Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/l_ScJkwYKewxtYg8QlHHPgeYeOM.roa
File:                     l_ScJkwYKewxtYg8QlHHPgeYeOM.roa (raw, json)
Hash identifier:          8hyiyuVYFwIu+zr/PLLYY+h3cIS9CApRVhFEhVP2IkI=
Subject key identifier:   97:F4:9C:26:4C:18:29:EC:31:B5:88:3C:42:51:C7:3E:07:98:78:E3
Certificate issuer:       /CN=084059a0ca6078a9b75daa66db806ff22c0eaad9
Certificate serial:       018CC7271A7BCAA21C2C22AFF293424D8DD7
Authority key identifier: 08:40:59:A0:CA:60:78:A9:B7:5D:AA:66:DB:80:6F:F2:2C:0E:AA:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/l_ScJkwYKewxtYg8QlHHPgeYeOM.roa
Signing time:             Mon 01 Jan 2024 22:31:17 +0000
ROA not before:           Mon 01 Jan 2024 22:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29791
IP address blocks:        185.37.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1a:7b:ca:a2:1c:2c:22:af:f2:93:42:4d:8d:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=084059a0ca6078a9b75daa66db806ff22c0eaad9
        Validity
            Not Before: Jan  1 22:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97f49c264c1829ec31b5883c4251c73e079878e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:98:bf:a7:00:4a:6a:e1:0d:aa:fb:1f:05:6b:
                    9a:87:f8:40:0b:c6:97:3d:3b:df:e1:a2:68:ad:4b:
                    8a:63:c7:9a:a9:07:01:95:34:e0:aa:3b:35:4f:ea:
                    5a:72:47:7e:66:cc:f0:f8:05:52:9e:37:fe:50:00:
                    b2:6d:a9:01:11:be:10:b9:67:fd:75:54:0e:c5:da:
                    cd:3a:f8:4f:01:5f:05:a0:d1:09:e6:c3:6e:a8:54:
                    ae:ab:65:a5:d5:72:40:53:6d:a2:9f:71:d5:2c:6f:
                    da:c4:0b:36:be:4d:62:00:47:40:1f:c7:5d:0f:fe:
                    97:a1:45:c0:1f:c0:26:09:da:ff:05:f0:a6:5f:30:
                    9e:32:5e:56:de:1d:1d:32:6c:a1:c4:b2:2d:ca:e2:
                    89:c3:f7:bf:01:66:6c:21:1d:32:79:4e:1b:2a:b7:
                    bb:c8:fc:de:6f:a9:46:ed:21:c2:49:c4:e7:23:e6:
                    47:0b:c7:5d:67:63:13:89:98:2a:9e:f3:ea:f2:8e:
                    d5:f9:63:5c:0f:87:98:bd:6d:bb:1f:30:ac:59:34:
                    a7:cf:25:b7:4b:4c:6c:63:09:97:d3:32:57:e2:6f:
                    16:6c:7f:09:91:cb:90:c6:d8:9e:fd:47:c8:33:ec:
                    14:28:0c:d0:b1:10:a4:4a:93:7e:1b:81:cc:b8:13:
                    6e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F4:9C:26:4C:18:29:EC:31:B5:88:3C:42:51:C7:3E:07:98:78:E3
            X509v3 Authority Key Identifier:
                keyid:08:40:59:A0:CA:60:78:A9:B7:5D:AA:66:DB:80:6F:F2:2C:0E:AA:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/l_ScJkwYKewxtYg8QlHHPgeYeOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:4d:1e:72:9d:ed:3f:d5:77:8d:fc:77:81:0c:62:8b:c1:57:
         da:5c:f6:59:dd:59:df:fa:04:01:5b:fd:15:da:f8:38:b7:16:
         79:bc:e4:49:bd:41:c1:b3:0c:fc:fc:f4:48:fd:5e:d7:18:c4:
         b9:80:75:db:97:cb:40:c0:5a:98:40:60:84:0f:19:5b:52:58:
         a4:4f:28:81:c5:e5:72:24:dc:3d:ef:8a:b3:0c:01:1c:70:ab:
         a4:2d:f9:73:3d:c5:5d:f9:45:5a:76:3c:3e:90:e4:0e:c4:af:
         fb:25:a6:93:07:4c:91:ed:b0:aa:5a:c5:ba:7a:f0:e6:e5:82:
         28:1e:5a:a5:3b:14:fc:d8:45:f4:7b:12:ed:2f:16:a1:92:84:
         ac:f1:e2:76:cd:76:87:53:0d:d0:b8:75:6b:d4:9b:30:ef:99:
         9d:9e:29:87:d7:98:cd:bd:5e:6c:11:d4:61:74:9f:d4:2a:53:
         64:b3:b6:4f:f3:e5:6b:d1:2c:0d:54:94:9b:34:cb:fb:9f:2e:
         e9:9f:60:a6:cc:40:b7:9e:db:24:e2:70:fc:6d:5f:12:e2:3c:
         b7:31:0a:b5:26:39:44:de:42:0e:f4:81:88:ed:dc:33:c0:2a:
         b0:7a:27:18:08:16:94:8c:9d:86:e9:a0:bd:43:c2:2f:b0:39:
         a7:f3:b7:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJxp7yqIcLCKv8pNCTY3XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDA1OWEwY2E2MDc4YTliNzVkYWE2NmRiODA2ZmYyMmMw
ZWFhZDkwHhcNMjQwMTAxMjIzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2Y0OWMyNjRjMTgyOWVjMzFiNTg4M2M0MjUxYzczZTA3OTg3OGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pi/pwBKauENqvsfBWuah/hAC8aX
PTvf4aJorUuKY8eaqQcBlTTgqjs1T+packd+Zszw+AVSnjf+UACybakBEb4QuWf9
dVQOxdrNOvhPAV8FoNEJ5sNuqFSuq2Wl1XJAU22in3HVLG/axAs2vk1iAEdAH8dd
D/6XoUXAH8AmCdr/BfCmXzCeMl5W3h0dMmyhxLItyuKJw/e/AWZsIR0yeU4bKre7
yPzeb6lG7SHCScTnI+ZHC8ddZ2MTiZgqnvPq8o7V+WNcD4eYvW27HzCsWTSnzyW3
S0xsYwmX0zJX4m8WbH8JkcuQxtie/UfIM+wUKAzQsRCkSpN+G4HMuBNu3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJf0nCZMGCnsMbWIPEJRxz4HmHjjMB8GA1UdIwQY
MBaAFAhAWaDKYHipt12qZtuAb/IsDqrZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VCWm9NcGdlS20zWGFwbTI0QnY4aXdPcXRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jNGM4NjEtYjMyNy00MWYyLTgyMGMt
NGMwYTFjMzNmYThhLzEvbF9TY0prd1lLZXd4dFlnOFFsSEhQZ2VZZU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jNGM4NjEtYjMyNy00MWYyLTgyMGMtNGMwYTFjMzNmYThh
LzEvQ0VCWm9NcGdlS20zWGFwbTI0QnY4aXdPcXRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSUlMA0G
CSqGSIb3DQEBCwUAA4IBAQB0TR5yne0/1XeN/HeBDGKLwVfaXPZZ3Vnf+gQBW/0V
2vg4txZ5vORJvUHBswz8/PRI/V7XGMS5gHXbl8tAwFqYQGCEDxlbUlikTyiBxeVy
JNw974qzDAEccKukLflzPcVd+UVadjw+kOQOxK/7JaaTB0yR7bCqWsW6evDm5YIo
HlqlOxT82EX0exLtLxahkoSs8eJ2zXaHUw3QuHVr1Jsw75mdnimH15jNvV5sEdRh
dJ/UKlNks7ZP8+Vr0SwNVJSbNMv7ny7pn2CmzEC3ntsk4nD8bV8S4jy3MQq1JjlE
3kIO9IGI7dwzwCqweicYCBaUjJ2G6aC9Q8IvsDmn87cP
-----END CERTIFICATE-----