Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/eVe3ZxMgxDTCAFaQ9hp4xyXXAlw.roa
File:                     eVe3ZxMgxDTCAFaQ9hp4xyXXAlw.roa (raw, json)
Hash identifier:          WxUxgflafay+Ra7kZprC9J6mlktO22fK0XdMGEnC85A=
Subject key identifier:   79:57:B7:67:13:20:C4:34:C2:00:56:90:F6:1A:78:C7:25:D7:02:5C
Certificate issuer:       /CN=857a2c74af5a44d9aae47a0b89425fa4f7fc7c19
Certificate serial:       018CC8DEECCAFD9A16D3A35DE41BDE3F12E9
Authority key identifier: 85:7A:2C:74:AF:5A:44:D9:AA:E4:7A:0B:89:42:5F:A4:F7:FC:7C:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hXosdK9aRNmq5HoLiUJfpPf8fBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/eVe3ZxMgxDTCAFaQ9hp4xyXXAlw.roa
Signing time:             Tue 02 Jan 2024 06:31:41 +0000
ROA not before:           Tue 02 Jan 2024 06:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210133
IP address blocks:        37.77.174.0/24 maxlen: 24
                          37.77.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/hXosdK9aRNmq5HoLiUJfpPf8fBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/hXosdK9aRNmq5HoLiUJfpPf8fBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hXosdK9aRNmq5HoLiUJfpPf8fBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ec:ca:fd:9a:16:d3:a3:5d:e4:1b:de:3f:12:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=857a2c74af5a44d9aae47a0b89425fa4f7fc7c19
        Validity
            Not Before: Jan  2 06:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7957b7671320c434c2005690f61a78c725d7025c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:89:37:4c:27:af:7b:3e:9e:1a:a3:89:a2:f7:
                    cd:54:84:66:f6:ee:e7:af:a6:de:17:06:f8:cb:2a:
                    3c:92:9d:57:7f:7f:56:2c:9e:e8:d2:06:03:e6:01:
                    72:81:33:28:dc:03:95:00:47:c4:2c:bf:13:25:59:
                    2f:91:7f:bf:c3:df:a1:05:43:88:a6:b1:3a:d9:1a:
                    74:97:a6:5a:5c:07:16:f6:c7:f2:ed:22:11:eb:59:
                    e2:7f:af:e3:c7:ae:53:35:8e:3b:e0:67:46:0b:6e:
                    65:76:1f:93:0e:52:c5:69:d4:90:73:b2:0a:2a:61:
                    31:4f:2d:e5:18:c0:d2:f5:d2:b1:ae:42:65:78:b3:
                    fb:9d:5a:b8:87:67:8a:20:66:5f:e9:d7:6a:2a:86:
                    48:c4:ed:02:7b:14:06:89:64:34:b4:1e:d9:3e:95:
                    6c:62:71:cd:6d:7b:34:24:98:d5:50:51:dd:ff:2a:
                    5b:a5:76:45:ff:1c:be:e5:c6:81:f3:ea:3b:4d:94:
                    d6:18:ce:db:7d:02:5b:36:5d:bc:96:7f:d1:b0:97:
                    d3:7f:a0:45:e8:a0:5f:11:63:8d:da:db:7a:b8:a1:
                    64:75:2a:49:54:f4:62:10:35:7c:cd:af:68:98:2f:
                    14:6c:c9:b4:92:af:ac:50:08:48:f7:1b:b5:ed:58:
                    98:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:57:B7:67:13:20:C4:34:C2:00:56:90:F6:1A:78:C7:25:D7:02:5C
            X509v3 Authority Key Identifier:
