Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/z3xISit2bskijJByYyVc4wza4s0.roa
File:                     z3xISit2bskijJByYyVc4wza4s0.roa (raw, json)
Hash identifier:          EzmUwMtFSYLFAqZf3DbParVwN8b2hlFCiivcsqwm3OQ=
Subject key identifier:   CF:7C:48:4A:2B:76:6E:C9:22:8C:90:72:63:25:5C:E3:0C:DA:E2:CD
Certificate issuer:       /CN=c5e172872eb7bef0965df13b0fc5d65e75370a19
Certificate serial:       018CC26D3AF85D0C263D12993698A1A3EE3E
Authority key identifier: C5:E1:72:87:2E:B7:BE:F0:96:5D:F1:3B:0F:C5:D6:5E:75:37:0A:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xeFyhy63vvCWXfE7D8XWXnU3Chk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/z3xISit2bskijJByYyVc4wza4s0.roa
Signing time:             Mon 01 Jan 2024 00:29:47 +0000
ROA not before:           Mon 01 Jan 2024 00:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        37.77.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/xeFyhy63vvCWXfE7D8XWXnU3Chk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/xeFyhy63vvCWXfE7D8XWXnU3Chk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xeFyhy63vvCWXfE7D8XWXnU3Chk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3a:f8:5d:0c:26:3d:12:99:36:98:a1:a3:ee:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5e172872eb7bef0965df13b0fc5d65e75370a19
        Validity
            Not Before: Jan  1 00:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf7c484a2b766ec9228c907263255ce30cdae2cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9a:59:8c:03:bf:10:5a:7f:25:7c:a7:7b:0b:
                    e4:d1:34:2f:b6:de:90:ff:7f:8b:72:db:36:30:d0:
                    9f:55:ee:81:e7:a1:4d:d6:06:50:c2:cc:67:70:10:
                    2e:56:0e:9b:c8:ca:27:68:15:d6:ee:72:a6:19:5a:
                    63:19:f5:29:7e:ab:f8:e3:58:fd:77:ec:db:56:ef:
                    1d:1f:40:9a:36:30:82:98:f4:56:8b:c1:e8:c0:32:
                    f4:2b:93:bc:a7:e3:58:24:40:ef:07:0d:18:4f:b8:
                    75:ee:63:0c:0a:0c:b6:8a:3d:29:27:ea:51:40:ee:
                    7e:db:f3:50:2d:b5:2c:66:87:10:53:1e:e4:cf:48:
                    5f:8e:a3:3c:e8:f5:db:3f:65:87:05:ed:76:b8:87:
                    fe:a4:b0:75:87:16:f6:11:6b:32:e4:86:a3:ed:c1:
                    a3:9c:7b:f6:d1:ca:83:e5:2e:ec:f8:c8:2c:60:02:
                    15:54:5b:e0:74:82:a8:7c:92:d0:d6:dc:45:28:03:
                    eb:a2:b2:c8:dc:7e:d0:1c:64:32:58:51:e2:f5:7e:
                    57:59:26:66:d9:b0:3b:8e:6c:d0:82:36:d6:a4:04:
                    e7:ad:ec:d1:ab:95:76:df:fb:ca:df:85:a2:7f:1c:
                    b4:53:32:fd:aa:79:03:e2:0f:f2:6f:d1:38:09:f3:
                    84:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7C:48:4A:2B:76:6E:C9:22:8C:90:72:63:25:5C:E3:0C:DA:E2:CD
            X509v3 Authority Key Identifier:
