Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/o192dHSmt5aK3povol_mWVEefJo.roa
File:                     o192dHSmt5aK3povol_mWVEefJo.roa (raw, json)
Hash identifier:          WYi0xG/b2WoySG1O9DVE+7hYsBQSXz8X4S1GvqpOZCU=
Subject key identifier:   A3:5F:76:74:74:A6:B7:96:8A:DE:9A:2F:A2:5F:E6:59:51:1E:7C:9A
Certificate issuer:       /CN=857a2c74af5a44d9aae47a0b89425fa4f7fc7c19
Certificate serial:       018CC8DEEC92955231DB04EE02307104D9C5
Authority key identifier: 85:7A:2C:74:AF:5A:44:D9:AA:E4:7A:0B:89:42:5F:A4:F7:FC:7C:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hXosdK9aRNmq5HoLiUJfpPf8fBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/o192dHSmt5aK3povol_mWVEefJo.roa
Signing time:             Tue 02 Jan 2024 06:31:41 +0000
ROA not before:           Tue 02 Jan 2024 06:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201711
IP address blocks:        37.77.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/hXosdK9aRNmq5HoLiUJfpPf8fBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/hXosdK9aRNmq5HoLiUJfpPf8fBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hXosdK9aRNmq5HoLiUJfpPf8fBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:ec:92:95:52:31:db:04:ee:02:30:71:04:d9:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=857a2c74af5a44d9aae47a0b89425fa4f7fc7c19
        Validity
            Not Before: Jan  2 06:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a35f767474a6b7968ade9a2fa25fe659511e7c9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:54:b3:e5:db:57:15:58:54:d6:54:8e:36:7d:
                    c7:00:40:01:21:c7:93:9b:18:58:95:3b:d3:47:25:
                    4c:19:c3:71:ac:14:c3:c8:ee:52:d6:b6:22:06:43:
                    5b:82:bc:51:71:91:90:d7:2c:92:5a:06:36:c9:79:
                    f6:b6:b8:4d:97:fe:ef:f1:ff:47:af:5c:69:c2:b4:
                    7a:d3:ab:28:53:e4:c0:d7:cd:3b:31:af:4a:0f:6e:
                    de:31:43:7c:6c:60:6a:67:76:9f:22:ab:e6:19:64:
                    0a:15:0b:a8:24:3c:1e:ec:99:19:ba:44:87:6a:6b:
                    3d:dd:76:45:bb:97:81:0d:94:9f:dc:c0:39:1d:0b:
                    95:71:b1:ac:25:32:12:65:5b:48:cd:eb:bf:2e:1c:
                    53:3d:dd:47:a5:df:a6:06:a9:d1:13:9a:a2:d9:3b:
                    77:6f:20:f7:bb:f8:d2:e8:f1:ac:93:3b:e8:45:4d:
                    0b:83:dc:91:51:22:20:38:a2:af:fe:9c:d4:3c:f5:
                    25:27:36:c9:6c:5f:92:87:92:3e:0c:58:39:a2:90:
                    7c:6d:6c:4e:78:7e:c8:77:10:17:4d:23:a6:08:6c:
                    d8:d6:e0:72:99:88:fa:43:6f:0e:3c:99:94:ce:c1:
                    f7:74:c4:e4:1a:11:a5:ec:3b:cc:09:2d:16:5c:0f:
                    a4:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:5F:76:74:74:A6:B7:96:8A:DE:9A:2F:A2:5F:E6:59:51:1E:7C:9A
            X509v3 Authority Key Identifier:
                keyid:85:7A:2C:74:AF:5A:44:D9:AA:E4:7A:0B:89:42:5F:A4:F7:FC:7C:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hXosdK9aRNmq5HoLiUJfpPf8fBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/o192dHSmt5aK3povol_mWVEefJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/0a9a33-99dc-4b92-8ced-836ac97c01bb/1/hXosdK9aRNmq5HoLiUJfpPf8fBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:71:0c:15:90:1f:1f:06:d9:da:07:11:50:a4:bf:d0:b3:e3:
         7d:68:0a:29:8c:99:d2:a5:08:9d:a0:f7:39:1e:a0:91:e8:2c:
         1b:89:51:1c:5e:03:28:07:94:b1:c3:ea:a6:46:5d:2f:24:c5:
         af:e4:44:c7:be:c1:5e:79:e8:b4:c2:cd:59:15:95:7f:04:ee:
         06:e4:be:6e:2e:6a:cb:68:f5:02:3c:ae:26:3e:d9:cb:5e:e1:
         17:7f:7d:7d:a6:0c:4c:0e:c8:64:e9:9e:48:24:1a:e3:4e:d1:
         bc:b7:95:0d:09:4d:7f:51:ec:ca:37:98:c7:ad:66:2e:7f:fa:
         07:2a:ea:5c:df:44:db:5e:f8:8e:88:b7:e4:03:7f:8a:71:84:
         f5:36:21:d3:ba:7e:d8:1d:a3:e3:72:c5:e6:41:21:8a:0d:28:
         24:c9:b7:e3:d4:1b:b4:89:a9:d9:26:14:e9:50:04:a3:f7:74:
         b2:39:be:9d:c5:dd:2b:e6:cb:a1:8f:fd:ed:40:6e:66:3d:a8:
         d4:29:c1:28:b5:7c:d5:ba:33:eb:2b:6b:75:01:98:e0:04:19:
         20:c5:b9:01:ba:2e:fc:5b:79:b9:44:9f:b9:89:91:00:fa:ff:
         5a:26:00:50:fb:4c:8a:de:a8:3d:13:b5:53:03:8c:4b:4f:f2:
         d1:6e:8d:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3uySlVIx2wTuAjBxBNnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1N2EyYzc0YWY1YTQ0ZDlhYWU0N2EwYjg5NDI1ZmE0Zjdm
YzdjMTkwHhcNMjQwMTAyMDYzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzVmNzY3NDc0YTZiNzk2OGFkZTlhMmZhMjVmZTY1OTUxMWU3YzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVSz5dtXFVhU1lSONn3HAEABIceT
mxhYlTvTRyVMGcNxrBTDyO5S1rYiBkNbgrxRcZGQ1yySWgY2yXn2trhNl/7v8f9H
r1xpwrR606soU+TA1807Ma9KD27eMUN8bGBqZ3afIqvmGWQKFQuoJDwe7JkZukSH
ams93XZFu5eBDZSf3MA5HQuVcbGsJTISZVtIzeu/LhxTPd1Hpd+mBqnRE5qi2Tt3
byD3u/jS6PGskzvoRU0Lg9yRUSIgOKKv/pzUPPUlJzbJbF+Sh5I+DFg5opB8bWxO
eH7IdxAXTSOmCGzY1uBymYj6Q28OPJmUzsH3dMTkGhGl7DvMCS0WXA+kWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNfdnR0preWit6aL6Jf5llRHnyaMB8GA1UdIwQY
MBaAFIV6LHSvWkTZquR6C4lCX6T3/HwZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFhvc2RLOWFSTm1xNUhvTGlVSmZwUGY4ZkJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8wYTlhMzMtOTlkYy00YjkyLThjZWQt
ODM2YWM5N2MwMWJiLzEvbzE5MmRIU210NWFLM3Bvdm9sX21XVkVlZkpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8wYTlhMzMtOTlkYy00YjkyLThjZWQtODM2YWM5N2MwMWJi
LzEvaFhvc2RLOWFSTm1xNUhvTGlVSmZwUGY4ZkJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJU2vMA0G
CSqGSIb3DQEBCwUAA4IBAQCTcQwVkB8fBtnaBxFQpL/Qs+N9aAopjJnSpQidoPc5
HqCR6CwbiVEcXgMoB5Sxw+qmRl0vJMWv5ETHvsFeeei0ws1ZFZV/BO4G5L5uLmrL
aPUCPK4mPtnLXuEXf319pgxMDshk6Z5IJBrjTtG8t5UNCU1/UezKN5jHrWYuf/oH
Kupc30TbXviOiLfkA3+KcYT1NiHTun7YHaPjcsXmQSGKDSgkybfj1Bu0ianZJhTp
UASj93SyOb6dxd0r5suhj/3tQG5mPajUKcEotXzVujPrK2t1AZjgBBkgxbkBui78
W3m5RJ+5iZEA+v9aJgBQ+0yK3qg9E7VTA4xLT/LRbo3h
-----END CERTIFICATE-----