Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/NpSer4-SQVGkWa8AEh6VJSFuols.roa
File:                     NpSer4-SQVGkWa8AEh6VJSFuols.roa (raw, json)
Hash identifier:          FU8oh1uCz1xxBF/yjqNbuvMccaZW9gytcYlJBSOiXO4=
Subject key identifier:   36:94:9E:AF:8F:92:41:51:A4:59:AF:00:12:1E:95:25:21:6E:A2:5B
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A8500B32BDEBB2E16B724521823D1
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/NpSer4-SQVGkWa8AEh6VJSFuols.roa
Signing time:             Mon 01 Jan 2024 18:30:21 +0000
ROA not before:           Mon 01 Jan 2024 18:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204496
IP address blocks:        37.18.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:85:00:b3:2b:de:bb:2e:16:b7:24:52:18:23:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36949eaf8f924151a459af00121e9525216ea25b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fc:f2:14:ab:bb:c7:09:ea:c0:87:7a:af:cb:
                    3d:15:41:79:c8:04:15:ab:51:c2:23:f4:d0:ae:05:
                    03:09:e1:bd:5f:c0:72:61:55:6a:a1:7b:49:74:30:
                    e4:de:8d:58:8c:1a:47:b7:cf:59:e9:c9:15:bb:be:
                    09:d8:9f:36:e3:42:dd:76:bb:3c:3f:b0:8b:4a:3c:
                    b8:5c:bb:08:70:7b:75:ba:73:e6:ee:42:12:54:ae:
                    f1:72:61:b9:09:7b:61:0f:20:d2:c2:a8:23:b2:1c:
                    98:98:84:66:a3:38:62:91:68:c3:1d:48:76:66:41:
                    74:96:2a:7e:70:5c:71:60:52:73:75:53:05:de:1c:
                    51:6a:14:3f:96:d6:6e:8b:e2:0f:e0:ea:cb:6c:68:
                    43:c6:98:25:0c:6d:8e:56:ea:a0:ee:88:e1:ec:9c:
                    ed:8f:51:37:89:6e:40:23:64:04:b5:42:79:56:71:
                    06:30:02:96:2a:d7:3f:16:d1:60:9e:ae:fa:86:04:
                    e4:06:4b:7e:39:33:c9:9d:8f:b6:50:f0:ca:dd:01:
                    3b:0b:5f:63:b0:14:cc:df:8c:f2:bd:95:8c:f6:15:
                    aa:20:2b:b1:38:16:aa:20:f8:e8:3a:fd:5f:31:8d:
                    96:e7:a6:e4:5e:bd:3f:da:38:cd:fe:df:be:c5:29:
                    5d:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:94:9E:AF:8F:92:41:51:A4:59:AF:00:12:1E:95:25:21:6E:A2:5B
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/NpSer4-SQVGkWa8AEh6VJSFuols.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:b6:54:c5:bd:ee:09:65:21:d5:d5:9d:7f:88:11:5f:e7:21:
         b8:bf:42:f3:f8:b2:5e:35:2d:bc:81:fd:bf:9d:e8:c3:79:3b:
         86:e8:eb:3f:fe:54:ad:94:c1:01:f1:f6:33:95:81:5c:99:c1:
         da:d4:f4:7a:f0:43:ff:dc:86:ce:fd:de:d8:d4:5f:af:bb:b3:
         2a:ad:32:22:b1:a6:71:9b:be:fa:66:82:cb:51:59:91:0d:1b:
         1e:66:9b:12:3e:b0:05:a2:6b:1b:77:4a:aa:42:e2:ab:87:cc:
         aa:aa:20:1e:25:41:37:8d:a9:f9:14:df:ac:3d:13:a4:af:ea:
         4b:53:8d:5e:e0:94:e1:07:0a:cf:57:10:cf:37:a5:3d:1d:0c:
         c0:8d:f5:b0:19:10:db:2c:bb:6a:35:ba:83:58:51:0f:26:50:
         85:16:50:11:b5:b7:e1:41:94:ef:a9:60:5b:8f:d6:ad:78:be:
         5a:df:1d:ad:82:86:0d:c6:b6:e4:c3:e9:5c:48:52:06:d7:fd:
         39:53:f8:21:21:ee:ce:2e:28:b9:4b:5d:03:e2:f4:ed:50:8b:
         8f:46:da:9c:8b:4c:f8:98:41:d5:c1:33:1c:10:54:d9:0a:3a:
         fa:e2:5b:04:f1:95:da:95:16:a8:c3:67:34:8a:8c:c6:8f:38:
         da:23:b0:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSoUAsyveuy4WtyRSGCPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjk0OWVhZjhmOTI0MTUxYTQ1OWFmMDAxMjFlOTUyNTIxNmVhMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofzyFKu7xwnqwId6r8s9FUF5yAQV
q1HCI/TQrgUDCeG9X8ByYVVqoXtJdDDk3o1YjBpHt89Z6ckVu74J2J8240Lddrs8
P7CLSjy4XLsIcHt1unPm7kISVK7xcmG5CXthDyDSwqgjshyYmIRmozhikWjDHUh2
ZkF0lip+cFxxYFJzdVMF3hxRahQ/ltZui+IP4OrLbGhDxpglDG2OVuqg7ojh7Jzt
j1E3iW5AI2QEtUJ5VnEGMAKWKtc/FtFgnq76hgTkBkt+OTPJnY+2UPDK3QE7C19j
sBTM34zyvZWM9hWqICuxOBaqIPjoOv1fMY2W56bkXr0/2jjN/t++xSldlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaUnq+PkkFRpFmvABIelSUhbqJbMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvTnBTZXI0LVNRVkdrV2E4QUVoNlZKU0Z1b2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRI7MA0G
CSqGSIb3DQEBCwUAA4IBAQAQtlTFve4JZSHV1Z1/iBFf5yG4v0Lz+LJeNS28gf2/
nejDeTuG6Os//lStlMEB8fYzlYFcmcHa1PR68EP/3IbO/d7Y1F+vu7MqrTIisaZx
m776ZoLLUVmRDRseZpsSPrAFomsbd0qqQuKrh8yqqiAeJUE3jan5FN+sPROkr+pL
U41e4JThBwrPVxDPN6U9HQzAjfWwGRDbLLtqNbqDWFEPJlCFFlARtbfhQZTvqWBb
j9ateL5a3x2tgoYNxrbkw+lcSFIG1/05U/ghIe7OLii5S10D4vTtUIuPRtqci0z4
mEHVwTMcEFTZCjr64lsE8ZXalRaow2c0iozGjzjaI7By
-----END CERTIFICATE-----