Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/2Fi9YXhKIybdTQnltg5WVx1S9U0.roa
File:                     2Fi9YXhKIybdTQnltg5WVx1S9U0.roa (raw, json)
Hash identifier:          VKnrHjqJjlX8O3GdIAOJBwavmDOHScm4j9k6la57TNw=
Subject key identifier:   D8:58:BD:61:78:4A:23:26:DD:4D:09:E5:B6:0E:56:57:1D:52:F5:4D
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0194228D34D8A404FE54606AB41705912B94
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/2Fi9YXhKIybdTQnltg5WVx1S9U0.roa
Signing time:             Wed 01 Jan 2025 15:47:46 +0000
ROA not before:           Wed 01 Jan 2025 15:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198728
IP address blocks:        37.16.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:34:d8:a4:04:fe:54:60:6a:b4:17:05:91:2b:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 15:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d858bd61784a2326dd4d09e5b60e56571d52f54d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c9:72:b3:18:f7:94:8e:a2:9d:06:1f:d4:6c:
                    31:e4:0c:94:16:b3:93:e7:ba:9f:2f:55:63:ba:53:
                    5b:52:e0:3c:ca:32:58:a7:43:a7:19:c3:a3:8d:b3:
                    87:97:d6:bb:d1:fb:68:d3:a4:09:64:22:2b:4d:79:
                    a4:f2:38:1f:1f:8a:16:ff:24:ea:96:3c:46:80:61:
                    4f:14:1d:62:57:ad:01:df:1d:0b:3e:e2:0c:6d:b1:
                    8d:ce:2d:6f:bc:26:2d:50:84:f5:31:af:ee:4d:ba:
                    62:cc:98:76:bb:5a:98:1f:5c:c5:33:f2:ac:ec:e6:
                    90:26:9b:ee:13:5c:48:ca:37:e2:1e:22:04:19:d9:
                    3f:fe:a2:40:df:88:1b:62:eb:66:7a:cc:7c:5b:d0:
                    16:ad:21:61:11:36:47:d2:b0:3a:e7:b6:15:50:2d:
                    eb:2e:4e:ea:f6:77:32:7c:56:3b:30:36:0e:81:0d:
                    34:88:50:27:7a:4b:48:ef:71:a6:44:30:64:23:1e:
                    7d:fa:ce:e3:59:e8:20:7c:12:19:43:14:18:d2:c4:
                    21:73:b6:3b:a4:bd:86:57:df:3e:df:9a:96:3b:e1:
                    1c:1a:71:fe:b3:7f:ab:cc:60:c7:78:73:e2:b4:2a:
                    60:64:61:f4:bc:81:e2:e7:39:ab:81:db:f4:e0:08:
                    dc:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:58:BD:61:78:4A:23:26:DD:4D:09:E5:B6:0E:56:57:1D:52:F5:4D
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/2Fi9YXhKIybdTQnltg5WVx1S9U0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:8c:2f:31:c5:e0:bf:d8:87:64:c1:53:53:d9:30:1c:1d:04:
         f8:21:d9:80:36:b0:51:41:ca:f4:5d:75:02:9e:29:34:e1:91:
         96:02:9a:d7:0e:1a:f5:72:91:ad:15:ef:1f:35:32:c9:d4:61:
         e6:bd:6f:47:8f:f5:0a:9d:53:a2:e3:d7:da:a8:c9:41:b8:c2:
         ed:94:75:f8:d2:03:ea:98:ce:a4:23:d0:e6:5e:62:cd:29:95:
         ba:f2:71:4b:c9:a0:ab:21:80:35:09:38:36:6f:52:3b:b3:0e:
         69:3f:b4:b7:16:52:64:e2:81:16:00:48:49:a6:bb:21:d3:87:
         a7:9e:a5:53:d8:64:c0:67:75:6a:40:30:03:c4:06:58:ce:40:
         dc:24:d8:e6:5e:2a:9f:6a:64:96:e8:d4:cc:94:2d:82:3b:81:
         fd:a7:1e:54:99:18:63:89:5e:67:86:24:a7:59:f8:a1:dd:6d:
         40:dd:05:99:ed:3a:12:17:ab:f3:c6:41:14:a4:f9:9c:8b:a3:
         30:94:1f:c5:b0:1d:01:da:49:99:76:34:59:06:d1:d2:19:1a:
         78:b2:87:10:b2:44:29:53:e1:5f:5f:13:1f:a3:81:f5:9c:25:
         fb:34:80:37:50:ce:20:bd:b2:11:32:7e:9d:f6:e0:c4:0d:1f:
         66:3b:27:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijTTYpAT+VGBqtBcFkSuUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwMTAxMTU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODU4YmQ2MTc4NGEyMzI2ZGQ0ZDA5ZTViNjBlNTY1NzFkNTJmNTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8lysxj3lI6inQYf1Gwx5AyUFrOT
57qfL1VjulNbUuA8yjJYp0OnGcOjjbOHl9a70fto06QJZCIrTXmk8jgfH4oW/yTq
ljxGgGFPFB1iV60B3x0LPuIMbbGNzi1vvCYtUIT1Ma/uTbpizJh2u1qYH1zFM/Ks
7OaQJpvuE1xIyjfiHiIEGdk//qJA34gbYutmesx8W9AWrSFhETZH0rA657YVUC3r
Lk7q9ncyfFY7MDYOgQ00iFAnektI73GmRDBkIx59+s7jWeggfBIZQxQY0sQhc7Y7
pL2GV98+35qWO+EcGnH+s3+rzGDHeHPitCpgZGH0vIHi5zmrgdv04Ajc4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhYvWF4SiMm3U0J5bYOVlcdUvVNMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvMkZpOVlYaEtJeWJkVFFubHRnNVdWeDFTOVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRBUMA0G
CSqGSIb3DQEBCwUAA4IBAQCPjC8xxeC/2IdkwVNT2TAcHQT4IdmANrBRQcr0XXUC
nik04ZGWAprXDhr1cpGtFe8fNTLJ1GHmvW9Hj/UKnVOi49faqMlBuMLtlHX40gPq
mM6kI9DmXmLNKZW68nFLyaCrIYA1CTg2b1I7sw5pP7S3FlJk4oEWAEhJprsh04en
nqVT2GTAZ3VqQDADxAZYzkDcJNjmXiqfamSW6NTMlC2CO4H9px5UmRhjiV5nhiSn
Wfih3W1A3QWZ7ToSF6vzxkEUpPmci6MwlB/FsB0B2kmZdjRZBtHSGRp4socQskQp
U+FfXxMfo4H1nCX7NIA3UM4gvbIRMn6d9uDEDR9mOyfa
-----END CERTIFICATE-----