Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/9OtpcLqB81gVtHhqv4FsnM7P9JE.roa
File:                     9OtpcLqB81gVtHhqv4FsnM7P9JE.roa (raw, json)
Hash identifier:          T91GO8xFcnjqkFlL5tAERamNOojuNKUVOvS3fVtIpF0=
Subject key identifier:   F4:EB:69:70:BA:81:F3:58:15:B4:78:6A:BF:81:6C:9C:CE:CF:F4:91
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A7F48E0CB7549BB3FF879CC9D2F22
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/9OtpcLqB81gVtHhqv4FsnM7P9JE.roa
Signing time:             Mon 01 Jan 2024 18:30:20 +0000
ROA not before:           Mon 01 Jan 2024 18:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197309
IP address blocks:        37.230.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 13:58:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:7f:48:e0:cb:75:49:bb:3f:f8:79:cc:9d:2f:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4eb6970ba81f35815b4786abf816c9ccecff491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e5:79:19:4c:05:ca:84:a3:85:20:ba:3c:80:
                    e6:f6:20:ef:dc:02:e2:ab:2a:f8:c4:7a:3f:31:82:
                    38:5b:f1:d4:cc:96:23:12:a7:7c:47:2b:02:26:e7:
                    55:77:ef:91:a3:8b:9c:79:b8:c6:fb:9a:4c:91:f6:
                    88:fc:09:bd:0c:a7:eb:1a:dd:91:30:31:c1:8e:59:
                    8e:57:fa:d6:e4:50:8a:98:e3:ba:70:09:59:e0:b4:
                    13:5a:f0:c3:f9:71:75:b3:01:9c:4a:6b:53:fc:e7:
                    58:90:ae:de:42:80:f8:b2:3c:e1:df:0c:c5:27:78:
                    e2:82:2d:20:ba:30:b7:0c:5c:36:53:44:f9:05:22:
                    b7:2b:e4:f0:09:72:6e:6f:e6:b0:ff:9f:43:58:20:
                    f5:5b:a9:0b:25:75:34:56:94:a6:25:8d:b1:34:29:
                    1d:d1:10:3f:84:1d:63:3c:e0:91:24:7a:92:da:3e:
                    0c:e8:77:b4:a3:dc:35:43:33:22:1c:78:e1:50:39:
                    95:c2:0c:52:14:8b:ee:17:a0:cc:08:a1:65:45:3f:
                    dc:72:9a:1a:89:5e:c9:5c:b9:6a:4b:ff:ab:f2:a5:
                    9e:be:57:5e:0f:39:2c:78:a3:5c:e4:f0:71:fa:bb:
                    29:ba:25:bd:cd:95:4d:b6:f3:1d:1f:23:60:dd:65:
                    e6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:EB:69:70:BA:81:F3:58:15:B4:78:6A:BF:81:6C:9C:CE:CF:F4:91
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/9OtpcLqB81gVtHhqv4FsnM7P9JE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:42:0e:22:4b:cd:ae:28:09:6b:6c:26:0b:04:23:44:9b:41:
         08:58:7e:78:a2:7b:5e:91:51:14:f5:1b:1e:9a:43:2e:16:b1:
         38:bb:9e:f9:d2:f8:eb:6f:d5:09:bb:82:be:3b:5b:7b:ba:a7:
         c9:27:b0:45:dd:59:20:27:ff:a0:54:0e:bb:00:dc:27:ad:24:
         0f:bf:65:27:1d:4a:f8:e9:3b:f1:db:dd:0b:d6:65:a8:be:d1:
         91:17:b5:4a:06:8b:29:8d:84:bd:79:07:33:fe:52:e8:40:cc:
         13:0b:2d:6c:67:4f:92:3d:14:cb:4d:7d:f4:ee:6b:04:da:d7:
         d5:28:4d:c5:8b:2a:ec:f8:e7:1f:14:c2:c9:03:ad:41:71:7f:
         ea:38:9a:e3:17:5f:0f:47:be:84:e6:1f:c5:98:03:da:6a:75:
         7c:1c:aa:e5:98:01:3a:e6:91:a5:52:09:39:37:8f:b5:84:7e:
         32:bb:3c:11:b0:cb:ed:c9:4f:5a:d6:be:b7:a9:20:d9:b9:58:
         a8:62:f2:d9:4f:67:6a:7e:3d:ef:21:0c:c0:7c:cf:67:b5:54:
         bf:b6:6f:68:56:83:87:74:68:7d:e9:f1:27:90:5a:85:d7:8f:
         b4:ed:f2:5b:db:03:7b:7d:41:68:6f:69:e9:69:ec:66:c8:fd:
         ae:5b:63:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSn9I4Mt1Sbs/+HnMnS8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGViNjk3MGJhODFmMzU4MTViNDc4NmFiZjgxNmM5Y2NlY2ZmNDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOV5GUwFyoSjhSC6PIDm9iDv3ALi
qyr4xHo/MYI4W/HUzJYjEqd8RysCJudVd++Ro4ucebjG+5pMkfaI/Am9DKfrGt2R
MDHBjlmOV/rW5FCKmOO6cAlZ4LQTWvDD+XF1swGcSmtT/OdYkK7eQoD4sjzh3wzF
J3jigi0gujC3DFw2U0T5BSK3K+TwCXJub+aw/59DWCD1W6kLJXU0VpSmJY2xNCkd
0RA/hB1jPOCRJHqS2j4M6He0o9w1QzMiHHjhUDmVwgxSFIvuF6DMCKFlRT/ccpoa
iV7JXLlqS/+r8qWevldeDzkseKNc5PBx+rspuiW9zZVNtvMdHyNg3WXmdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTraXC6gfNYFbR4ar+BbJzOz/SRMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvOU90cGNMcUI4MWdWdEhocXY0RnNuTTdQOUpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeaiMA0G
CSqGSIb3DQEBCwUAA4IBAQAZQg4iS82uKAlrbCYLBCNEm0EIWH54ontekVEU9Rse
mkMuFrE4u5750vjrb9UJu4K+O1t7uqfJJ7BF3VkgJ/+gVA67ANwnrSQPv2UnHUr4
6Tvx290L1mWovtGRF7VKBospjYS9eQcz/lLoQMwTCy1sZ0+SPRTLTX307msE2tfV
KE3Fiyrs+OcfFMLJA61BcX/qOJrjF18PR76E5h/FmAPaanV8HKrlmAE65pGlUgk5
N4+1hH4yuzwRsMvtyU9a1r63qSDZuVioYvLZT2dqfj3vIQzAfM9ntVS/tm9oVoOH
dGh96fEnkFqF14+07fJb2wN7fUFob2npaexmyP2uW2PW
-----END CERTIFICATE-----