Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/sRfNWK0vwl-BdEgAd7F-RDyqtq4.roa
File:                     sRfNWK0vwl-BdEgAd7F-RDyqtq4.roa (raw, json)
Hash identifier:          qCNbLX46fLWi2Q9smRo1xj48Ui2ttmNR2ogPF16puGc=
Subject key identifier:   B1:17:CD:58:AD:2F:C2:5F:81:74:48:00:77:B1:7E:44:3C:AA:B6:AE
Certificate issuer:       /CN=1517d4f58af84f50ce42f13293ede4aff12d173f
Certificate serial:       018CC7935B7485CCEF6A56731FE9BD24E9F0
Authority key identifier: 15:17:D4:F5:8A:F8:4F:50:CE:42:F1:32:93:ED:E4:AF:F1:2D:17:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/sRfNWK0vwl-BdEgAd7F-RDyqtq4.roa
Signing time:             Tue 02 Jan 2024 00:29:32 +0000
ROA not before:           Tue 02 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29447
IP address blocks:        37.164.0.0/16 maxlen: 17
                          37.160.0.0/14 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5b:74:85:cc:ef:6a:56:73:1f:e9:bd:24:e9:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1517d4f58af84f50ce42f13293ede4aff12d173f
        Validity
            Not Before: Jan  2 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b117cd58ad2fc25f8174480077b17e443caab6ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:15:1c:ae:11:39:6e:8a:1b:f5:94:41:c1:1d:
                    60:87:2c:3b:78:0c:9c:b4:55:72:5c:26:03:c8:8f:
                    10:42:50:8f:da:8e:58:d6:43:17:d8:15:61:36:e0:
                    85:e3:f2:22:69:07:14:0f:32:a0:be:13:fd:77:9e:
                    2f:22:54:7d:a8:bc:db:75:f5:18:e8:7e:cd:ae:0e:
                    8c:24:a0:f2:9a:35:6d:0f:6f:60:43:0a:d6:87:dc:
                    00:cf:bf:93:03:3a:f8:99:e2:68:61:bd:8d:80:51:
                    23:df:8d:e7:da:33:cc:a0:16:c7:9d:2e:e6:e2:ba:
                    cf:06:73:47:01:ab:f8:89:b4:58:73:88:8f:fe:4a:
                    43:33:b2:4e:d8:3a:2e:2b:b2:a5:6c:11:80:ea:a3:
                    34:dd:48:4e:a8:78:1a:31:e6:af:99:f6:51:91:28:
                    f6:7c:ea:bb:a8:c2:c9:4b:ca:8a:3a:0f:ad:63:e3:
                    02:41:82:ac:0a:39:28:53:51:3f:fd:6d:ae:0b:d1:
                    7a:a3:73:3b:94:ec:ae:ea:7b:78:cc:fa:92:f4:32:
                    5e:15:cd:dc:73:97:e7:12:0f:56:2e:92:8c:90:c4:
                    17:0f:60:7b:b0:87:c3:ab:e7:ec:89:26:a8:21:3e:
                    17:9e:62:a9:f5:1c:ab:11:c3:74:ce:45:94:e8:a5:
                    b4:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:17:CD:58:AD:2F:C2:5F:81:74:48:00:77:B1:7E:44:3C:AA:B6:AE
            X509v3 Authority Key Identifier:
                keyid:15:17:D4:F5:8A:F8:4F:50:CE:42:F1:32:93:ED:E4:AF:F1:2D:17:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/sRfNWK0vwl-BdEgAd7F-RDyqtq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c4f80c-7b69-4fec-aa54-e5f98ddafc98/1/FRfU9Yr4T1DOQvEyk-3kr_EtFz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.160.0.0-37.164.255.255

