Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/37gu0rtmN8D1ks3Ker3T_U5yn3I.roa
File:                     37gu0rtmN8D1ks3Ker3T_U5yn3I.roa (raw, json)
Hash identifier:          WPS2xZu2RrEQtqyutVbvBwCeAsJHCPFKl6d7wxebBbk=
Subject key identifier:   DF:B8:2E:D2:BB:66:37:C0:F5:92:CD:CA:7A:BD:D3:FD:4E:72:9F:72
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A786F037FC35337D060C282A86B0D
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/37gu0rtmN8D1ks3Ker3T_U5yn3I.roa
Signing time:             Mon 01 Jan 2024 18:30:18 +0000
ROA not before:           Mon 01 Jan 2024 18:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56595
IP address blocks:        46.243.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:78:6f:03:7f:c3:53:37:d0:60:c2:82:a8:6b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfb82ed2bb6637c0f592cdca7abdd3fd4e729f72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:19:30:c5:85:43:31:9a:14:86:87:4a:78:ef:
                    c9:e0:c7:1d:4e:48:4d:ee:57:8e:7a:03:ff:6e:ba:
                    26:12:25:f2:c5:ac:4e:61:d5:01:9e:f7:ff:9e:6f:
                    2a:6a:2c:d1:5f:e3:39:b8:ea:e2:87:fa:68:ba:b0:
                    20:f7:dd:53:c7:12:91:d8:c7:17:ba:a1:90:f4:24:
                    ca:a9:f6:35:69:05:e1:b2:3b:14:f2:1a:eb:d7:e7:
                    ea:28:1b:39:56:2e:64:80:7f:15:4c:7e:69:c5:29:
                    a4:de:5d:34:8d:f4:6f:b1:3e:d4:bb:ec:66:d4:20:
                    c2:a9:19:04:8f:44:8e:73:a4:6e:34:ec:1c:fe:3a:
                    1b:45:48:b5:31:6f:41:26:ec:60:f4:3b:eb:64:84:
                    40:d8:52:d6:ed:e7:f8:b0:4f:ab:db:9a:1f:65:1e:
                    b5:1c:c8:f6:99:86:b1:c9:2d:33:78:97:f3:2a:06:
                    47:24:17:84:a2:8f:8a:ce:d6:10:74:05:e2:17:bc:
                    2e:f8:0f:37:c1:c3:93:d4:90:8f:ff:56:67:54:76:
                    c0:df:09:10:f8:5e:bb:ad:57:f1:ba:e8:8b:39:99:
                    24:1d:80:c2:00:2b:bb:c3:20:61:d6:9e:a7:4c:af:
                    0a:a1:73:28:5c:1b:0b:ba:98:08:ef:96:67:db:b5:
                    b2:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B8:2E:D2:BB:66:37:C0:F5:92:CD:CA:7A:BD:D3:FD:4E:72:9F:72
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/37gu0rtmN8D1ks3Ker3T_U5yn3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:59:54:d7:2b:78:2f:40:6b:b5:09:5e:7a:3b:7c:38:63:39:
         d8:19:e1:c9:5b:ff:57:31:16:cd:e8:fd:b2:ce:18:f5:a4:58:
         5b:06:54:0d:86:f4:cc:2c:91:61:2e:82:a2:3a:64:61:d9:3a:
         d3:5e:76:3d:39:d3:2f:f6:55:df:13:45:1e:de:35:bf:86:ff:
         98:62:d9:05:45:e9:f5:b8:55:bb:8f:aa:fc:b7:0c:42:00:e9:
         dc:83:20:f5:de:c0:e5:83:6e:6f:a7:b3:cf:03:51:94:a2:3c:
         f0:ed:9e:29:c5:ce:33:7a:32:f2:cb:9b:04:57:b0:e2:dd:4a:
         aa:97:37:2f:f4:76:5b:66:48:22:2e:df:80:d5:5b:03:ea:aa:
         4f:7d:b9:95:8c:6e:07:53:6f:35:94:c0:6d:06:5e:f3:94:5a:
         ab:22:c5:4e:7a:4d:b5:8c:65:9d:0b:75:b9:83:6c:93:35:ce:
         1e:27:f6:b3:41:79:db:15:4d:b0:b9:48:15:ec:d8:52:23:40:
         cd:e6:39:94:82:41:35:86:45:87:93:51:f7:ea:1b:73:b6:cc:
         82:57:99:ad:ed:ff:c3:fd:75:e3:95:df:b5:a5:39:cc:cd:f6:
         4b:e9:72:07:fe:69:4f:fc:20:fd:c3:1e:e6:cf:53:51:75:f0:
         fd:9e:db:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSnhvA3/DUzfQYMKCqGsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmI4MmVkMmJiNjYzN2MwZjU5MmNkY2E3YWJkZDNmZDRlNzI5ZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBkwxYVDMZoUhodKeO/J4McdTkhN
7leOegP/bromEiXyxaxOYdUBnvf/nm8qaizRX+M5uOrih/pourAg991TxxKR2McX
uqGQ9CTKqfY1aQXhsjsU8hrr1+fqKBs5Vi5kgH8VTH5pxSmk3l00jfRvsT7Uu+xm
1CDCqRkEj0SOc6RuNOwc/jobRUi1MW9BJuxg9DvrZIRA2FLW7ef4sE+r25ofZR61
HMj2mYaxyS0zeJfzKgZHJBeEoo+KztYQdAXiF7wu+A83wcOT1JCP/1ZnVHbA3wkQ
+F67rVfxuuiLOZkkHYDCACu7wyBh1p6nTK8KoXMoXBsLupgI75Zn27WyZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+4LtK7ZjfA9ZLNynq90/1Ocp9yMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvMzdndTBydG1OOEQxa3MzS2VyM1RfVTV5bjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvPIMA0G
CSqGSIb3DQEBCwUAA4IBAQCeWVTXK3gvQGu1CV56O3w4YznYGeHJW/9XMRbN6P2y
zhj1pFhbBlQNhvTMLJFhLoKiOmRh2TrTXnY9OdMv9lXfE0Ue3jW/hv+YYtkFRen1
uFW7j6r8twxCAOncgyD13sDlg25vp7PPA1GUojzw7Z4pxc4zejLyy5sEV7Di3Uqq
lzcv9HZbZkgiLt+A1VsD6qpPfbmVjG4HU281lMBtBl7zlFqrIsVOek21jGWdC3W5
g2yTNc4eJ/azQXnbFU2wuUgV7NhSI0DN5jmUgkE1hkWHk1H36htztsyCV5mt7f/D
/XXjld+1pTnMzfZL6XIH/mlP/CD9wx7mz1NRdfD9ntt/
-----END CERTIFICATE-----