Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ef9498-44f4-4ffd-844f-5c830fe4bad0/1/Fy7cWCtKj8YOkoMfbsk_GmQ-omQ.roa
File:                     Fy7cWCtKj8YOkoMfbsk_GmQ-omQ.roa (raw, json)
Hash identifier:          0XxmheMLs4H1o+dU+r7DMDKeGIGjTSyHgDTmVKVd4wM=
Subject key identifier:   17:2E:DC:58:2B:4A:8F:C6:0E:92:83:1F:6E:C9:3F:1A:64:3E:A2:64
Certificate issuer:       /CN=37ca50022828d901bf42b2798f7844104b05404d
Certificate serial:       018CC4939407432FCC7683886C8FF55BDEF8
Authority key identifier: 37:CA:50:02:28:28:D9:01:BF:42:B2:79:8F:78:44:10:4B:05:40:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N8pQAigo2QG_QrJ5j3hEEEsFQE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ef9498-44f4-4ffd-844f-5c830fe4bad0/1/Fy7cWCtKj8YOkoMfbsk_GmQ-omQ.roa
Signing time:             Mon 01 Jan 2024 10:30:55 +0000
ROA not before:           Mon 01 Jan 2024 10:30:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42677
IP address blocks:        195.248.232.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ef9498-44f4-4ffd-844f-5c830fe4bad0/1/N8pQAigo2QG_QrJ5j3hEEEsFQE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ef9498-44f4-4ffd-844f-5c830fe4bad0/1/N8pQAigo2QG_QrJ5j3hEEEsFQE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N8pQAigo2QG_QrJ5j3hEEEsFQE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:94:07:43:2f:cc:76:83:88:6c:8f:f5:5b:de:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37ca50022828d901bf42b2798f7844104b05404d
        Validity
            Not Before: Jan  1 10:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=172edc582b4a8fc60e92831f6ec93f1a643ea264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:32:17:2f:51:8b:2b:a2:ca:65:8f:b2:3a:5c:
                    ae:18:7a:1e:7d:df:a1:8e:f0:3b:a1:82:15:2a:31:
                    d0:d4:16:11:99:47:da:3f:e7:0f:77:aa:48:c4:24:
                    c4:92:e9:02:6d:50:5d:97:de:ea:4d:43:f7:3b:8f:
                    01:2e:ab:a0:77:25:58:10:b9:50:d8:79:7a:87:cc:
                    86:af:33:a0:61:58:c1:aa:0f:ad:e4:13:4e:de:36:
                    4d:5e:4a:ed:99:8c:d7:4c:f6:8c:ad:d9:e2:17:fd:
                    8c:26:c1:dd:ef:13:6b:77:4b:38:06:e1:fd:fc:b3:
                    69:29:ad:3f:35:72:4c:62:30:12:89:1a:ba:19:85:
                    cc:d6:4a:79:a6:85:e6:5a:41:77:d3:98:28:cd:ba:
                    31:63:29:0a:57:9a:9a:6e:e4:29:a5:f5:1e:7a:08:
                    22:f7:5b:b4:5f:42:ce:15:00:10:19:6f:3a:cd:14:
                    f6:1e:6e:c2:5e:4a:fa:07:c8:29:c5:54:6f:16:e3:
                    cc:3d:a9:0b:2d:a8:e9:64:85:83:59:00:e8:1b:fd:
                    6d:5a:b9:4a:a8:ae:5d:40:38:bf:72:0d:5d:88:88:
                    72:e5:ac:c4:06:63:42:37:0d:4e:cb:26:76:15:d2:
                    24:a0:0e:e9:d9:a8:bd:d6:d3:3d:93:a0:bd:a7:56:
                    61:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:2E:DC:58:2B:4A:8F:C6:0E:92:83:1F:6E:C9:3F:1A:64:3E:A2:64
            X509v3 Authority Key Identifier:
