Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/0Fmh8eaTe-TA8TzJaqV0xDv1Pzo.roa
File:                     0Fmh8eaTe-TA8TzJaqV0xDv1Pzo.roa (raw, json)
Hash identifier:          ZxN3vaamtDqMo8xYPJBI33oBeaqJ8QIz0amzm/bnvtg=
Subject key identifier:   D0:59:A1:F1:E6:93:7B:E4:C0:F1:3C:C9:6A:A5:74:C4:3B:F5:3F:3A
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       019420683EAB7F022FA9A11F5BD1BC9F619D
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/0Fmh8eaTe-TA8TzJaqV0xDv1Pzo.roa
Signing time:             Wed 01 Jan 2025 05:48:10 +0000
ROA not before:           Wed 01 Jan 2025 05:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57872
IP address blocks:        37.140.232.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3e:ab:7f:02:2f:a9:a1:1f:5b:d1:bc:9f:61:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 05:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d059a1f1e6937be4c0f13cc96aa574c43bf53f3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:35:e8:dc:46:3f:d7:48:33:d0:d3:47:c3:cf:
                    36:d8:33:74:db:02:71:65:09:ad:8d:76:fa:d0:63:
                    99:27:e8:6a:ee:78:5d:0a:a0:c0:9f:b2:4d:26:ac:
                    86:07:70:cd:18:89:40:8c:d3:e4:bd:d2:1f:e1:b0:
                    a4:bf:88:b1:60:95:ac:45:d5:bc:fc:54:b3:c8:ac:
                    9f:a4:31:ad:c6:12:5d:92:3c:1c:5f:a9:94:f6:3a:
                    d7:a7:ec:68:47:14:55:71:81:2d:19:b1:cb:83:a4:
                    41:d3:22:bf:60:aa:24:26:58:12:20:73:6a:7d:b3:
                    8e:94:6e:6d:61:e0:9c:c4:ce:cd:23:6e:11:31:e1:
                    70:23:2c:11:94:37:b1:01:09:34:8a:6a:1b:5c:56:
                    6a:f0:16:79:f3:ba:57:e0:a6:2a:e7:5c:3d:53:13:
                    ea:c5:83:67:47:da:db:8c:57:4d:f9:7d:0b:c1:2d:
                    ed:76:93:0a:74:97:78:c3:23:bc:93:90:dc:e0:0a:
                    af:c3:cb:26:e6:c8:a6:94:65:0a:8e:dd:55:82:1b:
                    b5:b1:e3:ad:56:4e:61:d0:a8:84:3a:3d:24:e7:5f:
                    ee:6c:67:93:02:b0:18:f1:3d:ff:c5:f2:95:6c:60:
                    88:17:f0:f3:b9:0c:c8:ff:b6:c4:47:2e:a7:1f:83:
                    89:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:59:A1:F1:E6:93:7B:E4:C0:F1:3C:C9:6A:A5:74:C4:3B:F5:3F:3A
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/0Fmh8eaTe-TA8TzJaqV0xDv1Pzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:6e:63:17:88:a2:8f:45:86:a7:f2:e2:94:dc:00:7a:7b:4b:
         54:fd:f3:22:8f:8a:11:6e:80:1d:34:df:59:39:03:9e:f7:50:
         e9:32:4c:9b:3f:97:6f:34:8d:89:cd:a6:b9:cf:f7:e2:21:56:
         d3:9d:f2:23:1f:0f:23:a9:01:09:97:49:a9:75:d9:b1:1d:be:
         70:dc:4c:3f:e7:1c:97:84:f2:7a:91:ad:80:c8:f1:50:a9:58:
         85:3a:51:7c:55:c7:2e:9e:b9:e2:b6:aa:e5:ac:8f:22:2f:85:
         3b:7d:2d:54:44:f5:c3:c6:57:1d:7f:ff:5b:34:53:d3:37:9b:
         75:b5:d2:27:ce:04:ce:c2:44:27:88:29:f4:9e:30:dd:d3:11:
         09:6d:a3:d1:93:d3:9e:ed:b2:3f:7f:93:f9:1d:b4:46:c2:8f:
         fb:92:bc:be:80:21:a9:c0:bc:95:8a:46:ea:3c:7b:9b:88:ac:
         68:f3:80:e1:6f:4a:0e:f1:f1:e1:33:40:ed:24:ad:7b:48:e9:
         ef:a9:b4:e6:b1:34:46:d5:e8:3f:1d:11:d4:c1:99:73:7e:ca:
         f7:3c:62:40:e2:40:68:93:a9:74:45:9f:02:7e:da:a5:e1:49:
         b3:25:a4:3f:a9:4f:52:48:81:39:41:15:50:85:b7:cf:21:aa:
         27:de:42:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaD6rfwIvqaEfW9G8n2GdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjUwMTAxMDU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU5YTFmMWU2OTM3YmU0YzBmMTNjYzk2YWE1NzRjNDNiZjUzZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9zXo3EY/10gz0NNHw8822DN02wJx
ZQmtjXb60GOZJ+hq7nhdCqDAn7JNJqyGB3DNGIlAjNPkvdIf4bCkv4ixYJWsRdW8
/FSzyKyfpDGtxhJdkjwcX6mU9jrXp+xoRxRVcYEtGbHLg6RB0yK/YKokJlgSIHNq
fbOOlG5tYeCcxM7NI24RMeFwIywRlDexAQk0imobXFZq8BZ587pX4KYq51w9UxPq
xYNnR9rbjFdN+X0LwS3tdpMKdJd4wyO8k5Dc4Aqvw8sm5simlGUKjt1Vghu1seOt
Vk5h0KiEOj0k51/ubGeTArAY8T3/xfKVbGCIF/DzuQzI/7bERy6nH4OJ4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBZofHmk3vkwPE8yWqldMQ79T86MB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvMEZtaDhlYVRlLVRBOFR6SmFxVjB4RHYxUHpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJYzoMA0G
CSqGSIb3DQEBCwUAA4IBAQA1bmMXiKKPRYan8uKU3AB6e0tU/fMij4oRboAdNN9Z
OQOe91DpMkybP5dvNI2Jzaa5z/fiIVbTnfIjHw8jqQEJl0mpddmxHb5w3Ew/5xyX
hPJ6ka2AyPFQqViFOlF8VccunrnitqrlrI8iL4U7fS1URPXDxlcdf/9bNFPTN5t1
tdInzgTOwkQniCn0njDd0xEJbaPRk9Oe7bI/f5P5HbRGwo/7kry+gCGpwLyVikbq
PHubiKxo84Dhb0oO8fHhM0DtJK17SOnvqbTmsTRG1eg/HRHUwZlzfsr3PGJA4kBo
k6l0RZ8Cftql4UmzJaQ/qU9SSIE5QRVQhbfPIaon3kJ9
-----END CERTIFICATE-----