Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/fX0xQGF-aX1OUm6loSYzR_yxa3s.roa
File:                     fX0xQGF-aX1OUm6loSYzR_yxa3s.roa (raw, json)
Hash identifier:          WE6TQcdbZv7KpM5MoM+ZhGHXdH152fsJ6v0eYqFpKnw=
Subject key identifier:   7D:7D:31:40:61:7E:69:7D:4E:52:6E:A5:A1:26:33:47:FC:B1:6B:7B
Certificate issuer:       /CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
Certificate serial:       0194258F75BBA3A8BD39CB621EA98C72F7CF
Authority key identifier: E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/fX0xQGF-aX1OUm6loSYzR_yxa3s.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        37.16.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:75:bb:a3:a8:bd:39:cb:62:1e:a9:8c:72:f7:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e56076f27e13d1800e77d16e4b60b23b6f58c820
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d7d3140617e697d4e526ea5a1263347fcb16b7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:af:b6:a5:49:f2:4e:c3:57:c0:36:48:4d:34:
                    97:f5:60:30:0f:de:aa:1c:a3:5d:1d:65:ce:9c:ac:
                    2b:29:a2:33:a8:ff:48:19:c7:0e:6b:13:f8:f2:27:
                    80:17:ea:46:c1:a5:f2:56:9c:48:77:bc:39:f9:35:
                    85:66:50:c7:56:f2:d8:08:18:5a:04:df:0d:53:a7:
                    61:a8:6f:80:37:00:30:fb:3b:02:3c:20:c8:78:98:
                    35:80:25:d0:66:20:97:21:13:65:63:8d:47:2e:4d:
                    5e:4a:11:11:ac:76:87:e8:89:7e:f8:3f:8e:c6:0c:
                    6d:a6:cc:86:96:02:9f:58:80:2d:97:61:9f:27:b2:
                    81:e6:a2:07:61:23:0c:52:88:d7:35:ff:e4:4e:9b:
                    72:3a:33:48:a7:64:72:6a:ec:3d:25:06:22:fc:45:
                    dd:44:9e:14:5c:c6:b5:b9:41:02:85:7c:84:4e:52:
                    49:15:3b:b3:f8:5e:ce:7b:5c:be:e1:d9:7d:35:52:
                    4f:c2:9f:50:e1:6c:e2:40:c3:b6:be:d6:09:8f:06:
                    fe:37:ee:4c:3d:3d:21:53:3a:c1:a0:a8:46:09:01:
                    43:d5:43:4c:63:cc:27:85:1f:f2:b2:31:b3:33:46:
                    0e:a1:66:42:cf:37:d1:27:6a:1e:31:a1:07:b5:bd:
                    5c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:7D:31:40:61:7E:69:7D:4E:52:6E:A5:A1:26:33:47:FC:B1:6B:7B
            X509v3 Authority Key Identifier:
                keyid:E5:60:76:F2:7E:13:D1:80:0E:77:D1:6E:4B:60:B2:3B:6F:58:C8:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5WB28n4T0YAOd9FuS2CyO29YyCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/fX0xQGF-aX1OUm6loSYzR_yxa3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/0ac44d-b3be-4277-80f8-58cf89888e2a/1/5WB28n4T0YAOd9FuS2CyO29YyCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:1a:9d:c8:87:7f:87:3d:6b:5b:85:86:08:13:51:02:be:4b:
         1a:91:18:17:67:91:43:8e:33:51:a7:fc:3b:3d:52:ef:27:72:
         df:a3:82:88:89:06:6d:49:44:a0:3d:4c:19:74:1d:17:40:93:
         b8:7a:37:ad:94:2b:25:b9:72:15:f0:20:fa:2c:12:48:4f:e2:
         bc:a7:e6:26:5d:7f:7f:59:4a:c9:d0:ff:ab:df:7c:01:21:11:
         fc:12:6f:d1:be:88:7d:23:0c:6e:48:b6:d1:7a:a6:66:fc:4f:
         9f:ff:93:9f:f5:45:73:91:19:dc:3d:7e:1b:47:56:d5:a4:21:
         57:7b:62:14:87:72:a2:89:9b:1e:cb:d6:f1:1c:68:ca:c7:33:
         81:82:25:08:fc:6c:5d:27:1b:f3:05:2f:1f:ea:b5:6d:e9:5b:
         16:02:66:9c:87:65:d8:1f:7b:d0:d4:03:82:a4:4a:64:38:22:
         90:a2:b1:c2:ea:fa:27:82:d4:59:a5:58:7b:da:b7:1b:99:18:
         27:92:c5:62:02:33:7d:6a:3d:55:05:28:ce:8b:76:1f:fa:b6:
         44:35:5b:da:65:49:39:d5:01:99:40:40:90:15:0c:da:1e:00:
         ad:56:cd:9e:84:e5:53:7b:4f:b0:40:67:04:2c:79:77:a9:95:
         53:79:bc:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3W7o6i9OctiHqmMcvfPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NjA3NmYyN2UxM2QxODAwZTc3ZDE2ZTRiNjBiMjNiNmY1
OGM4MjAwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDdkMzE0MDYxN2U2OTdkNGU1MjZlYTVhMTI2MzM0N2ZjYjE2YjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16+2pUnyTsNXwDZITTSX9WAwD96q
HKNdHWXOnKwrKaIzqP9IGccOaxP48ieAF+pGwaXyVpxId7w5+TWFZlDHVvLYCBha
BN8NU6dhqG+ANwAw+zsCPCDIeJg1gCXQZiCXIRNlY41HLk1eShERrHaH6Il++D+O
xgxtpsyGlgKfWIAtl2GfJ7KB5qIHYSMMUojXNf/kTptyOjNIp2Ryauw9JQYi/EXd
RJ4UXMa1uUEChXyETlJJFTuz+F7Oe1y+4dl9NVJPwp9Q4WziQMO2vtYJjwb+N+5M
PT0hUzrBoKhGCQFD1UNMY8wnhR/ysjGzM0YOoWZCzzfRJ2oeMaEHtb1cIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH19MUBhfml9TlJupaEmM0f8sWt7MB8GA1UdIwQY
MBaAFOVgdvJ+E9GADnfRbktgsjtvWMggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgt
NThjZjg5ODg4ZTJhLzEvZlgweFFHRi1hWDFPVW02bG9TWXpSX3l4YTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8wYWM0NGQtYjNiZS00Mjc3LTgwZjgtNThjZjg5ODg4ZTJh
LzEvNVdCMjhuNFQwWUFPZDlGdVMyQ3lPMjlZeUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRBKMA0G
CSqGSIb3DQEBCwUAA4IBAQAlGp3Ih3+HPWtbhYYIE1ECvksakRgXZ5FDjjNRp/w7
PVLvJ3Lfo4KIiQZtSUSgPUwZdB0XQJO4ejetlCsluXIV8CD6LBJIT+K8p+YmXX9/
WUrJ0P+r33wBIRH8Em/Rvoh9IwxuSLbReqZm/E+f/5Of9UVzkRncPX4bR1bVpCFX
e2IUh3KiiZsey9bxHGjKxzOBgiUI/GxdJxvzBS8f6rVt6VsWAmach2XYH3vQ1AOC
pEpkOCKQorHC6vongtRZpVh72rcbmRgnksViAjN9aj1VBSjOi3Yf+rZENVvaZUk5
1QGZQECQFQzaHgCtVs2ehOVTe0+wQGcELHl3qZVTebwo
-----END CERTIFICATE-----