                keyid:37:CA:50:02:28:28:D9:01:BF:42:B2:79:8F:78:44:10:4B:05:40:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N8pQAigo2QG_QrJ5j3hEEEsFQE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ef9498-44f4-4ffd-844f-5c830fe4bad0/1/Fy7cWCtKj8YOkoMfbsk_GmQ-omQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ef9498-44f4-4ffd-844f-5c830fe4bad0/1/N8pQAigo2QG_QrJ5j3hEEEsFQE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.248.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:ff:8a:b8:0b:7a:27:82:0b:30:3a:bc:b2:33:64:10:08:af:
         05:27:4e:fa:47:05:c7:0d:33:58:bf:b6:ed:70:b9:e9:60:fa:
         a6:19:e6:f7:a1:0b:4d:75:97:13:00:96:81:c7:dd:19:9f:63:
         96:ec:27:4b:c4:53:96:a9:ad:d4:5f:ea:3b:74:81:c9:1f:1c:
         9e:1d:03:cd:00:a9:91:2f:10:6f:62:a3:b3:80:0e:f7:79:0f:
         70:2c:4b:9b:3e:20:56:cc:5c:ec:f4:8c:84:c2:5a:a6:12:4c:
         be:56:7d:fc:9e:a7:7e:44:bb:93:fb:8a:63:56:b3:4b:45:88:
         7b:9c:f4:7c:5b:9a:dc:c5:fc:d6:cd:b7:aa:94:67:be:cc:63:
         07:a2:16:9b:6d:c8:07:b9:56:c1:33:77:e1:4b:48:da:a0:c8:
         57:4a:35:e9:9c:98:7d:30:b2:1b:66:24:da:f2:75:c8:6d:71:
         01:6f:05:c7:65:24:53:c8:58:5b:fb:4a:97:fe:01:a1:ce:bb:
         c8:bb:5b:40:9c:fc:0f:d9:e4:7b:57:ec:af:09:cb:9a:47:fa:
         6f:c3:26:f6:a7:0f:f9:f4:4f:d2:79:c4:cb:70:85:32:a2:ac:
         92:f3:94:39:85:19:f2:62:e8:61:a5:24:c9:a0:dc:e3:40:98:
         a2:e8:5c:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5QHQy/MdoOIbI/1W974MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3Y2E1MDAyMjgyOGQ5MDFiZjQyYjI3OThmNzg0NDEwNGIw
NTQwNGQwHhcNMjQwMTAxMTAzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzJlZGM1ODJiNGE4ZmM2MGU5MjgzMWY2ZWM5M2YxYTY0M2VhMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDIXL1GLK6LKZY+yOlyuGHoefd+h
jvA7oYIVKjHQ1BYRmUfaP+cPd6pIxCTEkukCbVBdl97qTUP3O48BLqugdyVYELlQ
2Hl6h8yGrzOgYVjBqg+t5BNO3jZNXkrtmYzXTPaMrdniF/2MJsHd7xNrd0s4BuH9
/LNpKa0/NXJMYjASiRq6GYXM1kp5poXmWkF305gozboxYykKV5qabuQppfUeeggi
91u0X0LOFQAQGW86zRT2Hm7CXkr6B8gpxVRvFuPMPakLLajpZIWDWQDoG/1tWrlK
qK5dQDi/cg1diIhy5azEBmNCNw1OyyZ2FdIkoA7p2ai91tM9k6C9p1ZhgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcu3FgrSo/GDpKDH27JPxpkPqJkMB8GA1UdIwQY
MBaAFDfKUAIoKNkBv0KyeY94RBBLBUBNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjhwUUFpZ28yUUdfUXJKNWozaEVFRXNGUUUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9lZjk0OTgtNDRmNC00ZmZkLTg0NGYt
NWM4MzBmZTRiYWQwLzEvRnk3Y1dDdEtqOFlPa29NZmJza19HbVEtb21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9lZjk0OTgtNDRmNC00ZmZkLTg0NGYtNWM4MzBmZTRiYWQw
LzEvTjhwUUFpZ28yUUdfUXJKNWozaEVFRXNGUUUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw/joMA0G
CSqGSIb3DQEBCwUAA4IBAQAM/4q4C3onggswOryyM2QQCK8FJ076RwXHDTNYv7bt
cLnpYPqmGeb3oQtNdZcTAJaBx90Zn2OW7CdLxFOWqa3UX+o7dIHJHxyeHQPNAKmR
LxBvYqOzgA73eQ9wLEubPiBWzFzs9IyEwlqmEky+Vn38nqd+RLuT+4pjVrNLRYh7
nPR8W5rcxfzWzbeqlGe+zGMHohabbcgHuVbBM3fhS0jaoMhXSjXpnJh9MLIbZiTa
8nXIbXEBbwXHZSRTyFhb+0qX/gGhzrvIu1tAnPwP2eR7V+yvCcuaR/pvwyb2pw/5
9E/SecTLcIUyoqyS85Q5hRnyYuhhpSTJoNzjQJii6FzQ
-----END CERTIFICATE-----