Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/xcgeHmDsyOVeK_fR1NxQtSbkQSs.roa
File:                     xcgeHmDsyOVeK_fR1NxQtSbkQSs.roa (raw, json)
Hash identifier:          DOMmIyd7qtCmZMzTOfaLMuc5QjYRZsywajjAk9vJLiY=
Subject key identifier:   C5:C8:1E:1E:60:EC:C8:E5:5E:2B:F7:D1:D4:DC:50:B5:26:E4:41:2B
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFAAA6BC44CF3F4B4E29F14B0995BF6
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/xcgeHmDsyOVeK_fR1NxQtSbkQSs.roa
Signing time:             Wed 01 Jan 2025 03:48:28 +0000
ROA not before:           Wed 01 Jan 2025 03:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206153
IP address blocks:        37.230.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:aa:6b:c4:4c:f3:f4:b4:e2:9f:14:b0:99:5b:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5c81e1e60ecc8e55e2bf7d1d4dc50b526e4412b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:69:22:59:35:2b:c7:ba:1a:2b:b4:63:b1:9f:
                    1d:06:b9:ac:d5:47:5d:9d:9b:b0:f3:c7:af:72:62:
                    b9:13:c5:6b:83:c7:7f:8c:9f:52:de:0a:c6:75:4d:
                    cb:15:44:90:4f:b2:8e:51:bd:f3:f1:d4:73:49:72:
                    f9:36:f7:36:4e:00:3a:80:f8:d2:19:4a:93:59:66:
                    e4:5b:87:63:6d:5b:cf:fa:03:e4:70:8d:1c:1c:48:
                    16:9f:87:bc:a1:c3:d1:74:85:27:d3:4f:30:29:f5:
                    d7:af:b1:cf:af:0f:1c:b5:c8:a6:ea:e5:2a:d3:5a:
                    95:de:20:36:ff:03:89:98:a9:4b:cd:95:a5:6d:79:
                    04:a5:20:97:44:d8:6f:4d:0c:33:35:5c:e7:4f:be:
                    c8:c8:d3:7b:8c:dc:fe:53:5a:70:20:03:d8:f7:36:
                    8d:4b:5f:3a:ad:55:79:21:6f:3c:74:c7:ec:a4:6a:
                    64:93:c6:08:01:a0:f2:4e:39:4e:b1:c6:1e:8e:e2:
                    1d:90:a3:94:93:c3:05:21:8b:ae:29:59:d8:fe:e8:
                    5e:34:02:ec:dc:fd:7e:14:f9:5f:fa:16:c8:25:48:
                    70:ff:b6:bd:2c:28:44:f4:aa:d6:dd:15:1e:1a:60:
                    ed:4e:13:1b:04:05:6e:e4:74:ad:a8:15:e8:71:d7:
                    ef:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C8:1E:1E:60:EC:C8:E5:5E:2B:F7:D1:D4:DC:50:B5:26:E4:41:2B
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/xcgeHmDsyOVeK_fR1NxQtSbkQSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ee:0a:37:3a:6e:10:8f:bb:6a:11:d4:9e:d0:69:04:9f:8f:
         0b:f3:c5:55:e9:fc:b0:b0:9a:5b:92:fd:25:cc:cb:73:f0:df:
         8b:d8:50:9b:f6:55:b4:e3:a6:86:46:30:2f:e3:b0:52:be:c7:
         56:df:92:e2:3e:34:86:f3:f5:77:1c:b1:b7:37:d3:4f:65:7e:
         c6:a8:6a:5f:c1:7d:10:f2:e4:c4:5a:f9:8a:c1:b2:60:97:22:
         a3:81:6f:40:3d:4f:62:f6:f5:55:fb:9a:bf:2d:c7:a1:10:74:
         e8:95:68:ff:90:4f:9f:01:ed:8e:1f:ab:d0:e6:50:79:46:35:
         eb:08:cc:23:3e:fb:ee:07:bc:51:19:7b:74:87:ba:d0:bf:09:
         f5:ea:f3:1b:04:4d:e5:93:bf:7d:03:9f:b9:e1:59:6c:d9:cd:
         16:52:2d:75:1b:18:38:ba:a1:a3:37:5c:6b:c0:f8:66:63:fd:
         64:f2:3b:04:91:a3:0e:67:46:ad:b0:cd:8d:7c:6c:f6:a2:f4:
         25:90:69:3e:77:f6:8c:50:a7:f8:9c:28:ca:55:55:f4:58:7e:
         f8:2c:2f:a4:1f:1d:7c:18:22:d0:c7:e7:d3:09:d2:39:35:f9:
         79:61:d7:e4:f8:30:d3:11:83:68:00:75:e2:9c:af:0f:29:6e:
         33:7a:d4:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qprxEzz9LTinxSwmVv2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWM4MWUxZTYwZWNjOGU1NWUyYmY3ZDFkNGRjNTBiNTI2ZTQ0MTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWkiWTUrx7oaK7RjsZ8dBrms1Udd
nZuw88evcmK5E8Vrg8d/jJ9S3grGdU3LFUSQT7KOUb3z8dRzSXL5Nvc2TgA6gPjS
GUqTWWbkW4djbVvP+gPkcI0cHEgWn4e8ocPRdIUn008wKfXXr7HPrw8ctcim6uUq
01qV3iA2/wOJmKlLzZWlbXkEpSCXRNhvTQwzNVznT77IyNN7jNz+U1pwIAPY9zaN
S186rVV5IW88dMfspGpkk8YIAaDyTjlOscYejuIdkKOUk8MFIYuuKVnY/uheNALs
3P1+FPlf+hbIJUhw/7a9LChE9KrW3RUeGmDtThMbBAVu5HStqBXocdfv6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXIHh5g7MjlXiv30dTcULUm5EErMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEveGNnZUhtRHN5T1ZlS19mUjFOeFF0U2JrUVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeafMA0G
CSqGSIb3DQEBCwUAA4IBAQA17go3Om4Qj7tqEdSe0GkEn48L88VV6fywsJpbkv0l
zMtz8N+L2FCb9lW046aGRjAv47BSvsdW35LiPjSG8/V3HLG3N9NPZX7GqGpfwX0Q
8uTEWvmKwbJglyKjgW9APU9i9vVV+5q/LcehEHTolWj/kE+fAe2OH6vQ5lB5RjXr
CMwjPvvuB7xRGXt0h7rQvwn16vMbBE3lk799A5+54Vls2c0WUi11Gxg4uqGjN1xr
wPhmY/1k8jsEkaMOZ0atsM2NfGz2ovQlkGk+d/aMUKf4nCjKVVX0WH74LC+kHx18
GCLQx+fTCdI5Nfl5Ydfk+DDTEYNoAHXinK8PKW4zetRf
-----END CERTIFICATE-----