Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/sBWPt9PRUi_RdQRVusUoDmPykus.roa
File:                     sBWPt9PRUi_RdQRVusUoDmPykus.roa (raw, json)
Hash identifier:          M9e2uwY9dOT584hOh1NFj4bHzl64Xg4bMXyrijPxlFs=
Subject key identifier:   B0:15:8F:B7:D3:D1:52:2F:D1:75:04:55:BA:C5:28:0E:63:F2:92:EB
Certificate issuer:       /CN=c7e8d959f1c9564a33f28fe44ab614b8f62b001b
Certificate serial:       018CC8715E6339FA3098295296242402E4AB
Authority key identifier: C7:E8:D9:59:F1:C9:56:4A:33:F2:8F:E4:4A:B6:14:B8:F6:2B:00:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/sBWPt9PRUi_RdQRVusUoDmPykus.roa
Signing time:             Tue 02 Jan 2024 04:32:02 +0000
ROA not before:           Tue 02 Jan 2024 04:32:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208848
IP address blocks:        37.60.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:5e:63:39:fa:30:98:29:52:96:24:24:02:e4:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7e8d959f1c9564a33f28fe44ab614b8f62b001b
        Validity
            Not Before: Jan  2 04:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0158fb7d3d1522fd1750455bac5280e63f292eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f6:bf:3b:7b:46:25:c0:57:b3:fe:55:88:6b:
                    65:37:ea:a3:4e:b1:8c:d8:ac:d3:5d:d4:29:36:9f:
                    9f:16:88:15:ec:9e:3c:8c:81:93:72:92:e1:95:dd:
                    7a:7e:97:8c:76:74:c3:2f:1d:8a:52:f8:9e:63:e0:
                    e8:8d:91:32:15:55:d7:dd:40:86:5f:87:a5:90:13:
                    ef:56:1f:c9:4d:24:56:d9:32:b3:0d:ae:73:d3:e9:
                    bc:95:de:12:0e:7b:da:fc:97:d7:99:13:e5:56:67:
                    4a:1f:a5:67:b3:d1:a2:c7:8e:b3:8e:c3:7d:57:80:
                    52:d4:d6:f9:ab:3b:e5:a0:8c:86:d9:a3:42:c8:19:
                    38:7a:25:e4:28:39:48:4f:76:0f:3f:aa:ce:75:a1:
                    b4:fe:1b:e3:1e:ef:74:de:39:55:35:6c:c1:33:11:
                    8e:64:1c:41:a2:db:3d:b9:7c:80:da:1f:16:1b:70:
                    b0:53:2a:72:d0:76:36:c4:1a:74:09:53:63:8f:cf:
                    74:f8:b7:5b:c1:f1:86:35:35:ed:61:71:57:0f:7a:
                    7e:6b:24:3a:f0:ba:7f:31:7a:92:c2:c6:59:42:97:
                    a0:25:88:35:d5:1d:18:cd:01:5b:bd:c9:df:4e:a5:
                    4b:d5:09:5a:9c:ef:7e:4d:af:29:79:8a:f1:b1:cd:
                    0e:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:15:8F:B7:D3:D1:52:2F:D1:75:04:55:BA:C5:28:0E:63:F2:92:EB
            X509v3 Authority Key Identifier:
                keyid:C7:E8:D9:59:F1:C9:56:4A:33:F2:8F:E4:4A:B6:14:B8:F6:2B:00:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x-jZWfHJVkoz8o_kSrYUuPYrABs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/sBWPt9PRUi_RdQRVusUoDmPykus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/24e327-7658-463c-8990-b1c9b789aaa9/1/x-jZWfHJVkoz8o_kSrYUuPYrABs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:23:0d:d9:57:a7:37:29:8c:7a:2d:95:89:c3:24:53:16:64:
