Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/h-bGacU9fgiR4H-2E9v6XeiGSeU.roa
File:                     h-bGacU9fgiR4H-2E9v6XeiGSeU.roa (raw, json)
Hash identifier:          6ypd4fLA8aJnNBffyCEBKS5ixXKMj39JyrXTMihA55M=
Subject key identifier:   87:E6:C6:69:C5:3D:7E:08:91:E0:7F:B6:13:DB:FA:5D:E8:86:49:E5
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       019425FDC07F2FB9B74E8A97AC5742BEBC1B
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/h-bGacU9fgiR4H-2E9v6XeiGSeU.roa
Signing time:             Thu 02 Jan 2025 07:49:34 +0000
ROA not before:           Thu 02 Jan 2025 07:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     271932
IP address blocks:        37.148.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c0:7f:2f:b9:b7:4e:8a:97:ac:57:42:be:bc:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: Jan  2 07:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87e6c669c53d7e0891e07fb613dbfa5de88649e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:85:23:a9:0f:65:05:25:9b:33:24:4a:47:b4:
                    e5:03:c9:4a:40:e1:35:6b:d9:1d:aa:5b:0e:ba:9b:
                    ba:b6:d2:ce:54:6f:be:ed:8d:53:9a:f9:0a:be:6b:
                    7c:cd:a3:8e:0f:08:aa:a9:a6:99:e9:9a:59:0e:b6:
                    9c:8a:4d:89:cb:b4:c0:ee:e2:48:07:8c:0a:de:dc:
                    19:37:25:8e:09:13:33:33:22:11:08:b7:cc:cb:4b:
                    2e:3c:9f:e5:1a:e5:8a:8f:8b:84:3c:f1:e3:d2:74:
                    72:56:ca:a2:51:88:3e:cf:99:20:8f:cb:34:94:11:
                    dc:37:38:d0:ac:5b:5f:02:b8:b2:45:67:ec:ca:b8:
                    62:06:58:34:c3:a4:bd:19:31:15:b3:5d:aa:78:0a:
                    49:65:45:90:15:70:51:08:e5:42:d5:bc:3c:cf:6b:
                    20:c8:d4:36:dd:96:30:4c:70:f9:db:47:ea:1e:e7:
                    2a:a2:e0:67:72:c0:92:58:a6:a7:6c:b4:e8:12:cd:
                    98:eb:a2:bf:3f:ee:b7:47:1a:21:db:7d:93:25:82:
                    94:40:21:4a:ce:7c:e0:8c:f4:c0:8c:71:f1:7d:54:
                    aa:f7:fc:9d:0f:71:fd:82:9f:c6:31:9c:03:ec:02:
                    4c:c6:d6:8d:66:aa:af:af:3b:f0:e4:9d:33:55:e7:
                    cb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E6:C6:69:C5:3D:7E:08:91:E0:7F:B6:13:DB:FA:5D:E8:86:49:E5
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/h-bGacU9fgiR4H-2E9v6XeiGSeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:a8:f5:9b:46:19:d2:35:fa:ff:1f:ea:77:eb:a6:f0:b7:86:
         8b:d6:fe:28:54:07:b3:97:9c:fb:6a:d6:4e:39:94:89:ce:11:
         bb:cc:56:86:60:80:62:81:fe:51:1a:a7:a3:6c:c6:ee:38:57:
         81:21:9e:02:1b:de:b4:5a:f5:e7:9b:16:82:40:b0:c7:9d:4d:
         6d:a8:4a:31:c7:64:b5:76:40:0a:cd:c0:94:93:93:0a:37:60:
         e6:df:f3:60:0e:61:80:b0:8d:66:70:08:a6:7e:13:ee:5e:d3:
         b4:39:2a:ce:57:12:50:c7:2f:a2:fd:7e:09:09:55:6a:48:fc:
         71:15:fa:82:b1:41:d2:63:35:08:63:27:f2:2c:08:7e:99:39:
         e6:80:fd:f7:da:e6:11:c9:c3:1a:39:91:d7:ca:15:3f:e3:37:
         1f:f3:57:fd:d3:68:6b:23:e1:99:d6:bf:14:28:1d:fe:cb:71:
         e2:99:00:01:91:62:74:b5:33:ef:e0:cb:8e:41:0f:f8:3c:ae:
         28:09:ff:c9:b8:12:21:8a:5b:28:c6:50:e9:9b:7f:e4:58:e9:
         32:7c:8e:5b:f6:4e:1a:b4:b6:f8:dd:d1:cc:87:69:15:0e:71:
         c8:fd:d0:58:4c:04:b7:c8:8d:a8:65:a8:70:40:b3:7d:3d:4d:
         8d:fb:1b:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/cB/L7m3ToqXrFdCvrwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjUwMTAyMDc0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2U2YzY2OWM1M2Q3ZTA4OTFlMDdmYjYxM2RiZmE1ZGU4ODY0OWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IUjqQ9lBSWbMyRKR7TlA8lKQOE1
a9kdqlsOupu6ttLOVG++7Y1TmvkKvmt8zaOODwiqqaaZ6ZpZDracik2Jy7TA7uJI
B4wK3twZNyWOCRMzMyIRCLfMy0suPJ/lGuWKj4uEPPHj0nRyVsqiUYg+z5kgj8s0
lBHcNzjQrFtfAriyRWfsyrhiBlg0w6S9GTEVs12qeApJZUWQFXBRCOVC1bw8z2sg
yNQ23ZYwTHD520fqHucqouBncsCSWKanbLToEs2Y66K/P+63Rxoh232TJYKUQCFK
znzgjPTAjHHxfVSq9/ydD3H9gp/GMZwD7AJMxtaNZqqvrzvw5J0zVefLaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfmxmnFPX4IkeB/thPb+l3ohknlMB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvaC1iR2FjVTlmZ2lSNEgtMkU5djZYZWlHU2VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJZTYMA0G
CSqGSIb3DQEBCwUAA4IBAQBGqPWbRhnSNfr/H+p366bwt4aL1v4oVAezl5z7atZO
OZSJzhG7zFaGYIBigf5RGqejbMbuOFeBIZ4CG960WvXnmxaCQLDHnU1tqEoxx2S1
dkAKzcCUk5MKN2Dm3/NgDmGAsI1mcAimfhPuXtO0OSrOVxJQxy+i/X4JCVVqSPxx
FfqCsUHSYzUIYyfyLAh+mTnmgP332uYRycMaOZHXyhU/4zcf81f902hrI+GZ1r8U
KB3+y3HimQABkWJ0tTPv4MuOQQ/4PK4oCf/JuBIhilsoxlDpm3/kWOkyfI5b9k4a
tLb43dHMh2kVDnHI/dBYTAS3yI2oZahwQLN9PU2N+xvk
-----END CERTIFICATE-----