Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/FNHuYyjFcCv7-ZWaGzBfmYFcOGQ.roa
File:                     FNHuYyjFcCv7-ZWaGzBfmYFcOGQ.roa (raw, json)
Hash identifier:          L9jOHXyZ+y+LZ2uYKt+i2xev7swoEFTQm6GAJqRBSLE=
Subject key identifier:   14:D1:EE:63:28:C5:70:2B:FB:F9:95:9A:1B:30:5F:99:81:5C:38:64
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       0194228D340E216E877C92690C5D402CCF6C
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/FNHuYyjFcCv7-ZWaGzBfmYFcOGQ.roa
Signing time:             Wed 01 Jan 2025 15:47:46 +0000
ROA not before:           Wed 01 Jan 2025 15:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198700
IP address blocks:        37.16.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:34:0e:21:6e:87:7c:92:69:0c:5d:40:2c:cf:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 15:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14d1ee6328c5702bfbf9959a1b305f99815c3864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:00:6e:8e:30:d6:66:26:ba:93:19:4f:fa:7b:
                    25:70:af:3e:10:ea:06:16:26:ad:64:96:77:d3:47:
                    aa:14:8b:79:d0:92:50:1b:f6:33:10:ad:5f:f7:7c:
                    2b:12:dd:f6:43:c1:1a:cc:89:d2:ae:89:6e:75:a9:
                    c1:9a:62:f6:cc:81:59:b9:46:9a:f4:23:86:9c:f9:
                    8f:6a:47:9d:2f:11:f3:09:8d:88:18:61:2b:45:2d:
                    2d:4b:17:00:bd:98:d6:72:be:d6:c1:74:c2:f0:ba:
                    d3:56:32:a6:1b:57:de:a6:f7:1f:4a:df:64:be:81:
                    87:b9:b5:d1:59:6b:5d:5f:17:52:cc:4f:00:e6:0c:
                    a9:42:13:08:94:8a:5e:74:86:04:32:3d:cc:ad:ce:
                    f5:31:c5:4e:2f:f3:52:c6:4e:f9:c7:38:c9:7b:db:
                    0d:43:4e:c9:0a:12:8c:c3:1d:01:a3:b0:a7:a0:60:
                    b8:b8:c5:4b:fd:a8:37:56:d4:c2:35:61:2f:e4:0d:
                    fc:af:61:0f:73:af:85:aa:1a:46:5e:60:db:53:90:
                    9d:e6:14:3c:43:e9:84:d0:2b:2b:91:38:cb:ce:2d:
                    85:dd:87:d6:ca:0a:eb:79:2f:74:90:28:b1:17:48:
                    94:e4:d1:7b:a3:7e:88:01:06:12:37:fe:ec:69:d5:
                    15:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:D1:EE:63:28:C5:70:2B:FB:F9:95:9A:1B:30:5F:99:81:5C:38:64
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/FNHuYyjFcCv7-ZWaGzBfmYFcOGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:3f:02:6f:f8:01:5e:22:9e:f6:d6:25:24:de:f4:1d:f3:aa:
         a0:9d:a8:69:c5:b5:f0:a3:7c:2f:af:5c:23:e8:87:6f:83:c5:
         e9:75:40:38:0a:3f:5c:e1:d5:49:c1:29:74:4d:99:a6:19:e4:
         d0:28:f1:2f:17:ae:d6:35:8c:ee:51:a1:41:2b:4b:f0:75:36:
         ef:4d:3d:64:2e:a7:fa:5c:66:6d:e2:20:d2:d6:04:76:9a:73:
         ac:92:76:6e:16:b5:95:1a:46:bf:9d:23:07:d7:94:d8:a4:aa:
         04:10:a9:59:83:35:a4:58:a6:75:d3:4f:f0:c2:37:50:57:ac:
         f1:bd:49:f6:c6:80:af:0c:36:9e:50:04:7d:8c:e7:41:ec:0d:
         01:56:fb:92:6e:dd:e1:21:e2:11:61:45:3c:f5:0d:b1:6e:72:
         3a:b0:4c:60:d4:5b:8b:19:7b:4d:7a:2a:d6:85:91:7a:55:a4:
         f2:e0:25:76:76:01:bf:ab:76:6e:3f:6a:21:ad:6f:37:f8:c6:
         98:29:1a:df:c6:10:1c:8c:26:77:95:a6:bd:e6:f1:b2:57:b5:
         9e:de:c2:ac:a2:a7:54:28:0c:78:46:8d:c2:f1:c1:9c:42:a4:
         6e:7d:ef:ba:ca:1d:ab:8b:7d:93:ed:2b:87:89:df:45:44:9a:
         44:25:17:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijTQOIW6HfJJpDF1ALM9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjUwMTAxMTU0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGQxZWU2MzI4YzU3MDJiZmJmOTk1OWExYjMwNWY5OTgxNWMzODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgBujjDWZia6kxlP+nslcK8+EOoG
FiatZJZ300eqFIt50JJQG/YzEK1f93wrEt32Q8EazInSroludanBmmL2zIFZuUaa
9COGnPmPakedLxHzCY2IGGErRS0tSxcAvZjWcr7WwXTC8LrTVjKmG1fepvcfSt9k
voGHubXRWWtdXxdSzE8A5gypQhMIlIpedIYEMj3Mrc71McVOL/NSxk75xzjJe9sN
Q07JChKMwx0Bo7CnoGC4uMVL/ag3VtTCNWEv5A38r2EPc6+FqhpGXmDbU5Cd5hQ8
Q+mE0CsrkTjLzi2F3YfWygrreS90kCixF0iU5NF7o36IAQYSN/7sadUV7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBTR7mMoxXAr+/mVmhswX5mBXDhkMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvRk5IdVl5akZjQ3Y3LVpXYUd6QmZtWUZjT0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRBWMA0G
CSqGSIb3DQEBCwUAA4IBAQAVPwJv+AFeIp721iUk3vQd86qgnahpxbXwo3wvr1wj
6Idvg8XpdUA4Cj9c4dVJwSl0TZmmGeTQKPEvF67WNYzuUaFBK0vwdTbvTT1kLqf6
XGZt4iDS1gR2mnOsknZuFrWVGka/nSMH15TYpKoEEKlZgzWkWKZ100/wwjdQV6zx
vUn2xoCvDDaeUAR9jOdB7A0BVvuSbt3hIeIRYUU89Q2xbnI6sExg1FuLGXtNeirW
hZF6VaTy4CV2dgG/q3ZuP2ohrW83+MaYKRrfxhAcjCZ3laa95vGyV7We3sKsoqdU
KAx4Ro3C8cGcQqRufe+6yh2ri32T7SuHid9FRJpEJRf6
-----END CERTIFICATE-----