Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/fFhJRfRRKqbVCT0R_v7bFHpdBZk.roa
File:                     fFhJRfRRKqbVCT0R_v7bFHpdBZk.roa (raw, json)
Hash identifier:          QZT00tJ/5S8q4sNTIVodhtpTQHCNRxCmyS84l0hAhz0=
Subject key identifier:   7C:58:49:45:F4:51:2A:A6:D5:09:3D:11:FE:FE:DB:14:7A:5D:05:99
Certificate issuer:       /CN=5fe58e732a0f71f4f01302d62167173bd9b17cc1
Certificate serial:       0196C39EC7B572118B5ECB8C39F5030143C7
Authority key identifier: 5F:E5:8E:73:2A:0F:71:F4:F0:13:02:D6:21:67:17:3B:D9:B1:7C:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X-WOcyoPcfTwEwLWIWcXO9mxfME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/fFhJRfRRKqbVCT0R_v7bFHpdBZk.roa
Signing time:             Mon 12 May 2025 08:31:25 +0000
ROA not before:           Mon 12 May 2025 08:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6085
IP address blocks:        57.37.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/X-WOcyoPcfTwEwLWIWcXO9mxfME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/X-WOcyoPcfTwEwLWIWcXO9mxfME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X-WOcyoPcfTwEwLWIWcXO9mxfME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c3:9e:c7:b5:72:11:8b:5e:cb:8c:39:f5:03:01:43:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fe58e732a0f71f4f01302d62167173bd9b17cc1
        Validity
            Not Before: May 12 08:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c584945f4512aa6d5093d11fefedb147a5d0599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a1:22:f2:d8:be:08:5b:d8:7e:b5:55:9c:c6:
                    30:24:77:53:57:8c:b4:48:04:fb:de:87:b5:08:f5:
                    62:f5:2d:a3:68:ea:4a:92:da:dd:0a:75:e0:a3:e5:
                    f8:1b:09:5e:92:b6:6b:fa:fd:2c:e3:74:16:91:35:
                    cc:a5:80:6e:38:8e:97:1e:e0:67:f3:7f:e7:00:04:
                    a8:8c:ee:59:af:0b:ec:5d:8e:88:bf:98:10:57:fc:
                    f9:3e:1b:bc:87:ae:2c:f2:d9:3c:b3:c1:8d:e9:20:
                    39:91:a7:76:7b:ad:32:57:72:98:90:92:2f:60:a2:
                    b6:c6:93:ed:1b:79:37:4b:6a:d9:b9:1b:7a:7a:76:
                    85:03:c2:d2:3b:50:fd:be:61:dc:69:f1:b1:83:65:
                    62:6d:62:06:54:c3:d5:f7:22:a9:de:bd:b5:19:6e:
                    e5:15:a8:a3:63:0f:0e:78:13:32:c0:88:86:5e:22:
                    f7:33:5f:44:9e:e4:76:bc:9b:d0:a8:e5:a6:10:b0:
                    ff:73:31:cd:d8:1a:43:83:20:93:4d:a1:db:61:67:
                    46:42:a2:b6:2b:a2:90:91:e8:fc:39:58:36:2b:7a:
                    45:62:5a:e2:e8:a7:4a:b9:d9:78:7f:58:be:fc:82:
                    4f:c0:50:e1:d7:5c:8e:69:6e:bf:be:77:fe:53:ba:
                    4a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:58:49:45:F4:51:2A:A6:D5:09:3D:11:FE:FE:DB:14:7A:5D:05:99
            X509v3 Authority Key Identifier:
