Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/k8oETJh9gIX3lWpW0urDaphH1Jw.roa
File:                     k8oETJh9gIX3lWpW0urDaphH1Jw.roa (raw, json)
Hash identifier:          7SnQv0Okz7EYTh7eXDWxAxwLJa6sewF+EcDKX7QCgEk=
Subject key identifier:   93:CA:04:4C:98:7D:80:85:F7:95:6A:56:D2:EA:C3:6A:98:47:D4:9C
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       018CC64A8B9006DAE5AC4293201689174AC9
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/k8oETJh9gIX3lWpW0urDaphH1Jw.roa
Signing time:             Mon 01 Jan 2024 18:30:23 +0000
ROA not before:           Mon 01 Jan 2024 18:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210160
IP address blocks:        37.18.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:26:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8b:90:06:da:e5:ac:42:93:20:16:89:17:4a:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93ca044c987d8085f7956a56d2eac36a9847d49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ac:ae:60:63:06:33:87:82:29:71:da:cc:00:
                    1c:74:a9:0d:76:eb:68:12:21:30:9f:09:37:92:c7:
                    c3:ce:ee:38:10:36:c9:1d:03:16:6a:a4:78:ef:b3:
                    89:83:a3:36:5e:3b:e6:34:f4:3b:67:01:c9:94:c9:
                    1c:9f:20:92:10:3f:01:bd:32:f7:e5:57:0d:57:c4:
                    b9:e8:6b:1d:ec:57:03:81:3a:47:10:38:4e:d4:30:
                    05:bf:57:1b:ce:0f:d7:b5:7d:3b:ab:81:34:2a:1a:
                    53:39:25:ca:fa:df:44:1d:00:4b:8a:b1:be:a8:44:
                    76:50:f3:d3:3d:c0:89:5c:f3:89:c0:33:a0:1a:b2:
                    66:8b:cb:0b:d4:33:0f:d3:b2:74:bf:af:0d:7a:a9:
                    f5:55:5a:73:fa:ef:42:38:4c:92:6a:7b:b7:68:ed:
                    81:bf:de:7f:d0:c6:a0:9b:7f:cc:ff:9f:f7:82:72:
                    ab:46:01:bb:06:49:47:ea:3a:bb:4f:66:cd:fe:07:
                    00:bc:fb:17:43:eb:b9:c0:9b:d9:1b:5e:8f:26:b0:
                    ec:cb:57:c3:d2:b5:4d:11:c7:64:07:f0:93:75:0c:
                    8d:84:ad:83:e1:95:e4:b3:e0:1e:67:1d:d9:6d:95:
                    c5:c4:d2:a3:f6:c8:68:36:cb:47:67:80:f7:d6:1e:
                    88:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CA:04:4C:98:7D:80:85:F7:95:6A:56:D2:EA:C3:6A:98:47:D4:9C
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/k8oETJh9gIX3lWpW0urDaphH1Jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:cd:a4:7d:89:0f:1f:f8:96:82:f3:53:0b:73:99:18:7a:e5:
         72:2c:3b:cb:94:e4:8e:47:7e:94:32:94:b8:85:c1:f4:47:b5:
         08:7e:8f:e6:4d:d1:57:47:a5:69:d8:ff:cb:24:09:76:06:20:
         e4:de:6d:b5:bf:54:cb:d7:64:6f:bf:b2:a2:80:06:b9:da:c3:
         9f:9e:33:8d:51:ad:80:5e:27:6e:a8:b8:b4:67:53:1c:f2:85:
         88:39:b0:02:7f:c4:fa:b1:db:60:e7:23:cd:de:87:c6:fd:44:
         41:78:ad:39:78:09:1e:76:57:50:72:dc:69:62:b7:62:9c:dc:
         5e:c9:54:4b:90:33:ca:0b:32:86:f5:c0:3c:a1:10:32:45:35:
         b7:4b:f6:9a:08:fc:54:e0:ab:ee:a9:92:67:5b:90:a2:05:b5:
         e7:31:bf:02:ec:d1:e1:08:e9:32:f3:9c:39:ea:5d:f0:d7:3f:
         72:fd:78:0a:06:61:58:33:54:8c:7e:ba:06:50:d9:93:1e:13:
         ec:32:d9:14:6e:36:01:eb:96:00:bd:88:5e:65:b3:3c:ad:a1:
         85:d9:e9:de:0c:12:26:c6:14:f6:be:bd:bd:df:f7:9b:d7:47:
         66:60:d9:8c:c4:b7:df:f0:07:f8:58:99:27:a6:d3:17:fa:64:
         d0:e5:46:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSouQBtrlrEKTIBaJF0rJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2NhMDQ0Yzk4N2Q4MDg1Zjc5NTZhNTZkMmVhYzM2YTk4NDdkNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqyuYGMGM4eCKXHazAAcdKkNduto
EiEwnwk3ksfDzu44EDbJHQMWaqR477OJg6M2XjvmNPQ7ZwHJlMkcnyCSED8BvTL3
5VcNV8S56Gsd7FcDgTpHEDhO1DAFv1cbzg/XtX07q4E0KhpTOSXK+t9EHQBLirG+
qER2UPPTPcCJXPOJwDOgGrJmi8sL1DMP07J0v68Neqn1VVpz+u9COEySanu3aO2B
v95/0Magm3/M/5/3gnKrRgG7BklH6jq7T2bN/gcAvPsXQ+u5wJvZG16PJrDsy1fD
0rVNEcdkB/CTdQyNhK2D4ZXks+AeZx3ZbZXFxNKj9shoNstHZ4D31h6IDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPKBEyYfYCF95VqVtLqw2qYR9ScMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvazhvRVRKaDlnSVgzbFdwVzB1ckRhcGhIMUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRJfMA0G
CSqGSIb3DQEBCwUAA4IBAQAczaR9iQ8f+JaC81MLc5kYeuVyLDvLlOSOR36UMpS4
hcH0R7UIfo/mTdFXR6Vp2P/LJAl2BiDk3m21v1TL12Rvv7KigAa52sOfnjONUa2A
XiduqLi0Z1Mc8oWIObACf8T6sdtg5yPN3ofG/URBeK05eAkedldQctxpYrdinNxe
yVRLkDPKCzKG9cA8oRAyRTW3S/aaCPxU4KvuqZJnW5CiBbXnMb8C7NHhCOky85w5
6l3w1z9y/XgKBmFYM1SMfroGUNmTHhPsMtkUbjYB65YAvYheZbM8raGF2eneDBIm
xhT2vr293/eb10dmYNmMxLff8Af4WJknptMX+mTQ5UZm
-----END CERTIFICATE-----