Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/iH1ZGhA3DpL4881pQkbGOrVgJqk.roa
File:                     iH1ZGhA3DpL4881pQkbGOrVgJqk.roa (raw, json)
Hash identifier:          Q+3UWG8RRRE0AIHv7UtXby5UCEViT6HwxOmc1fwQUOk=
Subject key identifier:   88:7D:59:1A:10:37:0E:92:F8:F3:CD:69:42:46:C6:3A:B5:60:26:A9
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       018CC8024705306F9D4E228FF21946439F1B
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/iH1ZGhA3DpL4881pQkbGOrVgJqk.roa
Signing time:             Tue 02 Jan 2024 02:30:41 +0000
ROA not before:           Tue 02 Jan 2024 02:30:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211092
IP address blocks:        37.157.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:47:05:30:6f:9d:4e:22:8f:f2:19:46:43:9f:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Jan  2 02:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=887d591a10370e92f8f3cd694246c63ab56026a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:34:9c:a9:d3:07:c1:a0:ba:34:f0:36:56:fe:
                    07:f5:00:5c:10:ea:f3:5d:4c:c2:ea:e2:f6:5c:c1:
                    e4:2b:54:c3:ba:72:26:da:5b:a5:17:c3:54:5e:46:
                    ce:7e:50:8d:7d:9b:6f:5d:95:2c:c6:59:7b:fa:66:
                    90:2d:75:1a:46:98:12:fd:84:ef:5c:42:ee:4c:f2:
                    14:e9:5b:a5:38:67:5e:d1:11:ac:08:de:4d:38:12:
                    67:69:f5:09:3b:13:27:0e:b3:41:d0:a2:5c:20:7b:
                    98:0d:94:d8:ae:82:ad:8e:21:0b:e2:16:bd:3b:40:
                    c9:aa:16:51:52:89:b0:5a:f7:9a:77:50:87:c2:77:
                    b1:c0:1a:ae:22:7c:42:c2:fd:58:df:40:44:a9:5e:
                    b6:4c:a5:da:d5:dd:f5:cc:58:68:d9:3d:dd:5e:9e:
                    7a:46:58:d7:ff:18:e5:d6:2b:58:8f:4b:31:5b:06:
                    94:17:13:ec:c0:43:5c:60:ff:67:a5:93:2f:e3:3b:
                    25:4b:0d:9b:e2:f1:f3:31:a7:50:13:1a:9c:76:b6:
                    fe:01:3a:c8:d7:f4:bc:31:2e:78:68:d1:b4:23:7a:
                    b3:a7:8d:32:52:2a:1a:74:fe:19:f3:07:cc:7a:6f:
                    22:fd:66:5b:e8:7c:10:8b:47:99:2f:f8:b5:5b:a3:
                    85:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:7D:59:1A:10:37:0E:92:F8:F3:CD:69:42:46:C6:3A:B5:60:26:A9
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/iH1ZGhA3DpL4881pQkbGOrVgJqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:6b:a4:05:3c:39:8e:2e:79:5f:7b:4e:e0:fd:aa:1b:67:8f:
         05:28:ab:04:0f:af:c8:99:34:4c:24:03:d1:00:ba:65:55:37:
         8d:3d:62:e0:f8:fa:87:11:9f:05:db:94:48:4c:c4:38:04:e3:
         e8:0d:8a:6f:97:04:20:69:b1:8e:eb:dd:7e:35:4f:ee:7b:84:
         be:72:b3:a0:f3:a5:de:28:97:ff:56:9d:79:d5:5a:6e:f0:19:
         77:90:bf:d2:81:64:e2:ba:4c:f6:8e:91:6b:a2:18:dc:41:6a:
         fe:35:6c:df:d4:cf:c4:ec:a1:f4:40:12:69:74:be:ab:93:b5:
         14:1b:eb:c0:6a:3f:59:b8:be:7f:66:ca:24:83:61:10:6b:dc:
         94:bf:e2:d9:11:1f:cf:6b:1e:aa:d0:16:10:7b:f0:ab:ed:ec:
         91:d9:d6:cd:cf:f0:b3:ce:32:d3:ba:5e:ef:11:69:13:4b:35:
         a8:e3:9f:c7:6e:3a:97:f7:5e:56:dc:17:f6:d0:08:93:73:9e:
         1e:7f:95:18:12:5f:7b:c6:54:d7:9b:12:7b:af:74:2a:ef:4d:
         48:2d:a1:ed:a2:f6:14:2d:13:7d:cb:d3:d5:fa:3c:e7:ae:22:
         fa:d0:45:4c:2f:59:5b:fe:c0:dd:8c:f6:7c:9f:ca:22:39:8f:
         23:59:41:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAkcFMG+dTiKP8hlGQ58bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjQwMTAyMDIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODdkNTkxYTEwMzcwZTkyZjhmM2NkNjk0MjQ2YzYzYWI1NjAyNmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTScqdMHwaC6NPA2Vv4H9QBcEOrz
XUzC6uL2XMHkK1TDunIm2lulF8NUXkbOflCNfZtvXZUsxll7+maQLXUaRpgS/YTv
XELuTPIU6VulOGde0RGsCN5NOBJnafUJOxMnDrNB0KJcIHuYDZTYroKtjiEL4ha9
O0DJqhZRUomwWvead1CHwnexwBquInxCwv1Y30BEqV62TKXa1d31zFho2T3dXp56
RljX/xjl1itYj0sxWwaUFxPswENcYP9npZMv4zslSw2b4vHzMadQExqcdrb+ATrI
1/S8MS54aNG0I3qzp40yUioadP4Z8wfMem8i/WZb6HwQi0eZL/i1W6OFawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIh9WRoQNw6S+PPNaUJGxjq1YCapMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvaUgxWkdoQTNEcEw0ODgxcFFrYkdPclZnSnFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJZ3TMA0G
CSqGSIb3DQEBCwUAA4IBAQAFa6QFPDmOLnlfe07g/aobZ48FKKsED6/ImTRMJAPR
ALplVTeNPWLg+PqHEZ8F25RITMQ4BOPoDYpvlwQgabGO691+NU/ue4S+crOg86Xe
KJf/Vp151Vpu8Bl3kL/SgWTiukz2jpFrohjcQWr+NWzf1M/E7KH0QBJpdL6rk7UU
G+vAaj9ZuL5/Zsokg2EQa9yUv+LZER/Pax6q0BYQe/Cr7eyR2dbNz/CzzjLTul7v
EWkTSzWo45/HbjqX915W3Bf20AiTc54ef5UYEl97xlTXmxJ7r3Qq701ILaHtovYU
LRN9y9PV+jznriL60EVML1lb/sDdjPZ8n8oiOY8jWUG0
-----END CERTIFICATE-----