Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/5W4mwMVP775CxZsRYZr1PVSaTVg.roa
File:                     5W4mwMVP775CxZsRYZr1PVSaTVg.roa (raw, json)
Hash identifier:          oxCGKYz7PxwcwZKdB5HShQPVLUXLVISerUh43mQaBRU=
Subject key identifier:   E5:6E:26:C0:C5:4F:EF:BE:42:C5:9B:11:61:9A:F5:3D:54:9A:4D:58
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018D0CB75FCE12F1A7DD43F366EA62FFC369
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/5W4mwMVP775CxZsRYZr1PVSaTVg.roa
Signing time:             Mon 15 Jan 2024 10:42:40 +0000
ROA not before:           Mon 15 Jan 2024 10:42:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     996
IP address blocks:        37.34.80.0/21 maxlen: 24
                          37.218.208.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0c:b7:5f:ce:12:f1:a7:dd:43:f3:66:ea:62:ff:c3:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan 15 10:42:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e56e26c0c54fefbe42c59b11619af53d549a4d58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:fc:8b:ef:c7:3b:8a:63:b8:b9:7c:48:96:69:
                    cb:04:d0:4b:d3:ca:75:fd:b4:3a:62:26:44:e5:bf:
                    7e:0a:1f:33:be:32:ac:a9:09:82:3e:0b:5e:28:a6:
                    b0:cf:a1:f8:2f:bb:e2:3b:f6:da:29:bd:1b:57:3b:
                    02:9d:c7:bd:ff:48:81:a2:a9:8d:f2:85:cc:35:ca:
                    38:5a:58:2c:fc:f6:16:d7:b2:d1:52:f7:2a:ce:14:
                    92:28:38:3e:d0:f1:c1:78:58:81:e0:0f:e3:aa:9b:
                    7e:21:69:4f:bb:c0:ee:8e:3d:40:2a:6d:38:71:a8:
                    85:8d:2a:54:f4:18:a7:d6:bf:42:56:dc:3a:fb:2d:
                    71:be:f7:fc:54:e9:26:ed:0d:5f:25:56:31:42:97:
                    dd:a2:1e:e7:a1:77:07:95:59:64:6e:99:8f:7f:0f:
                    c8:2c:50:b9:15:9a:7b:59:1a:77:91:f3:da:2c:9f:
                    fe:01:ca:56:a2:40:8e:14:f8:47:56:1c:c7:f5:be:
                    f7:f4:df:b9:a9:63:fd:9b:27:0a:3d:0c:4e:0b:2f:
                    fc:ea:e1:95:1a:73:50:35:08:2c:9a:70:89:c9:74:
                    90:53:c2:61:65:9c:29:84:48:09:53:56:f7:06:6a:
                    10:f4:0f:53:c1:58:02:af:2a:5e:38:13:07:89:ea:
                    e4:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:6E:26:C0:C5:4F:EF:BE:42:C5:9B:11:61:9A:F5:3D:54:9A:4D:58
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/5W4mwMVP775CxZsRYZr1PVSaTVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.80.0/21
                  37.218.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4a:ed:bf:eb:ac:fd:18:80:64:bb:bf:11:cd:fe:eb:77:56:a0:
         37:1e:d3:f4:bc:04:aa:09:f4:3a:1c:1b:49:e1:cf:b0:71:9b:
         2d:0d:3b:8e:13:71:04:9c:cf:49:d0:b1:0a:d1:61:b3:5d:c3:
         b5:51:40:c8:d5:ce:55:75:67:00:4e:ab:a1:a3:06:bb:25:47:
         21:ee:47:a0:a8:a8:5f:ef:86:06:14:f3:7c:f3:e4:27:19:e0:
         ad:6b:dc:39:77:73:14:8f:9b:9c:ab:d8:f8:31:ef:8b:a8:2a:
         e9:de:60:be:ec:2c:f3:c6:3e:a3:da:74:d6:98:54:a8:6a:4f:
         c0:54:80:ae:31:22:91:f1:b2:32:33:8a:1b:d7:74:e0:3c:97:
         7e:97:de:b2:f9:e4:ea:eb:47:39:27:8b:ae:fb:a4:e3:1b:b1:
         92:9b:c5:60:5f:c0:2b:fc:ed:b0:67:40:9e:8f:74:8b:b4:01:
         5a:b9:14:3c:ab:8e:83:27:db:e5:b5:52:5c:31:9d:62:5f:77:
         87:84:5f:e0:bf:f5:12:4b:2d:d2:05:5b:c8:bf:f2:f1:20:8a:
         f5:b9:61:53:33:5d:07:61:14:0d:ed:ff:78:15:a6:51:83:29:
         86:0a:05:7b:01:c0:84:53:1a:03:1d:3c:a6:2b:71:82:e9:4e:
         83:ee:73:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY0Mt1/OEvGn3UPzZupi/8NpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwMTE1MTA0MjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTZlMjZjMGM1NGZlZmJlNDJjNTliMTE2MTlhZjUzZDU0OWE0ZDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgfyL78c7imO4uXxIlmnLBNBL08p1
/bQ6YiZE5b9+Ch8zvjKsqQmCPgteKKawz6H4L7viO/baKb0bVzsCnce9/0iBoqmN
8oXMNco4Wlgs/PYW17LRUvcqzhSSKDg+0PHBeFiB4A/jqpt+IWlPu8Dujj1AKm04
caiFjSpU9Bin1r9CVtw6+y1xvvf8VOkm7Q1fJVYxQpfdoh7noXcHlVlkbpmPfw/I
LFC5FZp7WRp3kfPaLJ/+AcpWokCOFPhHVhzH9b739N+5qWP9mycKPQxOCy/86uGV
GnNQNQgsmnCJyXSQU8JhZZwphEgJU1b3BmoQ9A9TwVgCrypeOBMHierk9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOVuJsDFT+++QsWbEWGa9T1Umk1YMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvNVc0bXdNVlA3NzVDeFpzUllacjFQVlNhVFZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJSJQAwQD
JdrQMA0GCSqGSIb3DQEBCwUAA4IBAQBK7b/rrP0YgGS7vxHN/ut3VqA3HtP0vASq
CfQ6HBtJ4c+wcZstDTuOE3EEnM9J0LEK0WGzXcO1UUDI1c5VdWcATquhowa7JUch
7kegqKhf74YGFPN88+QnGeCta9w5d3MUj5ucq9j4Me+LqCrp3mC+7Czzxj6j2nTW
mFSoak/AVICuMSKR8bIyM4ob13TgPJd+l96y+eTq60c5J4uu+6TjG7GSm8VgX8Ar
/O2wZ0Cej3SLtAFauRQ8q46DJ9vltVJcMZ1iX3eHhF/gv/USSy3SBVvIv/LxIIr1
uWFTM10HYRQN7f94FaZRgymGCgV7AcCEUxoDHTymK3GC6U6D7nOZ
-----END CERTIFICATE-----