Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/7-iFI50mAEw5qBJ7AvzxjMYJKjg.roa
File:                     7-iFI50mAEw5qBJ7AvzxjMYJKjg.roa (raw, json)
Hash identifier:          Pa2wS1T0yZf0k/x63z6dt+O88N/ZI9k0BZmzESORMIM=
Subject key identifier:   EF:E8:85:23:9D:26:00:4C:39:A8:12:7B:02:FC:F1:8C:C6:09:2A:38
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018CC4933BF7C62F44162EE3D1D92E14287E
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/7-iFI50mAEw5qBJ7AvzxjMYJKjg.roa
Signing time:             Mon 01 Jan 2024 10:30:32 +0000
ROA not before:           Mon 01 Jan 2024 10:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197715
IP address blocks:        37.153.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3b:f7:c6:2f:44:16:2e:e3:d1:d9:2e:14:28:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  1 10:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efe885239d26004c39a8127b02fcf18cc6092a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:ff:ee:64:60:23:bd:5c:b1:9b:74:c8:f4:bc:
                    ca:66:09:cb:a7:f9:72:da:e0:1e:97:0c:64:3d:d1:
                    00:04:da:3e:b8:25:4e:c4:f0:79:08:40:ec:0a:16:
                    f9:d4:36:f0:5f:60:d0:b1:e2:29:42:81:da:e4:8e:
                    d5:f5:ed:10:7c:4d:78:74:b4:76:c7:68:0d:0b:78:
                    96:c0:6a:43:c5:a9:7f:cc:54:90:27:4d:d5:54:3e:
                    66:e1:63:83:ef:63:34:7e:f5:e8:26:07:7e:95:12:
                    10:1f:4d:1c:fb:4d:95:d6:0e:cc:ef:06:f1:a9:db:
                    e8:0a:fe:b4:89:4c:6c:4b:ba:e1:f6:85:a0:01:6e:
                    60:9c:2b:6c:33:07:2f:e9:16:ed:26:cd:54:cc:13:
                    9c:1a:61:e9:31:fe:d5:f7:d8:66:d0:a5:59:73:07:
                    30:7e:a3:e3:3a:a1:d1:2a:6c:be:9a:cb:77:e9:49:
                    4c:9d:3b:af:bc:11:b8:6e:1a:6a:f3:a3:62:3e:bc:
                    c6:6c:46:fa:a1:aa:22:26:43:b3:6f:7d:40:05:04:
                    f4:e7:75:9a:c4:c4:16:df:fe:31:17:8b:31:de:22:
                    5d:58:0d:07:d6:b7:c6:d5:92:d5:2f:a5:95:e5:56:
                    9c:9b:00:cc:c5:22:ab:49:89:52:9f:34:e2:7f:6a:
                    c1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:E8:85:23:9D:26:00:4C:39:A8:12:7B:02:FC:F1:8C:C6:09:2A:38
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/7-iFI50mAEw5qBJ7AvzxjMYJKjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.153.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:aa:2d:fd:53:38:10:14:fd:1c:01:01:8a:35:ac:2f:45:99:
         64:69:51:0a:01:b6:1e:d3:7e:df:a7:95:e3:2a:e0:86:af:9a:
         fc:58:c7:54:0f:6e:91:13:bd:be:fa:61:10:53:93:b8:2c:cf:
         18:68:8c:b3:55:35:d0:43:48:bb:f0:93:27:2a:be:48:53:a6:
         5b:9d:7f:bf:0e:9b:99:04:5c:be:fc:72:6b:4a:2a:0b:82:5c:
         1f:81:e1:e3:da:4c:ce:01:2f:ba:dd:0f:82:be:49:08:f8:d4:
         7a:09:55:63:cd:1e:26:23:dd:18:61:7b:9b:5c:65:38:2b:ae:
         f1:9f:65:a6:71:5f:c8:b5:97:3d:ac:30:c2:6b:6a:b1:ee:19:
         30:50:b3:bd:ea:db:ac:65:4b:38:30:14:74:fe:02:76:eb:a4:
         34:25:ff:0d:d1:04:dc:3f:08:d7:c8:67:a9:a7:9f:4a:e4:da:
         1e:7f:a1:68:d7:b5:d8:dc:1b:c2:69:7f:ca:aa:27:cf:31:60:
         2d:3b:a8:e3:28:b7:23:f7:a2:56:9b:be:c7:74:a4:46:5e:b0:
         1e:87:83:5a:80:97:f3:38:c2:26:91:6f:45:9c:19:de:da:d0:
         99:2d:f6:f0:89:35:a2:d6:dc:17:38:5b:ce:22:d1:0c:32:75:
         4d:1c:35:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzv3xi9EFi7j0dkuFCh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMTAxMTAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmU4ODUyMzlkMjYwMDRjMzlhODEyN2IwMmZjZjE4Y2M2MDkyYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj//uZGAjvVyxm3TI9LzKZgnLp/ly
2uAelwxkPdEABNo+uCVOxPB5CEDsChb51DbwX2DQseIpQoHa5I7V9e0QfE14dLR2
x2gNC3iWwGpDxal/zFSQJ03VVD5m4WOD72M0fvXoJgd+lRIQH00c+02V1g7M7wbx
qdvoCv60iUxsS7rh9oWgAW5gnCtsMwcv6RbtJs1UzBOcGmHpMf7V99hm0KVZcwcw
fqPjOqHRKmy+mst36UlMnTuvvBG4bhpq86NiPrzGbEb6oaoiJkOzb31ABQT053Wa
xMQW3/4xF4sx3iJdWA0H1rfG1ZLVL6WV5VacmwDMxSKrSYlSnzTif2rBHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO/ohSOdJgBMOagSewL88YzGCSo4MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvNy1pRkk1MG1BRXc1cUJKN0F2enhqTVlKS2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZmeMA0G
CSqGSIb3DQEBCwUAA4IBAQCRqi39UzgQFP0cAQGKNawvRZlkaVEKAbYe037fp5Xj
KuCGr5r8WMdUD26RE72++mEQU5O4LM8YaIyzVTXQQ0i78JMnKr5IU6ZbnX+/DpuZ
BFy+/HJrSioLglwfgeHj2kzOAS+63Q+CvkkI+NR6CVVjzR4mI90YYXubXGU4K67x
n2WmcV/ItZc9rDDCa2qx7hkwULO96tusZUs4MBR0/gJ266Q0Jf8N0QTcPwjXyGep
p59K5Noef6Fo17XY3BvCaX/KqifPMWAtO6jjKLcj96JWm77HdKRGXrAeh4NagJfz
OMImkW9FnBne2tCZLfbwiTWi1twXOFvOItEMMnVNHDUf
-----END CERTIFICATE-----