Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/5yx2ExrPeSHKs5Mdz5mputQMUuY.roa
File:                     5yx2ExrPeSHKs5Mdz5mputQMUuY.roa (raw, json)
Hash identifier:          UtXyHDW9yXjJy9eSlNkphudfam7BVlI54v5w4uIpIWY=
Subject key identifier:   E7:2C:76:13:1A:CF:79:21:CA:B3:93:1D:CF:99:A9:BA:D4:0C:52:E6
Certificate issuer:       /CN=d79785de62dcf9e7930babd7b1d39c5853d1944f
Certificate serial:       0194258F6BBCB0B1435EF57C8B76A958E0AA
Authority key identifier: D7:97:85:DE:62:DC:F9:E7:93:0B:AB:D7:B1:D3:9C:58:53:D1:94:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/15eF3mLc-eeTC6vXsdOcWFPRlE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/5yx2ExrPeSHKs5Mdz5mputQMUuY.roa
Signing time:             Thu 02 Jan 2025 05:49:03 +0000
ROA not before:           Thu 02 Jan 2025 05:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212689
IP address blocks:        37.10.8.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/15eF3mLc-eeTC6vXsdOcWFPRlE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/15eF3mLc-eeTC6vXsdOcWFPRlE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/15eF3mLc-eeTC6vXsdOcWFPRlE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6b:bc:b0:b1:43:5e:f5:7c:8b:76:a9:58:e0:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d79785de62dcf9e7930babd7b1d39c5853d1944f
        Validity
            Not Before: Jan  2 05:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e72c76131acf7921cab3931dcf99a9bad40c52e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:6d:6a:f0:00:8f:7a:0a:d8:5f:b9:7a:c3:4d:
                    82:57:05:a4:6b:f7:14:b6:9d:ca:32:93:a0:4f:a8:
                    f6:38:bb:07:b8:e4:9a:8e:c2:a9:70:48:d5:d0:17:
                    0c:10:3c:1a:d6:7e:0e:2c:f7:e9:f2:7d:4b:63:e3:
                    f3:0d:b1:74:e0:57:78:06:39:cb:48:38:b0:6a:3b:
                    1f:00:59:ac:94:75:7e:1c:23:5c:60:b1:91:7a:a6:
                    e4:8e:bf:c1:73:81:fc:62:03:b8:32:b5:1d:97:54:
                    d8:3d:06:26:dd:a6:04:99:7d:e5:fd:06:30:9e:0c:
                    6c:1c:5e:c3:53:48:3a:fd:e3:09:3d:22:92:6f:72:
                    e4:8f:62:4e:75:fa:cf:83:35:7d:7a:90:0f:e1:ae:
                    d4:e0:c4:4f:e7:db:a2:a8:cb:0e:6a:4e:79:63:01:
                    c2:04:6f:90:69:a6:ce:c7:a4:d8:f3:2c:a2:99:2e:
                    19:0e:31:d4:14:5f:e5:51:94:13:23:e9:bc:a0:97:
                    04:37:21:cd:ce:a2:e7:d1:9f:3c:16:55:96:41:13:
                    98:bb:f5:37:3c:b8:26:69:ba:7e:8b:4e:0c:dc:fd:
                    32:44:fc:12:d0:a8:49:f9:0f:0d:4f:db:0b:f7:4a:
                    70:0f:f7:85:d3:78:bd:41:40:57:0e:34:67:6c:09:
                    cf:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2C:76:13:1A:CF:79:21:CA:B3:93:1D:CF:99:A9:BA:D4:0C:52:E6
            X509v3 Authority Key Identifier:
                keyid:D7:97:85:DE:62:DC:F9:E7:93:0B:AB:D7:B1:D3:9C:58:53:D1:94:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/15eF3mLc-eeTC6vXsdOcWFPRlE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/5yx2ExrPeSHKs5Mdz5mputQMUuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/7f9728-9559-4263-bcfa-75855db7151f/1/15eF3mLc-eeTC6vXsdOcWFPRlE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.10.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:7b:f5:22:3b:03:87:db:55:5f:b1:a0:13:80:77:ef:55:69:
         5e:3b:83:6f:12:49:cd:a1:79:23:f3:44:67:d4:e7:34:8d:0f:
         34:54:5d:ec:4d:50:95:7c:63:c7:35:4d:98:36:88:a8:4c:2f:
         21:91:8c:15:91:bb:4f:c4:2b:0e:00:ab:07:80:ed:56:5e:b8:
         df:3a:bb:6c:11:22:78:e9:b6:4c:71:ca:fd:8e:a9:bc:fc:5d:
         f8:94:be:c1:8c:f8:82:0a:9e:0a:53:4f:aa:6a:1a:2e:35:69:
         f1:30:74:e6:1d:5a:14:d0:a9:1b:65:1d:8c:89:80:84:a9:5f:
         d0:bf:92:fe:af:1a:84:6f:a0:e4:e3:b5:79:d5:8d:6a:50:d9:
         e6:5d:15:87:51:75:63:91:c7:2f:51:38:c0:df:a6:10:87:a3:
         f6:3d:bd:48:9d:3b:fc:7f:80:4f:79:e4:5c:9e:1e:b7:c3:ac:
         31:41:12:90:e9:95:2f:46:02:18:ab:ef:c2:3f:4d:27:9e:f3:
         2e:cc:6c:a0:1a:b9:e6:91:00:49:bd:8b:cd:34:8b:79:a9:92:
         ae:17:8d:b9:0d:33:f3:47:28:e2:14:6b:07:02:2a:9c:ef:45:
         ad:be:0d:d7:96:47:bc:b6:40:c0:a4:51:1d:15:71:44:44:31:
         2c:40:d6:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj2u8sLFDXvV8i3apWOCqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OTc4NWRlNjJkY2Y5ZTc5MzBiYWJkN2IxZDM5YzU4NTNk
MTk0NGYwHhcNMjUwMTAyMDU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJjNzYxMzFhY2Y3OTIxY2FiMzkzMWRjZjk5YTliYWQ0MGM1MmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs21q8ACPegrYX7l6w02CVwWka/cU
tp3KMpOgT6j2OLsHuOSajsKpcEjV0BcMEDwa1n4OLPfp8n1LY+PzDbF04Fd4BjnL
SDiwajsfAFmslHV+HCNcYLGReqbkjr/Bc4H8YgO4MrUdl1TYPQYm3aYEmX3l/QYw
ngxsHF7DU0g6/eMJPSKSb3Lkj2JOdfrPgzV9epAP4a7U4MRP59uiqMsOak55YwHC
BG+QaabOx6TY8yyimS4ZDjHUFF/lUZQTI+m8oJcENyHNzqLn0Z88FlWWQROYu/U3
PLgmabp+i04M3P0yRPwS0KhJ+Q8NT9sL90pwD/eF03i9QUBXDjRnbAnPTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcsdhMaz3khyrOTHc+ZqbrUDFLmMB8GA1UdIwQY
MBaAFNeXhd5i3Pnnkwur17HTnFhT0ZRPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTVlRjNtTGMtZWVUQzZ2WHNkT2NXRlBSbEU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi83Zjk3MjgtOTU1OS00MjYzLWJjZmEt
NzU4NTVkYjcxNTFmLzEvNXl4MkV4clBlU0hLczVNZHo1bXB1dFFNVXVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi83Zjk3MjgtOTU1OS00MjYzLWJjZmEtNzU4NTVkYjcxNTFm
LzEvMTVlRjNtTGMtZWVUQzZ2WHNkT2NXRlBSbEU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCJQoIMA0G
CSqGSIb3DQEBCwUAA4IBAQB0e/UiOwOH21VfsaATgHfvVWleO4NvEknNoXkj80Rn
1Oc0jQ80VF3sTVCVfGPHNU2YNoioTC8hkYwVkbtPxCsOAKsHgO1WXrjfOrtsESJ4
6bZMccr9jqm8/F34lL7BjPiCCp4KU0+qahouNWnxMHTmHVoU0KkbZR2MiYCEqV/Q
v5L+rxqEb6Dk47V51Y1qUNnmXRWHUXVjkccvUTjA36YQh6P2Pb1InTv8f4BPeeRc
nh63w6wxQRKQ6ZUvRgIYq+/CP00nnvMuzGygGrnmkQBJvYvNNIt5qZKuF425DTPz
RyjiFGsHAiqc70Wtvg3Xlke8tkDApFEdFXFERDEsQNZT
-----END CERTIFICATE-----