Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_bpQxkOlq5E5sfD-TRrVShfO1_g.roa
File:                     _bpQxkOlq5E5sfD-TRrVShfO1_g.roa (raw, json)
Hash identifier:          Cmap0SfmTY3ewNfpHCQp60zls00ay/Wfaow7zPF2W9U=
Subject key identifier:   FD:BA:50:C6:43:A5:AB:91:39:B1:F0:FE:4D:1A:D5:4A:17:CE:D7:F8
Certificate issuer:       /CN=fc7cfab24f15cd262176af0d1ccd88127dbf6335
Certificate serial:       018CC348E74CFB23BD2820C57EA097F192D6
Authority key identifier: FC:7C:FA:B2:4F:15:CD:26:21:76:AF:0D:1C:CD:88:12:7D:BF:63:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_bpQxkOlq5E5sfD-TRrVShfO1_g.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57846
IP address blocks:        37.130.152.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e7:4c:fb:23:bd:28:20:c5:7e:a0:97:f1:92:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc7cfab24f15cd262176af0d1ccd88127dbf6335
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdba50c643a5ab9139b1f0fe4d1ad54a17ced7f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:59:64:17:a4:dd:5f:8f:99:cb:e0:b8:94:7b:
                    39:7b:38:40:64:d1:d1:b0:d9:17:a4:11:08:f6:93:
                    22:5a:cc:4a:ec:80:8c:0c:14:29:84:ed:fc:e3:9f:
                    0f:42:15:ac:31:98:e4:33:fd:28:03:aa:4d:61:e3:
                    dd:19:53:b2:3c:e8:a1:33:3c:09:82:78:27:51:ba:
                    a0:10:1e:e0:e0:a9:5b:c4:73:91:3a:9d:04:19:4f:
                    bc:49:11:80:f4:2a:00:d2:72:0e:69:fb:12:2f:a8:
                    95:3b:cf:a6:49:79:99:b5:9d:db:81:e9:6f:bb:63:
                    60:6d:c7:7f:0e:b5:06:3a:7e:0f:55:24:43:d3:ca:
                    26:f5:dd:52:47:e8:89:d8:af:70:21:62:ee:c1:53:
                    77:0d:53:46:82:80:a3:f9:4e:5f:eb:05:0b:62:a8:
                    e9:51:4f:dd:17:58:5d:81:d3:de:3a:fb:d8:ec:bb:
                    5e:2e:62:79:eb:39:e8:74:d7:12:c9:0a:70:ed:30:
                    8e:ea:e9:48:d7:c0:10:64:5f:02:f2:b8:91:78:48:
                    1f:8b:1e:bd:d7:1c:88:58:d4:e4:a2:6a:96:56:e2:
                    63:60:d7:05:98:d7:40:4f:fa:99:3d:24:09:b9:a9:
                    41:e3:f9:4b:ea:ef:1b:16:bc:5c:33:63:95:a1:68:
                    57:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:BA:50:C6:43:A5:AB:91:39:B1:F0:FE:4D:1A:D5:4A:17:CE:D7:F8
            X509v3 Authority Key Identifier:
                keyid:FC:7C:FA:B2:4F:15:CD:26:21:76:AF:0D:1C:CD:88:12:7D:BF:63:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_bpQxkOlq5E5sfD-TRrVShfO1_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.130.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         34:1a:7f:7f:1c:e7:ec:81:bc:ff:18:6f:b9:98:55:41:2e:f6:
         d6:c1:f9:35:83:ae:3a:e4:de:19:52:53:1c:54:f9:24:ec:cb:
         fd:eb:84:68:04:61:7c:04:7e:21:a1:f1:1d:a7:3b:f6:65:2e:
         f0:16:4f:e4:6a:4d:22:e4:99:fd:b7:41:c8:39:e9:1f:6e:6b:
         4e:f0:2e:32:0f:ce:57:d1:9d:a4:40:8d:17:ef:3b:b5:fe:64:
         d1:2a:63:3e:4a:2a:12:89:90:3b:2e:39:17:c3:b5:3b:2b:1d:
         18:c8:ae:16:8a:e7:a3:10:cc:fe:eb:c2:56:5f:33:88:c4:9f:
         3e:26:fa:33:6e:d1:94:86:8c:b7:48:62:78:ba:f2:c9:8d:42:
         d2:2f:05:56:38:97:b4:dc:97:88:ae:cf:a2:3b:47:3e:cd:38:
         88:59:85:81:16:ed:d0:60:65:4c:97:4e:2e:d2:ef:5d:6f:e2:
         16:00:2a:66:89:ec:d7:c4:45:db:db:5b:92:07:85:4d:93:59:
         24:f7:5a:d3:ac:d0:a1:cd:46:da:95:cf:dc:aa:ff:31:23:9c:
         4c:d2:2c:c9:e5:ee:84:14:dd:c8:8b:8e:1d:f0:58:06:c0:04:
         56:dc:09:a5:88:59:1c:59:5b:c4:a6:af:73:6e:67:48:48:b7:
         af:db:b8:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOdM+yO9KCDFfqCX8ZLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjN2NmYWIyNGYxNWNkMjYyMTc2YWYwZDFjY2Q4ODEyN2Ri
ZjYzMzUwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGJhNTBjNjQzYTVhYjkxMzliMWYwZmU0ZDFhZDU0YTE3Y2VkN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVlkF6TdX4+Zy+C4lHs5ezhAZNHR
sNkXpBEI9pMiWsxK7ICMDBQphO38458PQhWsMZjkM/0oA6pNYePdGVOyPOihMzwJ
gngnUbqgEB7g4KlbxHOROp0EGU+8SRGA9CoA0nIOafsSL6iVO8+mSXmZtZ3bgelv
u2Ngbcd/DrUGOn4PVSRD08om9d1SR+iJ2K9wIWLuwVN3DVNGgoCj+U5f6wULYqjp
UU/dF1hdgdPeOvvY7LteLmJ56znodNcSyQpw7TCO6ulI18AQZF8C8riReEgfix69
1xyIWNTkomqWVuJjYNcFmNdAT/qZPSQJualB4/lL6u8bFrxcM2OVoWhXZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP26UMZDpauRObHw/k0a1UoXztf4MB8GA1UdIwQY
MBaAFPx8+rJPFc0mIXavDRzNiBJ9v2M1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0h6NnNrOFZ6U1loZHE4TkhNMklFbjJfWXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9hZjJhZGItZmY2OS00YjA0LWE4MDYt
NDZkZDEyMDVkY2ZmLzEvX2JwUXhrT2xxNUU1c2ZELVRSclZTaGZPMV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9hZjJhZGItZmY2OS00YjA0LWE4MDYtNDZkZDEyMDVkY2Zm
LzEvX0h6NnNrOFZ6U1loZHE4TkhNMklFbjJfWXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJYKYMA0G
CSqGSIb3DQEBCwUAA4IBAQA0Gn9/HOfsgbz/GG+5mFVBLvbWwfk1g6465N4ZUlMc
VPkk7Mv964RoBGF8BH4hofEdpzv2ZS7wFk/kak0i5Jn9t0HIOekfbmtO8C4yD85X
0Z2kQI0X7zu1/mTRKmM+SioSiZA7LjkXw7U7Kx0YyK4WiuejEMz+68JWXzOIxJ8+
JvozbtGUhoy3SGJ4uvLJjULSLwVWOJe03JeIrs+iO0c+zTiIWYWBFu3QYGVMl04u
0u9db+IWACpmiezXxEXb21uSB4VNk1kk91rTrNChzUbalc/cqv8xI5xM0izJ5e6E
FN3Ii44d8FgGwARW3AmliFkcWVvEpq9zbmdISLev27hg
-----END CERTIFICATE-----