Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/jrvfRpZvRBtk_Yg60PvxHmKAprU.roa
File:                     jrvfRpZvRBtk_Yg60PvxHmKAprU.roa (raw, json)
Hash identifier:          Hyd8SOBLyLw3LBdkd19m4cdLrzfDjpQ+9epp8rr0M9Q=
Subject key identifier:   8E:BB:DF:46:96:6F:44:1B:64:FD:88:3A:D0:FB:F1:1E:62:80:A6:B5
Certificate issuer:       /CN=3a5d4a329702e2c9831cd36262bbb7fa7b97de37
Certificate serial:       01958CC5857C799B68443125234C3F83B037
Authority key identifier: 3A:5D:4A:32:97:02:E2:C9:83:1C:D3:62:62:BB:B7:FA:7B:97:DE:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/jrvfRpZvRBtk_Yg60PvxHmKAprU.roa
Signing time:             Wed 12 Mar 2025 23:51:49 +0000
ROA not before:           Wed 12 Mar 2025 23:51:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40065
IP address blocks:        37.77.80.0/21 maxlen: 24
                          103.143.178.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8c:c5:85:7c:79:9b:68:44:31:25:23:4c:3f:83:b0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a5d4a329702e2c9831cd36262bbb7fa7b97de37
        Validity
            Not Before: Mar 12 23:51:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ebbdf46966f441b64fd883ad0fbf11e6280a6b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:48:8d:2b:48:7d:60:65:e3:fa:55:05:1b:31:
                    96:91:c3:87:69:7f:5a:d3:0d:1d:7a:6c:1e:6d:3a:
                    e9:f6:df:3b:a5:d8:61:8c:67:e6:1c:a7:4f:ac:83:
                    ac:fc:1a:fb:ac:04:2b:eb:d8:7d:87:f9:6e:b1:5f:
                    dc:d3:a6:8a:22:39:b4:4f:83:b9:2e:2e:79:87:40:
                    74:21:12:ec:13:45:da:bd:7a:8c:04:32:07:62:ce:
                    3e:f2:4f:8b:02:b0:d9:b0:99:d2:ff:8b:64:ec:b1:
                    25:74:87:ac:2c:95:5c:fb:2d:18:fa:7d:06:00:55:
                    36:21:6e:43:cc:e3:85:48:39:8d:48:7d:c8:e0:95:
                    6d:97:a8:7f:82:47:34:d0:e5:3a:2a:e6:68:61:ad:
                    ae:59:99:31:06:fd:06:bf:e5:ff:58:9c:a7:e7:94:
                    31:97:57:99:e4:ca:b5:4e:a7:6a:68:05:3b:9a:37:
                    c2:5a:84:6f:d3:fb:69:90:79:17:45:b9:a7:6d:6a:
                    13:75:47:bc:d9:7f:f0:05:f1:d4:bb:92:56:50:62:
                    6e:a0:18:ed:83:1a:a2:48:fd:fd:19:92:41:0a:39:
                    d3:ac:dc:92:b1:2c:7c:34:57:34:8c:b9:29:fb:43:
                    ee:46:32:63:0a:c5:7a:ad:c0:7a:76:b7:36:ea:f5:
                    75:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:BB:DF:46:96:6F:44:1B:64:FD:88:3A:D0:FB:F1:1E:62:80:A6:B5
            X509v3 Authority Key Identifier:
                keyid:3A:5D:4A:32:97:02:E2:C9:83:1C:D3:62:62:BB:B7:FA:7B:97:DE:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ol1KMpcC4smDHNNiYru3-nuX3jc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/jrvfRpZvRBtk_Yg60PvxHmKAprU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/4bd661-9b0c-4560-b1d1-2cea8e153632/1/Ol1KMpcC4smDHNNiYru3-nuX3jc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.80.0/21
