Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/nXrKlCZu0Ypo2G-SecdZT-RiQU0.roa
File:                     nXrKlCZu0Ypo2G-SecdZT-RiQU0.roa (raw, json)
Hash identifier:          BM0V8g5yTDKfM0o+qn6BIHqQYm1jmJCmcmzgBQB8vmA=
Subject key identifier:   9D:7A:CA:94:26:6E:D1:8A:68:D8:6F:92:79:C7:59:4F:E4:62:41:4D
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFAB18F475172E835C7E1748F6EAC59
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/nXrKlCZu0Ypo2G-SecdZT-RiQU0.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212539
IP address blocks:        37.230.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b1:8f:47:51:72:e8:35:c7:e1:74:8f:6e:ac:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d7aca94266ed18a68d86f9279c7594fe462414d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3f:aa:20:a3:00:c1:c8:68:16:56:ee:d8:03:
                    50:88:99:9b:e7:1f:60:db:ea:95:07:82:9c:fb:23:
                    82:e2:43:b4:65:0a:ac:7b:3e:7a:58:6c:08:4c:9a:
                    59:65:4f:f1:89:90:dc:a9:0d:79:65:dc:ba:83:e7:
                    a9:8f:5c:8a:c7:fe:85:c8:8e:c9:66:9f:d9:34:96:
                    b2:d3:4c:6f:21:20:3e:65:91:2d:54:0f:66:f3:75:
                    cf:29:dc:24:5d:3e:cd:7c:95:8f:e6:33:92:a8:2c:
                    ae:a7:51:86:aa:3c:f6:08:a1:dd:2e:1b:da:d3:34:
                    39:ec:d2:5f:2f:b2:24:7b:43:48:20:95:84:e3:83:
                    8a:91:01:1f:84:30:aa:b4:70:cb:bc:3d:20:96:3a:
                    97:49:39:e9:66:f6:1f:01:82:b2:1a:bf:9f:84:54:
                    21:a9:58:41:26:97:f1:99:34:11:ed:cc:a0:bd:44:
                    7f:f0:26:33:ba:b1:d0:f2:82:a8:cf:a5:0f:73:2a:
                    26:e9:74:bc:f4:a4:16:54:7e:be:58:76:7b:e3:4d:
                    52:a9:f1:e4:e3:e6:7f:90:68:47:87:8c:32:2d:e3:
                    7d:f3:c0:f3:3c:70:d1:05:26:13:98:d3:b3:c2:a0:
                    74:4d:09:24:f7:56:ee:5b:91:fa:9b:4f:25:ad:2f:
                    f3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:7A:CA:94:26:6E:D1:8A:68:D8:6F:92:79:C7:59:4F:E4:62:41:4D
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/nXrKlCZu0Ypo2G-SecdZT-RiQU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:94:47:7d:c0:c6:f2:43:52:93:b8:8d:1b:ed:33:25:2a:4d:
         14:ab:df:88:f7:30:0a:c6:f3:8b:21:39:b9:1d:30:2a:ab:f4:
         c4:c5:46:f5:2b:4c:57:22:cc:57:68:05:7a:37:18:48:ef:21:
         13:91:26:bc:81:14:48:83:b9:bf:20:8f:bf:a5:b4:82:15:65:
         ba:a1:80:7f:fd:07:a5:a4:2b:78:cb:d9:9c:3d:74:0e:f6:4a:
         8d:da:01:dc:13:50:22:c9:ee:5a:79:d1:21:7d:ef:f2:f8:32:
         46:12:3a:e8:bb:90:25:8c:63:4a:01:6d:7f:88:82:64:27:51:
         18:b8:69:5a:37:f4:31:1f:b1:c9:98:cd:83:60:61:68:fd:1d:
         e1:ce:06:f8:37:a7:2d:39:04:2c:95:2d:7b:1c:1f:3d:7c:0a:
         09:c3:cc:4d:a0:a7:55:29:22:fc:ef:91:f1:ba:f8:47:fe:bd:
         96:22:ad:60:29:8d:8e:c1:11:13:d3:5d:0d:c9:ad:3c:25:a1:
         1c:02:88:21:c1:d8:dc:a1:c7:7f:02:94:79:1f:81:3a:5d:4f:
         e2:c0:17:16:34:b8:8d:85:73:a3:08:bf:92:bb:af:cf:d8:20:
         c2:5e:69:eb:e0:42:5c:67:1e:77:fa:66:9e:f5:8a:1f:24:81:
         52:2c:29:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+rGPR1Fy6DXH4XSPbqxZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDdhY2E5NDI2NmVkMThhNjhkODZmOTI3OWM3NTk0ZmU0NjI0MTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvD+qIKMAwchoFlbu2ANQiJmb5x9g
2+qVB4Kc+yOC4kO0ZQqsez56WGwITJpZZU/xiZDcqQ15Zdy6g+epj1yKx/6FyI7J
Zp/ZNJay00xvISA+ZZEtVA9m83XPKdwkXT7NfJWP5jOSqCyup1GGqjz2CKHdLhva
0zQ57NJfL7Ike0NIIJWE44OKkQEfhDCqtHDLvD0gljqXSTnpZvYfAYKyGr+fhFQh
qVhBJpfxmTQR7cygvUR/8CYzurHQ8oKoz6UPcyom6XS89KQWVH6+WHZ7401SqfHk
4+Z/kGhHh4wyLeN988DzPHDRBSYTmNOzwqB0TQkk91buW5H6m08lrS/zvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ16ypQmbtGKaNhvknnHWU/kYkFNMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvblhyS2xDWnUwWXBvMkctU2VjZFpULVJpUVUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJebtMA0G
CSqGSIb3DQEBCwUAA4IBAQBOlEd9wMbyQ1KTuI0b7TMlKk0Uq9+I9zAKxvOLITm5
HTAqq/TExUb1K0xXIsxXaAV6NxhI7yETkSa8gRRIg7m/II+/pbSCFWW6oYB//Qel
pCt4y9mcPXQO9kqN2gHcE1Aiye5aedEhfe/y+DJGEjrou5AljGNKAW1/iIJkJ1EY
uGlaN/QxH7HJmM2DYGFo/R3hzgb4N6ctOQQslS17HB89fAoJw8xNoKdVKSL875Hx
uvhH/r2WIq1gKY2OwRET010Nya08JaEcAoghwdjcocd/ApR5H4E6XU/iwBcWNLiN
hXOjCL+Su6/P2CDCXmnr4EJcZx53+mae9YofJIFSLCnX
-----END CERTIFICATE-----