WfquvjoO/7hL3S
93emLI9SVS7St4jMkAFZT+K+RAWw7Rzv9BR4LUlV0uOr3ffyF6x47o2SglQhbSy/
Qimw66/SuIq/s7MfblecBIkEeZfve0MKOXfx6P8Lh2fRV+kkbtewQDro5UP2ekvC
H63aoG16SG3Yq9EX8/dLECzdxr6qYd4zCjNKGb4KZequ
-----END CERTIFICATE-----