Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/nJmt27KvQvfu4Gydty5cWIWQBWw.roa
File:                     nJmt27KvQvfu4Gydty5cWIWQBWw.roa (raw, json)
Hash identifier:          T98OmS/DWnSD+StiFBrEjq77ZI+vvd316m3wGsUj2RY=
Subject key identifier:   9C:99:AD:DB:B2:AF:42:F7:EE:E0:6C:9D:B7:2E:5C:58:85:90:05:6C
Certificate issuer:       /CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
Certificate serial:       018CC87159BB9D3DA61C6C6B0819AA510D12
Authority key identifier: 13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/nJmt27KvQvfu4Gydty5cWIWQBWw.roa
Signing time:             Tue 02 Jan 2024 04:32:00 +0000
ROA not before:           Tue 02 Jan 2024 04:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        37.75.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:59:bb:9d:3d:a6:1c:6c:6b:08:19:aa:51:0d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
        Validity
            Not Before: Jan  2 04:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c99addbb2af42f7eee06c9db72e5c588590056c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:27:70:ce:17:31:25:80:b0:92:d7:6d:2d:a8:
                    0f:cd:a8:c0:cd:c1:b8:df:ab:f1:b2:c5:67:f0:e7:
                    a0:69:a8:ce:a5:53:29:08:99:8e:9b:58:43:01:cb:
                    25:d9:1d:d8:65:45:ef:27:3a:e4:b2:b0:d0:ef:a1:
                    0c:6d:cc:bf:a9:9b:14:d7:3b:9f:b4:cf:48:20:dd:
                    5d:7d:04:19:c7:85:02:9a:93:43:17:da:1e:c9:52:
                    55:d6:df:e3:76:16:6a:17:8d:5e:a4:14:31:0b:15:
                    6e:af:92:9b:bd:89:5a:84:59:8f:5b:7f:fb:4c:08:
                    03:fe:27:76:36:37:32:a2:97:e7:c2:fd:49:23:61:
                    78:16:7d:4e:ef:89:c3:0d:18:ed:5b:3c:92:2d:0d:
                    34:db:1b:88:30:64:af:ba:d4:aa:a2:6b:00:73:ac:
                    77:d0:17:0b:52:f3:71:77:e8:fb:2a:fe:f8:4d:24:
                    74:ec:2e:5d:24:a1:8e:94:17:85:99:59:5d:c3:f7:
                    64:d6:fa:88:e2:0d:bc:95:15:70:96:bf:b5:12:4e:
                    fa:71:36:25:a1:f1:1a:fd:15:c7:d1:4d:50:29:d4:
                    b5:5a:fe:96:36:04:91:df:95:d0:6b:c1:bf:2e:89:
                    3b:7b:0e:cd:5d:ea:e0:63:21:81:c1:2f:ad:60:73:
                    f9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:99:AD:DB:B2:AF:42:F7:EE:E0:6C:9D:B7:2E:5C:58:85:90:05:6C
            X509v3 Authority Key Identifier:
                keyid:13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/nJmt27KvQvfu4Gydty5cWIWQBWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:8f:af:70:8d:6b:e6:e5:bc:05:eb:06:54:a8:c8:ae:b8:b6:
         cd:38:74:33:9f:f2:4f:bb:81:10:91:8f:8e:26:44:28:47:43:
         8e:b7:32:b4:dd:aa:bb:54:04:f2:54:db:c2:12:88:67:fc:4d:
         cf:ed:9f:c7:c8:78:83:5c:e2:3a:a7:ea:b6:5e:05:82:31:f2:
         3b:d4:1c:d8:4d:f1:b0:7f:e9:89:20:52:7f:96:7b:f7:02:e8:
         ab:c9:54:95:52:cf:d0:20:8d:6c:e1:40:46:a8:cb:66:fc:d9:
         f7:72:6c:7b:ec:75:43:da:35:65:36:99:4c:f6:b6:22:8d:96:
         e5:aa:14:bc:06:e3:c0:f4:a4:64:d8:3f:69:c0:b4:e7:c3:1f:
         fb:e0:0b:00:0b:fa:82:ef:cf:99:7f:07:cc:46:88:2a:9f:94:
         e1:96:9d:4e:f9:50:75:0d:da:ca:1b:43:8b:57:83:75:41:e1:
         d2:23:97:e4:07:be:00:06:3d:eb:cb:60:c5:78:70:ea:03:2f:
         40:db:44:b6:11:3b:c4:3d:23:fa:a7:97:7e:e7:15:9f:a9:4a:
         17:9a:ee:72:3d:5b:c5:b2:67:e8:39:ff:e3:ac:cb:13:6a:f7:
         b9:22:ae:a6:f0:da:d0:5c:e9:bf:ab:50:a3:5f:63:52:a5:aa:
         e3:7e:4d:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcVm7nT2mHGxrCBmqUQ0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZjg0OTZiNzlkMWMwNGQwODJhZjgzZjFiZTZhNWVhYjBj
NjYwODkwHhcNMjQwMTAyMDQzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzk5YWRkYmIyYWY0MmY3ZWVlMDZjOWRiNzJlNWM1ODg1OTAwNTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSdwzhcxJYCwktdtLagPzajAzcG4
36vxssVn8OegaajOpVMpCJmOm1hDAcsl2R3YZUXvJzrksrDQ76EMbcy/qZsU1zuf
tM9IIN1dfQQZx4UCmpNDF9oeyVJV1t/jdhZqF41epBQxCxVur5KbvYlahFmPW3/7
TAgD/id2Njcyopfnwv1JI2F4Fn1O74nDDRjtWzySLQ002xuIMGSvutSqomsAc6x3
0BcLUvNxd+j7Kv74TSR07C5dJKGOlBeFmVldw/dk1vqI4g28lRVwlr+1Ek76cTYl
ofEa/RXH0U1QKdS1Wv6WNgSR35XQa8G/Lok7ew7NXergYyGBwS+tYHP5twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyZrduyr0L37uBsnbcuXFiFkAVsMB8GA1UdIwQY
MBaAFBP4SWt50cBNCCr4PxvmpeqwxmCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2Mt
NTRhMjVlMmNkYWE5LzEvbkptdDI3S3ZRdmZ1NEd5ZHR5NWNXSVdRQld3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2MtNTRhMjVlMmNkYWE5
LzEvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJUvrMA0G
CSqGSIb3DQEBCwUAA4IBAQB1j69wjWvm5bwF6wZUqMiuuLbNOHQzn/JPu4EQkY+O
JkQoR0OOtzK03aq7VATyVNvCEohn/E3P7Z/HyHiDXOI6p+q2XgWCMfI71BzYTfGw
f+mJIFJ/lnv3AuiryVSVUs/QII1s4UBGqMtm/Nn3cmx77HVD2jVlNplM9rYijZbl
qhS8BuPA9KRk2D9pwLTnwx/74AsAC/qC78+ZfwfMRogqn5Thlp1O+VB1DdrKG0OL
V4N1QeHSI5fkB74ABj3ry2DFeHDqAy9A20S2ETvEPSP6p5d+5xWfqUoXmu5yPVvF
smfoOf/jrMsTave5Iq6m8NrQXOm/q1CjX2NSparjfk19
-----END CERTIFICATE-----