Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/FG7DHM27X5YRSA-6hgqAcuKOtTs.roa
File:                     FG7DHM27X5YRSA-6hgqAcuKOtTs.roa (raw, json)
Hash identifier:          reRCDQwHVVW8DRbLBwoC+MZCR7i2CveKT9gCJ8ux9z4=
Subject key identifier:   14:6E:C3:1C:CD:BB:5F:96:11:48:0F:BA:86:0A:80:72:E2:8E:B5:3B
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0192EC798C6BD1A86D46B812DCC62C3094DA
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/FG7DHM27X5YRSA-6hgqAcuKOtTs.roa
Signing time:             Sat 02 Nov 2024 10:44:01 +0000
ROA not before:           Sat 02 Nov 2024 10:44:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58229
IP address blocks:        37.16.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ec:79:8c:6b:d1:a8:6d:46:b8:12:dc:c6:2c:30:94:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Nov  2 10:44:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=146ec31ccdbb5f9611480fba860a8072e28eb53b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:44:a0:a6:fe:51:e1:16:f7:a6:8a:72:e1:f8:
                    24:f1:13:88:ae:78:3e:01:1a:05:38:62:63:77:01:
                    d1:08:db:8c:a5:2e:1d:bb:54:a1:15:bc:92:a1:41:
                    37:ad:f6:08:c7:bb:d2:68:14:1b:4d:ec:21:64:fd:
                    3f:1a:01:30:36:74:87:2f:77:35:67:91:ad:25:11:
                    6d:8a:eb:c0:60:12:08:a9:4f:f7:07:56:32:90:2d:
                    59:0d:b4:34:db:c5:16:12:7b:4b:f7:4e:8c:dc:3a:
                    c9:8a:00:dc:24:86:46:fa:e0:16:2e:ab:94:11:9d:
                    9b:fc:5b:7e:6f:6a:1a:b3:45:fe:ed:cc:de:e0:71:
                    15:55:2b:d8:47:7c:4c:59:b2:7c:f2:fa:7d:ab:62:
                    c3:01:a2:c5:6d:5a:5c:6c:8f:8b:cd:9c:05:bd:c0:
                    a4:09:59:28:bc:e5:c5:21:a8:ab:5a:d1:45:d5:27:
                    ec:3f:29:b2:8a:20:ab:0b:cb:98:1b:5b:d1:b4:95:
                    46:26:9a:bf:cb:25:04:58:4b:d8:0e:20:d3:9f:a3:
                    ff:a1:62:d4:35:dd:6d:e1:da:36:31:99:3a:b8:8f:
                    8c:41:e0:62:40:ff:26:9a:33:f8:df:32:75:c0:26:
                    45:5b:6b:87:19:af:4c:85:59:f5:66:be:ca:70:1f:
                    88:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6E:C3:1C:CD:BB:5F:96:11:48:0F:BA:86:0A:80:72:E2:8E:B5:3B
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/FG7DHM27X5YRSA-6hgqAcuKOtTs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:75:01:97:be:e6:58:1c:ad:cc:05:46:8c:72:26:dc:3f:ee:
         0f:02:39:15:fa:92:b5:94:be:e4:ce:69:65:04:08:d4:8a:ff:
         3c:38:4e:1f:bb:de:1a:8e:d2:9c:ea:bf:dd:02:1d:28:79:d8:
         ed:fa:04:5f:0c:0b:b6:e8:73:a7:c1:99:71:59:ea:2f:18:1c:
         93:b6:6a:dd:ca:61:68:e8:fc:0d:a1:a6:52:e8:e6:7c:e8:ce:
         28:c0:9c:41:8e:97:c4:27:96:47:43:3b:f5:da:61:8a:e1:5f:
         77:8a:fe:81:f6:b3:cd:b7:aa:ac:d2:bb:dd:94:82:9d:b2:b8:
         b7:00:8a:3a:9e:c1:ab:07:1d:fd:4f:77:93:31:b5:a6:0c:64:
         c0:72:d6:8a:22:b6:88:88:1b:ef:df:35:49:61:05:77:d9:df:
         89:60:46:46:39:19:61:4f:c8:44:83:00:08:ed:d1:13:78:81:
         9e:6a:f5:b9:3b:5a:ea:e7:95:63:87:5e:c9:72:1e:f3:ea:e1:
         57:b8:cc:b5:32:86:ff:75:8d:b6:5b:b9:b4:0f:20:32:22:65:
         f8:ee:a2:23:d3:7e:7a:df:f8:d5:e6:4a:42:d3:71:2e:b0:a0:
         37:5a:f7:cb:5d:e6:43:61:c7:4c:86:34:a0:6e:25:39:30:48:
         e6:96:c9:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLseYxr0ahtRrgS3MYsMJTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQxMTAyMTA0NDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZlYzMxY2NkYmI1Zjk2MTE0ODBmYmE4NjBhODA3MmUyOGViNTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0Sgpv5R4Rb3popy4fgk8ROIrng+
ARoFOGJjdwHRCNuMpS4du1ShFbySoUE3rfYIx7vSaBQbTewhZP0/GgEwNnSHL3c1
Z5GtJRFtiuvAYBIIqU/3B1YykC1ZDbQ028UWEntL906M3DrJigDcJIZG+uAWLquU
EZ2b/Ft+b2oas0X+7cze4HEVVSvYR3xMWbJ88vp9q2LDAaLFbVpcbI+LzZwFvcCk
CVkovOXFIairWtFF1SfsPymyiiCrC8uYG1vRtJVGJpq/yyUEWEvYDiDTn6P/oWLU
Nd1t4do2MZk6uI+MQeBiQP8mmjP43zJ1wCZFW2uHGa9MhVn1Zr7KcB+IswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBRuwxzNu1+WEUgPuoYKgHLijrU7MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvRkc3REhNMjdYNVlSU0EtNmhncUFjdUtPdFRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRBVMA0G
CSqGSIb3DQEBCwUAA4IBAQBgdQGXvuZYHK3MBUaMcibcP+4PAjkV+pK1lL7kzmll
BAjUiv88OE4fu94ajtKc6r/dAh0oedjt+gRfDAu26HOnwZlxWeovGByTtmrdymFo
6PwNoaZS6OZ86M4owJxBjpfEJ5ZHQzv12mGK4V93iv6B9rPNt6qs0rvdlIKdsri3
AIo6nsGrBx39T3eTMbWmDGTActaKIraIiBvv3zVJYQV32d+JYEZGORlhT8hEgwAI
7dETeIGeavW5O1rq55Vjh17Jch7z6uFXuMy1Mob/dY22W7m0DyAyImX47qIj0356
3/jV5kpC03EusKA3WvfLXeZDYcdMhjSgbiU5MEjmlsmh
-----END CERTIFICATE-----