Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/79733f-5332-451b-86af-142a2b98f4c8/1/AtfXci6HfqgW5bPUw4r_4peQJN8.roa
File:                     AtfXci6HfqgW5bPUw4r_4peQJN8.roa (raw, json)
Hash identifier:          bfWMisPWb7sXo+UvRMwlanirwbdgOa6DfbdcUPCEoPY=
Subject key identifier:   02:D7:D7:72:2E:87:7E:A8:16:E5:B3:D4:C3:8A:FF:E2:97:90:24:DF
Certificate issuer:       /CN=1c020297839c7390df20251a5c0930e6a672bee3
Certificate serial:       019425FC57F4124ED7C6A591DAB4DA27B142
Authority key identifier: 1C:02:02:97:83:9C:73:90:DF:20:25:1A:5C:09:30:E6:A6:72:BE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAICl4Occ5DfICUaXAkw5qZyvuM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/79733f-5332-451b-86af-142a2b98f4c8/1/AtfXci6HfqgW5bPUw4r_4peQJN8.roa
Signing time:             Thu 02 Jan 2025 07:48:02 +0000
ROA not before:           Thu 02 Jan 2025 07:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199633
IP address blocks:        37.32.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/79733f-5332-451b-86af-142a2b98f4c8/1/HAICl4Occ5DfICUaXAkw5qZyvuM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/79733f-5332-451b-86af-142a2b98f4c8/1/HAICl4Occ5DfICUaXAkw5qZyvuM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAICl4Occ5DfICUaXAkw5qZyvuM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 04:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:57:f4:12:4e:d7:c6:a5:91:da:b4:da:27:b1:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c020297839c7390df20251a5c0930e6a672bee3
        Validity
            Not Before: Jan  2 07:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02d7d7722e877ea816e5b3d4c38affe2979024df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:af:22:05:d6:67:87:58:b0:ce:4b:09:5b:56:
                    63:1c:fe:08:87:79:8b:11:be:1a:98:87:62:47:a5:
                    67:67:c3:71:ad:aa:e6:7e:b1:35:08:ec:06:14:ee:
                    ac:01:32:79:37:7b:3d:2b:31:0d:ef:ea:d3:d0:96:
                    cf:36:07:72:2e:59:fc:60:df:1b:10:d5:44:94:09:
                    5b:f2:26:43:c6:d2:76:ea:ea:cf:63:97:c9:69:f7:
                    06:06:e5:23:c3:92:c1:77:3e:a9:1c:02:a7:a3:e2:
                    3f:9f:78:0b:2c:f7:c9:5d:55:0e:b4:e5:30:52:ce:
                    3a:a5:ce:3f:75:45:17:88:4d:66:ee:f7:71:c5:dc:
                    4e:36:6e:f2:fe:2d:c4:87:76:f0:5f:02:54:16:88:
                    68:e3:56:63:1b:e3:30:98:67:cf:79:08:93:94:e5:
                    c3:7c:9d:c8:0b:d3:87:f9:8b:28:05:9c:1e:9e:88:
                    cb:40:83:a4:32:4b:8a:4a:b3:72:70:48:fd:45:6e:
                    50:65:10:7f:f5:c1:83:b5:7f:e2:89:1e:08:9c:6d:
                    d7:a3:62:5d:3f:ac:24:00:aa:cf:23:23:39:ec:88:
                    09:e8:0a:a2:05:55:c4:b3:a3:8b:cf:dc:71:49:33:
                    51:99:42:15:02:0e:e9:57:b3:d8:a3:e0:5e:2d:30:
                    d9:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:D7:D7:72:2E:87:7E:A8:16:E5:B3:D4:C3:8A:FF:E2:97:90:24:DF
            X509v3 Authority Key Identifier:
                keyid:1C:02:02:97:83:9C:73:90:DF:20:25:1A:5C:09:30:E6:A6:72:BE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAICl4Occ5DfICUaXAkw5qZyvuM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/79733f-5332-451b-86af-142a2b98f4c8/1/AtfXci6HfqgW5bPUw4r_4peQJN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/79733f-5332-451b-86af-142a2b98f4c8/1/HAICl4Occ5DfICUaXAkw5qZyvuM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.32.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:99:e2:d6:31:b6:81:5a:f2:e1:33:48:2a:bd:ff:3f:44:27:
         f4:79:8f:60:49:0f:18:2f:8a:63:a1:8b:d8:01:39:f7:d3:70:
         9c:f6:6e:85:ba:a5:3d:2f:4f:1d:3c:4c:13:19:95:77:01:1a:
         00:02:06:72:c0:da:f3:22:9b:81:d1:d7:0a:18:33:08:45:a8:
         aa:ce:cb:92:b4:66:20:11:21:24:9c:16:ae:ea:3d:72:df:3f:
         10:7d:7a:f6:fa:3d:3e:fc:3e:f0:2b:48:47:a0:5a:7b:84:61:
         d7:7f:5e:7b:d0:64:a9:5f:67:ee:72:8c:23:10:f3:af:11:7e:
         7e:9a:41:33:5e:7b:e8:5b:0b:3d:e1:60:a0:40:97:fb:af:bb:
         20:85:b0:86:42:f0:9b:3f:c1:13:30:6d:25:bf:16:fc:bd:19:
         28:28:f3:1e:0b:27:09:64:ce:b4:05:c6:88:5b:76:00:d4:3a:
         61:fb:52:98:43:97:fc:98:06:e9:8e:82:2c:57:23:e6:e2:04:
         3b:35:b3:cd:08:92:92:04:06:ac:be:ae:6e:29:99:33:d7:00:
         bf:6b:89:4d:cf:9b:d9:03:a9:c1:16:6e:84:d2:af:0a:49:c9:
         f8:2d:ce:18:99:ff:bb:c0:de:f0:51:26:04:46:70:90:13:e9:
         7e:32:7f:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Ff0Ek7XxqWR2rTaJ7FCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDIwMjk3ODM5YzczOTBkZjIwMjUxYTVjMDkzMGU2YTY3
MmJlZTMwHhcNMjUwMTAyMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmQ3ZDc3MjJlODc3ZWE4MTZlNWIzZDRjMzhhZmZlMjk3OTAyNGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza8iBdZnh1iwzksJW1ZjHP4Ih3mL
Eb4amIdiR6VnZ8NxrarmfrE1COwGFO6sATJ5N3s9KzEN7+rT0JbPNgdyLln8YN8b
ENVElAlb8iZDxtJ26urPY5fJafcGBuUjw5LBdz6pHAKno+I/n3gLLPfJXVUOtOUw
Us46pc4/dUUXiE1m7vdxxdxONm7y/i3Eh3bwXwJUFoho41ZjG+MwmGfPeQiTlOXD
fJ3IC9OH+YsoBZwenojLQIOkMkuKSrNycEj9RW5QZRB/9cGDtX/iiR4InG3Xo2Jd
P6wkAKrPIyM57IgJ6AqiBVXEs6OLz9xxSTNRmUIVAg7pV7PYo+BeLTDZaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALX13Iuh36oFuWz1MOK/+KXkCTfMB8GA1UdIwQY
MBaAFBwCApeDnHOQ3yAlGlwJMOamcr7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFJQ2w0T2NjNURmSUNVYVhBa3c1cVp5dnVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy83OTczM2YtNTMzMi00NTFiLTg2YWYt
MTQyYTJiOThmNGM4LzEvQXRmWGNpNkhmcWdXNWJQVXc0cl80cGVRSk44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy83OTczM2YtNTMzMi00NTFiLTg2YWYtMTQyYTJiOThmNGM4
LzEvSEFJQ2w0T2NjNURmSUNVYVhBa3c1cVp5dnVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJSB1MA0G
CSqGSIb3DQEBCwUAA4IBAQBMmeLWMbaBWvLhM0gqvf8/RCf0eY9gSQ8YL4pjoYvY
ATn303Cc9m6FuqU9L08dPEwTGZV3ARoAAgZywNrzIpuB0dcKGDMIRaiqzsuStGYg
ESEknBau6j1y3z8QfXr2+j0+/D7wK0hHoFp7hGHXf1570GSpX2fucowjEPOvEX5+
mkEzXnvoWws94WCgQJf7r7sghbCGQvCbP8ETMG0lvxb8vRkoKPMeCycJZM60BcaI
W3YA1Dph+1KYQ5f8mAbpjoIsVyPm4gQ7NbPNCJKSBAasvq5uKZkz1wC/a4lNz5vZ
A6nBFm6E0q8KScn4Lc4Ymf+7wN7wUSYERnCQE+l+Mn8B
-----END CERTIFICATE-----