Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/gj7G_bFbDmDYpYp6GKUqBVaPkf0.roa
File:                     gj7G_bFbDmDYpYp6GKUqBVaPkf0.roa (raw, json)
Hash identifier:          636LllEYf1p/aMnvVspv63btZ6guwyZEmYUh7DiMd9c=
Subject key identifier:   82:3E:C6:FD:B1:5B:0E:60:D8:A5:8A:7A:18:A5:2A:05:56:8F:91:FD
Certificate issuer:       /CN=fc7cfab24f15cd262176af0d1ccd88127dbf6335
Certificate serial:       019427B5D2735512F5C85A16BA55CDE98354
Authority key identifier: FC:7C:FA:B2:4F:15:CD:26:21:76:AF:0D:1C:CD:88:12:7D:BF:63:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/gj7G_bFbDmDYpYp6GKUqBVaPkf0.roa
Signing time:             Thu 02 Jan 2025 15:50:14 +0000
ROA not before:           Thu 02 Jan 2025 15:50:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57846
IP address blocks:        37.130.152.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d2:73:55:12:f5:c8:5a:16:ba:55:cd:e9:83:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc7cfab24f15cd262176af0d1ccd88127dbf6335
        Validity
            Not Before: Jan  2 15:50:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=823ec6fdb15b0e60d8a58a7a18a52a05568f91fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:16:76:22:e1:e8:55:d8:5f:0e:36:77:ce:63:
                    c0:87:d8:58:6e:39:fb:a9:f4:ae:aa:25:90:c3:9f:
                    a1:87:73:12:c6:da:e0:46:2e:1f:05:a5:80:4e:d6:
                    8e:30:2e:78:16:82:b3:1d:c5:7c:2e:63:9e:49:f5:
                    74:77:7e:56:55:64:18:50:ad:d2:58:13:9e:3d:e4:
                    99:9e:f9:8a:9f:ec:66:d3:d2:c5:ee:47:d8:a7:d6:
                    b8:f4:d4:82:65:85:1f:b5:44:a8:bf:61:4d:c0:20:
                    36:fd:a3:49:ba:73:ca:c7:83:f0:61:2b:5a:63:f4:
                    b8:1b:0e:2d:c5:bf:85:4d:b4:0a:a5:85:60:7f:7f:
                    a7:f2:5a:1f:ef:2f:a5:c0:41:87:7d:23:d4:86:f1:
                    cc:35:5d:e3:41:37:81:4e:50:78:b7:8f:00:7a:0f:
                    24:57:68:42:c6:eb:37:04:26:53:51:a4:72:6d:b7:
                    e4:67:bd:9c:63:10:49:20:dd:c7:5c:71:80:cf:f7:
                    71:cb:b9:dd:f7:1e:45:e7:9c:25:b7:c8:87:70:47:
                    51:4d:10:12:5e:c0:98:f8:48:cb:92:8d:f6:c8:15:
                    c2:32:a9:53:35:30:1c:cd:e0:e2:ce:37:4f:5d:cd:
                    b1:34:2e:98:b2:c9:cc:bb:28:31:e8:6a:4b:1c:ca:
                    50:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:3E:C6:FD:B1:5B:0E:60:D8:A5:8A:7A:18:A5:2A:05:56:8F:91:FD
            X509v3 Authority Key Identifier:
                keyid:FC:7C:FA:B2:4F:15:CD:26:21:76:AF:0D:1C:CD:88:12:7D:BF:63:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/gj7G_bFbDmDYpYp6GKUqBVaPkf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/af2adb-ff69-4b04-a806-46dd1205dcff/1/_Hz6sk8VzSYhdq8NHM2IEn2_YzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.130.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         92:4b:8a:67:10:98:59:37:96:b8:9f:0c:99:4a:e4:80:d1:a0:
         9e:a6:20:36:90:26:10:3f:19:cb:6a:68:f1:ad:d5:67:7a:04:
         fc:a7:07:b7:d4:56:f2:fd:5a:2c:3e:ab:94:24:81:d8:42:14:
         7d:1e:2e:e7:46:81:96:f7:55:be:ff:56:1a:db:29:eb:5a:53:
         cf:11:00:96:b4:0d:70:71:9f:a8:ce:7e:56:d0:91:f2:94:b0:
         4c:9c:b4:f2:7a:d3:78:23:1b:0f:6a:84:d6:f6:dc:43:0f:22:
         30:54:d2:05:a3:3a:38:82:d0:34:ea:40:a3:38:a0:1e:e8:c5:
         e1:11:75:08:65:37:7c:44:69:33:4a:66:6f:71:5e:ba:27:df:
         a2:56:61:c2:15:99:8a:17:76:1f:df:4f:12:18:7b:f6:5f:21:
         7b:56:b5:dd:cd:9d:65:aa:3d:71:48:5c:ae:b6:d5:7d:32:b8:
         f5:dd:14:95:4e:e6:07:a8:44:6a:d0:30:43:58:cd:5e:94:5c:
         28:a0:36:82:c1:2c:fd:df:d5:5a:a3:cc:ca:ab:ef:29:7c:b4:
         80:fb:74:b1:25:94:3f:f8:c2:b9:11:ff:fc:6c:da:e0:3c:f2:
         b5:46:12:be:e1:a2:f2:c7:a3:da:25:ef:a4:03:40:eb:05:8c:
         54:b6:69:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntdJzVRL1yFoWulXN6YNUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjN2NmYWIyNGYxNWNkMjYyMTc2YWYwZDFjY2Q4ODEyN2Ri
ZjYzMzUwHhcNMjUwMTAyMTU1MDE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjNlYzZmZGIxNWIwZTYwZDhhNThhN2ExOGE1MmEwNTU2OGY5MWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBZ2IuHoVdhfDjZ3zmPAh9hYbjn7
qfSuqiWQw5+hh3MSxtrgRi4fBaWATtaOMC54FoKzHcV8LmOeSfV0d35WVWQYUK3S
WBOePeSZnvmKn+xm09LF7kfYp9a49NSCZYUftUSov2FNwCA2/aNJunPKx4PwYSta
Y/S4Gw4txb+FTbQKpYVgf3+n8lof7y+lwEGHfSPUhvHMNV3jQTeBTlB4t48Aeg8k
V2hCxus3BCZTUaRybbfkZ72cYxBJIN3HXHGAz/dxy7nd9x5F55wlt8iHcEdRTRAS
XsCY+EjLko32yBXCMqlTNTAczeDizjdPXc2xNC6YssnMuygx6GpLHMpQHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFII+xv2xWw5g2KWKehilKgVWj5H9MB8GA1UdIwQY
MBaAFPx8+rJPFc0mIXavDRzNiBJ9v2M1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0h6NnNrOFZ6U1loZHE4TkhNMklFbjJfWXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9hZjJhZGItZmY2OS00YjA0LWE4MDYt
NDZkZDEyMDVkY2ZmLzEvZ2o3R19iRmJEbURZcFlwNkdLVXFCVmFQa2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9hZjJhZGItZmY2OS00YjA0LWE4MDYtNDZkZDEyMDVkY2Zm
LzEvX0h6NnNrOFZ6U1loZHE4TkhNMklFbjJfWXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJYKYMA0G
CSqGSIb3DQEBCwUAA4IBAQCSS4pnEJhZN5a4nwyZSuSA0aCepiA2kCYQPxnLamjx
rdVnegT8pwe31Fby/VosPquUJIHYQhR9Hi7nRoGW91W+/1Ya2ynrWlPPEQCWtA1w
cZ+ozn5W0JHylLBMnLTyetN4IxsPaoTW9txDDyIwVNIFozo4gtA06kCjOKAe6MXh
EXUIZTd8RGkzSmZvcV66J9+iVmHCFZmKF3Yf308SGHv2XyF7VrXdzZ1lqj1xSFyu
ttV9Mrj13RSVTuYHqERq0DBDWM1elFwooDaCwSz939Vao8zKq+8pfLSA+3SxJZQ/
+MK5Ef/8bNrgPPK1RhK+4aLyx6PaJe+kA0DrBYxUtmnK
-----END CERTIFICATE-----