Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/AWP34c7fXfVYKLF8_Q1gagZKXm0.roa
File:                     AWP34c7fXfVYKLF8_Q1gagZKXm0.roa (raw, json)
Hash identifier:          zaglWTI0weDehehuLyAsd2ekB4Z5cFyzORNDhHm4oes=
Subject key identifier:   01:63:F7:E1:CE:DF:5D:F5:58:28:B1:7C:FD:0D:60:6A:06:4A:5E:6D
Certificate issuer:       /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial:       018CC8DE2B8927ED547AC0ABE90DCCE1B333
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/AWP34c7fXfVYKLF8_Q1gagZKXm0.roa
Signing time:             Tue 02 Jan 2024 06:30:52 +0000
ROA not before:           Tue 02 Jan 2024 06:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        37.247.116.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2b:89:27:ed:54:7a:c0:ab:e9:0d:cc:e1:b3:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
        Validity
            Not Before: Jan  2 06:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0163f7e1cedf5df55828b17cfd0d606a064a5e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e6:26:8f:85:52:59:d4:54:82:c9:24:3d:67:
                    4e:53:88:92:0e:ab:b4:ac:6c:30:af:ea:7a:51:24:
                    71:11:31:5b:d7:84:88:3e:bf:e4:6d:eb:53:c3:10:
                    66:dc:55:ed:59:d5:1a:1a:29:29:d9:aa:89:ef:ad:
                    99:e1:2a:2b:88:a2:8c:da:c6:42:3b:ce:a9:82:b6:
                    c9:6a:27:d7:2a:a2:ae:28:9a:68:d4:51:08:48:1d:
                    9a:31:7e:b1:a9:ec:d4:b3:b4:06:59:82:6b:89:39:
                    28:48:02:34:42:a5:93:df:c4:55:9b:17:f8:19:c9:
                    bc:61:2a:b5:0e:51:60:74:28:b5:5f:85:12:ed:66:
                    93:f3:5b:64:dc:e5:69:68:5c:a8:58:b6:09:aa:31:
                    cb:52:1e:7a:6c:af:dd:04:57:50:1f:76:9f:d7:42:
                    04:20:87:27:a3:c6:97:49:0a:01:e1:84:2c:0a:5c:
                    58:da:04:1b:1b:93:51:30:98:1d:90:df:7d:b3:45:
                    87:ae:d4:6f:47:c9:9e:d3:f7:94:7a:c8:79:ff:cc:
                    6d:6d:02:e8:bd:6e:fe:c8:c6:65:0c:d2:f4:3b:a5:
                    3e:eb:d7:4e:c3:9a:e3:7f:88:8f:78:18:ba:24:6e:
                    3c:18:61:5f:6e:ad:45:0d:39:46:82:29:e5:69:99:
                    d3:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:63:F7:E1:CE:DF:5D:F5:58:28:B1:7C:FD:0D:60:6A:06:4A:5E:6D
            X509v3 Authority Key Identifier:
                keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/AWP34c7fXfVYKLF8_Q1gagZKXm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.247.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:7b:29:13:4f:06:9f:8d:10:aa:a0:bf:a7:55:3a:b8:c6:74:
         95:34:9c:78:91:f1:f1:36:d3:23:12:69:70:dc:2e:ff:24:c0:
         2a:82:7d:f4:a2:b9:2c:3b:cc:6a:1e:a7:b1:01:c0:06:d8:93:
         0f:1c:1e:2f:75:ce:f6:22:a7:95:82:67:cf:86:0f:df:62:0a:
         a6:e8:3c:06:d7:35:81:e8:82:8b:69:17:3f:23:49:50:bf:a5:
         14:99:7a:06:25:6e:d0:25:e8:7b:ae:39:fe:31:93:65:f7:78:
         79:43:4b:43:d9:58:1e:72:c3:97:13:2e:b7:5d:3b:8a:f3:98:
         3d:ef:35:2a:be:c2:ac:93:6a:91:d5:70:0c:cb:0e:81:62:80:
         a3:e6:10:5b:ac:36:05:5f:d4:7e:bc:74:59:67:63:fa:f0:fb:
         ca:76:3d:fc:06:38:65:61:fe:7c:ab:e8:07:ef:41:d7:d8:1f:
         8c:5b:40:11:ea:47:80:16:85:dd:3a:dc:ab:7b:a1:7e:b2:32:
         2b:a5:bc:91:5a:f8:e6:89:c4:9a:65:9a:76:75:7d:ab:ce:05:
         a7:3f:c1:5c:ee:12:d5:20:ff:93:52:27:65:46:1b:6f:30:59:
         cc:0d:a2:44:6f:e6:af:1d:48:49:be:79:8f:17:a5:a7:0f:e9:
         b6:5f:75:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3iuJJ+1UesCr6Q3M4bMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjQwMTAyMDYzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTYzZjdlMWNlZGY1ZGY1NTgyOGIxN2NmZDBkNjA2YTA2NGE1ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+Ymj4VSWdRUgskkPWdOU4iSDqu0
rGwwr+p6USRxETFb14SIPr/kbetTwxBm3FXtWdUaGikp2aqJ762Z4SoriKKM2sZC
O86pgrbJaifXKqKuKJpo1FEISB2aMX6xqezUs7QGWYJriTkoSAI0QqWT38RVmxf4
Gcm8YSq1DlFgdCi1X4US7WaT81tk3OVpaFyoWLYJqjHLUh56bK/dBFdQH3af10IE
IIcno8aXSQoB4YQsClxY2gQbG5NRMJgdkN99s0WHrtRvR8me0/eUesh5/8xtbQLo
vW7+yMZlDNL0O6U+69dOw5rjf4iPeBi6JG48GGFfbq1FDTlGginlaZnTcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFj9+HO3131WCixfP0NYGoGSl5tMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvQVdQMzRjN2ZYZlZZS0xGOF9RMWdhZ1pLWG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJfd0MA0G
CSqGSIb3DQEBCwUAA4IBAQA1eykTTwafjRCqoL+nVTq4xnSVNJx4kfHxNtMjEmlw
3C7/JMAqgn30orksO8xqHqexAcAG2JMPHB4vdc72IqeVgmfPhg/fYgqm6DwG1zWB
6IKLaRc/I0lQv6UUmXoGJW7QJeh7rjn+MZNl93h5Q0tD2VgecsOXEy63XTuK85g9
7zUqvsKsk2qR1XAMyw6BYoCj5hBbrDYFX9R+vHRZZ2P68PvKdj38BjhlYf58q+gH
70HX2B+MW0AR6keAFoXdOtyre6F+sjIrpbyRWvjmicSaZZp2dX2rzgWnP8Fc7hLV
IP+TUidlRhtvMFnMDaJEb+avHUhJvnmPF6WnD+m2X3V6
-----END CERTIFICATE-----