Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/ILr1oUS3WNj7lOx0gKWDmljoDf8.roa
File:                     ILr1oUS3WNj7lOx0gKWDmljoDf8.roa (raw, json)
Hash identifier:          PKekSe9QALXUlXaAV5gd7ksF6Z+PSDBu0pg9bSLZBPw=
Subject key identifier:   20:BA:F5:A1:44:B7:58:D8:FB:94:EC:74:80:A5:83:9A:58:E8:0D:FF
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       018CC2DB05D4D191532569E7474BCA9885B5
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/ILr1oUS3WNj7lOx0gKWDmljoDf8.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57872
IP address blocks:        37.140.232.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:05:d4:d1:91:53:25:69:e7:47:4b:ca:98:85:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20baf5a144b758d8fb94ec7480a5839a58e80dff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2f:42:22:e9:82:4c:a3:e5:ee:47:9b:3f:12:
                    4a:f9:c6:ac:60:f0:5f:ec:0f:a8:28:b0:14:90:e8:
                    75:00:c5:c2:39:43:fa:2e:93:fc:01:bd:83:03:e0:
                    fd:e7:dd:fc:24:0e:12:e7:a5:d9:50:2d:9e:dd:15:
                    c4:8c:73:07:6e:e4:a0:61:13:a4:f2:8c:9d:26:de:
                    32:50:cc:f4:9c:40:ce:2e:3a:97:68:47:43:e0:61:
                    0e:54:9e:d8:4f:dc:b7:f2:cf:8d:75:6a:aa:cb:43:
                    10:2a:c2:9b:50:96:c2:87:6a:f5:9b:8e:cc:5c:8a:
                    61:73:fe:74:19:53:3c:57:44:0e:83:0b:a8:ad:a8:
                    56:31:60:14:8f:61:0b:38:ce:2e:67:de:b4:47:27:
                    36:a2:a7:3c:11:95:9a:02:70:6b:0c:b0:fb:c8:e4:
                    62:0d:06:b0:7d:5d:e8:8f:c5:68:83:13:7c:2d:27:
                    15:46:cc:ba:9f:6f:6d:71:e9:92:e1:62:1a:d9:ed:
                    50:a5:6f:2d:68:21:26:b0:1f:b8:c7:6b:63:5e:7e:
                    18:e5:38:82:25:78:58:77:c7:e8:a5:f8:f2:03:a3:
                    89:c3:53:c3:0d:11:72:ce:89:ca:cb:86:58:94:e8:
                    88:4e:5f:d4:4a:c7:be:5e:6d:cf:30:fe:aa:9c:51:
                    d2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:BA:F5:A1:44:B7:58:D8:FB:94:EC:74:80:A5:83:9A:58:E8:0D:FF
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/ILr1oUS3WNj7lOx0gKWDmljoDf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:5c:56:d2:29:a5:03:2b:d2:a7:06:a4:10:af:c3:56:93:67:
         67:41:cd:6a:96:3b:ce:41:86:45:35:7e:93:13:39:1a:70:64:
         55:f9:08:09:db:68:28:44:53:4d:6f:af:c2:db:fc:7f:9c:9f:
         91:0b:65:d7:b5:2f:8f:2c:89:ad:d2:c2:51:0b:58:25:0f:45:
         3e:15:83:62:62:39:2b:b9:ca:b7:f5:44:95:3a:35:18:70:99:
         8a:25:2e:a6:4b:bd:c2:d6:96:3d:20:40:d4:66:76:b2:fd:a3:
         d4:73:46:cb:e6:f4:a0:25:8f:6f:51:8e:65:82:05:f2:b9:42:
         e9:2e:77:ce:16:aa:85:b9:f1:b5:b0:40:5a:41:ac:56:ce:b0:
         d7:82:7e:80:3a:6d:fd:17:94:53:58:d6:09:71:7b:e5:db:bd:
         ba:06:cd:39:63:9b:55:09:e2:51:b4:af:f6:83:de:66:d3:3a:
         14:dd:d4:29:99:d2:a6:1c:c9:38:5d:ff:78:7a:bc:79:88:04:
         ae:ca:2c:55:bf:34:f3:f9:03:0b:35:5c:8e:4d:98:4e:90:7e:
         23:81:ed:c7:13:f9:e4:f7:c3:c1:bd:cf:fb:87:43:14:7e:05:
         7b:a0:23:2b:87:92:53:94:95:c4:46:3d:51:59:18:9e:70:20:
         95:24:de:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2wXU0ZFTJWnnR0vKmIW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGJhZjVhMTQ0Yjc1OGQ4ZmI5NGVjNzQ4MGE1ODM5YTU4ZTgwZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgS9CIumCTKPl7kebPxJK+casYPBf
7A+oKLAUkOh1AMXCOUP6LpP8Ab2DA+D95938JA4S56XZUC2e3RXEjHMHbuSgYROk
8oydJt4yUMz0nEDOLjqXaEdD4GEOVJ7YT9y38s+NdWqqy0MQKsKbUJbCh2r1m47M
XIphc/50GVM8V0QOgwuorahWMWAUj2ELOM4uZ960Ryc2oqc8EZWaAnBrDLD7yORi
DQawfV3oj8VogxN8LScVRsy6n29tcemS4WIa2e1QpW8taCEmsB+4x2tjXn4Y5TiC
JXhYd8fopfjyA6OJw1PDDRFyzonKy4ZYlOiITl/USse+Xm3PMP6qnFHSYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCC69aFEt1jY+5TsdIClg5pY6A3/MB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvSUxyMW9VUzNXTmo3bE94MGdLV0RtbGpvRGY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJYzoMA0G
CSqGSIb3DQEBCwUAA4IBAQAEXFbSKaUDK9KnBqQQr8NWk2dnQc1qljvOQYZFNX6T
EzkacGRV+QgJ22goRFNNb6/C2/x/nJ+RC2XXtS+PLImt0sJRC1glD0U+FYNiYjkr
ucq39USVOjUYcJmKJS6mS73C1pY9IEDUZnay/aPUc0bL5vSgJY9vUY5lggXyuULp
LnfOFqqFufG1sEBaQaxWzrDXgn6AOm39F5RTWNYJcXvl2726Bs05Y5tVCeJRtK/2
g95m0zoU3dQpmdKmHMk4Xf94erx5iASuyixVvzTz+QMLNVyOTZhOkH4jge3HE/nk
98PBvc/7h0MUfgV7oCMrh5JTlJXERj1RWRiecCCVJN4k
-----END CERTIFICATE-----