                keyid:5F:E5:8E:73:2A:0F:71:F4:F0:13:02:D6:21:67:17:3B:D9:B1:7C:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X-WOcyoPcfTwEwLWIWcXO9mxfME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/fFhJRfRRKqbVCT0R_v7bFHpdBZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/0d840c-952d-4702-aba3-b6e58f9c82e1/1/X-WOcyoPcfTwEwLWIWcXO9mxfME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.37.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         70:79:a3:22:eb:41:dc:f7:03:c0:b6:03:d6:fe:38:02:5c:1d:
         76:5b:b2:fa:a3:f2:be:fd:c6:62:d4:cd:67:07:16:53:92:bd:
         0e:4a:b4:9b:bc:9f:aa:1c:0b:7a:da:e0:ad:19:8d:c3:93:37:
         ff:29:3a:02:74:d7:68:27:fd:64:45:86:ec:e8:5a:b2:db:4c:
         80:88:e9:cf:45:5c:dd:1c:1a:13:ef:ae:40:c0:d4:91:0e:25:
         5a:4c:23:f6:16:67:1b:3e:5f:34:8a:cf:3d:e4:b0:8c:62:e6:
         85:80:4f:34:7d:8a:86:0f:e3:1c:5a:dc:02:35:89:fa:bd:42:
         d0:31:f0:70:4b:ab:d5:39:ab:9a:a4:62:de:04:b4:32:8d:97:
         ee:11:30:9c:f7:02:b1:9f:41:42:07:a4:3e:5a:38:5d:2e:4a:
         64:c1:b3:1f:73:9d:1f:72:03:07:21:e9:9b:80:d8:3e:2e:74:
         bd:66:63:58:9e:76:2d:b3:f4:a3:3a:35:26:b1:c5:fa:16:84:
         b1:86:c3:83:c9:52:8a:39:27:ec:32:55:17:75:2d:ec:bd:58:
         bc:10:11:27:c4:18:48:6c:bd:75:68:da:c4:23:e8:36:7c:0e:
         95:09:89:ed:e5:59:c8:4b:de:36:d7:d2:bd:e1:99:55:03:18:
         52:21:a8:fd
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZbDnse1chGLXsuMOfUDAUPHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmZTU4ZTczMmEwZjcxZjRmMDEzMDJkNjIxNjcxNzNiZDli
MTdjYzEwHhcNMjUwNTEyMDgzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzU4NDk0NWY0NTEyYWE2ZDUwOTNkMTFmZWZlZGIxNDdhNWQwNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqEi8ti+CFvYfrVVnMYwJHdTV4y0
SAT73oe1CPVi9S2jaOpKktrdCnXgo+X4GwlekrZr+v0s43QWkTXMpYBuOI6XHuBn
83/nAASojO5ZrwvsXY6Iv5gQV/z5Phu8h64s8tk8s8GN6SA5kad2e60yV3KYkJIv
YKK2xpPtG3k3S2rZuRt6enaFA8LSO1D9vmHcafGxg2VibWIGVMPV9yKp3r21GW7l
FaijYw8OeBMywIiGXiL3M19EnuR2vJvQqOWmELD/czHN2BpDgyCTTaHbYWdGQqK2
K6KQkej8OVg2K3pFYlri6KdKudl4f1i+/IJPwFDh11yOaW6/vnf+U7pKdwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHxYSUX0USqm1Qk9Ef7+2xR6XQWZMB8GA1UdIwQY
MBaAFF/ljnMqD3H08BMC1iFnFzvZsXzBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWC1XT2N5b1BjZlR3RXdMV0lXY1hPOW14Zk1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8wZDg0MGMtOTUyZC00NzAyLWFiYTMt
YjZlNThmOWM4MmUxLzEvZkZoSlJmUlJLcWJWQ1QwUl92N2JGSHBkQlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8wZDg0MGMtOTUyZC00NzAyLWFiYTMtYjZlNThmOWM4MmUx
LzEvWC1XT2N5b1BjZlR3RXdMV0lXY1hPOW14Zk1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAOSUwDQYJ
KoZIhvcNAQELBQADggEBAHB5oyLrQdz3A8C2A9b+OAJcHXZbsvqj8r79xmLUzWcH
FlOSvQ5KtJu8n6ocC3ra4K0ZjcOTN/8pOgJ012gn/WRFhuzoWrLbTICI6c9FXN0c
GhPvrkDA1JEOJVpMI/YWZxs+XzSKzz3ksIxi5oWATzR9ioYP4xxa3AI1ifq9QtAx
8HBLq9U5q5qkYt4EtDKNl+4RMJz3ArGfQUIHpD5aOF0uSmTBsx9znR9yAwch6ZuA
2D4udL1mY1iedi2z9KM6NSaxxfoWhLGGw4PJUoo5J+wyVRd1Ley9WLwQESfEGEhs
vXVo2sQj6DZ8DpUJie3lWchL3jbX0r3hmVUDGFIhqP0=
-----END CERTIFICATE-----