    Signature Algorithm: sha256WithRSAEncryption
         a4:88:4a:8e:27:fd:65:59:11:5f:35:1a:27:a9:6e:28:a8:f1:
         1f:7c:6c:c0:ca:e5:19:f4:b2:df:70:5a:ff:c3:a9:0f:4c:3b:
         0e:ac:74:23:19:58:45:94:30:59:e3:a8:fe:2c:f0:35:3c:4b:
         97:95:12:0f:f8:ae:5f:51:59:7a:64:e8:a4:4d:b6:be:99:ae:
         f9:3b:72:d2:65:65:e8:c6:10:14:4d:38:a5:b6:ed:eb:a9:04:
         4a:dc:20:d4:01:c7:4a:5f:4b:c1:1b:e2:c7:0a:4e:d6:78:96:
         ea:bd:db:24:64:48:0b:4f:5f:c7:51:d7:7a:42:86:75:1d:ec:
         52:60:d0:f9:01:c6:3b:1c:53:d9:55:96:88:a0:d1:e0:0c:22:
         81:e9:98:3c:fe:12:a4:6a:ea:ee:4d:eb:f3:4c:a1:c8:26:bc:
         bd:46:44:b1:4d:65:6c:bd:a8:a8:23:f0:bd:14:75:c5:85:a7:
         74:46:5a:a1:67:f2:24:29:4a:2a:de:ce:ab:2d:90:bd:ad:5e:
         f7:5a:54:8e:20:87:c9:2d:67:2e:ec:5d:b6:88:ed:a3:8e:3f:
         82:b1:d6:fa:dd:9b:6b:df:ae:e8:a8:7d:b8:e9:f4:21:cd:10:
         70:33:5a:a7:c7:f4:89:af:72:74:ef:aa:fb:7d:86:50:2d:46:
         aa:b2:8d:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHk1t0hczvalZzH+m9JOnwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MTdkNGY1OGFmODRmNTBjZTQyZjEzMjkzZWRlNGFmZjEy
ZDE3M2YwHhcNMjQwMTAyMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTE3Y2Q1OGFkMmZjMjVmODE3NDQ4MDA3N2IxN2U0NDNjYWFiNmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRUcrhE5boob9ZRBwR1ghyw7eAyc
tFVyXCYDyI8QQlCP2o5Y1kMX2BVhNuCF4/IiaQcUDzKgvhP9d54vIlR9qLzbdfUY
6H7Nrg6MJKDymjVtD29gQwrWh9wAz7+TAzr4meJoYb2NgFEj343n2jPMoBbHnS7m
4rrPBnNHAav4ibRYc4iP/kpDM7JO2DouK7KlbBGA6qM03UhOqHgaMeavmfZRkSj2
fOq7qMLJS8qKOg+tY+MCQYKsCjkoU1E//W2uC9F6o3M7lOyu6nt4zPqS9DJeFc3c
c5fnEg9WLpKMkMQXD2B7sIfDq+fsiSaoIT4XnmKp9RyrEcN0zkWU6KW0TQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLEXzVitL8JfgXRIAHexfkQ8qrauMB8GA1UdIwQY
MBaAFBUX1PWK+E9QzkLxMpPt5K/xLRc/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlJmVTlZcjRUMURPUXZFeWstM2tyX0V0Rno4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9jNGY4MGMtN2I2OS00ZmVjLWFhNTQt
ZTVmOThkZGFmYzk4LzEvc1JmTldLMHZ3bC1CZEVnQWQ3Ri1SRHlxdHE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9jNGY4MGMtN2I2OS00ZmVjLWFhNTQtZTVmOThkZGFmYzk4
LzEvRlJmVTlZcjRUMURPUXZFeWstM2tyX0V0Rno4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMMAoDAwUloAMD
ACWkMA0GCSqGSIb3DQEBCwUAA4IBAQCkiEqOJ/1lWRFfNRonqW4oqPEffGzAyuUZ
9LLfcFr/w6kPTDsOrHQjGVhFlDBZ46j+LPA1PEuXlRIP+K5fUVl6ZOikTba+ma75
O3LSZWXoxhAUTTiltu3rqQRK3CDUAcdKX0vBG+LHCk7WeJbqvdskZEgLT1/HUdd6
QoZ1HexSYND5AcY7HFPZVZaIoNHgDCKB6Zg8/hKkauruTevzTKHIJry9RkSxTWVs
vaioI/C9FHXFhad0RlqhZ/IkKUoq3s6rLZC9rV73WlSOIIfJLWcu7F22iO2jjj+C
sdb63Ztr367oqH246fQhzRBwM1qnx/SJr3J076r7fYZQLUaqso13
-----END CERTIFICATE-----