Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/mRfKOqb4kumUNGxNDhhGl1UwNEc.roa
File:                     mRfKOqb4kumUNGxNDhhGl1UwNEc.roa (raw, json)
Hash identifier:          DfuwKwWvv+AAG8fOivlSf/iPuGsxeXcpA/xRoEGWkMI=
Subject key identifier:   99:17:CA:3A:A6:F8:92:E9:94:34:6C:4D:0E:18:46:97:55:30:34:47
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFA91C083A44EBB7BF310A699A24E99
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/mRfKOqb4kumUNGxNDhhGl1UwNEc.roa
Signing time:             Wed 01 Jan 2025 03:48:22 +0000
ROA not before:           Wed 01 Jan 2025 03:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24774
IP address blocks:        37.230.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:91:c0:83:a4:4e:bb:7b:f3:10:a6:99:a2:4e:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9917ca3aa6f892e994346c4d0e18469755303447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:bd:b2:ce:fb:87:33:45:7c:dc:a5:90:20:9d:
                    84:df:64:3f:ec:71:65:44:d4:4e:ed:3c:fe:34:d9:
                    82:e1:cc:a6:36:bf:07:b6:7e:1d:d0:d2:cb:09:da:
                    1f:30:05:09:a9:51:92:71:0a:7b:36:be:71:58:c4:
                    21:a8:dc:08:24:a4:8b:30:a5:cd:90:90:57:8f:50:
                    9a:a3:3f:07:7e:20:2b:29:be:1c:b8:9b:02:c1:45:
                    e5:7f:2d:83:e4:87:7d:7b:68:99:72:a3:41:4a:6b:
                    a5:a0:49:6b:c7:36:98:75:2a:62:c9:48:0d:f7:87:
                    89:70:bf:53:e8:f9:38:85:9c:bd:71:b9:42:7b:32:
                    06:c4:38:8b:ca:9c:cf:e1:7e:e4:d2:87:14:95:e7:
                    68:38:1f:5f:0f:fa:28:10:ce:b1:55:08:ad:2b:ed:
                    b8:27:39:84:36:89:77:90:78:81:36:4e:84:af:76:
                    dc:08:30:7b:0b:e4:42:c8:3a:62:88:ae:7d:c8:b3:
                    9f:28:61:a3:aa:27:94:4c:20:b5:a7:30:ce:fe:63:
                    6f:7e:44:56:5a:03:1c:42:e1:c9:34:4b:5c:2e:f2:
                    da:fb:98:fb:eb:21:a9:cd:0d:e7:ec:96:ff:92:27:
                    ad:96:71:15:67:1c:19:85:00:59:36:ab:e2:a4:c5:
                    9e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:17:CA:3A:A6:F8:92:E9:94:34:6C:4D:0E:18:46:97:55:30:34:47
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/mRfKOqb4kumUNGxNDhhGl1UwNEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:b2:c4:36:2e:8f:1e:cf:bd:08:14:a2:d9:5b:cf:79:dd:9d:
         f2:63:e0:66:0c:f6:e6:f2:0b:f2:c9:0f:6c:60:dc:15:6c:a1:
         2d:45:b4:61:83:45:de:c0:ca:61:1a:72:07:c8:bc:ed:93:5b:
         01:ae:c0:92:db:b4:bf:85:55:e2:9a:7e:a6:a2:2d:29:4d:9c:
         73:23:e1:c8:58:09:1a:14:db:14:fc:82:05:f7:4b:02:08:10:
         98:a9:df:4d:f2:45:2c:83:fd:52:f2:38:e3:90:1b:ea:8d:d2:
         70:f4:7b:dd:0a:09:11:8d:3e:2a:68:ff:cd:b9:0f:f7:9e:0e:
         cb:ab:69:33:6a:57:53:87:ba:65:5a:9e:7a:d3:79:b6:0c:e3:
         5a:e0:bf:73:70:12:fe:b8:f6:0c:f7:48:1c:b9:6f:21:ff:b9:
         39:be:eb:e5:c3:c3:da:c0:3e:0a:5f:5d:af:e9:cf:7a:a5:40:
         a5:54:1b:3d:6c:ad:4c:ae:42:6c:ad:38:cf:f4:9e:2e:e8:7b:
         62:16:4f:a9:dc:86:c0:5a:2c:3a:2d:ab:77:11:62:d8:f8:75:
         d2:e9:2a:63:68:3d:da:11:d6:f8:5d:38:a7:b5:8d:06:64:3a:
         9f:3a:e7:2e:d3:4f:f0:11:fa:7f:84:6b:24:05:cf:80:9b:34:
         c0:4e:76:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pHAg6ROu3vzEKaZok6ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTE3Y2EzYWE2Zjg5MmU5OTQzNDZjNGQwZTE4NDY5NzU1MzAzNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8r2yzvuHM0V83KWQIJ2E32Q/7HFl
RNRO7Tz+NNmC4cymNr8Htn4d0NLLCdofMAUJqVGScQp7Nr5xWMQhqNwIJKSLMKXN
kJBXj1Caoz8HfiArKb4cuJsCwUXlfy2D5Id9e2iZcqNBSmuloElrxzaYdSpiyUgN
94eJcL9T6Pk4hZy9cblCezIGxDiLypzP4X7k0ocUledoOB9fD/ooEM6xVQitK+24
JzmENol3kHiBNk6Er3bcCDB7C+RCyDpiiK59yLOfKGGjqieUTCC1pzDO/mNvfkRW
WgMcQuHJNEtcLvLa+5j76yGpzQ3n7Jb/kietlnEVZxwZhQBZNqvipMWeWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJkXyjqm+JLplDRsTQ4YRpdVMDRHMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvbVJmS09xYjRrdW1VTkd4TkRoaEdsMVV3TkVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeahMA0G
CSqGSIb3DQEBCwUAA4IBAQCxssQ2Lo8ez70IFKLZW8953Z3yY+BmDPbm8gvyyQ9s
YNwVbKEtRbRhg0XewMphGnIHyLztk1sBrsCS27S/hVXimn6moi0pTZxzI+HIWAka
FNsU/IIF90sCCBCYqd9N8kUsg/1S8jjjkBvqjdJw9HvdCgkRjT4qaP/NuQ/3ng7L
q2kzaldTh7plWp5603m2DONa4L9zcBL+uPYM90gcuW8h/7k5vuvlw8PawD4KX12v
6c96pUClVBs9bK1MrkJsrTjP9J4u6HtiFk+p3IbAWiw6Lat3EWLY+HXS6SpjaD3a
Edb4XTintY0GZDqfOucu00/wEfp/hGskBc+AmzTATnY6
-----END CERTIFICATE-----