Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/xbB2W_NjgLWlbeNMcYSxlHjDmXE.roa
File:                     xbB2W_NjgLWlbeNMcYSxlHjDmXE.roa (raw, json)
Hash identifier:          BDb3t8owAR6ftClX/O++Jozk/RAQpNrFQeIkw/Bo4Vg=
Subject key identifier:   C5:B0:76:5B:F3:63:80:B5:A5:6D:E3:4C:71:84:B1:94:78:C3:99:71
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019428241A7E1734967484901B70FB95D8EC
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/xbB2W_NjgLWlbeNMcYSxlHjDmXE.roa
Signing time:             Thu 02 Jan 2025 17:50:42 +0000
ROA not before:           Thu 02 Jan 2025 17:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        37.34.80.0/21 maxlen: 22
                          86.104.160.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:1a:7e:17:34:96:74:84:90:1b:70:fb:95:d8:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 17:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5b0765bf36380b5a56de34c7184b19478c39971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b7:c3:93:19:5e:48:22:25:e9:11:06:c6:2c:
                    b5:90:f1:1c:1f:62:d0:9a:77:fe:9c:ac:26:d7:cb:
                    c7:79:56:e2:ef:b5:cb:0f:ed:91:63:8f:3b:64:7e:
                    b8:2e:3d:06:28:ff:48:61:8a:11:7f:c3:2a:d2:e2:
                    cf:56:f2:42:4c:63:32:ef:3b:8e:75:de:39:c5:c0:
                    7a:61:84:29:b0:4c:04:aa:4a:cd:d1:f1:f0:ea:5a:
                    0e:cb:58:df:c6:a0:4a:93:4b:1a:8c:fb:51:11:fb:
                    c0:a5:03:b0:08:86:c7:2b:06:86:a5:de:1f:ee:f0:
                    76:8f:48:05:fc:b7:08:09:e5:d7:b0:45:06:f2:3f:
                    38:e8:75:7a:1d:aa:1a:68:0e:88:e0:7f:33:aa:76:
                    a7:e0:bb:d5:1c:cf:8b:34:6c:22:fb:a4:08:ba:77:
                    52:2b:c1:fa:7b:f6:36:3a:13:77:fb:9c:ee:0f:e6:
                    1c:a1:71:9e:f9:94:a4:6d:19:74:20:bf:5e:fd:68:
                    69:97:f9:70:81:a9:14:3a:a4:e7:a2:b3:c7:57:29:
                    a8:44:d7:94:ca:ad:9f:60:ba:08:c2:7b:d2:ed:bf:
                    f9:3f:b0:f5:81:93:0b:ed:4c:b3:2c:b3:15:77:99:
                    19:80:de:df:c6:a6:ba:bf:d3:0c:21:7b:b8:c2:a3:
                    ce:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:B0:76:5B:F3:63:80:B5:A5:6D:E3:4C:71:84:B1:94:78:C3:99:71
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/xbB2W_NjgLWlbeNMcYSxlHjDmXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.34.80.0/21
                  86.104.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:f2:5d:47:bf:d1:1d:6b:49:22:5b:98:0d:ae:ff:33:68:c2:
         61:2b:1c:de:f0:bf:b2:6f:2e:9c:d3:81:38:e2:89:3d:a4:a1:
         3c:ff:e5:dc:6b:5d:6a:f6:e8:b9:25:7f:7d:a0:4b:c5:ae:57:
         25:f5:e3:13:c4:49:38:c9:d3:3e:11:56:53:55:d8:bb:dc:c2:
         86:19:ba:da:53:57:a6:96:6c:69:fb:31:ed:a3:9f:7a:b1:c1:
         63:90:aa:06:9d:4e:66:a4:e1:45:ac:2f:6b:68:ef:7c:35:80:
         a4:eb:a2:1e:71:48:7d:f8:49:f4:6b:38:09:8d:95:03:90:11:
         4a:2e:a9:2a:ad:ad:39:eb:fa:61:76:58:04:79:df:82:06:bf:
         d1:a6:2c:5c:5c:82:f3:cb:1b:40:96:3b:0e:84:ad:10:1b:00:
         da:64:45:d1:93:11:7b:d7:ac:e1:b8:6c:94:a4:99:c7:33:7e:
         3a:78:a3:a0:c1:bf:86:b4:ee:60:de:79:07:5e:0f:a2:e3:1c:
         4d:a5:e0:25:75:c2:20:bc:a4:c8:8a:77:01:71:bc:10:b1:32:
         82:70:3b:44:b0:1d:b4:19:56:8a:69:1b:ea:24:a9:7d:99:75:
         31:62:7f:26:57:6a:91:e8:39:86:bc:08:5f:af:3e:5d:f5:24:
         ec:f3:e3:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJBp+FzSWdISQG3D7ldjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTAyMTc1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIwNzY1YmYzNjM4MGI1YTU2ZGUzNGM3MTg0YjE5NDc4YzM5OTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7fDkxleSCIl6REGxiy1kPEcH2LQ
mnf+nKwm18vHeVbi77XLD+2RY487ZH64Lj0GKP9IYYoRf8Mq0uLPVvJCTGMy7zuO
dd45xcB6YYQpsEwEqkrN0fHw6loOy1jfxqBKk0sajPtREfvApQOwCIbHKwaGpd4f
7vB2j0gF/LcICeXXsEUG8j846HV6HaoaaA6I4H8zqnan4LvVHM+LNGwi+6QIundS
K8H6e/Y2OhN3+5zuD+YcoXGe+ZSkbRl0IL9e/Whpl/lwgakUOqTnorPHVymoRNeU
yq2fYLoIwnvS7b/5P7D1gZML7UyzLLMVd5kZgN7fxqa6v9MMIXu4wqPOrwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMWwdlvzY4C1pW3jTHGEsZR4w5lxMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEveGJCMldfTmpnTFdsYmVOTWNZU3hsSGpEbVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDJSJQAwQC
VmigMA0GCSqGSIb3DQEBCwUAA4IBAQCb8l1Hv9Eda0kiW5gNrv8zaMJhKxze8L+y
by6c04E44ok9pKE8/+Xca11q9ui5JX99oEvFrlcl9eMTxEk4ydM+EVZTVdi73MKG
GbraU1emlmxp+zHto596scFjkKoGnU5mpOFFrC9raO98NYCk66IecUh9+En0azgJ
jZUDkBFKLqkqra056/phdlgEed+CBr/RpixcXILzyxtAljsOhK0QGwDaZEXRkxF7
16zhuGyUpJnHM346eKOgwb+GtO5g3nkHXg+i4xxNpeAldcIgvKTIincBcbwQsTKC
cDtEsB20GVaKaRvqJKl9mXUxYn8mV2qR6DmGvAhfrz5d9STs8+NZ
-----END CERTIFICATE-----