                keyid:85:7A:2C:74:AF:5A:44:D9:AA:E4:7A:0B:89:42:5F:A4:F7:FC:7C:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hXosdK9aRNmq5HoLiUJfpPf8fBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/eVe3ZxMgxDTCAFaQ9hp4xyXXAlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/hXosdK9aRNmq5HoLiUJfpPf8fBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.173.0-37.77.174.255

    Signature Algorithm: sha256WithRSAEncryption
         c2:57:3a:c8:3f:be:ee:41:c6:66:63:13:c7:ac:f7:21:3c:95:
         0d:14:2b:1a:41:b2:11:d6:9c:3c:75:17:af:f7:c8:6c:e0:3c:
         4d:c7:37:6c:12:e3:af:bb:0d:d3:47:8e:b4:71:27:d8:7e:3b:
         df:1c:93:97:96:62:c3:ed:e4:f5:42:54:0d:ae:43:c1:6b:a5:
         9f:40:35:a5:a5:ef:81:85:b4:c1:39:44:c7:77:96:67:a2:15:
         38:59:81:5e:71:1a:a0:fe:d5:ce:22:01:4e:7c:e4:a2:ba:1d:
         50:8f:91:44:c8:07:b8:1c:31:69:94:91:9e:96:00:d1:75:cd:
         d0:e8:42:04:7f:75:ab:02:8c:21:e2:b7:e3:3d:b6:98:a4:8e:
         7f:8d:57:bb:a2:1e:c0:02:a4:a2:a5:61:d7:66:c3:fe:d9:9a:
         4a:e2:99:a1:0c:2f:23:45:70:15:8d:9c:d7:98:dc:ef:17:17:
         58:15:1b:0a:6c:c9:3f:4c:0b:d1:62:1d:40:40:fb:47:e1:2e:
         30:5c:1b:89:cf:81:8a:e5:2b:3c:8e:05:ef:40:54:ea:70:20:
         53:6f:a1:dc:ba:0e:7e:93:b8:dc:fd:e8:3e:96:94:97:62:7c:
         20:a9:ca:b6:fb:78:5c:5e:ad:ca:a4:e8:9f:dc:96:54:c7:83:
         01:26:61:93
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzI3uzK/ZoW06Nd5BvePxLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1N2EyYzc0YWY1YTQ0ZDlhYWU0N2EwYjg5NDI1ZmE0Zjdm
YzdjMTkwHhcNMjQwMTAyMDYzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTU3Yjc2NzEzMjBjNDM0YzIwMDU2OTBmNjFhNzhjNzI1ZDcwMjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjok3TCevez6eGqOJovfNVIRm9u7n
r6beFwb4yyo8kp1Xf39WLJ7o0gYD5gFygTMo3AOVAEfELL8TJVkvkX+/w9+hBUOI
prE62Rp0l6ZaXAcW9sfy7SIR61nif6/jx65TNY474GdGC25ldh+TDlLFadSQc7IK
KmExTy3lGMDS9dKxrkJleLP7nVq4h2eKIGZf6ddqKoZIxO0CexQGiWQ0tB7ZPpVs
YnHNbXs0JJjVUFHd/ypbpXZF/xy+5caB8+o7TZTWGM7bfQJbNl28ln/RsJfTf6BF
6KBfEWON2tt6uKFkdSpJVPRiEDV8za9omC8UbMm0kq+sUAhI9xu17ViYSQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHlXt2cTIMQ0wgBWkPYaeMcl1wJcMB8GA1UdIwQY
MBaAFIV6LHSvWkTZquR6C4lCX6T3/HwZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFhvc2RLOWFSTm1xNUhvTGlVSmZwUGY4ZkJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8wYTlhMzMtOTlkYy00YjkyLThjZWQt
ODM2YWM5N2MwMWJiLzEvZVZlM1p4TWd4RFRDQUZhUTlocDR4eVhYQWx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8wYTlhMzMtOTlkYy00YjkyLThjZWQtODM2YWM5N2MwMWJi
LzEvaFhvc2RLOWFSTm1xNUhvTGlVSmZwUGY4ZkJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAlTa0D
BAAlTa4wDQYJKoZIhvcNAQELBQADggEBAMJXOsg/vu5BxmZjE8es9yE8lQ0UKxpB
shHWnDx1F6/3yGzgPE3HN2wS46+7DdNHjrRxJ9h+O98ck5eWYsPt5PVCVA2uQ8Fr
pZ9ANaWl74GFtME5RMd3lmeiFThZgV5xGqD+1c4iAU585KK6HVCPkUTIB7gcMWmU
kZ6WANF1zdDoQgR/dasCjCHit+M9tpikjn+NV7uiHsACpKKlYddmw/7ZmkrimaEM
LyNFcBWNnNeY3O8XF1gVGwpsyT9MC9FiHUBA+0fhLjBcG4nPgYrlKzyOBe9AVOpw
IFNvody6Dn6TuNz96D6WlJdifCCpyrb7eFxercqk6J/cllTHgwEmYZM=
-----END CERTIFICATE-----