Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/8rVBB3Az65rAGm3aIeQPGoWRI6w.roa
File:                     8rVBB3Az65rAGm3aIeQPGoWRI6w.roa (raw, json)
Hash identifier:          1g07U4zrMKFKvZdWnLWNRe1GvRahs7M9wIMloUbi7EI=
Subject key identifier:   F2:B5:41:07:70:33:EB:9A:C0:1A:6D:DA:21:E4:0F:1A:85:91:23:AC
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01912C65578D8ED9299AD204AB023CFF8631
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/8rVBB3Az65rAGm3aIeQPGoWRI6w.roa
Signing time:             Wed 07 Aug 2024 10:32:04 +0000
ROA not before:           Wed 07 Aug 2024 10:32:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48558
IP address blocks:        37.230.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:65:57:8d:8e:d9:29:9a:d2:04:ab:02:3c:ff:86:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Aug  7 10:32:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2b541077033eb9ac01a6dda21e40f1a859123ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:11:52:00:43:76:29:e7:ff:ff:3d:ef:7e:6c:
                    64:9e:ee:37:e8:0c:94:04:35:11:ab:72:93:4d:e1:
                    b3:be:99:67:a6:ab:dd:30:69:08:d7:0e:83:87:04:
                    8b:17:3f:a6:82:5a:6d:2f:10:14:f4:31:58:75:82:
                    85:9a:a1:ab:93:43:62:9e:c9:f9:f0:56:00:5a:0d:
                    0a:33:6a:83:4b:4f:c3:09:f5:fd:73:dc:77:38:38:
                    dc:72:83:1e:1e:ed:2d:65:1f:51:1b:48:75:5c:a5:
                    81:a0:12:0c:74:d5:89:ba:4b:27:de:ae:f6:bf:0b:
                    74:5d:34:41:64:f8:c3:70:55:ea:4a:75:fc:72:72:
                    7c:6d:1e:c6:78:dd:f5:22:c1:c1:80:88:e4:4b:5a:
                    96:08:66:83:90:6d:91:6d:83:a7:cc:3a:88:77:b4:
                    70:01:9f:82:6f:ee:d9:a6:0d:70:6c:51:b8:d5:9b:
                    64:ff:dc:a6:a0:78:bd:ec:c1:a7:b9:b2:94:30:93:
                    63:b1:86:e2:de:5e:30:52:06:58:c8:45:ca:a6:04:
                    f9:2a:ae:f1:e8:de:96:e0:60:a8:c6:d5:79:f1:f9:
                    c5:dc:da:d2:fa:24:61:08:0f:a0:1d:a3:3a:da:24:
                    bb:91:3a:f5:a5:cf:22:d7:94:cc:f6:b8:9f:f1:17:
                    be:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B5:41:07:70:33:EB:9A:C0:1A:6D:DA:21:E4:0F:1A:85:91:23:AC
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/8rVBB3Az65rAGm3aIeQPGoWRI6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ca:94:93:f1:d4:2b:52:65:85:ea:b8:72:97:e5:40:e4:3e:f1:
         10:cf:b2:b3:6c:a0:d7:55:a1:52:d5:a5:ab:1f:a0:fd:ef:d5:
         5e:f6:8f:16:65:8a:b3:d9:dd:66:d3:f8:06:36:a5:74:2d:2a:
         da:a9:f2:81:89:05:b7:d7:2a:02:62:ac:7b:9b:c0:e8:eb:d4:
         00:d5:aa:f3:50:a6:e0:bf:ac:40:c3:e1:62:f6:ce:b7:7e:72:
         20:60:17:c7:81:84:fa:d2:04:98:2e:e5:36:fc:fc:ba:49:e4:
         33:de:f9:ca:66:98:2e:46:da:97:e5:fc:c5:46:b9:6b:ed:5a:
         4f:90:07:a9:15:4d:ab:89:37:62:d7:7e:b1:22:e5:31:1a:72:
         94:fa:93:30:4c:77:1e:1a:0b:89:2c:5c:60:1e:fd:f3:a5:8d:
         ac:01:52:0d:65:c9:ed:00:89:1d:b1:05:e1:51:f4:ee:f4:d9:
         f6:9d:b9:2b:60:c0:aa:c4:36:c8:6e:60:68:3b:61:98:4e:8c:
         dd:c2:d3:70:5a:d6:74:b2:bc:ac:25:d6:90:49:c6:c6:c3:4d:
         0c:d5:fe:e8:66:86:22:f8:01:98:63:f0:5b:02:fd:f7:0b:e1:
         5f:8b:20:47:4f:5b:90:79:ef:0b:70:f8:95:5d:e8:cb:81:99:
         6e:e7:37:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEsZVeNjtkpmtIEqwI8/4YxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwODA3MTAzMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmI1NDEwNzcwMzNlYjlhYzAxYTZkZGEyMWU0MGYxYTg1OTEyM2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBFSAEN2Kef//z3vfmxknu436AyU
BDURq3KTTeGzvplnpqvdMGkI1w6DhwSLFz+mglptLxAU9DFYdYKFmqGrk0Ninsn5
8FYAWg0KM2qDS0/DCfX9c9x3ODjccoMeHu0tZR9RG0h1XKWBoBIMdNWJuksn3q72
vwt0XTRBZPjDcFXqSnX8cnJ8bR7GeN31IsHBgIjkS1qWCGaDkG2RbYOnzDqId7Rw
AZ+Cb+7Zpg1wbFG41Ztk/9ymoHi97MGnubKUMJNjsYbi3l4wUgZYyEXKpgT5Kq7x
6N6W4GCoxtV58fnF3NrS+iRhCA+gHaM62iS7kTr1pc8i15TM9rif8Re+BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPK1QQdwM+uawBpt2iHkDxqFkSOsMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvOHJWQkIzQXo2NXJBR20zYUllUVBHb1dSSTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJebOMA0G
CSqGSIb3DQEBCwUAA4IBAQDKlJPx1CtSZYXquHKX5UDkPvEQz7KzbKDXVaFS1aWr
H6D979Ve9o8WZYqz2d1m0/gGNqV0LSraqfKBiQW31yoCYqx7m8Do69QA1arzUKbg
v6xAw+Fi9s63fnIgYBfHgYT60gSYLuU2/Py6SeQz3vnKZpguRtqX5fzFRrlr7VpP
kAepFU2riTdi136xIuUxGnKU+pMwTHceGguJLFxgHv3zpY2sAVINZcntAIkdsQXh
UfTu9Nn2nbkrYMCqxDbIbmBoO2GYTozdwtNwWtZ0srysJdaQScbGw00M1f7oZoYi
+AGYY/BbAv33C+FfiyBHT1uQee8LcPiVXejLgZlu5zd0
-----END CERTIFICATE-----