Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/37WDsJgS29ArcL4Cmhv4wwYMgFc.roa
File:                     37WDsJgS29ArcL4Cmhv4wwYMgFc.roa (raw, json)
Hash identifier:          AXUUOGrTgb1EkHkLKG0Np5XXpArC+TW3abI6bwcRXy8=
Subject key identifier:   DF:B5:83:B0:98:12:DB:D0:2B:70:BE:02:9A:1B:F8:C3:06:0C:80:57
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       019420D63A6FAD54C13AF5361E686789EFDB
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/37WDsJgS29ArcL4Cmhv4wwYMgFc.roa
Signing time:             Wed 01 Jan 2025 07:48:18 +0000
ROA not before:           Wed 01 Jan 2025 07:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206092
IP address blocks:        2.57.170.0/24 maxlen: 24
                          45.8.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:3a:6f:ad:54:c1:3a:f5:36:1e:68:67:89:ef:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 07:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dfb583b09812dbd02b70be029a1bf8c3060c8057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:85:0b:bd:ed:1c:f0:d2:c1:1e:cd:6a:26:fd:
                    4a:1a:1e:a9:17:38:df:5f:da:76:98:c3:00:67:66:
                    2f:d4:1e:81:57:d7:e0:29:ba:90:4a:e5:83:22:57:
                    86:62:c0:4c:45:b1:d7:9a:8d:25:03:88:81:56:84:
                    5c:70:3a:cd:de:f0:ce:b2:f9:a5:9c:19:5f:7c:11:
                    15:ac:79:45:df:03:12:65:d4:aa:13:ee:6a:ce:c1:
                    dd:da:7d:6f:78:bd:ea:c7:bc:d8:1c:b3:6a:6f:7f:
                    90:02:a6:53:65:50:6d:89:ef:70:1c:df:32:81:c8:
                    60:81:be:79:74:23:33:a6:dc:8d:5e:27:22:ac:a2:
                    ca:1d:34:a7:67:08:44:a7:f3:db:c4:ac:ee:79:02:
                    c6:d8:bc:73:76:e4:08:ef:dc:e4:1f:77:4e:04:da:
                    bb:41:08:34:65:fa:88:39:dc:99:f1:1c:fc:64:83:
                    97:a6:f8:c0:82:7b:4e:38:25:4f:74:12:ad:16:f4:
                    61:73:35:fa:25:e6:84:aa:5c:40:81:01:24:fe:86:
                    12:15:45:02:75:3d:6a:4a:fb:e8:48:2b:32:a8:04:
                    ad:ec:22:f3:16:9e:93:88:11:d1:d2:96:49:e5:a1:
                    12:b2:89:a9:24:e3:3e:0e:b1:9b:2f:de:7c:c4:ba:
                    06:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B5:83:B0:98:12:DB:D0:2B:70:BE:02:9A:1B:F8:C3:06:0C:80:57
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/37WDsJgS29ArcL4Cmhv4wwYMgFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.170.0/24
                  45.8.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:3d:93:f3:a3:f0:4a:14:61:a6:7b:73:6a:1f:71:e6:6e:fd:
         ab:69:f4:bc:5e:5a:38:dc:be:07:64:de:3f:34:e9:02:43:62:
         24:12:a2:ce:79:fa:52:41:7e:5c:ea:f4:64:9e:21:68:bf:2d:
         b7:25:41:b1:06:65:0b:00:9a:96:8d:11:de:eb:0a:c5:28:f4:
         c4:7a:21:f2:2f:26:2e:0f:50:97:60:83:12:e4:f7:6f:de:31:
         d7:9d:98:4c:e5:eb:6b:65:84:e3:47:65:4b:96:80:91:e1:21:
         bd:5d:b2:17:bf:e2:cb:dc:f1:b3:70:46:f4:a2:d5:8c:cb:dd:
         cf:4c:2f:c3:e6:7b:a1:a7:89:d7:ae:d6:1d:81:31:b8:32:6a:
         22:1a:8f:b0:fb:28:5a:d2:82:18:8b:74:d2:9e:b0:e7:83:eb:
         1c:15:0b:f6:79:a1:13:61:11:6c:35:aa:76:2e:6e:e0:15:4a:
         80:cc:2f:b7:ca:33:f1:4b:c2:04:72:c5:c9:d0:88:95:19:90:
         4b:8c:75:27:13:f1:1d:26:59:ec:e5:43:c4:c7:bb:a2:ac:37:
         a2:f8:13:40:01:17:3b:9f:0a:c2:a0:57:8b:eb:0f:d6:1c:1c:
         fd:f1:f7:d8:52:44:33:a2:11:ef:d1:13:83:93:bb:66:3b:04:
         34:d7:4a:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1jpvrVTBOvU2Hmhnie/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjUwMTAxMDc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmI1ODNiMDk4MTJkYmQwMmI3MGJlMDI5YTFiZjhjMzA2MGM4MDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYULve0c8NLBHs1qJv1KGh6pFzjf
X9p2mMMAZ2Yv1B6BV9fgKbqQSuWDIleGYsBMRbHXmo0lA4iBVoRccDrN3vDOsvml
nBlffBEVrHlF3wMSZdSqE+5qzsHd2n1veL3qx7zYHLNqb3+QAqZTZVBtie9wHN8y
gchggb55dCMzptyNXicirKLKHTSnZwhEp/PbxKzueQLG2LxzduQI79zkH3dOBNq7
QQg0ZfqIOdyZ8Rz8ZIOXpvjAgntOOCVPdBKtFvRhczX6JeaEqlxAgQEk/oYSFUUC
dT1qSvvoSCsyqASt7CLzFp6TiBHR0pZJ5aESsompJOM+DrGbL958xLoGqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN+1g7CYEtvQK3C+Apob+MMGDIBXMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvMzdXRHNKZ1MyOUFyY0w0Q21odjR3d1lNZ0ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjmqAwQA
LQgTMA0GCSqGSIb3DQEBCwUAA4IBAQBDPZPzo/BKFGGme3NqH3Hmbv2rafS8Xlo4
3L4HZN4/NOkCQ2IkEqLOefpSQX5c6vRkniFovy23JUGxBmULAJqWjRHe6wrFKPTE
eiHyLyYuD1CXYIMS5Pdv3jHXnZhM5etrZYTjR2VLloCR4SG9XbIXv+LL3PGzcEb0
otWMy93PTC/D5nuhp4nXrtYdgTG4MmoiGo+w+yha0oIYi3TSnrDng+scFQv2eaET
YRFsNap2Lm7gFUqAzC+3yjPxS8IEcsXJ0IiVGZBLjHUnE/EdJlns5UPEx7uirDei
+BNAARc7nwrCoFeL6w/WHBz98ffYUkQzohHv0RODk7tmOwQ010qz
-----END CERTIFICATE-----