Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2472a9-ff66-4dcf-ac82-30e540d5d3a7/1/IJceaMVA9DeypT82zYAHcTPcaKY.roa
File:                     IJceaMVA9DeypT82zYAHcTPcaKY.roa (raw, json)
Hash identifier:          fKsEW3AeOcfRLhduOXtE+cPvnM4G9kg8N7vHIbOWxrk=
Subject key identifier:   20:97:1E:68:C5:40:F4:37:B2:A5:3F:36:CD:80:07:71:33:DC:68:A6
Certificate issuer:       /CN=1b7e7bdc8e15ba6b2e6d09552476bb1b55b159c3
Certificate serial:       018CC50024D0F451831F961B12E578A6D3BF
Authority key identifier: 1B:7E:7B:DC:8E:15:BA:6B:2E:6D:09:55:24:76:BB:1B:55:B1:59:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G3573I4VumsubQlVJHa7G1WxWcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2472a9-ff66-4dcf-ac82-30e540d5d3a7/1/IJceaMVA9DeypT82zYAHcTPcaKY.roa
Signing time:             Mon 01 Jan 2024 12:29:30 +0000
ROA not before:           Mon 01 Jan 2024 12:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210863
IP address blocks:        37.16.72.0/24 maxlen: 24
                          2a11:5d00::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2472a9-ff66-4dcf-ac82-30e540d5d3a7/1/G3573I4VumsubQlVJHa7G1WxWcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2472a9-ff66-4dcf-ac82-30e540d5d3a7/1/G3573I4VumsubQlVJHa7G1WxWcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G3573I4VumsubQlVJHa7G1WxWcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:24:d0:f4:51:83:1f:96:1b:12:e5:78:a6:d3:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b7e7bdc8e15ba6b2e6d09552476bb1b55b159c3
        Validity
            Not Before: Jan  1 12:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20971e68c540f437b2a53f36cd80077133dc68a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f4:68:d7:b1:12:f5:55:12:48:ea:9b:d4:eb:
                    1b:b0:e4:62:37:43:c9:c0:47:88:16:50:28:1c:85:
                    46:98:13:a6:04:0b:e9:09:d8:eb:c2:91:f5:21:79:
                    82:47:07:4a:e3:1c:b2:e6:40:85:62:97:64:e2:02:
                    1d:2f:69:2d:03:a0:c6:0c:7c:86:00:7f:0e:e6:3d:
                    b3:cf:c1:a4:be:47:b1:77:cc:29:ef:9f:90:30:d4:
                    f9:6e:9b:1a:df:37:96:e7:9d:9b:6d:61:56:e2:ed:
                    04:1d:4b:e5:35:33:dd:0d:2f:26:80:5a:51:63:df:
                    75:fb:a5:44:03:55:51:18:e3:d4:f8:0c:9f:fe:86:
                    3a:80:bc:34:7a:66:b1:35:96:7b:c7:18:40:ae:84:
                    1f:b4:d2:5e:72:10:36:0d:e4:ad:64:39:b2:63:fc:
                    39:fe:a2:f7:0b:77:02:ff:52:27:81:7c:b7:ef:94:
                    f2:cb:98:c8:9f:19:82:10:52:0e:57:0a:22:17:12:
                    2b:ff:5d:62:2a:ac:fd:23:6b:d4:c6:fc:ca:6c:38:
                    b7:fa:27:88:5a:5d:b4:b2:15:4e:e1:d6:51:8c:b7:
                    57:7e:29:8a:5c:f7:8f:0b:c3:18:b0:bf:b0:6e:07:
                    fb:d9:cc:58:2f:69:2e:18:d6:50:52:a8:12:42:9c:
                    6e:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:97:1E:68:C5:40:F4:37:B2:A5:3F:36:CD:80:07:71:33:DC:68:A6
            X509v3 Authority Key Identifier:
                keyid:1B:7E:7B:DC:8E:15:BA:6B:2E:6D:09:55:24:76:BB:1B:55:B1:59:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G3573I4VumsubQlVJHa7G1WxWcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2472a9-ff66-4dcf-ac82-30e540d5d3a7/1/IJceaMVA9DeypT82zYAHcTPcaKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2472a9-ff66-4dcf-ac82-30e540d5d3a7/1/G3573I4VumsubQlVJHa7G1WxWcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.72.0/24
                IPv6:
                  2a11:5d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:cc:5c:fa:a3:2a:8c:64:1c:13:90:01:35:8e:09:6a:a6:b6:
         f0:be:cf:20:0f:43:b9:56:7f:cb:12:8e:10:0a:84:ea:12:df:
         70:18:f3:e5:4f:48:ca:24:4c:2f:b8:b9:18:7a:e5:a7:db:54:
         ca:cd:4c:24:3f:0d:e4:1c:4f:60:bb:b1:03:92:48:9e:3c:9d:
         87:39:fb:fe:fa:bd:78:0a:55:0c:d2:be:9c:1a:12:9b:e1:23:
         18:e5:30:62:ba:3f:35:4f:e5:a6:5f:4d:2b:c6:11:f8:65:05:
         c4:ac:f7:61:b3:b0:04:9c:be:ff:e5:54:57:0c:11:0e:83:9a:
         3c:b3:6d:9f:22:3a:1b:6f:ee:89:24:37:bc:e5:9f:55:71:fe:
         ab:ab:80:80:9d:03:34:02:d0:ea:b0:80:5e:80:8a:20:2d:f3:
         b1:9f:d8:ec:b2:94:ea:bb:30:c6:ab:68:fb:d2:63:07:73:25:
         9b:09:15:87:4a:58:e0:68:7e:64:44:2d:5f:8d:40:37:ed:00:
         57:28:c1:52:73:3e:a2:fe:c5:dd:7a:0f:9a:ae:b7:b6:43:22:
         cf:43:3c:8b:a5:00:00:bd:99:ee:91:65:1e:5d:ec:fc:10:7b:
         3b:bc:4c:80:7f:76:d2:fb:36:3e:6a:cf:6f:8a:0b:57:38:80:
         19:56:26:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFACTQ9FGDH5YbEuV4ptO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiN2U3YmRjOGUxNWJhNmIyZTZkMDk1NTI0NzZiYjFiNTVi
MTU5YzMwHhcNMjQwMTAxMTIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDk3MWU2OGM1NDBmNDM3YjJhNTNmMzZjZDgwMDc3MTMzZGM2OGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfRo17ES9VUSSOqb1OsbsORiN0PJ
wEeIFlAoHIVGmBOmBAvpCdjrwpH1IXmCRwdK4xyy5kCFYpdk4gIdL2ktA6DGDHyG
AH8O5j2zz8Gkvkexd8wp75+QMNT5bpsa3zeW552bbWFW4u0EHUvlNTPdDS8mgFpR
Y991+6VEA1VRGOPU+Ayf/oY6gLw0emaxNZZ7xxhAroQftNJechA2DeStZDmyY/w5
/qL3C3cC/1IngXy375Tyy5jInxmCEFIOVwoiFxIr/11iKqz9I2vUxvzKbDi3+ieI
Wl20shVO4dZRjLdXfimKXPePC8MYsL+wbgf72cxYL2kuGNZQUqgSQpxuPQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCCXHmjFQPQ3sqU/Ns2AB3Ez3GimMB8GA1UdIwQY
MBaAFBt+e9yOFbprLm0JVSR2uxtVsVnDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzM1NzNJNFZ1bXN1YlFsVkpIYTdHMVd4V2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNDcyYTktZmY2Ni00ZGNmLWFjODIt
MzBlNTQwZDVkM2E3LzEvSUpjZWFNVkE5RGV5cFQ4MnpZQUhjVFBjYUtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNDcyYTktZmY2Ni00ZGNmLWFjODItMzBlNTQwZDVkM2E3
LzEvRzM1NzNJNFZ1bXN1YlFsVkpIYTdHMVd4V2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJRBIMA0E
AgACMAcDBQMqEV0AMA0GCSqGSIb3DQEBCwUAA4IBAQCrzFz6oyqMZBwTkAE1jglq
prbwvs8gD0O5Vn/LEo4QCoTqEt9wGPPlT0jKJEwvuLkYeuWn21TKzUwkPw3kHE9g
u7EDkkiePJ2HOfv++r14ClUM0r6cGhKb4SMY5TBiuj81T+WmX00rxhH4ZQXErPdh
s7AEnL7/5VRXDBEOg5o8s22fIjobb+6JJDe85Z9Vcf6rq4CAnQM0AtDqsIBegIog
LfOxn9jsspTquzDGq2j70mMHcyWbCRWHSljgaH5kRC1fjUA37QBXKMFScz6i/sXd
eg+arre2QyLPQzyLpQAAvZnukWUeXez8EHs7vEyAf3bS+zY+as9vigtXOIAZViZx
-----END CERTIFICATE-----