                keyid:C5:E1:72:87:2E:B7:BE:F0:96:5D:F1:3B:0F:C5:D6:5E:75:37:0A:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xeFyhy63vvCWXfE7D8XWXnU3Chk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/z3xISit2bskijJByYyVc4wza4s0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/7f0d3c-bbd9-4fee-b60b-c465d8902c1b/1/xeFyhy63vvCWXfE7D8XWXnU3Chk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:cb:2c:79:24:71:8d:5f:c7:9e:d8:75:d2:c6:07:20:e1:10:
         f6:32:5f:15:e1:a7:db:88:7a:f7:d8:84:0c:e5:89:02:04:f8:
         81:62:85:c9:29:88:15:7d:a4:e0:38:51:32:6d:4e:20:10:16:
         4b:bf:08:4e:1c:19:4a:a0:e8:64:65:16:30:f7:15:ef:7c:4f:
         03:7e:19:13:95:a8:27:37:48:c3:a1:31:50:76:db:ec:5c:41:
         10:84:6b:f1:43:2b:c6:29:4b:d2:5a:a8:ce:e7:3f:c0:0e:45:
         42:ef:85:35:ee:f4:ac:95:34:1e:80:dc:44:b8:16:fc:69:aa:
         c5:76:e5:5c:f3:22:6d:90:c7:42:3f:86:d3:c8:be:08:97:06:
         d5:53:cc:58:21:58:6c:93:41:e4:ec:69:ad:69:eb:cd:a3:31:
         f5:e6:1f:46:d3:be:39:35:38:99:98:0b:da:8e:37:d7:c0:00:
         40:16:50:21:72:bb:40:77:4a:6d:6b:d5:10:83:a6:88:77:2d:
         6a:a8:03:48:c4:d7:b1:78:c9:91:16:43:c0:89:c0:95:5e:2c:
         b8:e4:3a:fe:89:90:68:e8:bc:27:46:3e:cc:3b:d2:66:2e:dc:
         b5:df:02:e7:30:06:f1:9d:ec:d4:bb:2a:19:04:b0:ae:9e:8a:
         37:3c:dc:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbTr4XQwmPRKZNpiho+4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1ZTE3Mjg3MmViN2JlZjA5NjVkZjEzYjBmYzVkNjVlNzUz
NzBhMTkwHhcNMjQwMTAxMDAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdjNDg0YTJiNzY2ZWM5MjI4YzkwNzI2MzI1NWNlMzBjZGFlMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZpZjAO/EFp/JXynewvk0TQvtt6Q
/3+Lcts2MNCfVe6B56FN1gZQwsxncBAuVg6byMonaBXW7nKmGVpjGfUpfqv441j9
d+zbVu8dH0CaNjCCmPRWi8HowDL0K5O8p+NYJEDvBw0YT7h17mMMCgy2ij0pJ+pR
QO5+2/NQLbUsZocQUx7kz0hfjqM86PXbP2WHBe12uIf+pLB1hxb2EWsy5Iaj7cGj
nHv20cqD5S7s+MgsYAIVVFvgdIKofJLQ1txFKAProrLI3H7QHGQyWFHi9X5XWSZm
2bA7jmzQgjbWpATnrezRq5V23/vK34Wifxy0UzL9qnkD4g/yb9E4CfOEzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM98SEordm7JIoyQcmMlXOMM2uLNMB8GA1UdIwQY
MBaAFMXhcocut77wll3xOw/F1l51NwoZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGVGeWh5NjN2dkNXWGZFN0Q4WFdYblUzQ2hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS83ZjBkM2MtYmJkOS00ZmVlLWI2MGIt
YzQ2NWQ4OTAyYzFiLzEvejN4SVNpdDJic2tpakpCeVl5VmM0d3phNHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS83ZjBkM2MtYmJkOS00ZmVlLWI2MGItYzQ2NWQ4OTAyYzFi
LzEveGVGeWh5NjN2dkNXWGZFN0Q4WFdYblUzQ2hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJU3JMA0G
CSqGSIb3DQEBCwUAA4IBAQBwyyx5JHGNX8ee2HXSxgcg4RD2Ml8V4afbiHr32IQM
5YkCBPiBYoXJKYgVfaTgOFEybU4gEBZLvwhOHBlKoOhkZRYw9xXvfE8DfhkTlagn
N0jDoTFQdtvsXEEQhGvxQyvGKUvSWqjO5z/ADkVC74U17vSslTQegNxEuBb8aarF
duVc8yJtkMdCP4bTyL4IlwbVU8xYIVhsk0Hk7GmtaevNozH15h9G0745NTiZmAva
jjfXwABAFlAhcrtAd0pta9UQg6aIdy1qqANIxNexeMmRFkPAicCVXiy45Dr+iZBo
6LwnRj7MO9JmLty13wLnMAbxnezUuyoZBLCunoo3PNxc
-----END CERTIFICATE-----