Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/SGQ_dQP4q4E_0a7HK4STGF2zsjg.roa
File:                     SGQ_dQP4q4E_0a7HK4STGF2zsjg.roa (raw, json)
Hash identifier:          8IpIukYkISbZusPEV4PYS+sTsicJHGyceiHlwXmSWoQ=
Subject key identifier:   48:64:3F:75:03:F8:AB:81:3F:D1:AE:C7:2B:84:93:18:5D:B3:B2:38
Certificate issuer:       /CN=380b283a0513940d520a680b8b3d14dbc367770d
Certificate serial:       018FBF8DA6FE4A4715997DBCD00E02E35B2D
Authority key identifier: 38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/SGQ_dQP4q4E_0a7HK4STGF2zsjg.roa
Signing time:             Tue 28 May 2024 14:14:42 +0000
ROA not before:           Tue 28 May 2024 14:14:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206804
IP address blocks:        37.77.56.0/24 maxlen: 24
                          37.77.60.0/24 maxlen: 24
                          37.77.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:bf:8d:a6:fe:4a:47:15:99:7d:bc:d0:0e:02:e3:5b:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=380b283a0513940d520a680b8b3d14dbc367770d
        Validity
            Not Before: May 28 14:14:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48643f7503f8ab813fd1aec72b8493185db3b238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:ba:0b:de:0f:51:99:c6:6b:e0:5f:2e:65:03:
                    bf:fa:c4:db:c6:77:c9:a6:46:85:40:ce:ae:37:b5:
                    92:51:d8:5f:e6:9e:65:9e:ed:ac:23:0f:8d:dc:7a:
                    0a:5d:bf:45:2b:03:ab:03:6a:ee:a7:1e:bc:37:54:
                    f9:af:70:29:58:9c:d4:db:09:ad:b3:06:1d:46:fc:
                    71:6d:57:40:db:68:fc:fb:57:06:02:49:13:5b:77:
                    70:37:ba:e7:f1:c5:1c:6a:67:24:ed:bb:41:fa:78:
                    d5:07:2c:b5:fc:5a:3c:e2:4d:ba:9c:04:4f:a7:f8:
                    47:f3:57:55:84:89:3b:be:b1:4f:2f:40:ce:9e:ea:
                    77:de:29:7a:29:4e:dc:2f:c8:64:5e:10:db:3f:f7:
                    71:cf:5f:8b:fa:7d:ad:07:91:65:e7:50:a7:df:a4:
                    5e:bb:23:d0:8e:96:d5:ee:32:21:a8:b3:b7:89:49:
                    8c:df:9f:96:8c:93:d6:65:70:39:8c:07:43:05:88:
                    36:88:76:f5:59:91:50:5f:83:5b:46:9d:b5:57:67:
                    39:7d:1f:a9:95:67:76:07:ab:09:f2:7a:26:22:f6:
                    64:2f:3e:ae:38:67:c8:7d:59:69:72:50:b8:45:0e:
                    90:fa:84:97:0b:ee:79:0d:08:1d:e0:bb:b5:41:57:
                    f1:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:64:3F:75:03:F8:AB:81:3F:D1:AE:C7:2B:84:93:18:5D:B3:B2:38
            X509v3 Authority Key Identifier:
                keyid:38:0B:28:3A:05:13:94:0D:52:0A:68:0B:8B:3D:14:DB:C3:67:77:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OAsoOgUTlA1SCmgLiz0U28Nndw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/SGQ_dQP4q4E_0a7HK4STGF2zsjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c08e1e-f5bd-4a1a-8aba-ccf6454bb24c/1/OAsoOgUTlA1SCmgLiz0U28Nndw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.56.0/24
