Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/8EzVvdqmnyUUlh032i_MVZutQmM.roa
File:                     8EzVvdqmnyUUlh032i_MVZutQmM.roa (raw, json)
Hash identifier:          Y0OSVWz+Kd1Sv3rConcDjABoFQUY9BXVpm1Sb1N4NUM=
Subject key identifier:   F0:4C:D5:BD:DA:A6:9F:25:14:96:1D:37:DA:2F:CC:55:9B:AD:42:63
Certificate issuer:       /CN=2874e46bf636ea63e5d12362f551b80b27714780
Certificate serial:       019428232432DCA1CD9796EC82514578FE20
Authority key identifier: 28:74:E4:6B:F6:36:EA:63:E5:D1:23:62:F5:51:B8:0B:27:71:47:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/8EzVvdqmnyUUlh032i_MVZutQmM.roa
Signing time:             Thu 02 Jan 2025 17:49:39 +0000
ROA not before:           Thu 02 Jan 2025 17:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203875
IP address blocks:        37.16.107.0/24 maxlen: 24
                          2a00:4cc5::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 12:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:24:32:dc:a1:cd:97:96:ec:82:51:45:78:fe:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2874e46bf636ea63e5d12362f551b80b27714780
        Validity
            Not Before: Jan  2 17:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f04cd5bddaa69f2514961d37da2fcc559bad4263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b8:47:85:3c:16:a8:8f:a1:c7:49:5c:3e:3c:
                    62:7a:2b:e5:4b:5a:97:e6:3d:09:d3:01:ba:ad:98:
                    e7:e3:34:58:ff:9a:6c:b9:ae:94:8b:88:25:22:d1:
                    84:4a:7b:5a:9e:de:c8:b4:84:23:c1:ad:b4:6e:85:
                    a0:4b:b3:bd:14:ea:05:b0:f1:6f:cd:b8:1d:2f:88:
                    0e:9c:77:54:bc:44:7f:f8:0e:e4:38:a8:56:dc:ca:
                    b2:33:6f:f5:87:0c:28:75:0b:3b:6e:98:59:6f:72:
                    3d:7d:7d:e1:15:2e:b1:8a:81:ba:e7:ae:f3:67:8f:
                    5b:26:08:cb:17:0a:dd:2c:cd:4a:72:6a:0a:dc:88:
                    14:5f:78:1f:c9:52:09:5e:1a:e4:c3:60:61:66:29:
                    30:64:e4:16:18:7a:97:c5:67:dd:22:75:07:94:88:
                    88:f6:bb:a0:fc:18:fb:22:36:81:96:5b:1e:9a:ad:
                    6a:6d:64:0b:80:6b:f6:4c:b3:26:bd:40:1c:f3:02:
                    1b:56:29:ec:67:ae:70:31:f3:4a:2e:d8:51:6d:00:
                    42:a3:f2:b2:33:74:1e:c1:b2:c0:b9:2b:54:05:64:
                    11:b2:6d:46:ff:48:75:a4:d8:99:8a:6a:48:8d:71:
                    02:a2:ec:2b:00:70:de:64:42:0b:f2:ff:34:3e:7c:
                    3d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:4C:D5:BD:DA:A6:9F:25:14:96:1D:37:DA:2F:CC:55:9B:AD:42:63
            X509v3 Authority Key Identifier:
                keyid:28:74:E4:6B:F6:36:EA:63:E5:D1:23:62:F5:51:B8:0B:27:71:47:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/8EzVvdqmnyUUlh032i_MVZutQmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.16.107.0/24
