Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/eevY7-TVqsYCjrhOZntEPbcfvVE.roa
File:                     eevY7-TVqsYCjrhOZntEPbcfvVE.roa (raw, json)
Hash identifier:          7qqv+7mebB0gw9i4NJ/RTTBfTELoS4NnbyUzJRqDwVA=
Subject key identifier:   79:EB:D8:EF:E4:D5:AA:C6:02:8E:B8:4E:66:7B:44:3D:B7:1F:BD:51
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DEE81CB45D46F7EC5ACE33D82013A
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/eevY7-TVqsYCjrhOZntEPbcfvVE.roa
Signing time:             Mon 01 Jan 2024 14:29:25 +0000
ROA not before:           Mon 01 Jan 2024 14:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198728
IP address blocks:        37.16.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ee:81:cb:45:d4:6f:7e:c5:ac:e3:3d:82:01:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79ebd8efe4d5aac6028eb84e667b443db71fbd51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5b:51:c5:3a:84:5f:e1:6a:bf:5d:9a:62:41:
                    23:1b:63:ef:ed:2a:94:7e:d6:69:2f:33:3f:96:69:
                    d7:97:dd:51:59:37:3e:6b:0c:ec:27:8d:f6:5e:ce:
                    ff:5c:e1:9a:a9:80:90:ee:b1:5b:86:09:0d:40:16:
                    c0:16:41:68:eb:9b:b5:d6:0b:ef:fe:64:ed:d3:1b:
                    78:16:ae:74:8c:ea:53:c9:9b:b5:da:6b:ea:ba:33:
                    46:46:d6:af:6f:fe:73:8e:af:8a:08:6f:24:1f:01:
                    6d:78:bb:cd:fa:10:01:c4:51:58:9b:6b:3f:94:36:
                    ad:4f:27:84:c2:a2:3d:5f:41:4f:68:e5:fb:55:f3:
                    36:c3:76:0b:80:d8:8f:8d:41:e7:c1:e2:c5:74:86:
                    b1:21:22:72:82:0d:12:4d:bf:79:8e:21:5a:c8:7e:
                    51:28:22:f6:5f:17:9b:47:06:fe:0e:c9:cf:ff:be:
                    1a:0d:55:71:70:80:a8:9b:5b:76:6c:7c:55:f8:55:
                    d3:00:2e:66:24:7f:2e:d6:90:16:c0:d7:29:9a:b6:
                    f1:af:f0:6d:26:b9:56:11:24:99:e2:d6:cf:32:7d:
                    e9:27:c8:af:69:3a:b2:92:8c:6a:2b:22:42:9d:c9:
                    ca:af:73:4d:60:76:88:00:f2:db:fe:3d:e1:c2:62:
                    08:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:EB:D8:EF:E4:D5:AA:C6:02:8E:B8:4E:66:7B:44:3D:B7:1F:BD:51
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/eevY7-TVqsYCjrhOZntEPbcfvVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:e0:cc:2c:65:41:23:21:b5:59:93:0d:8c:11:af:28:18:34:
         05:c6:5f:a4:fe:38:71:9b:2b:0a:e8:f9:93:05:00:e9:fd:b9:
         80:62:99:a9:23:7f:13:38:86:2c:5d:62:e9:09:c9:af:ae:99:
         5f:29:e5:d4:81:b5:26:e9:ec:6d:ae:7d:6f:3e:64:cf:e0:af:
         bb:bb:71:90:68:f4:8f:ef:26:65:42:40:6a:e9:74:ac:ba:27:
         67:5a:d5:b8:f4:40:e5:6b:2b:4a:bc:d1:14:0e:e4:6f:c5:9a:
         78:57:2d:2d:21:9d:2e:61:20:72:b8:cf:04:24:82:ff:56:1b:
         d7:f7:26:49:88:1a:9b:d7:4c:a2:e3:1b:bf:41:13:4b:c9:7f:
         a2:0c:e4:ea:11:3a:58:0c:ad:4e:60:b0:e6:4e:26:52:cf:f1:
         97:b0:de:cd:f5:f1:91:29:47:4a:25:70:19:11:49:e8:be:66:
         7d:37:47:3f:7c:27:dd:03:e0:2f:b9:20:3f:47:d5:f7:ab:c4:
         a7:3d:97:18:ab:27:d1:26:6e:57:7c:1b:33:dd:df:94:f7:b1:
         56:70:f2:cb:55:4f:f8:ec:91:21:ec:0e:95:a8:c2:ca:44:c2:
         bd:bd:20:e6:40:80:99:51:54:68:bf:df:a6:96:d1:0f:e6:9f:
         cf:35:f2:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbe6By0XUb37FrOM9ggE6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWViZDhlZmU0ZDVhYWM2MDI4ZWI4NGU2NjdiNDQzZGI3MWZiZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjltRxTqEX+Fqv12aYkEjG2Pv7SqU
ftZpLzM/lmnXl91RWTc+awzsJ432Xs7/XOGaqYCQ7rFbhgkNQBbAFkFo65u11gvv
/mTt0xt4Fq50jOpTyZu12mvqujNGRtavb/5zjq+KCG8kHwFteLvN+hABxFFYm2s/
lDatTyeEwqI9X0FPaOX7VfM2w3YLgNiPjUHnweLFdIaxISJygg0STb95jiFayH5R
KCL2XxebRwb+DsnP/74aDVVxcICom1t2bHxV+FXTAC5mJH8u1pAWwNcpmrbxr/Bt
JrlWESSZ4tbPMn3pJ8ivaTqykoxqKyJCncnKr3NNYHaIAPLb/j3hwmIIlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHnr2O/k1arGAo64TmZ7RD23H71RMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvZWV2WTctVFZxc1lDanJoT1pudEVQYmNmdlZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRBUMA0G
CSqGSIb3DQEBCwUAA4IBAQAV4MwsZUEjIbVZkw2MEa8oGDQFxl+k/jhxmysK6PmT
BQDp/bmAYpmpI38TOIYsXWLpCcmvrplfKeXUgbUm6extrn1vPmTP4K+7u3GQaPSP
7yZlQkBq6XSsuidnWtW49EDlaytKvNEUDuRvxZp4Vy0tIZ0uYSByuM8EJIL/VhvX
9yZJiBqb10yi4xu/QRNLyX+iDOTqETpYDK1OYLDmTiZSz/GXsN7N9fGRKUdKJXAZ
EUnovmZ9N0c/fCfdA+AvuSA/R9X3q8SnPZcYqyfRJm5XfBsz3d+U97FWcPLLVU/4
7JEh7A6VqMLKRMK9vSDmQICZUVRov9+mltEP5p/PNfK1
-----END CERTIFICATE-----