Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c8f02b-0abc-41fe-bc54-ac800c6d976f/1/RCGJFAFAV6aiMpIUxmySWlcVGcg.roa
File:                     RCGJFAFAV6aiMpIUxmySWlcVGcg.roa (raw, json)
Hash identifier:          QvC8yM0b6tNvgcZ8K0setdROoeG+A+pCENVWYJBxdUY=
Subject key identifier:   44:21:89:14:01:40:57:A6:A2:32:92:14:C6:6C:92:5A:57:15:19:C8
Certificate issuer:       /CN=2ac78fd517a75f77f3f4fd229ac5e6732560c6e1
Certificate serial:       01942220404DF6C8B1AB90AAF057666D72F1
Authority key identifier: 2A:C7:8F:D5:17:A7:5F:77:F3:F4:FD:22:9A:C5:E6:73:25:60:C6:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KseP1RenX3fz9P0imsXmcyVgxuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c8f02b-0abc-41fe-bc54-ac800c6d976f/1/RCGJFAFAV6aiMpIUxmySWlcVGcg.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62187
IP address blocks:        37.235.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c8f02b-0abc-41fe-bc54-ac800c6d976f/1/KseP1RenX3fz9P0imsXmcyVgxuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c8f02b-0abc-41fe-bc54-ac800c6d976f/1/KseP1RenX3fz9P0imsXmcyVgxuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KseP1RenX3fz9P0imsXmcyVgxuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:40:4d:f6:c8:b1:ab:90:aa:f0:57:66:6d:72:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac78fd517a75f77f3f4fd229ac5e6732560c6e1
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44218914014057a6a2329214c66c925a571519c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:75:56:67:e4:68:ab:a0:40:24:df:74:38:60:
                    5a:7e:0c:b1:bd:e2:fa:7e:3f:a5:bf:9d:eb:ae:d0:
                    12:97:a0:8c:ec:bd:29:8b:22:55:3b:8b:eb:4b:fe:
                    43:2a:a7:38:ef:50:da:ab:a3:21:6e:d7:10:d1:9b:
                    ca:81:8f:a0:af:f3:2c:31:87:3e:5e:c6:d1:68:17:
                    5a:b5:5c:09:57:a8:58:aa:fd:3d:69:42:13:b8:4e:
                    69:47:27:11:02:43:79:42:fd:65:0c:06:95:d6:36:
                    2a:d4:0f:93:1c:dc:59:c9:19:07:da:13:0e:c6:b9:
                    71:a1:29:34:64:1c:fb:9c:34:c3:e0:85:ac:45:d7:
                    7c:4c:f5:88:bb:98:dc:93:7e:b8:09:39:fb:62:54:
                    9b:95:0a:2e:7e:d5:72:c9:f7:de:52:a0:71:2d:ee:
                    4d:e5:1c:9e:9d:86:7f:ac:79:8f:17:12:28:90:19:
                    75:99:30:3f:76:18:78:db:18:7b:21:c7:d2:e9:83:
                    45:87:ab:35:ae:09:f6:d3:80:20:c3:a9:f7:54:39:
                    58:a6:d1:0b:ba:3b:01:8d:6d:25:e3:fd:0b:af:77:
                    d9:42:5a:43:9b:75:c7:c3:64:31:15:27:63:3d:e1:
                    60:cc:30:5c:5c:9f:2f:0f:54:f0:4d:7c:18:7b:ef:
                    8d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:21:89:14:01:40:57:A6:A2:32:92:14:C6:6C:92:5A:57:15:19:C8
            X509v3 Authority Key Identifier:
                keyid:2A:C7:8F:D5:17:A7:5F:77:F3:F4:FD:22:9A:C5:E6:73:25:60:C6:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KseP1RenX3fz9P0imsXmcyVgxuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c8f02b-0abc-41fe-bc54-ac800c6d976f/1/RCGJFAFAV6aiMpIUxmySWlcVGcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c8f02b-0abc-41fe-bc54-ac800c6d976f/1/KseP1RenX3fz9P0imsXmcyVgxuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:d4:c8:12:41:1d:b8:b0:bd:50:ff:fd:a5:6b:20:4f:8d:4f:
         bf:e4:b2:ec:60:18:f5:ba:6d:16:61:78:c9:58:e7:91:0d:b6:
         fe:b7:45:68:e0:90:8d:06:ad:a6:b2:c2:52:2c:89:4c:8c:b2:
         dc:31:76:4a:e5:38:98:26:38:24:37:38:24:77:4c:0c:d9:1f:
         31:46:a4:43:a1:1a:f7:99:87:5e:cc:8b:c2:8e:50:02:94:2c:
         f3:14:e3:59:a2:bc:76:aa:5d:69:1e:69:fc:45:ff:76:bd:23:
         68:0b:c9:27:65:a3:00:86:d3:c4:b4:e4:13:ab:76:51:1a:2b:
         23:48:c6:28:bb:24:ce:cc:2c:ec:35:49:ac:77:58:1f:98:1b:
         4f:1f:cd:11:30:45:c2:6d:23:fc:7b:e5:21:21:e1:bc:d7:95:
         62:8f:4e:6a:4b:f1:93:7d:16:37:51:3f:a8:ef:56:dd:98:20:
         31:80:5c:5b:33:9e:db:bc:d1:06:dc:df:1a:57:cb:3f:78:16:
         ba:15:dc:b4:32:0d:95:4e:af:c4:9a:8f:6c:25:dd:db:a0:06:
         32:29:ad:0b:7f:7f:2c:e7:4a:25:7d:33:73:c4:69:e1:6e:af:
         de:07:8f:13:d8:6f:e2:f7:03:b8:36:7a:4a:34:a3:53:f9:75:
         36:5f:4f:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIEBN9sixq5Cq8FdmbXLxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzc4ZmQ1MTdhNzVmNzdmM2Y0ZmQyMjlhYzVlNjczMjU2
MGM2ZTEwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDIxODkxNDAxNDA1N2E2YTIzMjkyMTRjNjZjOTI1YTU3MTUxOWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3VWZ+Roq6BAJN90OGBafgyxveL6
fj+lv53rrtASl6CM7L0piyJVO4vrS/5DKqc471Daq6MhbtcQ0ZvKgY+gr/MsMYc+
XsbRaBdatVwJV6hYqv09aUITuE5pRycRAkN5Qv1lDAaV1jYq1A+THNxZyRkH2hMO
xrlxoSk0ZBz7nDTD4IWsRdd8TPWIu5jck364CTn7YlSblQouftVyyffeUqBxLe5N
5RyenYZ/rHmPFxIokBl1mTA/dhh42xh7IcfS6YNFh6s1rgn204Agw6n3VDlYptEL
ujsBjW0l4/0Lr3fZQlpDm3XHw2QxFSdjPeFgzDBcXJ8vD1TwTXwYe++NhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEQhiRQBQFemojKSFMZsklpXFRnIMB8GA1UdIwQY
MBaAFCrHj9UXp1938/T9IprF5nMlYMbhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NlUDFSZW5YM2Z6OVAwaW1zWG1jeVZneHVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jOGYwMmItMGFiYy00MWZlLWJjNTQt
YWM4MDBjNmQ5NzZmLzEvUkNHSkZBRkFWNmFpTXBJVXhteVNXbGNWR2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jOGYwMmItMGFiYy00MWZlLWJjNTQtYWM4MDBjNmQ5NzZm
LzEvS3NlUDFSZW5YM2Z6OVAwaW1zWG1jeVZneHVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJetPMA0G
CSqGSIb3DQEBCwUAA4IBAQAv1MgSQR24sL1Q//2layBPjU+/5LLsYBj1um0WYXjJ
WOeRDbb+t0Vo4JCNBq2mssJSLIlMjLLcMXZK5TiYJjgkNzgkd0wM2R8xRqRDoRr3
mYdezIvCjlAClCzzFONZorx2ql1pHmn8Rf92vSNoC8knZaMAhtPEtOQTq3ZRGisj
SMYouyTOzCzsNUmsd1gfmBtPH80RMEXCbSP8e+UhIeG815Vij05qS/GTfRY3UT+o
71bdmCAxgFxbM57bvNEG3N8aV8s/eBa6Fdy0Mg2VTq/Emo9sJd3boAYyKa0Lf38s
50olfTNzxGnhbq/eB48T2G/i9wO4NnpKNKNT+XU2X09g
-----END CERTIFICATE-----