Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/gQaK7lpj99W69JJrIV1kSDGfCKE.roa
File:                     gQaK7lpj99W69JJrIV1kSDGfCKE.roa (raw, json)
Hash identifier:          Zy264naZE568O5Bbz2mJFu3blUXB5SIF0ow5vVtmWJI=
Subject key identifier:   81:06:8A:EE:5A:63:F7:D5:BA:F4:92:6B:21:5D:64:48:31:9F:08:A1
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EC46E17C674C81EA1A307BC400CAD5209
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/gQaK7lpj99W69JJrIV1kSDGfCKE.roa
Signing time:             Tue 09 Apr 2024 19:55:33 +0000
ROA not before:           Tue 09 Apr 2024 19:55:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198705
IP address blocks:        37.72.143.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:6e:17:c6:74:c8:1e:a1:a3:07:bc:40:0c:ad:52:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  9 19:55:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81068aee5a63f7d5baf4926b215d6448319f08a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e7:54:e7:63:ff:8e:57:c0:f8:91:4c:cd:cb:
                    9b:21:ef:55:25:46:12:19:69:7f:14:47:fd:46:77:
                    08:3d:01:d3:78:e0:03:b2:99:b4:12:e4:70:ec:57:
                    96:6f:c7:ff:30:16:90:1a:f2:35:75:92:72:4f:a2:
                    ba:2f:20:76:7a:7a:95:d8:31:4d:a5:b6:f2:ff:1f:
                    fb:42:73:dd:89:d7:bb:2e:f1:1a:6a:35:c8:79:21:
                    1d:85:58:6e:7c:58:65:ba:83:95:26:f4:4d:48:28:
                    f8:ad:63:c8:d5:15:ea:d1:ac:51:e7:bd:26:f4:19:
                    77:df:94:c3:a1:16:d9:31:c8:60:ef:d9:4d:8e:cd:
                    ef:cd:67:4c:fa:bf:1d:fa:fa:ea:cc:4c:f0:6d:dd:
                    57:ff:28:16:48:67:22:df:c4:b8:48:1e:b7:00:11:
                    1c:2b:83:96:ba:fe:66:c4:76:b6:cc:fd:61:5c:19:
                    3a:40:a6:be:d9:a0:10:c6:f2:6d:3c:37:fe:ae:9b:
                    12:3c:8e:44:d4:29:ec:29:bb:e1:31:e3:7e:3f:5b:
                    8a:ae:44:2e:45:7b:3e:27:21:fd:38:28:09:4c:9c:
                    ae:96:e7:b4:0d:4c:22:1b:b1:31:a1:01:5b:1a:1f:
                    ef:69:0e:da:1a:a5:25:5b:1c:41:16:41:69:9b:dc:
                    7e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:06:8A:EE:5A:63:F7:D5:BA:F4:92:6B:21:5D:64:48:31:9F:08:A1
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/gQaK7lpj99W69JJrIV1kSDGfCKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:23:4c:e8:0a:67:3c:fb:a1:96:9a:bd:2e:27:bf:46:97:fa:
         b4:fe:a7:cb:68:35:85:90:c3:f1:6a:b5:c1:a2:37:88:fd:b3:
         ec:7b:5f:cb:ad:37:82:b2:ff:5c:c2:8d:77:f8:d9:be:dc:4a:
         47:ff:a8:00:89:d3:6a:72:c3:44:9d:0e:79:e8:ab:7b:bc:f9:
         7f:ab:c6:45:26:ae:41:fe:9c:cf:ed:c3:61:48:c1:6f:72:38:
         40:63:7e:9b:e7:62:07:c2:b8:f5:13:db:56:03:df:d8:20:07:
         e9:79:c2:a0:6a:f0:84:0e:1c:bb:92:e8:18:5d:04:ca:e1:13:
         e9:2f:7d:f5:45:c4:92:21:2a:9d:4a:1e:e7:4b:a2:d1:9b:c7:
         7e:c2:97:5d:31:2d:62:0f:23:f7:d7:4b:33:5e:da:7f:d8:53:
         c9:2a:fd:64:da:d0:89:7a:fe:fa:d7:5a:c7:b9:11:98:c8:5f:
         ad:60:c2:39:78:13:4d:32:01:5b:e2:8f:7f:12:5c:56:89:39:
         a1:a6:a0:9c:26:fd:bc:12:a2:0d:e7:a6:d4:98:ab:69:ec:42:
         02:bf:e2:c8:fe:1b:72:29:11:4b:3f:e6:44:2c:2d:6b:31:a6:
         da:99:cc:fe:b4:c2:6e:2a:9b:b4:2a:1d:27:ad:66:70:36:a3:
         71:77:93:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7EbhfGdMgeoaMHvEAMrVIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDA5MTk1NTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTA2OGFlZTVhNjNmN2Q1YmFmNDkyNmIyMTVkNjQ0ODMxOWYwOGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoedU52P/jlfA+JFMzcubIe9VJUYS
GWl/FEf9RncIPQHTeOADspm0EuRw7FeWb8f/MBaQGvI1dZJyT6K6LyB2enqV2DFN
pbby/x/7QnPdide7LvEaajXIeSEdhVhufFhluoOVJvRNSCj4rWPI1RXq0axR570m
9Bl335TDoRbZMchg79lNjs3vzWdM+r8d+vrqzEzwbd1X/ygWSGci38S4SB63ABEc
K4OWuv5mxHa2zP1hXBk6QKa+2aAQxvJtPDf+rpsSPI5E1CnsKbvhMeN+P1uKrkQu
RXs+JyH9OCgJTJyulue0DUwiG7ExoQFbGh/vaQ7aGqUlWxxBFkFpm9x+uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEGiu5aY/fVuvSSayFdZEgxnwihMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvZ1FhSzdscGo5OVc2OUpKcklWMWtTREdmQ0tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJUiPMA0G
CSqGSIb3DQEBCwUAA4IBAQBuI0zoCmc8+6GWmr0uJ79Gl/q0/qfLaDWFkMPxarXB
ojeI/bPse1/LrTeCsv9cwo13+Nm+3EpH/6gAidNqcsNEnQ556Kt7vPl/q8ZFJq5B
/pzP7cNhSMFvcjhAY36b52IHwrj1E9tWA9/YIAfpecKgavCEDhy7kugYXQTK4RPp
L331RcSSISqdSh7nS6LRm8d+wpddMS1iDyP310szXtp/2FPJKv1k2tCJev7611rH
uRGYyF+tYMI5eBNNMgFb4o9/ElxWiTmhpqCcJv28EqIN56bUmKtp7EICv+LI/hty
KRFLP+ZELC1rMabamcz+tMJuKpu0Kh0nrWZwNqNxd5N6
-----END CERTIFICATE-----