                  37.77.60.0/24
                  37.77.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d2:d3:90:b0:2c:38:fd:43:90:ca:da:91:8f:88:a2:19:5e:
         18:40:c4:34:88:af:4e:40:de:48:3b:9b:29:6c:f5:b8:9f:e3:
         11:fe:7f:21:ae:1b:bb:1e:a1:95:97:71:b6:12:1f:ec:7a:ae:
         ec:21:59:ae:ae:8e:ba:18:be:0b:ec:a7:23:a7:c9:50:f6:d7:
         0b:1d:33:49:4e:ab:90:fd:db:a2:d9:b9:21:e5:8d:97:38:9e:
         80:f1:5d:bf:ec:3e:83:05:1e:08:48:af:ba:78:07:86:c1:9c:
         5e:a0:0e:1b:64:ba:21:36:58:35:57:d7:28:eb:8f:b5:08:5b:
         02:c4:80:49:83:ab:b7:7a:44:c0:fa:27:65:b2:62:c3:69:86:
         d7:e4:87:b4:b5:9c:cd:e1:44:8f:2d:56:7b:7d:b4:3f:5a:4f:
         de:d3:76:95:9c:b9:24:f0:2a:7b:c5:c1:d6:41:2b:e4:87:b0:
         29:57:4e:7f:79:ad:5a:b5:b2:5e:e4:3f:ba:88:8c:35:61:15:
         a9:1f:94:28:72:37:a2:61:6b:9b:de:52:34:d1:52:30:d4:db:
         e7:8d:b5:7c:21:ee:a0:32:a0:fe:13:61:e5:40:f6:74:94:61:
         4f:aa:1d:20:97:5d:71:d4:f3:f2:96:07:84:86:51:2d:ab:ad:
         8b:8a:36:9c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY+/jab+SkcVmX280A4C41stMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MGIyODNhMDUxMzk0MGQ1MjBhNjgwYjhiM2QxNGRiYzM2
Nzc3MGQwHhcNMjQwNTI4MTQxNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODY0M2Y3NTAzZjhhYjgxM2ZkMWFlYzcyYjg0OTMxODVkYjNiMjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6LoL3g9RmcZr4F8uZQO/+sTbxnfJ
pkaFQM6uN7WSUdhf5p5lnu2sIw+N3HoKXb9FKwOrA2rupx68N1T5r3ApWJzU2wmt
swYdRvxxbVdA22j8+1cGAkkTW3dwN7rn8cUcamck7btB+njVByy1/Fo84k26nARP
p/hH81dVhIk7vrFPL0DOnup33il6KU7cL8hkXhDbP/dxz1+L+n2tB5Fl51Cn36Re
uyPQjpbV7jIhqLO3iUmM35+WjJPWZXA5jAdDBYg2iHb1WZFQX4NbRp21V2c5fR+p
lWd2B6sJ8nomIvZkLz6uOGfIfVlpclC4RQ6Q+oSXC+55DQgd4Lu1QVfxrQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEhkP3UD+KuBP9GuxyuEkxhds7I4MB8GA1UdIwQY
MBaAFDgLKDoFE5QNUgpoC4s9FNvDZ3cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEt
Y2NmNjQ1NGJiMjRjLzEvU0dRX2RRUDRxNEVfMGE3SEs0U1RHRjJ6c2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMDhlMWUtZjViZC00YTFhLThhYmEtY2NmNjQ1NGJiMjRj
LzEvT0Fzb09nVVRsQTFTQ21nTGl6MFUyOE5uZHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJU04AwQA
JU08AwQAJU0+MA0GCSqGSIb3DQEBCwUAA4IBAQBy0tOQsCw4/UOQytqRj4iiGV4Y
QMQ0iK9OQN5IO5spbPW4n+MR/n8hrhu7HqGVl3G2Eh/seq7sIVmuro66GL4L7Kcj
p8lQ9tcLHTNJTquQ/dui2bkh5Y2XOJ6A8V2/7D6DBR4ISK+6eAeGwZxeoA4bZLoh
Nlg1V9co64+1CFsCxIBJg6u3ekTA+idlsmLDaYbX5Ie0tZzN4USPLVZ7fbQ/Wk/e
03aVnLkk8Cp7xcHWQSvkh7ApV05/ea1atbJe5D+6iIw1YRWpH5QocjeiYWub3lI0
0VIw1NvnjbV8Ie6gMqD+E2HlQPZ0lGFPqh0gl11x1PPylgeEhlEtq62Lijac
-----END CERTIFICATE-----