Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/G6Cayhowwo87M5-cvGW75ajEuEY.roa
File:                     G6Cayhowwo87M5-cvGW75ajEuEY.roa (raw, json)
Hash identifier:          Rt/ImnZ7Cqw92tuECPM1fQ2BKpN5PZBi3XSkR1NOoZI=
Subject key identifier:   1B:A0:9A:CA:1A:30:C2:8F:3B:33:9F:9C:BC:65:BB:E5:A8:C4:B8:46
Certificate issuer:       /CN=8a31f8bea33b0056446e3321eede3a170fbd7c1f
Certificate serial:       018CC7941BD301E88863A667E9B5A247C990
Authority key identifier: 8A:31:F8:BE:A3:3B:00:56:44:6E:33:21:EE:DE:3A:17:0F:BD:7C:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ijH4vqM7AFZEbjMh7t46Fw-9fB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/G6Cayhowwo87M5-cvGW75ajEuEY.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198370
IP address blocks:        37.18.187.0/24 maxlen: 24
                          37.18.186.0/24 maxlen: 24
                          37.18.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/ijH4vqM7AFZEbjMh7t46Fw-9fB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/ijH4vqM7AFZEbjMh7t46Fw-9fB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ijH4vqM7AFZEbjMh7t46Fw-9fB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1b:d3:01:e8:88:63:a6:67:e9:b5:a2:47:c9:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a31f8bea33b0056446e3321eede3a170fbd7c1f
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ba09aca1a30c28f3b339f9cbc65bbe5a8c4b846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e5:a7:40:1b:c3:8e:ee:88:c8:79:29:0c:18:
                    12:1b:a1:ce:1a:fe:ef:72:bb:0c:18:fe:93:aa:44:
                    3e:d0:01:5d:84:99:15:63:e1:a2:51:e8:ce:22:c3:
                    e8:07:a8:0f:c3:8a:a1:df:41:ae:67:f4:a8:6b:24:
                    74:cb:bb:04:e5:5a:09:cf:08:70:35:12:7a:dd:2e:
                    31:ad:31:1f:83:bf:5f:29:5e:fe:c4:3f:49:7e:7c:
                    55:2a:f0:49:2e:c0:c7:af:40:f5:ec:ed:69:08:36:
                    3c:7e:9e:12:03:0d:d7:12:2f:bb:14:bd:8b:81:90:
                    8d:a3:ce:bd:9d:96:1c:d0:83:67:e1:64:a4:dd:72:
                    7e:9e:44:7e:4c:04:7b:5b:51:96:10:34:9d:92:a1:
                    e6:98:dc:29:3f:65:38:bc:84:dd:c2:76:1d:c8:ee:
                    35:0a:e4:7d:e3:6e:a3:a1:f0:97:70:f4:3d:d3:85:
                    72:58:9f:cc:fc:bf:ef:10:b9:d6:e6:60:4f:27:0e:
                    fa:52:5c:89:30:d4:c6:19:32:1a:63:a8:c0:1b:2d:
                    d8:a3:7b:2b:f3:91:cc:4b:14:04:e9:96:18:8f:3b:
                    37:21:35:7f:c2:62:06:ee:8d:02:c4:d9:ee:ea:dc:
                    be:5b:f5:be:a1:9a:d5:7a:a9:71:2b:c6:23:44:d8:
                    cd:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:A0:9A:CA:1A:30:C2:8F:3B:33:9F:9C:BC:65:BB:E5:A8:C4:B8:46
            X509v3 Authority Key Identifier:
