Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/fgvh1mId55FAZGmj6fylFL_qVL8.roa
File:                     fgvh1mId55FAZGmj6fylFL_qVL8.roa (raw, json)
Hash identifier:          AbopSQ7abQKBqJ3h65OhQOrwXLK5DCqK1MKnnCRXjRk=
Subject key identifier:   7E:0B:E1:D6:62:1D:E7:91:40:64:69:A3:E9:FC:A5:14:BF:EA:54:BF
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DEC372CC26AAE6A1A7E0A006C2270
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/fgvh1mId55FAZGmj6fylFL_qVL8.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58229
IP address blocks:        37.16.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 14:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ec:37:2c:c2:6a:ae:6a:1a:7e:0a:00:6c:22:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e0be1d6621de791406469a3e9fca514bfea54bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4a:6a:4d:97:6e:f8:bc:f2:c0:12:5c:90:64:
                    54:ec:a0:5e:b8:2c:06:8b:78:77:ac:cf:1e:79:76:
                    47:27:31:ef:18:5b:0e:6e:bd:b9:d5:e9:0c:6f:89:
                    67:0f:30:8c:c5:a4:52:74:2b:cf:fd:60:d3:bd:3c:
                    de:1e:46:5e:71:03:f3:08:80:a2:52:06:06:9a:9e:
                    8c:58:5c:9f:5e:b1:50:67:ac:f9:89:20:2e:d6:ce:
                    fb:4c:c7:13:26:39:83:d1:b1:7f:f9:27:72:ea:28:
                    f4:5f:e5:24:96:7c:dd:44:b9:a6:3c:29:30:b7:f3:
                    34:0e:97:01:1d:65:18:0f:bd:5a:d2:16:ee:c1:1f:
                    01:dd:7c:b5:2f:3f:a0:d0:5e:b3:b3:5c:db:ea:fb:
                    e5:9f:5c:af:e6:4a:84:ff:3f:9f:32:b5:05:6c:02:
                    83:77:11:d1:91:76:1f:df:f2:52:67:ea:48:e7:70:
                    c4:5a:90:c7:43:c1:bd:5d:bb:ef:24:6f:c8:05:9d:
                    5b:a0:ac:b6:da:94:50:89:f5:f9:7b:95:a2:ee:80:
                    c0:c5:aa:03:03:d0:69:be:af:bf:4d:21:68:3b:99:
                    de:9c:26:64:47:94:df:e1:e6:df:24:cd:af:dd:e0:
                    12:3d:49:42:a7:9a:fc:68:72:e8:66:75:e2:c6:17:
                    9f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:0B:E1:D6:62:1D:E7:91:40:64:69:A3:E9:FC:A5:14:BF:EA:54:BF
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/fgvh1mId55FAZGmj6fylFL_qVL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:3e:d1:ec:47:04:11:08:c5:44:c9:f6:52:c2:2f:8f:9d:44:
         dc:6e:f7:83:07:60:c8:96:4f:72:a1:1b:8e:e9:eb:bc:2c:25:
         07:66:78:24:f6:c6:22:4f:eb:4b:5c:5a:f8:54:7a:50:7f:73:
         d9:b7:d4:da:30:31:62:85:97:0e:36:fe:37:e0:72:e6:e1:ae:
         82:0f:c2:d9:02:58:e9:3f:33:97:30:5d:dc:af:cf:e2:a1:84:
         56:81:df:06:90:f0:6e:aa:55:2b:ec:43:88:76:dc:e4:3f:e2:
         8f:29:76:b1:9f:45:7e:6e:7c:08:b8:be:70:78:e2:62:15:36:
         05:45:dc:a2:90:63:92:b7:72:b3:28:73:92:60:fd:aa:17:53:
         05:f4:47:b7:48:6b:f2:a6:35:ff:d2:88:a3:f3:c6:c9:df:4b:
         18:b3:a8:dd:42:1a:3b:1f:f4:17:04:32:cb:f2:f0:ae:a4:ee:
         6a:44:86:5f:af:e3:17:f9:0c:de:1a:35:32:d4:e2:23:32:fb:
         ba:4c:ca:2e:43:d6:ec:66:8a:e4:dc:af:9a:1b:17:a5:52:72:
         b4:16:b2:ca:2b:e4:92:91:ff:f5:7f:24:c8:cd:7b:68:04:00:
         0d:30:02:3e:57:5b:29:93:68:05:89:e4:e4:67:82:67:fd:d2:
         e7:d2:a5:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbew3LMJqrmoafgoAbCJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTBiZTFkNjYyMWRlNzkxNDA2NDY5YTNlOWZjYTUxNGJmZWE1NGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkpqTZdu+LzywBJckGRU7KBeuCwG
i3h3rM8eeXZHJzHvGFsObr251ekMb4lnDzCMxaRSdCvP/WDTvTzeHkZecQPzCICi
UgYGmp6MWFyfXrFQZ6z5iSAu1s77TMcTJjmD0bF/+Sdy6ij0X+UklnzdRLmmPCkw
t/M0DpcBHWUYD71a0hbuwR8B3Xy1Lz+g0F6zs1zb6vvln1yv5kqE/z+fMrUFbAKD
dxHRkXYf3/JSZ+pI53DEWpDHQ8G9XbvvJG/IBZ1boKy22pRQifX5e5Wi7oDAxaoD
A9Bpvq+/TSFoO5nenCZkR5Tf4ebfJM2v3eASPUlCp5r8aHLoZnXixhef4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4L4dZiHeeRQGRpo+n8pRS/6lS/MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvZmd2aDFtSWQ1NUZBWkdtajZmeWxGTF9xVkw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRBVMA0G
CSqGSIb3DQEBCwUAA4IBAQCKPtHsRwQRCMVEyfZSwi+PnUTcbveDB2DIlk9yoRuO
6eu8LCUHZngk9sYiT+tLXFr4VHpQf3PZt9TaMDFihZcONv434HLm4a6CD8LZAljp
PzOXMF3cr8/ioYRWgd8GkPBuqlUr7EOIdtzkP+KPKXaxn0V+bnwIuL5weOJiFTYF
RdyikGOSt3KzKHOSYP2qF1MF9Ee3SGvypjX/0oij88bJ30sYs6jdQho7H/QXBDLL
8vCupO5qRIZfr+MX+QzeGjUy1OIjMvu6TMouQ9bsZork3K+aGxelUnK0FrLKK+SS
kf/1fyTIzXtoBAANMAI+V1spk2gFieTkZ4Jn/dLn0qV2
-----END CERTIFICATE-----