Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/517a86-4bae-46cd-98e2-cf94b1fd469e/1/1xEtGe6qOBqeztJ60lWSug9lag0.roa
File:                     1xEtGe6qOBqeztJ60lWSug9lag0.roa (raw, json)
Hash identifier:          6Dtch6lrRv1cvrUDsIQ1IxZ+LvZnmKy8YbBTsdIcjFI=
Subject key identifier:   D7:11:2D:19:EE:AA:38:1A:9E:CE:D2:7A:D2:55:92:BA:0F:65:6A:0D
Certificate issuer:       /CN=583faf07e3ec9200764f273a10e7b6c4b1582ea7
Certificate serial:       01944FD71DE6D86EFD9AFA2CB158934E3191
Authority key identifier: 58:3F:AF:07:E3:EC:92:00:76:4F:27:3A:10:E7:B6:C4:B1:58:2E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WD-vB-PskgB2Tyc6EOe2xLFYLqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/517a86-4bae-46cd-98e2-cf94b1fd469e/1/1xEtGe6qOBqeztJ60lWSug9lag0.roa
Signing time:             Fri 10 Jan 2025 10:51:25 +0000
ROA not before:           Fri 10 Jan 2025 10:51:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200628
IP address blocks:        37.72.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/517a86-4bae-46cd-98e2-cf94b1fd469e/1/WD-vB-PskgB2Tyc6EOe2xLFYLqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/517a86-4bae-46cd-98e2-cf94b1fd469e/1/WD-vB-PskgB2Tyc6EOe2xLFYLqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WD-vB-PskgB2Tyc6EOe2xLFYLqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4f:d7:1d:e6:d8:6e:fd:9a:fa:2c:b1:58:93:4e:31:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=583faf07e3ec9200764f273a10e7b6c4b1582ea7
        Validity
            Not Before: Jan 10 10:51:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7112d19eeaa381a9eced27ad25592ba0f656a0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:77:dd:01:a8:43:52:68:24:95:17:9d:f1:9e:
                    bf:84:d2:30:69:eb:10:4f:30:97:09:8a:ce:a6:4f:
                    87:75:97:ed:4d:8d:96:cd:7d:af:25:85:68:ae:59:
                    0a:46:78:9d:db:e0:a0:ea:e4:b2:c5:d1:a2:22:fe:
                    3b:1e:d8:e6:a4:55:3e:d6:ad:b8:6f:d0:04:88:0a:
                    40:8c:98:8a:3e:f2:92:b8:63:5a:f4:ab:fa:5a:9e:
                    ef:26:2b:01:12:e9:f8:03:df:5a:52:7e:19:e5:00:
                    0a:ff:50:61:cc:c5:60:d8:d8:13:79:e1:8c:16:c1:
                    68:f4:ce:5b:81:b2:37:7c:0d:35:3f:25:c3:42:9a:
                    c6:57:50:23:40:b6:8a:2d:8e:d9:11:fa:d6:d7:38:
                    12:48:0c:20:34:5a:bd:0f:35:d4:73:71:40:6d:e7:
                    d9:fa:d8:d9:3f:5d:49:72:34:e0:ad:c3:af:1e:f5:
                    c8:81:e6:a8:fd:49:6c:37:82:26:61:31:e7:ca:ee:
                    e7:c9:fd:26:08:f2:1c:25:d1:0b:9e:37:38:2b:7b:
                    53:d9:3d:84:de:be:ff:46:62:06:f4:7e:41:0a:8b:
                    06:90:9a:05:39:cd:02:8a:82:99:9c:d7:be:fa:ae:
                    1e:57:19:af:59:cf:a3:68:67:18:7d:03:ec:73:20:
                    67:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:11:2D:19:EE:AA:38:1A:9E:CE:D2:7A:D2:55:92:BA:0F:65:6A:0D
            X509v3 Authority Key Identifier:
                keyid:58:3F:AF:07:E3:EC:92:00:76:4F:27:3A:10:E7:B6:C4:B1:58:2E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WD-vB-PskgB2Tyc6EOe2xLFYLqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/517a86-4bae-46cd-98e2-cf94b1fd469e/1/1xEtGe6qOBqeztJ60lWSug9lag0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/517a86-4bae-46cd-98e2-cf94b1fd469e/1/WD-vB-PskgB2Tyc6EOe2xLFYLqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.72.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:44:8c:24:6b:76:55:d8:46:5a:c4:35:8f:07:a5:53:db:fc:
         f2:c2:fa:64:eb:cf:56:44:a8:b2:5e:12:c2:c8:1a:b9:41:2b:
         01:c2:0b:cb:b0:3f:35:9c:ab:a6:83:63:fd:f5:76:2c:ba:9c:
         2f:e5:50:fb:96:a4:d8:66:3f:65:e7:b9:6a:69:3c:2c:08:6c:
         c0:54:bb:ef:b8:8f:8d:33:34:b3:e2:53:4b:62:de:61:12:84:
         53:78:a3:4a:ec:48:36:ea:e7:9b:ae:eb:10:c7:9d:4f:19:40:
         92:34:60:82:11:62:be:b7:24:41:52:d0:ed:2c:51:67:36:b7:
         43:35:0c:95:2f:dc:de:01:49:5b:64:17:bb:a6:50:44:10:a9:
         4f:09:87:8f:7d:4e:45:7e:14:66:bd:f4:ad:e6:15:ee:bc:91:
         4c:8c:00:89:16:51:af:cb:97:db:59:03:54:a5:76:19:09:e6:
         df:cd:f9:5c:47:54:73:f2:40:ef:cb:fb:d5:6e:50:eb:bb:2a:
         2e:e7:c5:5f:ef:cb:3a:72:62:b8:5e:c2:43:87:2d:71:29:92:
         0e:dc:1b:fb:48:a3:2a:1a:f8:20:91:2f:1c:52:43:31:f1:90:
         d9:c9:72:a8:1a:e9:cc:a5:a6:b9:93:ef:15:1c:01:8e:01:0e:
         a7:7d:3b:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRP1x3m2G79mvossViTTjGRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4M2ZhZjA3ZTNlYzkyMDA3NjRmMjczYTEwZTdiNmM0YjE1
ODJlYTcwHhcNMjUwMTEwMTA1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzExMmQxOWVlYWEzODFhOWVjZWQyN2FkMjU1OTJiYTBmNjU2YTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53fdAahDUmgklRed8Z6/hNIwaesQ
TzCXCYrOpk+HdZftTY2WzX2vJYVorlkKRnid2+Cg6uSyxdGiIv47HtjmpFU+1q24
b9AEiApAjJiKPvKSuGNa9Kv6Wp7vJisBEun4A99aUn4Z5QAK/1BhzMVg2NgTeeGM
FsFo9M5bgbI3fA01PyXDQprGV1AjQLaKLY7ZEfrW1zgSSAwgNFq9DzXUc3FAbefZ
+tjZP11JcjTgrcOvHvXIgeao/UlsN4ImYTHnyu7nyf0mCPIcJdELnjc4K3tT2T2E
3r7/RmIG9H5BCosGkJoFOc0CioKZnNe++q4eVxmvWc+jaGcYfQPscyBnGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcRLRnuqjgans7SetJVkroPZWoNMB8GA1UdIwQY
MBaAFFg/rwfj7JIAdk8nOhDntsSxWC6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0QtdkItUHNrZ0IyVHljNkVPZTJ4TEZZTHFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81MTdhODYtNGJhZS00NmNkLTk4ZTIt
Y2Y5NGIxZmQ0NjllLzEvMXhFdEdlNnFPQnFlenRKNjBsV1N1ZzlsYWcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81MTdhODYtNGJhZS00NmNkLTk4ZTItY2Y5NGIxZmQ0Njll
LzEvV0QtdkItUHNrZ0IyVHljNkVPZTJ4TEZZTHFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJUiCMA0G
CSqGSIb3DQEBCwUAA4IBAQBtRIwka3ZV2EZaxDWPB6VT2/zywvpk689WRKiyXhLC
yBq5QSsBwgvLsD81nKumg2P99XYsupwv5VD7lqTYZj9l57lqaTwsCGzAVLvvuI+N
MzSz4lNLYt5hEoRTeKNK7Eg26uebrusQx51PGUCSNGCCEWK+tyRBUtDtLFFnNrdD
NQyVL9zeAUlbZBe7plBEEKlPCYePfU5FfhRmvfSt5hXuvJFMjACJFlGvy5fbWQNU
pXYZCebfzflcR1Rz8kDvy/vVblDruyou58Vf78s6cmK4XsJDhy1xKZIO3Bv7SKMq
GvggkS8cUkMx8ZDZyXKoGunMpaa5k+8VHAGOAQ6nfTti
-----END CERTIFICATE-----