Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/u7SGkKjyt6Wn13UgxmzX3O8hNqg.roa
File:                     u7SGkKjyt6Wn13UgxmzX3O8hNqg.roa (raw, json)
Hash identifier:          pFxROog4BD7dnLQYh3rawpuRD6PcOVvrlV6iT1GYQrE=
Subject key identifier:   BB:B4:86:90:A8:F2:B7:A5:A7:D7:75:20:C6:6C:D7:DC:EF:21:36:A8
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFA989DE4712E6A1C19EA04911F6E7A
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/u7SGkKjyt6Wn13UgxmzX3O8hNqg.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56676
IP address blocks:        37.230.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 18:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:98:9d:e4:71:2e:6a:1c:19:ea:04:91:1f:6e:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bbb48690a8f2b7a5a7d77520c66cd7dcef2136a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:50:1a:d6:b2:4b:5f:c0:42:01:41:ad:68:79:
                    1b:d5:e3:a6:78:d4:8c:fa:26:eb:fe:86:67:0b:19:
                    7a:1c:ce:f0:61:cd:d9:b8:23:c5:ee:a4:14:8a:62:
                    d5:e6:80:e6:9d:3c:aa:c2:43:83:f0:4e:55:2f:49:
                    53:d3:ff:08:5a:1a:1c:90:c1:87:4e:57:32:c5:1a:
                    b0:e6:a2:5e:ba:d1:af:0c:a0:c8:71:5f:32:5d:70:
                    7c:b7:ac:be:f8:0c:f9:85:13:f9:bc:fa:d6:7c:a5:
                    08:ef:d3:94:97:73:8b:45:6a:e7:68:0b:af:5a:a3:
                    0e:d0:72:12:6f:cd:ca:3f:17:58:e0:5a:50:40:8f:
                    6a:ad:0f:db:3f:cd:ab:36:e5:d9:c3:53:24:e6:4a:
                    8b:fa:2d:d3:e7:92:20:78:73:67:29:51:c0:e0:a2:
                    ff:61:28:40:00:9a:96:06:97:b1:54:52:aa:5e:21:
                    40:15:6e:bc:22:9d:68:83:14:40:b3:74:90:4f:55:
                    3e:49:51:e8:6a:a1:8c:89:4e:0e:89:41:70:58:32:
                    6a:b9:bf:6d:8e:bb:4d:8f:fb:ef:3f:71:a6:47:c5:
                    00:d1:81:18:53:8b:38:97:d6:ca:d5:c3:ad:55:64:
                    c5:95:40:3c:5c:0a:af:ce:dd:b1:07:bd:b5:57:bd:
                    d2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B4:86:90:A8:F2:B7:A5:A7:D7:75:20:C6:6C:D7:DC:EF:21:36:A8
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/u7SGkKjyt6Wn13UgxmzX3O8hNqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:a8:0b:62:95:ef:86:64:05:d0:e5:61:35:48:34:c4:f9:ae:
         7b:2f:c0:6c:2f:a1:10:43:fd:b7:10:17:f9:14:ad:61:c7:10:
         3a:07:eb:69:ed:11:65:86:02:eb:33:3e:40:6e:c4:65:d6:72:
         b7:e6:9c:d0:9d:c0:d6:c4:82:20:83:1b:72:bd:5c:8d:61:3e:
         f4:ff:58:7a:79:74:d1:85:fd:b2:5a:df:00:a0:b6:b9:49:94:
         b3:1f:40:f6:3e:0a:6c:1c:11:1a:40:b2:e9:a8:18:ae:cd:94:
         5d:8b:a3:29:9b:b9:43:0a:aa:09:02:ef:43:5f:3b:06:6c:01:
         ea:a7:c0:a1:9b:60:9a:a0:4f:5c:83:35:bd:44:21:5e:a6:74:
         19:8c:1e:82:fe:ce:19:c9:86:94:18:74:d5:54:a7:30:a5:6a:
         98:2d:bd:63:00:e2:62:a5:56:f8:b6:d7:94:ca:5e:fe:1f:07:
         a3:da:b8:7f:ef:22:ff:bd:00:f7:27:6d:b8:51:1c:3c:dc:ed:
         ed:63:57:c9:b6:09:ad:6c:2a:a4:4c:94:cb:fa:fa:60:1b:35:
         ae:2e:e5:31:8f:f0:6c:5b:8e:61:1c:12:6a:12:a9:7d:99:29:
         c5:0e:13:be:6f:46:89:c5:45:25:80:27:d2:a2:94:0a:47:20:
         09:a2:45:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pid5HEuahwZ6gSRH256MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmI0ODY5MGE4ZjJiN2E1YTdkNzc1MjBjNjZjZDdkY2VmMjEzNmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8VAa1rJLX8BCAUGtaHkb1eOmeNSM
+ibr/oZnCxl6HM7wYc3ZuCPF7qQUimLV5oDmnTyqwkOD8E5VL0lT0/8IWhockMGH
TlcyxRqw5qJeutGvDKDIcV8yXXB8t6y++Az5hRP5vPrWfKUI79OUl3OLRWrnaAuv
WqMO0HISb83KPxdY4FpQQI9qrQ/bP82rNuXZw1Mk5kqL+i3T55IgeHNnKVHA4KL/
YShAAJqWBpexVFKqXiFAFW68Ip1ogxRAs3SQT1U+SVHoaqGMiU4OiUFwWDJqub9t
jrtNj/vvP3GmR8UA0YEYU4s4l9bK1cOtVWTFlUA8XAqvzt2xB721V73SVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLu0hpCo8relp9d1IMZs19zvITaoMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvdTdTR2tLanl0NlduMTNVZ3htelgzTzhoTnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeaUMA0G
CSqGSIb3DQEBCwUAA4IBAQBLqAtile+GZAXQ5WE1SDTE+a57L8BsL6EQQ/23EBf5
FK1hxxA6B+tp7RFlhgLrMz5AbsRl1nK35pzQncDWxIIggxtyvVyNYT70/1h6eXTR
hf2yWt8AoLa5SZSzH0D2PgpsHBEaQLLpqBiuzZRdi6Mpm7lDCqoJAu9DXzsGbAHq
p8Chm2CaoE9cgzW9RCFepnQZjB6C/s4ZyYaUGHTVVKcwpWqYLb1jAOJipVb4tteU
yl7+Hwej2rh/7yL/vQD3J224URw83O3tY1fJtgmtbCqkTJTL+vpgGzWuLuUxj/Bs
W45hHBJqEql9mSnFDhO+b0aJxUUlgCfSopQKRyAJokWP
-----END CERTIFICATE-----