Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/R-7ql-wkT2xlxetmxzaUgD2Qr-Q.roa
File:                     R-7ql-wkT2xlxetmxzaUgD2Qr-Q.roa (raw, json)
Hash identifier:          rhAECRRQD+Y5wHfP5JiHFZ4L6t7Dn+CYCfQlUgpPtd4=
Subject key identifier:   47:EE:EA:97:EC:24:4F:6C:65:C5:EB:66:C7:36:94:80:3D:90:AF:E4
Certificate issuer:       /CN=cccdf6516237d425e9ae3817ecb141f481773c12
Certificate serial:       018CC72775858F8335FDF91287D13A66A02F
Authority key identifier: CC:CD:F6:51:62:37:D4:25:E9:AE:38:17:EC:B1:41:F4:81:77:3C:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zM32UWI31CXprjgX7LFB9IF3PBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/R-7ql-wkT2xlxetmxzaUgD2Qr-Q.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210649
IP address blocks:        37.140.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/zM32UWI31CXprjgX7LFB9IF3PBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/zM32UWI31CXprjgX7LFB9IF3PBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zM32UWI31CXprjgX7LFB9IF3PBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:75:85:8f:83:35:fd:f9:12:87:d1:3a:66:a0:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cccdf6516237d425e9ae3817ecb141f481773c12
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47eeea97ec244f6c65c5eb66c73694803d90afe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:0a:26:df:88:fe:50:42:53:53:1c:53:a1:d8:
                    59:15:3a:16:f5:bd:14:f9:9c:af:66:c3:35:eb:23:
                    1f:42:01:d9:a6:7f:0f:fc:7d:48:9d:63:b0:e0:61:
                    ce:8c:2e:8d:67:e1:8e:18:4d:7f:84:07:38:dd:f5:
                    a0:49:b9:11:e5:95:75:11:b0:9a:06:2b:c1:fc:6d:
                    ea:28:3a:41:74:16:12:21:a9:55:95:ab:40:9c:8a:
                    22:4c:5f:ef:9f:8e:3f:ec:6e:77:7e:5f:f5:cb:b2:
                    1d:a3:80:f2:30:63:b6:4a:40:e5:b6:fb:39:fe:2b:
                    a4:00:1b:f0:0c:42:85:70:cc:7f:06:62:3c:42:9e:
                    cf:a7:72:bc:a3:d7:0d:9e:24:9b:1f:76:fe:8d:88:
                    ed:69:70:4c:bd:e5:df:4e:68:90:68:e1:7e:b6:1b:
                    68:58:07:25:24:fd:93:ea:82:26:27:ac:18:ba:c6:
                    87:64:a9:ce:b4:2b:36:49:f9:c3:2c:f6:66:45:92:
                    c0:2b:41:da:0c:3b:59:a9:b3:54:9b:a5:fa:bb:87:
                    23:6a:64:40:d0:62:b5:be:fa:f8:d0:d4:d1:11:4f:
                    68:4a:eb:04:ae:a7:c3:0f:72:a3:cc:ab:67:8b:34:
                    5b:f5:b5:51:77:49:44:3b:4d:e9:7c:a0:15:f9:81:
                    e2:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EE:EA:97:EC:24:4F:6C:65:C5:EB:66:C7:36:94:80:3D:90:AF:E4
            X509v3 Authority Key Identifier:
