Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/1Aqx1Ch_PFaF2pS49QgDISxrA-g.roa
File:                     1Aqx1Ch_PFaF2pS49QgDISxrA-g.roa (raw, json)
Hash identifier:          gCnBI3Lk9/tgWW+MsaVYbZGu2QCEZ9EV1fhaHI603g8=
Subject key identifier:   D4:0A:B1:D4:28:7F:3C:56:85:DA:94:B8:F5:08:03:21:2C:6B:03:E8
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A8626BB8DB00D353C70669B82F1FC
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/1Aqx1Ch_PFaF2pS49QgDISxrA-g.roa
Signing time:             Mon 01 Jan 2024 18:30:21 +0000
ROA not before:           Mon 01 Jan 2024 18:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205675
IP address blocks:        37.18.24.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:86:26:bb:8d:b0:0d:35:3c:70:66:9b:82:f1:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d40ab1d4287f3c5685da94b8f50803212c6b03e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fb:48:13:20:5a:d0:8b:62:b4:4a:48:ca:3e:
                    1b:56:7d:b6:9b:89:8f:a8:0d:21:d1:68:a6:9e:14:
                    1d:a7:d4:98:28:af:13:e6:02:35:93:af:89:cd:42:
                    1d:34:94:a6:0c:76:9f:ee:3d:7a:e9:e1:ab:ef:2d:
                    1f:be:8d:d4:a9:bc:71:d0:d3:29:fb:5d:59:00:10:
                    df:47:61:67:7f:8f:92:89:f5:20:76:e8:8c:26:d5:
                    7d:9a:ea:bd:8a:c7:0b:bb:07:a8:54:0d:7e:24:54:
                    2f:8d:a2:2f:d2:d1:ea:7f:bc:ff:97:8b:ef:07:89:
                    53:1a:e9:2e:59:bc:06:7e:2c:79:05:37:1e:f0:e3:
                    d5:9c:ec:c0:d4:39:78:92:3c:2e:f9:27:c1:9f:e4:
                    65:4f:5c:cd:94:de:35:4b:ff:37:01:c4:08:40:32:
                    8c:8a:9f:c7:4a:17:fb:00:58:ed:68:e9:f9:c0:8c:
                    8b:9e:44:7c:ff:40:32:7b:87:c4:98:22:01:7b:70:
                    08:41:e5:1f:8c:5e:a4:e6:43:ca:c0:be:ef:03:ab:
                    6b:e5:a5:f0:bc:8a:fe:e2:8b:d3:65:10:49:ae:9a:
                    60:40:8b:3c:0d:e1:61:a1:6f:91:13:8a:86:3e:ae:
                    85:9d:be:a1:bb:3c:a2:28:04:ff:e5:a3:99:0a:28:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:0A:B1:D4:28:7F:3C:56:85:DA:94:B8:F5:08:03:21:2C:6B:03:E8
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/1Aqx1Ch_PFaF2pS49QgDISxrA-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:bc:9d:5e:c4:9b:50:2d:6d:49:2b:a3:04:69:fc:7b:e9:ee:
         66:b3:ef:2e:d3:97:bf:1b:0f:ba:b4:d2:e4:8d:39:ae:89:60:
         fa:d2:43:39:78:da:db:ed:04:7f:dc:b8:9c:f5:5f:d0:c5:44:
         8f:1f:aa:ed:e2:70:68:fa:ef:e0:f2:bd:25:ea:6c:e9:92:14:
         1b:ed:57:c6:4a:fd:43:e3:75:1f:df:65:0b:36:ab:aa:06:cd:
         34:42:ff:3e:5b:50:38:04:f8:4c:c2:18:73:8b:fe:87:9d:1c:
         a9:c9:3b:13:55:22:09:c8:56:0c:f1:3e:64:05:db:26:fb:4c:
         49:42:2f:d7:9a:66:88:b2:60:b9:a3:71:ab:48:fd:2b:c1:c4:
         c3:a2:da:fa:65:1d:ab:d5:eb:ab:57:24:97:d1:73:14:c5:ac:
         6e:f3:15:56:5d:8f:7a:97:b1:c7:fa:2f:2b:bf:71:75:0f:17:
         31:fa:15:71:40:f6:29:bf:a8:6c:b6:f3:bf:db:96:96:6c:b9:
         79:44:62:ae:77:0c:a2:0c:a1:d5:d9:6e:eb:c8:e3:58:d7:43:
         29:41:c2:d6:9d:4c:4e:be:1c:a6:11:df:37:04:d5:ad:b8:41:
         d5:d0:49:be:d6:d2:a0:a4:9f:3e:14:ec:cf:7d:7d:a3:4c:d6:
         0c:ad:89:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSoYmu42wDTU8cGabgvH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDBhYjFkNDI4N2YzYzU2ODVkYTk0YjhmNTA4MDMyMTJjNmIwM2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/tIEyBa0ItitEpIyj4bVn22m4mP
qA0h0WimnhQdp9SYKK8T5gI1k6+JzUIdNJSmDHaf7j166eGr7y0fvo3Uqbxx0NMp
+11ZABDfR2Fnf4+SifUgduiMJtV9muq9iscLuweoVA1+JFQvjaIv0tHqf7z/l4vv
B4lTGukuWbwGfix5BTce8OPVnOzA1Dl4kjwu+SfBn+RlT1zNlN41S/83AcQIQDKM
ip/HShf7AFjtaOn5wIyLnkR8/0Aye4fEmCIBe3AIQeUfjF6k5kPKwL7vA6tr5aXw
vIr+4ovTZRBJrppgQIs8DeFhoW+RE4qGPq6Fnb6huzyiKAT/5aOZCihjxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNQKsdQofzxWhdqUuPUIAyEsawPoMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvMUFxeDFDaF9QRmFGMnBTNDlRZ0RJU3hyQS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRIYMA0G
CSqGSIb3DQEBCwUAA4IBAQC7vJ1exJtQLW1JK6MEafx76e5ms+8u05e/Gw+6tNLk
jTmuiWD60kM5eNrb7QR/3Lic9V/QxUSPH6rt4nBo+u/g8r0l6mzpkhQb7VfGSv1D
43Uf32ULNquqBs00Qv8+W1A4BPhMwhhzi/6HnRypyTsTVSIJyFYM8T5kBdsm+0xJ
Qi/XmmaIsmC5o3GrSP0rwcTDotr6ZR2r1eurVySX0XMUxaxu8xVWXY96l7HH+i8r
v3F1Dxcx+hVxQPYpv6hstvO/25aWbLl5RGKudwyiDKHV2W7ryONY10MpQcLWnUxO
vhymEd83BNWtuEHV0Em+1tKgpJ8+FOzPfX2jTNYMrYmf
-----END CERTIFICATE-----