         c8:1a:fb:6b:5e:9b:6d:2d:46:ac:7d:4b:59:92:6a:99:1b:15:
         2d:04:41:7e:26:04:af:da:2b:18:48:f9:a5:35:71:0e:30:fb:
         de:64:9f:54:0c:89:c4:80:8b:49:c9:6d:e7:8c:4e:2e:31:ec:
         0c:74:d2:45:16:3e:79:f6:3d:d8:d6:bb:3f:68:e1:70:9e:13:
         54:1f:89:59:bf:60:50:93:b2:fc:ca:80:7f:90:26:c5:47:77:
         7d:07:b1:01:79:23:46:e6:bb:16:f2:93:69:85:a9:cf:ab:51:
         0b:da:65:b1:44:36:a2:d7:53:67:df:4b:76:13:a0:2c:59:d3:
         54:4b:e1:bb:8b:64:2a:cd:6b:3b:7d:af:4a:25:46:1e:0e:5f:
         61:73:2d:fd:63:5b:a9:9d:0c:79:1f:60:d6:bd:da:2f:71:b1:
         86:20:07:dd:1f:21:22:be:50:67:92:30:dd:29:5c:e6:33:4c:
         b1:36:26:35:26:2b:c1:2f:f9:c9:0c:43:30:d6:6f:bf:ab:ac:
         05:c6:81:ad:6a:27:63:77:61:79:d7:3a:d9:7a:33:1f:d0:94:
         77:e8:66:96:ec:1a:0c:d8:25:9d:01:f5:27:25:f2:c0:74:87:
         57:12:37:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcV5jOfowmClSliQkAuSrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3ZThkOTU5ZjFjOTU2NGEzM2YyOGZlNDRhYjYxNGI4ZjYy
YjAwMWIwHhcNMjQwMTAyMDQzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDE1OGZiN2QzZDE1MjJmZDE3NTA0NTViYWM1MjgwZTYzZjI5MmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfa/O3tGJcBXs/5ViGtlN+qjTrGM
2KzTXdQpNp+fFogV7J48jIGTcpLhld16fpeMdnTDLx2KUvieY+DojZEyFVXX3UCG
X4elkBPvVh/JTSRW2TKzDa5z0+m8ld4SDnva/JfXmRPlVmdKH6Vns9Gix46zjsN9
V4BS1Nb5qzvloIyG2aNCyBk4eiXkKDlIT3YPP6rOdaG0/hvjHu903jlVNWzBMxGO
ZBxBots9uXyA2h8WG3CwUypy0HY2xBp0CVNjj890+LdbwfGGNTXtYXFXD3p+ayQ6
8Lp/MXqSwsZZQpegJYg11R0YzQFbvcnfTqVL1QlanO9+Ta8peYrxsc0OcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAVj7fT0VIv0XUEVbrFKA5j8pLrMB8GA1UdIwQY
MBaAFMfo2VnxyVZKM/KP5Eq2FLj2KwAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveC1qWldmSEpWa296OG9fa1NyWVV1UFlyQUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yNGUzMjctNzY1OC00NjNjLTg5OTAt
YjFjOWI3ODlhYWE5LzEvc0JXUHQ5UFJVaV9SZFFSVnVzVW9EbVB5a3VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yNGUzMjctNzY1OC00NjNjLTg5OTAtYjFjOWI3ODlhYWE5
LzEveC1qWldmSEpWa296OG9fa1NyWVV1UFlyQUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJTwcMA0G
CSqGSIb3DQEBCwUAA4IBAQBzIw3ZV6c3KYx6LZWJwyRTFmTIGvtrXpttLUasfUtZ
kmqZGxUtBEF+JgSv2isYSPmlNXEOMPveZJ9UDInEgItJyW3njE4uMewMdNJFFj55
9j3Y1rs/aOFwnhNUH4lZv2BQk7L8yoB/kCbFR3d9B7EBeSNG5rsW8pNphanPq1EL
2mWxRDai11Nn30t2E6AsWdNUS+G7i2QqzWs7fa9KJUYeDl9hcy39Y1upnQx5H2DW
vdovcbGGIAfdHyEivlBnkjDdKVzmM0yxNiY1JivBL/nJDEMw1m+/q6wFxoGtaidj
d2F51zrZejMf0JR36GaW7BoM2CWdAfUnJfLAdIdXEjdu
-----END CERTIFICATE-----