Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/dRX-loL7VbWKqMzz33Vq7mMaHyM.roa
File:                     dRX-loL7VbWKqMzz33Vq7mMaHyM.roa (raw, json)
Hash identifier:          oa+EwmwFnuenQ44EnYx9FV+4s2v3CVS5qBe4TdcxOTk=
Subject key identifier:   75:15:FE:96:82:FB:55:B5:8A:A8:CC:F3:DF:75:6A:EE:63:1A:1F:23
Certificate issuer:       /CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
Certificate serial:       018CC871590878AB8F39206E3A6200527C86
Authority key identifier: 13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/dRX-loL7VbWKqMzz33Vq7mMaHyM.roa
Signing time:             Tue 02 Jan 2024 04:32:00 +0000
ROA not before:           Tue 02 Jan 2024 04:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        37.75.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 04:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:59:08:78:ab:8f:39:20:6e:3a:62:00:52:7c:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
        Validity
            Not Before: Jan  2 04:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7515fe9682fb55b58aa8ccf3df756aee631a1f23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:60:a2:09:d3:c2:ba:04:94:2a:96:fb:53:39:
                    ae:38:62:d3:6e:71:cd:77:b1:55:cc:87:04:1d:fd:
                    c0:e0:b8:95:a9:a7:7c:2f:28:b5:c2:0d:11:13:d0:
                    3e:0f:0b:b7:3d:b5:ad:70:e7:2a:0b:be:d4:55:c9:
                    17:35:d1:77:1a:ff:53:13:b4:94:c2:46:71:79:5d:
                    cf:25:6a:46:60:69:e3:98:a9:2f:77:69:75:fc:fb:
                    3c:12:b9:3c:40:82:a4:96:87:55:e4:4d:13:85:8a:
                    3f:1c:f8:60:5b:6f:7f:e9:6d:18:38:d7:1e:8e:00:
                    bc:c9:16:a7:37:a7:cf:92:f7:f2:2d:7a:50:a8:fc:
                    82:d4:e3:67:49:a2:b8:e5:bd:89:c9:fa:77:44:78:
                    c3:dd:51:15:ad:f7:15:f1:80:06:02:51:cb:e4:bd:
                    d1:51:48:b5:e6:2c:01:04:77:a5:bc:5b:7d:6c:d6:
                    6f:ef:50:df:20:45:e1:31:ef:c6:a5:b1:82:b5:57:
                    d9:10:e2:19:7d:9a:09:62:3f:7b:1d:30:8d:1f:b6:
                    22:7f:00:ee:e6:4f:07:a0:3f:7a:d9:07:4c:92:ea:
                    11:72:a2:65:56:29:3e:2b:7e:88:91:d6:b6:35:c3:
                    77:a7:a8:00:5c:54:ba:dc:58:62:ef:c6:a9:91:4f:
                    cc:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:15:FE:96:82:FB:55:B5:8A:A8:CC:F3:DF:75:6A:EE:63:1A:1F:23
            X509v3 Authority Key Identifier:
                keyid:13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/dRX-loL7VbWKqMzz33Vq7mMaHyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:ab:d4:66:e0:d9:bd:9c:c7:96:15:f7:4c:ef:78:59:ea:94:
         af:96:95:68:6b:8c:58:3b:87:9b:ca:eb:3a:a9:06:35:be:a4:
         be:64:c8:10:df:b3:53:b7:25:22:14:fb:55:dd:58:bb:55:5c:
         cf:b3:36:51:e2:3e:c9:a3:02:0b:f9:44:da:9f:ff:ee:1a:ea:
         83:ae:07:07:08:67:f8:1b:45:cb:1e:02:59:c7:ae:3e:be:6b:
         30:a7:48:fb:13:60:52:13:47:5b:61:84:ce:85:d1:a1:91:9a:
         61:7d:52:e7:ae:ac:d0:09:8c:0b:58:d3:50:45:5a:57:81:d7:
         de:d5:80:ae:82:45:08:ae:df:80:e0:69:3e:44:33:46:e9:98:
         45:0f:3b:70:96:a5:bb:b0:3a:c6:f3:4f:e9:f3:fc:08:8e:b2:
         b7:b7:09:f3:25:0d:d4:21:01:d5:4d:51:7f:fb:5c:d3:f7:a7:
         88:19:e6:50:08:68:ca:0f:f8:53:2f:cc:83:7c:fd:49:64:d6:
         5a:e5:ef:ff:23:e7:34:74:29:ec:77:16:72:ed:49:d2:f2:0e:
         a4:69:77:2a:1d:83:28:5a:7a:e3:27:ef:9a:8c:79:5e:6e:f3:
         ba:56:b2:dc:33:44:a3:b5:55:d7:4e:95:0c:9a:1a:45:ba:a3:
         79:f8:56:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVkIeKuPOSBuOmIAUnyGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZjg0OTZiNzlkMWMwNGQwODJhZjgzZjFiZTZhNWVhYjBj
NjYwODkwHhcNMjQwMTAyMDQzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTE1ZmU5NjgyZmI1NWI1OGFhOGNjZjNkZjc1NmFlZTYzMWExZjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmCiCdPCugSUKpb7UzmuOGLTbnHN
d7FVzIcEHf3A4LiVqad8Lyi1wg0RE9A+Dwu3PbWtcOcqC77UVckXNdF3Gv9TE7SU
wkZxeV3PJWpGYGnjmKkvd2l1/Ps8Erk8QIKklodV5E0ThYo/HPhgW29/6W0YONce
jgC8yRanN6fPkvfyLXpQqPyC1ONnSaK45b2Jyfp3RHjD3VEVrfcV8YAGAlHL5L3R
UUi15iwBBHelvFt9bNZv71DfIEXhMe/GpbGCtVfZEOIZfZoJYj97HTCNH7YifwDu
5k8HoD962QdMkuoRcqJlVik+K36Ikda2NcN3p6gAXFS63Fhi78apkU/MywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHUV/paC+1W1iqjM8991au5jGh8jMB8GA1UdIwQY
MBaAFBP4SWt50cBNCCr4PxvmpeqwxmCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2Mt
NTRhMjVlMmNkYWE5LzEvZFJYLWxvTDdWYldLcU16ejMzVnE3bU1hSHlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2MtNTRhMjVlMmNkYWE5
LzEvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJUvtMA0G
CSqGSIb3DQEBCwUAA4IBAQCdq9Rm4Nm9nMeWFfdM73hZ6pSvlpVoa4xYO4ebyus6
qQY1vqS+ZMgQ37NTtyUiFPtV3Vi7VVzPszZR4j7JowIL+UTan//uGuqDrgcHCGf4
G0XLHgJZx64+vmswp0j7E2BSE0dbYYTOhdGhkZphfVLnrqzQCYwLWNNQRVpXgdfe
1YCugkUIrt+A4Gk+RDNG6ZhFDztwlqW7sDrG80/p8/wIjrK3twnzJQ3UIQHVTVF/
+1zT96eIGeZQCGjKD/hTL8yDfP1JZNZa5e//I+c0dCnsdxZy7UnS8g6kaXcqHYMo
WnrjJ++ajHlebvO6VrLcM0SjtVXXTpUMmhpFuqN5+Fb7
-----END CERTIFICATE-----