                  103.143.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:95:ed:00:bd:0f:54:a0:34:c9:b5:e5:24:b2:27:e9:0d:d7:
         fc:91:d1:cc:af:7c:38:e4:87:fa:b7:fb:f1:2b:e2:43:54:9e:
         84:c0:0a:9b:1b:ac:3d:85:0b:ec:e0:15:6c:c9:8b:39:7f:d6:
         4e:f1:08:bc:1c:de:fd:a6:b1:7f:0b:60:49:88:fe:66:09:eb:
         a8:f1:df:ea:85:3a:77:32:77:4b:93:24:6c:67:5a:85:35:da:
         34:84:97:eb:20:03:00:75:c0:2d:d9:56:f3:c1:66:f0:ba:59:
         92:36:fb:f2:6d:bf:b9:8e:23:35:f8:41:45:d1:35:17:9f:3a:
         93:23:2d:16:61:f9:9b:a4:8a:58:7f:fb:94:0d:ab:b2:e9:a2:
         73:33:0b:3e:57:df:e1:23:8c:b1:73:da:83:54:0c:ed:4c:b8:
         61:61:cf:fb:5f:57:a4:bc:f5:ab:5e:c7:ed:0b:d3:0f:5e:20:
         a4:9d:db:4f:b2:f4:cd:65:c6:08:c3:a7:91:ca:24:d1:e4:90:
         8b:a5:98:30:ca:20:6a:30:9f:50:9d:0e:49:d7:32:10:e2:83:
         26:85:64:d8:9d:91:4e:1a:6b:39:af:54:e9:3c:8c:cf:c3:0e:
         b3:5a:a5:2b:02:2a:46:09:f3:34:6f:bb:86:df:fb:39:0e:c5:
         c4:b8:df:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWMxYV8eZtoRDElI0w/g7A3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNWQ0YTMyOTcwMmUyYzk4MzFjZDM2MjYyYmJiN2ZhN2I5
N2RlMzcwHhcNMjUwMzEyMjM1MTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWJiZGY0Njk2NmY0NDFiNjRmZDg4M2FkMGZiZjExZTYyODBhNmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArUiNK0h9YGXj+lUFGzGWkcOHaX9a
0w0demwebTrp9t87pdhhjGfmHKdPrIOs/Br7rAQr69h9h/lusV/c06aKIjm0T4O5
Li55h0B0IRLsE0XavXqMBDIHYs4+8k+LArDZsJnS/4tk7LEldIesLJVc+y0Y+n0G
AFU2IW5DzOOFSDmNSH3I4JVtl6h/gkc00OU6KuZoYa2uWZkxBv0Gv+X/WJyn55Qx
l1eZ5Mq1TqdqaAU7mjfCWoRv0/tpkHkXRbmnbWoTdUe82X/wBfHUu5JWUGJuoBjt
gxqiSP39GZJBCjnTrNySsSx8NFc0jLkp+0PuRjJjCsV6rcB6drc26vV18QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI6730aWb0QbZP2IOtD78R5igKa1MB8GA1UdIwQY
MBaAFDpdSjKXAuLJgxzTYmK7t/p7l943MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2wxS01wY0M0c21ESE5OaVlydTMtbnVYM2pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS80YmQ2NjEtOWIwYy00NTYwLWIxZDEt
MmNlYThlMTUzNjMyLzEvanJ2ZlJwWnZSQnRrX1lnNjBQdnhIbUtBcHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS80YmQ2NjEtOWIwYy00NTYwLWIxZDEtMmNlYThlMTUzNjMy
LzEvT2wxS01wY0M0c21ESE5OaVlydTMtbnVYM2pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJU1QAwQB
Z4+yMA0GCSqGSIb3DQEBCwUAA4IBAQAsle0AvQ9UoDTJteUksifpDdf8kdHMr3w4
5If6t/vxK+JDVJ6EwAqbG6w9hQvs4BVsyYs5f9ZO8Qi8HN79prF/C2BJiP5mCeuo
8d/qhTp3MndLkyRsZ1qFNdo0hJfrIAMAdcAt2VbzwWbwulmSNvvybb+5jiM1+EFF
0TUXnzqTIy0WYfmbpIpYf/uUDauy6aJzMws+V9/hI4yxc9qDVAztTLhhYc/7X1ek
vPWrXsftC9MPXiCkndtPsvTNZcYIw6eRyiTR5JCLpZgwyiBqMJ9QnQ5J1zIQ4oMm
hWTYnZFOGms5r1TpPIzPww6zWqUrAipGCfM0b7uG3/s5DsXEuN+i
-----END CERTIFICATE-----