Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/vyq7frrOZ18P3bS0LsRzkLQVayM.roa
File:                     vyq7frrOZ18P3bS0LsRzkLQVayM.roa (raw, json)
Hash identifier:          ahnDTdH2Zi2KbYKjlRjjF3km1v/4SmSVHP2tW2n0dn0=
Subject key identifier:   BF:2A:BB:7E:BA:CE:67:5F:0F:DD:B4:B4:2E:C4:73:90:B4:15:6B:23
Certificate issuer:       /CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
Certificate serial:       019427B628B655E4623593900C94E086759D
Authority key identifier: 13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/vyq7frrOZ18P3bS0LsRzkLQVayM.roa
Signing time:             Thu 02 Jan 2025 15:50:36 +0000
ROA not before:           Thu 02 Jan 2025 15:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        37.75.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:28:b6:55:e4:62:35:93:90:0c:94:e0:86:75:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13f8496b79d1c04d082af83f1be6a5eab0c66089
        Validity
            Not Before: Jan  2 15:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf2abb7ebace675f0fddb4b42ec47390b4156b23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:9b:00:fd:fa:1e:e6:0a:f0:32:28:ba:63:2f:
                    b6:db:ab:56:23:c6:8e:76:76:94:87:55:6a:1a:e4:
                    e0:14:d1:0d:67:5b:1e:c6:95:fa:e7:b9:d8:07:0d:
                    1f:a1:e8:d4:fa:f3:08:77:01:cc:5a:ce:30:fa:62:
                    67:d2:ff:96:35:9a:a7:a6:02:42:58:68:78:1d:10:
                    f8:fc:f9:66:d6:9e:38:46:46:8d:ac:a5:39:05:ff:
                    51:52:88:ad:1f:d2:7f:03:28:4e:d3:03:10:e1:51:
                    f3:d6:78:44:53:d8:1a:f1:36:9b:b8:8f:72:d5:69:
                    db:9d:65:74:a8:7a:b8:cb:ba:76:37:a7:9f:78:13:
                    b6:0b:4c:27:16:e4:3d:51:fb:a7:59:39:75:c8:1a:
                    33:3f:5c:a4:15:82:21:65:49:72:aa:42:41:ad:d1:
                    18:6e:45:6f:db:e3:d3:e1:24:35:05:46:5d:1a:bc:
                    08:01:9f:21:ad:c0:cd:12:c2:ee:1d:de:b7:e4:24:
                    73:ba:b6:f3:17:41:ab:ef:a0:f3:ee:09:ba:0e:96:
                    8b:2f:49:e9:0a:c4:ca:f6:a2:dd:9a:b7:10:64:f8:
                    f0:05:fb:ee:17:dd:ad:a8:8d:e6:fd:48:38:86:f6:
                    09:ac:b6:98:af:a7:41:cf:c3:5b:e0:ec:df:60:85:
                    ed:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:2A:BB:7E:BA:CE:67:5F:0F:DD:B4:B4:2E:C4:73:90:B4:15:6B:23
            X509v3 Authority Key Identifier:
                keyid:13:F8:49:6B:79:D1:C0:4D:08:2A:F8:3F:1B:E6:A5:EA:B0:C6:60:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E_hJa3nRwE0IKvg_G-al6rDGYIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/vyq7frrOZ18P3bS0LsRzkLQVayM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/eeb26f-6790-42ce-8ccc-54a25e2cdaa9/1/E_hJa3nRwE0IKvg_G-al6rDGYIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.75.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b5:fe:61:97:34:90:a5:d1:65:59:a7:31:02:9e:46:0b:c4:
         1b:7b:11:e7:14:d2:be:9b:cc:82:42:88:f7:95:aa:5c:0b:85:
         aa:3c:9f:51:95:a0:c4:2b:88:df:13:c2:4e:76:1b:a0:6b:7f:
         92:2a:6d:0f:25:1e:27:ec:e3:1a:3d:a5:74:16:52:ba:82:ee:
         44:df:c3:8d:4b:c6:bb:75:40:df:cd:fe:f1:20:3f:a1:35:4e:
         2a:88:ef:26:0d:31:be:92:9f:91:17:91:36:9d:83:c4:b7:20:
         a3:d0:eb:a2:cd:63:0a:31:6c:9b:0e:64:3e:94:f8:9c:7d:34:
         31:5f:59:0d:ad:2d:3d:d6:8a:48:8c:e4:f2:d8:b5:d0:ed:e7:
         6a:e5:03:f3:00:ec:5a:bd:ec:6d:bf:0c:45:a6:de:c3:2b:07:
         6e:4d:11:0e:63:46:46:99:c1:f0:a2:a2:6e:07:2a:b9:19:f0:
         c0:05:59:4b:93:1a:1b:cb:86:69:c2:84:d0:24:f1:fb:5a:fb:
         19:f6:02:4a:d3:7d:1a:cf:38:f7:7f:c2:69:4d:ae:6f:6f:af:
         ff:50:b5:91:a2:cf:d6:f3:b2:e9:98:c2:f7:cb:91:8b:d9:81:
         e2:37:27:76:0a:0b:e9:e1:d1:06:72:25:13:b2:5a:c5:72:a6:
         a0:46:42:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntii2VeRiNZOQDJTghnWdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZjg0OTZiNzlkMWMwNGQwODJhZjgzZjFiZTZhNWVhYjBj
NjYwODkwHhcNMjUwMTAyMTU1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjJhYmI3ZWJhY2U2NzVmMGZkZGI0YjQyZWM0NzM5MGI0MTU2YjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ZsA/foe5grwMii6Yy+226tWI8aO
dnaUh1VqGuTgFNENZ1sexpX657nYBw0foejU+vMIdwHMWs4w+mJn0v+WNZqnpgJC
WGh4HRD4/Plm1p44RkaNrKU5Bf9RUoitH9J/AyhO0wMQ4VHz1nhEU9ga8TabuI9y
1WnbnWV0qHq4y7p2N6efeBO2C0wnFuQ9UfunWTl1yBozP1ykFYIhZUlyqkJBrdEY
bkVv2+PT4SQ1BUZdGrwIAZ8hrcDNEsLuHd635CRzurbzF0Gr76Dz7gm6DpaLL0np
CsTK9qLdmrcQZPjwBfvuF92tqI3m/Ug4hvYJrLaYr6dBz8Nb4OzfYIXtewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8qu366zmdfD920tC7Ec5C0FWsjMB8GA1UdIwQY
MBaAFBP4SWt50cBNCCr4PxvmpeqwxmCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2Mt
NTRhMjVlMmNkYWE5LzEvdnlxN2Zyck9aMThQM2JTMExzUnprTFFWYXlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9lZWIyNmYtNjc5MC00MmNlLThjY2MtNTRhMjVlMmNkYWE5
LzEvRV9oSmEzblJ3RTBJS3ZnX0ctYWw2ckRHWUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJUvtMA0G
CSqGSIb3DQEBCwUAA4IBAQCFtf5hlzSQpdFlWacxAp5GC8QbexHnFNK+m8yCQoj3
lapcC4WqPJ9RlaDEK4jfE8JOdhuga3+SKm0PJR4n7OMaPaV0FlK6gu5E38ONS8a7
dUDfzf7xID+hNU4qiO8mDTG+kp+RF5E2nYPEtyCj0OuizWMKMWybDmQ+lPicfTQx
X1kNrS091opIjOTy2LXQ7edq5QPzAOxavextvwxFpt7DKwduTREOY0ZGmcHwoqJu
Byq5GfDABVlLkxoby4ZpwoTQJPH7WvsZ9gJK030azzj3f8JpTa5vb6//ULWRos/W
87LpmML3y5GL2YHiNyd2Cgvp4dEGciUTslrFcqagRkJD
-----END CERTIFICATE-----