                keyid:CC:CD:F6:51:62:37:D4:25:E9:AE:38:17:EC:B1:41:F4:81:77:3C:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zM32UWI31CXprjgX7LFB9IF3PBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/R-7ql-wkT2xlxetmxzaUgD2Qr-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3b7485-8b74-4d50-974a-1b501520532b/1/zM32UWI31CXprjgX7LFB9IF3PBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.140.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b2:60:69:66:97:24:8f:eb:31:f5:cc:19:b9:8d:66:62:d8:
         45:9d:89:48:72:12:e9:78:59:16:8b:bc:ca:0d:10:ca:1c:69:
         29:b3:8a:7c:6e:1b:f2:0e:73:cf:21:66:f7:6e:11:88:b1:6b:
         4c:f8:3d:e1:c6:6b:53:15:16:05:b9:42:f2:88:5b:b7:47:a8:
         c7:27:5c:1e:7c:9c:63:38:3b:1b:2a:88:6c:79:34:08:8b:bb:
         32:51:b7:47:68:77:6f:dc:c8:4c:5a:d9:20:13:78:df:0c:dd:
         9a:90:15:a9:b7:91:7d:1e:29:20:03:cf:01:db:56:fd:ce:54:
         ca:40:3d:8a:e7:69:5e:94:7d:5b:3d:fc:49:e8:74:dd:ea:b8:
         a9:49:84:83:a0:b1:f9:04:93:9a:ae:61:dc:73:69:6b:3f:86:
         88:63:c3:f5:e1:71:6d:df:51:64:f0:bb:9b:49:76:bd:5a:fd:
         3c:1d:cd:3e:bf:9e:08:b6:a2:c3:2e:ad:25:bc:c6:88:aa:71:
         5e:68:d1:ec:7f:61:a2:76:3c:7b:af:a5:1a:1b:a7:8c:a3:8e:
         85:20:36:8f:36:da:e7:a0:64:9b:fd:5b:d5:ec:c6:a8:ce:10:
         4b:45:3f:b1:57:09:3d:e1:75:5f:84:0d:04:a4:b7:d3:c3:fe:
         87:ba:6a:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3WFj4M1/fkSh9E6ZqAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjY2RmNjUxNjIzN2Q0MjVlOWFlMzgxN2VjYjE0MWY0ODE3
NzNjMTIwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2VlZWE5N2VjMjQ0ZjZjNjVjNWViNjZjNzM2OTQ4MDNkOTBhZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Aom34j+UEJTUxxTodhZFToW9b0U
+ZyvZsM16yMfQgHZpn8P/H1InWOw4GHOjC6NZ+GOGE1/hAc43fWgSbkR5ZV1EbCa
BivB/G3qKDpBdBYSIalVlatAnIoiTF/vn44/7G53fl/1y7Ido4DyMGO2SkDltvs5
/iukABvwDEKFcMx/BmI8Qp7Pp3K8o9cNniSbH3b+jYjtaXBMveXfTmiQaOF+thto
WAclJP2T6oImJ6wYusaHZKnOtCs2SfnDLPZmRZLAK0HaDDtZqbNUm6X6u4cjamRA
0GK1vvr40NTREU9oSusErqfDD3KjzKtnizRb9bVRd0lEO03pfKAV+YHijwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfu6pfsJE9sZcXrZsc2lIA9kK/kMB8GA1UdIwQY
MBaAFMzN9lFiN9Ql6a44F+yxQfSBdzwSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek0zMlVXSTMxQ1hwcmpnWDdMRkI5SUYzUEJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zYjc0ODUtOGI3NC00ZDUwLTk3NGEt
MWI1MDE1MjA1MzJiLzEvUi03cWwtd2tUMnhseGV0bXh6YVVnRDJRci1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zYjc0ODUtOGI3NC00ZDUwLTk3NGEtMWI1MDE1MjA1MzJi
LzEvek0zMlVXSTMxQ1hwcmpnWDdMRkI5SUYzUEJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJYz5MA0G
CSqGSIb3DQEBCwUAA4IBAQBssmBpZpckj+sx9cwZuY1mYthFnYlIchLpeFkWi7zK
DRDKHGkps4p8bhvyDnPPIWb3bhGIsWtM+D3hxmtTFRYFuULyiFu3R6jHJ1wefJxj
ODsbKohseTQIi7syUbdHaHdv3MhMWtkgE3jfDN2akBWpt5F9HikgA88B21b9zlTK
QD2K52lelH1bPfxJ6HTd6ripSYSDoLH5BJOarmHcc2lrP4aIY8P14XFt31Fk8Lub
SXa9Wv08Hc0+v54ItqLDLq0lvMaIqnFeaNHsf2Gidjx7r6UaG6eMo46FIDaPNtrn
oGSb/VvV7MaozhBLRT+xVwk94XVfhA0EpLfTw/6HumoI
-----END CERTIFICATE-----