                keyid:8A:31:F8:BE:A3:3B:00:56:44:6E:33:21:EE:DE:3A:17:0F:BD:7C:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ijH4vqM7AFZEbjMh7t46Fw-9fB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/G6Cayhowwo87M5-cvGW75ajEuEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/ijH4vqM7AFZEbjMh7t46Fw-9fB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.184.0/24
                  37.18.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:4f:54:76:ab:dd:68:3a:6a:df:f6:8d:c2:3a:12:7c:98:9a:
         d0:db:62:60:e4:55:3f:ef:bb:7b:1f:8f:61:d7:84:22:f8:4e:
         ef:23:d7:c0:15:b9:e7:68:d5:42:b3:25:e3:10:89:b2:ff:9e:
         94:6b:1c:d7:3e:2a:7b:94:c9:a1:0b:1c:0f:8e:82:34:97:54:
         52:8c:f1:66:cc:da:4e:e4:02:88:63:7c:76:67:80:46:1f:f5:
         9c:13:5b:99:12:73:14:f5:86:e9:62:ed:0d:b3:ce:90:36:5b:
         da:db:56:08:7e:e8:45:13:7a:95:22:b7:33:88:11:02:9e:75:
         77:cf:2d:2e:96:ed:3e:ad:cb:f3:54:01:a5:78:50:32:41:32:
         42:87:33:bf:5d:ab:2b:bd:8e:2b:9a:55:9a:06:2f:27:0c:b3:
         b5:06:fb:43:05:52:4f:8c:ab:72:0a:97:6a:e6:90:6f:bd:3a:
         7e:f3:87:28:98:10:29:78:95:69:2f:21:6f:45:e9:a3:3b:e8:
         a2:f7:ee:3a:80:c0:88:fc:64:d7:50:ce:d2:93:b6:2b:8a:4b:
         a4:81:3c:ab:34:34:c1:52:7c:bd:fe:69:ef:0d:0d:dc:ec:66:
         01:88:7d:41:da:76:bc:41:a1:f0:18:c3:18:38:28:c2:65:2f:
         f9:bc:44:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlBvTAeiIY6Zn6bWiR8mQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMzFmOGJlYTMzYjAwNTY0NDZlMzMyMWVlZGUzYTE3MGZi
ZDdjMWYwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmEwOWFjYTFhMzBjMjhmM2IzMzlmOWNiYzY1YmJlNWE4YzRiODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+WnQBvDju6IyHkpDBgSG6HOGv7v
crsMGP6TqkQ+0AFdhJkVY+GiUejOIsPoB6gPw4qh30GuZ/SoayR0y7sE5VoJzwhw
NRJ63S4xrTEfg79fKV7+xD9JfnxVKvBJLsDHr0D17O1pCDY8fp4SAw3XEi+7FL2L
gZCNo869nZYc0INn4WSk3XJ+nkR+TAR7W1GWEDSdkqHmmNwpP2U4vITdwnYdyO41
CuR9426jofCXcPQ904VyWJ/M/L/vELnW5mBPJw76UlyJMNTGGTIaY6jAGy3Yo3sr
85HMSxQE6ZYYjzs3ITV/wmIG7o0CxNnu6ty+W/W+oZrVeqlxK8YjRNjNEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBugmsoaMMKPOzOfnLxlu+WoxLhGMB8GA1UdIwQY
MBaAFIox+L6jOwBWRG4zIe7eOhcPvXwfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWpINHZxTTdBRlpFYmpNaDd0NDZGdy05ZkI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC82MGZjMGQtMGViOS00MjRjLWE2MzAt
OWE1YzczYmZmYTIzLzEvRzZDYXlob3d3bzg3TTUtY3ZHVzc1YWpFdUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC82MGZjMGQtMGViOS00MjRjLWE2MzAtOWE1YzczYmZmYTIz
LzEvaWpINHZxTTdBRlpFYmpNaDd0NDZGdy05ZkI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJRK4AwQB
JRK6MA0GCSqGSIb3DQEBCwUAA4IBAQB5T1R2q91oOmrf9o3COhJ8mJrQ22Jg5FU/
77t7H49h14Qi+E7vI9fAFbnnaNVCsyXjEImy/56UaxzXPip7lMmhCxwPjoI0l1RS
jPFmzNpO5AKIY3x2Z4BGH/WcE1uZEnMU9YbpYu0Ns86QNlva21YIfuhFE3qVIrcz
iBECnnV3zy0ulu0+rcvzVAGleFAyQTJChzO/XasrvY4rmlWaBi8nDLO1BvtDBVJP
jKtyCpdq5pBvvTp+84comBApeJVpLyFvRemjO+ii9+46gMCI/GTXUM7Sk7Yrikuk
gTyrNDTBUny9/mnvDQ3c7GYBiH1B2na8QaHwGMMYOCjCZS/5vET4
-----END CERTIFICATE-----