Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/wv6zFblQLZj4fNsmUhW_NVbiHeo.roa
File:                     wv6zFblQLZj4fNsmUhW_NVbiHeo.roa (raw, json)
Hash identifier:          5nFGP9PJ1NNpQvR8+yESzQg+hj92aC7vu1K3PrOJpt8=
Subject key identifier:   C2:FE:B3:15:B9:50:2D:98:F8:7C:DB:26:52:15:BF:35:56:E2:1D:EA
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       019424455D412653BB42375309B5FAF42BF3
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/wv6zFblQLZj4fNsmUhW_NVbiHeo.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58203
IP address blocks:        195.87.18.0/24 maxlen: 24
                          195.87.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5d:41:26:53:bb:42:37:53:09:b5:fa:f4:2b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2feb315b9502d98f87cdb265215bf3556e21dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:94:d5:ff:ff:63:fd:73:35:f0:f1:7b:73:e6:
                    15:20:b1:ad:49:f9:dd:2c:a2:d2:cd:a4:a0:8a:85:
                    a8:21:a5:7a:10:93:56:37:d3:8d:99:32:dc:42:79:
                    58:9a:b3:7c:40:31:a5:8a:ff:59:a7:cb:09:b2:2f:
                    1c:28:22:8e:be:8e:f9:37:3f:85:c4:9e:9a:b8:9d:
                    88:90:2b:4c:76:e4:c2:03:f2:3d:14:ee:e6:3e:8d:
                    c2:de:a5:d2:e6:fc:9c:20:7f:b2:0f:f2:42:f6:c9:
                    1d:6d:76:82:fa:d3:86:f1:68:0d:48:76:01:51:27:
                    93:93:4a:f8:f2:89:05:13:cc:43:28:08:89:08:ef:
                    8b:05:f9:97:cf:13:26:a0:89:ab:c8:ff:23:01:3e:
                    45:bc:60:d0:7c:05:75:f1:c9:0b:ad:84:1e:13:ee:
                    7c:42:76:ae:fe:54:47:8d:4c:30:c7:ab:c0:de:c4:
                    58:63:0b:da:32:60:5f:e5:a4:fb:0a:10:ae:42:b0:
                    93:85:09:aa:6b:c4:5b:72:b5:f7:87:84:6c:1e:85:
                    e6:a0:60:cc:da:d3:84:27:b4:3a:c2:65:73:5f:80:
                    ae:3d:ac:c5:57:1f:ba:6a:08:49:25:78:25:af:f2:
                    b3:41:fa:36:4f:21:ea:71:9c:3a:49:4e:04:b9:0e:
                    e4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:FE:B3:15:B9:50:2D:98:F8:7C:DB:26:52:15:BF:35:56:E2:1D:EA
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/wv6zFblQLZj4fNsmUhW_NVbiHeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.87.18.0/24
                  195.87.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:f0:05:41:b5:77:88:41:55:21:a8:40:0a:85:09:36:a6:6b:
         e6:0a:a5:f2:c4:cf:96:f7:e3:51:08:72:87:38:5b:19:6d:46:
         4c:23:ad:8e:18:9b:77:e6:2a:8c:23:4b:18:b1:72:34:20:a2:
         5c:1e:5f:81:aa:52:a3:c6:58:b0:95:df:a5:bc:38:12:2a:88:
         a1:95:86:6f:b4:74:62:52:4e:c3:09:fe:6e:d8:91:b8:af:17:
         de:d2:b7:d8:8c:67:ed:cf:75:5c:ef:8d:ce:b6:24:b7:81:18:
         a5:66:94:46:50:f9:6b:a5:29:ec:c5:f4:08:4f:d6:58:19:a5:
         30:ac:96:aa:f2:e0:07:a3:ad:fe:2f:f0:6a:35:22:5c:82:0b:
         cd:1a:06:19:4f:67:0c:3c:05:16:04:2e:a7:6c:9e:a9:46:db:
         85:d8:4c:cd:af:a4:3e:b3:2d:4d:2d:40:4c:72:68:12:1a:37:
         e6:19:cb:01:ce:5b:c6:8a:61:4a:16:a4:37:70:80:71:53:39:
         f8:52:ba:29:47:6f:59:cc:de:5d:07:dc:8d:5c:5f:89:33:ab:
         df:22:3b:46:42:30:40:db:fd:ea:1b:b4:39:b6:c5:d5:0a:48:
         2d:b4:2f:a5:f5:dd:d5:9a:b2:5d:ee:af:51:5f:4b:9c:b7:5d:
         0a:31:aa:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRV1BJlO7QjdTCbX69CvzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmZlYjMxNWI5NTAyZDk4Zjg3Y2RiMjY1MjE1YmYzNTU2ZTIxZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pTV//9j/XM18PF7c+YVILGtSfnd
LKLSzaSgioWoIaV6EJNWN9ONmTLcQnlYmrN8QDGliv9Zp8sJsi8cKCKOvo75Nz+F
xJ6auJ2IkCtMduTCA/I9FO7mPo3C3qXS5vycIH+yD/JC9skdbXaC+tOG8WgNSHYB
USeTk0r48okFE8xDKAiJCO+LBfmXzxMmoImryP8jAT5FvGDQfAV18ckLrYQeE+58
Qnau/lRHjUwwx6vA3sRYYwvaMmBf5aT7ChCuQrCThQmqa8RbcrX3h4RsHoXmoGDM
2tOEJ7Q6wmVzX4CuPazFVx+6aghJJXglr/KzQfo2TyHqcZw6SU4EuQ7kaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFML+sxW5UC2Y+HzbJlIVvzVW4h3qMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvd3Y2ekZibFFMWmo0Zk5zbVVoV19OVmJpSGVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAw1cSAwQA
w1fvMA0GCSqGSIb3DQEBCwUAA4IBAQAZ8AVBtXeIQVUhqEAKhQk2pmvmCqXyxM+W
9+NRCHKHOFsZbUZMI62OGJt35iqMI0sYsXI0IKJcHl+BqlKjxliwld+lvDgSKoih
lYZvtHRiUk7DCf5u2JG4rxfe0rfYjGftz3Vc743OtiS3gRilZpRGUPlrpSnsxfQI
T9ZYGaUwrJaq8uAHo63+L/BqNSJcggvNGgYZT2cMPAUWBC6nbJ6pRtuF2EzNr6Q+
sy1NLUBMcmgSGjfmGcsBzlvGimFKFqQ3cIBxUzn4UropR29ZzN5dB9yNXF+JM6vf
IjtGQjBA2/3qG7Q5tsXVCkgttC+l9d3VmrJd7q9RX0uct10KMaq8
-----END CERTIFICATE-----