Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/sCNtmpzebHYRFKqyYVYwoDCSrBE.roa
File:                     sCNtmpzebHYRFKqyYVYwoDCSrBE.roa (raw, json)
Hash identifier:          difitXjlH+l4eH59hJ7Yx+WtdXeTn8INqjE/dqynuvE=
Subject key identifier:   B0:23:6D:9A:9C:DE:6C:76:11:14:AA:B2:61:56:30:A0:30:92:AC:11
Certificate issuer:       /CN=1517d4f58af84f50ce42f13293ede4aff12d173f
Certificate serial:       018EBCD4EB74B2C37205AB8EF25742B686C6
Authority key identifier: 15:17:D4:F5:8A:F8:4F:50:CE:42:F1:32:93:ED:E4:AF:F1:2D:17:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/sCNtmpzebHYRFKqyYVYwoDCSrBE.roa
Signing time:             Mon 08 Apr 2024 08:30:54 +0000
ROA not before:           Mon 08 Apr 2024 08:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210595
IP address blocks:        37.8.160.0/19 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bc:d4:eb:74:b2:c3:72:05:ab:8e:f2:57:42:b6:86:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1517d4f58af84f50ce42f13293ede4aff12d173f
        Validity
            Not Before: Apr  8 08:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0236d9a9cde6c761114aab2615630a03092ac11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9e:7c:3d:93:1e:b5:93:82:52:cd:95:00:ac:
                    a9:ff:8e:0b:3a:c9:de:2a:54:4f:f0:91:3e:c7:08:
                    95:ca:ba:c2:5a:8e:7b:50:f5:2d:af:9c:e9:10:86:
                    10:57:0a:1b:fc:03:14:57:34:1a:6a:1d:67:e5:5a:
                    60:c8:6a:d6:8b:5b:b1:7b:45:cd:5c:43:c3:5c:bc:
                    51:3e:bc:66:78:08:06:85:50:ca:9a:2b:62:60:f9:
                    17:2e:5c:c8:8c:d1:19:d5:5c:05:84:b2:90:27:e8:
                    21:5b:48:67:9b:90:77:1a:55:ba:37:1c:52:29:83:
                    3b:2a:f3:b2:fc:6e:0c:7d:cd:70:5b:8a:53:71:02:
                    a1:a8:f4:d2:4d:28:d4:e0:ac:9b:6b:4d:77:cf:1d:
                    b6:36:6c:2b:bd:73:0c:b5:28:e0:bf:1c:42:f1:07:
                    f1:9d:cd:c1:02:7a:9e:40:1e:5c:bf:20:c8:30:ed:
                    6e:9a:c5:eb:68:ec:ec:26:81:31:e7:e6:09:97:0d:
                    4b:d2:17:47:83:b5:64:21:dc:39:15:66:25:81:16:
                    86:c2:be:6d:c4:d3:06:1e:ca:4c:d2:cb:8a:d5:fb:
                    ed:78:a3:ae:82:37:c5:50:c1:85:c9:fd:4c:f3:a0:
                    0b:6e:1f:1e:8b:cd:20:ed:aa:82:ad:e4:25:fd:8b:
                    06:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:23:6D:9A:9C:DE:6C:76:11:14:AA:B2:61:56:30:A0:30:92:AC:11
            X509v3 Authority Key Identifier:
                keyid:15:17:D4:F5:8A:F8:4F:50:CE:42:F1:32:93:ED:E4:AF:F1:2D:17:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/sCNtmpzebHYRFKqyYVYwoDCSrBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.8.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         8d:51:d6:5b:17:0c:b6:54:33:e9:04:59:fb:fc:bd:a1:40:13:
         72:fa:44:4f:76:bd:ef:91:06:22:58:60:7a:c6:dd:0e:42:ac:
         05:94:ed:dc:ea:73:ec:04:7c:32:41:ed:6c:38:11:c6:07:a8:
         a2:ac:d7:b2:49:29:95:7b:03:d3:19:16:97:d6:da:3d:76:06:
         8c:11:a5:5f:3b:3b:cd:bb:01:df:5a:ca:d2:e9:ec:ee:67:71:
         be:a4:ff:5f:45:41:fa:73:e9:f1:e2:30:1c:96:e6:43:04:14:
         c4:e3:ce:2a:bf:9f:f7:e5:51:4e:d1:b2:9b:a2:7a:f1:80:d6:
         17:32:d5:90:45:d0:67:a0:ed:1a:80:a1:04:66:9e:b3:53:b2:
         76:6c:55:e3:f0:69:87:61:81:f9:79:a3:18:91:17:df:8a:c8:
         61:0d:2c:32:8a:12:2c:4c:58:64:91:d0:81:21:88:57:f8:66:
         0c:49:11:fe:20:12:95:55:c4:d6:5a:37:80:f8:c7:2a:50:b1:
         a2:f0:0a:36:03:cb:fc:19:30:df:cc:dc:91:37:b3:67:77:59:
         36:79:44:68:8f:ef:c2:10:ae:95:46:2d:cd:3d:2b:c9:dc:20:
         52:fe:7a:d3:27:11:b1:f9:a4:b7:d3:58:5d:e8:ed:68:78:ce:
         e1:2d:ef:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY681Ot0ssNyBauO8ldCtobGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MTdkNGY1OGFmODRmNTBjZTQyZjEzMjkzZWRlNGFmZjEy
ZDE3M2YwHhcNMjQwNDA4MDgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDIzNmQ5YTljZGU2Yzc2MTExNGFhYjI2MTU2MzBhMDMwOTJhYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAop58PZMetZOCUs2VAKyp/44LOsne
KlRP8JE+xwiVyrrCWo57UPUtr5zpEIYQVwob/AMUVzQaah1n5VpgyGrWi1uxe0XN
XEPDXLxRPrxmeAgGhVDKmitiYPkXLlzIjNEZ1VwFhLKQJ+ghW0hnm5B3GlW6NxxS
KYM7KvOy/G4Mfc1wW4pTcQKhqPTSTSjU4Kyba013zx22NmwrvXMMtSjgvxxC8Qfx
nc3BAnqeQB5cvyDIMO1umsXraOzsJoEx5+YJlw1L0hdHg7VkIdw5FWYlgRaGwr5t
xNMGHspM0suK1fvteKOugjfFUMGFyf1M86ALbh8ei80g7aqCreQl/YsGiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAjbZqc3mx2ERSqsmFWMKAwkqwRMB8GA1UdIwQY
MBaAFBUX1PWK+E9QzkLxMpPt5K/xLRc/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlJmVTlZcjRUMURPUXZFeWstM2tyX0V0Rno4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9jNGY4MGMtN2I2OS00ZmVjLWFhNTQt
ZTVmOThkZGFmYzk4LzEvc0NOdG1wemViSFlSRktxeVlWWXdvRENTckJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9jNGY4MGMtN2I2OS00ZmVjLWFhNTQtZTVmOThkZGFmYzk4
LzEvRlJmVTlZcjRUMURPUXZFeWstM2tyX0V0Rno4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFJQigMA0G
CSqGSIb3DQEBCwUAA4IBAQCNUdZbFwy2VDPpBFn7/L2hQBNy+kRPdr3vkQYiWGB6
xt0OQqwFlO3c6nPsBHwyQe1sOBHGB6iirNeySSmVewPTGRaX1to9dgaMEaVfOzvN
uwHfWsrS6ezuZ3G+pP9fRUH6c+nx4jAcluZDBBTE484qv5/35VFO0bKbonrxgNYX
MtWQRdBnoO0agKEEZp6zU7J2bFXj8GmHYYH5eaMYkRffishhDSwyihIsTFhkkdCB
IYhX+GYMSRH+IBKVVcTWWjeA+McqULGi8Ao2A8v8GTDfzNyRN7Nnd1k2eURoj+/C
EK6VRi3NPSvJ3CBS/nrTJxGx+aS301hd6O1oeM7hLe/W
-----END CERTIFICATE-----