                IPv6:
                  2a00:4cc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:5d:80:59:f7:08:58:8d:9b:08:86:11:69:27:07:ac:dd:7a:
         90:b7:0e:9a:5f:41:56:f3:b7:41:80:4f:69:e6:94:dd:fe:4c:
         ea:a2:45:91:5d:56:a9:50:f8:94:8f:3f:15:1b:4f:ef:2d:c6:
         09:e5:ff:6f:c9:68:6a:06:d9:5a:66:4f:67:3e:04:90:a1:6b:
         0f:23:dd:0a:8d:59:5b:0f:37:cd:26:70:37:f7:ab:1c:d1:09:
         a8:64:23:e8:03:0a:ce:ba:df:32:a6:4a:91:b9:26:fc:52:c5:
         66:02:7f:f6:72:bc:1c:f9:cd:9f:74:b8:58:bd:08:91:29:c1:
         16:d1:7f:ec:26:06:39:b9:81:96:25:b5:43:1c:65:ea:fd:f6:
         3d:0d:dc:50:92:ee:29:04:7c:b7:d2:1e:47:57:0f:c8:3a:d7:
         96:4f:82:58:87:d9:23:b7:c6:0e:9d:cd:ff:cf:f0:d4:d1:d0:
         ce:09:7c:35:3f:c7:50:6d:14:15:85:f5:ab:00:1e:da:1b:24:
         b1:1c:0a:75:3d:52:b2:28:63:6b:f5:5c:42:16:7d:06:e9:35:
         45:bc:66:1e:21:cb:d7:df:87:4e:40:cc:d8:f7:aa:64:fe:57:
         2c:0d:9d:27:8d:13:a2:59:ab:da:c3:95:9a:58:57:34:3b:26:
         27:44:96:0c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoIyQy3KHNl5bsglFFeP4gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NzRlNDZiZjYzNmVhNjNlNWQxMjM2MmY1NTFiODBiMjc3
MTQ3ODAwHhcNMjUwMTAyMTc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDRjZDViZGRhYTY5ZjI1MTQ5NjFkMzdkYTJmY2M1NTliYWQ0MjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorhHhTwWqI+hx0lcPjxieivlS1qX
5j0J0wG6rZjn4zRY/5psua6Ui4glItGESntant7ItIQjwa20boWgS7O9FOoFsPFv
zbgdL4gOnHdUvER/+A7kOKhW3MqyM2/1hwwodQs7bphZb3I9fX3hFS6xioG6567z
Z49bJgjLFwrdLM1KcmoK3IgUX3gfyVIJXhrkw2BhZikwZOQWGHqXxWfdInUHlIiI
9rug/Bj7IjaBllsemq1qbWQLgGv2TLMmvUAc8wIbVinsZ65wMfNKLthRbQBCo/Ky
M3QewbLAuStUBWQRsm1G/0h1pNiZimpIjXECouwrAHDeZEIL8v80Pnw9vwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPBM1b3app8lFJYdN9ovzFWbrUJjMB8GA1UdIwQY
MBaAFCh05Gv2Nupj5dEjYvVRuAsncUeAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0hUa2FfWTI2bVBsMFNOaTlWRzRDeWR4UjRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9lZGRjMDUtNDAyZC00ZGE3LTk3ZWYt
YzEwZGE2YWFjMWIxLzEvOEV6VnZkcW1ueVVVbGgwMzJpX01WWnV0UW1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9lZGRjMDUtNDAyZC00ZGE3LTk3ZWYtYzEwZGE2YWFjMWIx
LzEvS0hUa2FfWTI2bVBsMFNOaTlWRzRDeWR4UjRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAJRBrMA0E
AgACMAcDBQAqAEzFMA0GCSqGSIb3DQEBCwUAA4IBAQCGXYBZ9whYjZsIhhFpJwes
3XqQtw6aX0FW87dBgE9p5pTd/kzqokWRXVapUPiUjz8VG0/vLcYJ5f9vyWhqBtla
Zk9nPgSQoWsPI90KjVlbDzfNJnA396sc0QmoZCPoAwrOut8ypkqRuSb8UsVmAn/2
crwc+c2fdLhYvQiRKcEW0X/sJgY5uYGWJbVDHGXq/fY9DdxQku4pBHy30h5HVw/I
OteWT4JYh9kjt8YOnc3/z/DU0dDOCXw1P8dQbRQVhfWrAB7aGySxHAp1PVKyKGNr
9VxCFn0G6TVFvGYeIcvX34dOQMzY96pk/lcsDZ0njROiWavaw5WaWFc0OyYnRJYM
-----END CERTIFICATE-----