Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/yu0XvrstLowV9ujcFFszjrsI5Kc.roa
File:                     yu0XvrstLowV9ujcFFszjrsI5Kc.roa (raw, json)
Hash identifier:          rEdECwGvlqvGQno8BGFyfTKdEPbScV325pXYeiCBsws=
Subject key identifier:   CA:ED:17:BE:BB:2D:2E:8C:15:F6:E8:DC:14:5B:33:8E:BB:08:E4:A7
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01941FFA94432B2D9DE4182236DFD9DDD9F1
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/yu0XvrstLowV9ujcFFszjrsI5Kc.roa
Signing time:             Wed 01 Jan 2025 03:48:23 +0000
ROA not before:           Wed 01 Jan 2025 03:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48558
IP address blocks:        37.230.206.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 09:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:94:43:2b:2d:9d:e4:18:22:36:df:d9:dd:d9:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caed17bebb2d2e8c15f6e8dc145b338ebb08e4a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:05:16:54:74:4d:ad:e5:e9:f1:a4:37:a3:98:
                    45:90:67:db:f5:83:05:b9:21:eb:c8:23:eb:4d:fc:
                    1a:ed:2b:d0:26:37:82:d1:cf:bd:62:07:61:b6:ab:
                    df:b9:52:d3:87:7a:fd:01:aa:9d:aa:2a:95:b4:04:
                    bc:c4:18:71:3f:8b:c9:79:ac:ee:75:f2:a5:b5:a5:
                    c5:2c:5e:4c:af:aa:80:68:73:c5:4f:a5:60:61:85:
                    b1:0d:c2:14:3b:46:ea:f6:e3:18:e9:9d:a9:96:bd:
                    f9:e8:72:68:01:69:61:51:14:13:3f:19:5f:27:70:
                    7a:dc:33:37:95:4c:69:20:96:11:27:46:3b:fc:65:
                    90:59:b9:10:f5:75:5d:74:33:80:e2:5c:61:6e:3d:
                    69:a1:e3:82:29:ea:4d:32:2c:e4:94:69:da:68:c1:
                    0f:f7:90:1e:c5:d5:4e:4d:84:ca:71:71:e1:98:e4:
                    80:45:45:27:c5:ce:19:e1:3a:14:db:12:c2:58:30:
                    73:85:60:82:9a:13:22:de:24:f6:29:ff:c9:b0:4d:
                    e5:f2:67:41:0a:91:57:3e:91:7b:48:9f:cd:38:f4:
                    29:ed:40:92:b4:dd:38:b4:5e:40:68:8f:99:bf:7d:
                    fa:a2:3a:94:90:6a:52:6a:9b:59:38:0e:70:65:c4:
                    5a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:ED:17:BE:BB:2D:2E:8C:15:F6:E8:DC:14:5B:33:8E:BB:08:E4:A7
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/yu0XvrstLowV9ujcFFszjrsI5Kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:8e:f5:61:00:be:74:74:44:35:bd:fc:25:d1:5a:f9:9c:34:
         02:0c:e9:d6:ec:2d:7c:b8:e0:fd:c5:01:5e:fe:1b:d3:dc:92:
         69:ee:e6:4d:8f:b0:d0:51:4a:35:55:51:4e:55:e1:49:3f:f8:
         a4:d6:29:de:b0:c1:0a:a2:87:07:bd:9e:ee:32:bc:bc:dd:e2:
         ff:0b:d4:4d:51:2b:ed:9f:57:ae:ce:b3:b0:e8:36:0e:fd:a9:
         0f:07:2a:50:69:68:7b:79:f8:70:fb:f7:a2:d3:66:37:bd:9d:
         2a:9f:c8:f6:a7:7c:86:70:5a:54:12:1c:e1:2d:c3:3d:05:ed:
         6d:07:14:c0:5c:d4:eb:e8:66:9b:04:4b:e2:3f:cc:2e:a8:ee:
         a5:07:b4:1f:a7:6d:65:af:97:80:bd:a9:9c:67:eb:85:42:0c:
         e5:27:fb:db:85:3e:d4:14:57:31:90:75:9e:a1:96:41:88:7f:
         84:32:bd:92:14:56:3e:76:5e:1a:58:8a:65:0c:5a:96:a0:04:
         e3:10:b5:62:6c:64:ad:e6:ec:b9:67:1d:e7:b9:af:9b:91:09:
         03:fe:e1:1a:b5:8a:f8:a5:58:a2:6a:8a:6f:6b:17:f5:a7:94:
         23:f1:c1:e7:e3:35:89:3b:dd:0b:d6:35:af:27:86:aa:f3:79:
         40:34:a1:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pRDKy2d5BgiNt/Z3dnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjUwMTAxMDM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWVkMTdiZWJiMmQyZThjMTVmNmU4ZGMxNDViMzM4ZWJiMDhlNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowUWVHRNreXp8aQ3o5hFkGfb9YMF
uSHryCPrTfwa7SvQJjeC0c+9YgdhtqvfuVLTh3r9AaqdqiqVtAS8xBhxP4vJeazu
dfKltaXFLF5Mr6qAaHPFT6VgYYWxDcIUO0bq9uMY6Z2plr356HJoAWlhURQTPxlf
J3B63DM3lUxpIJYRJ0Y7/GWQWbkQ9XVddDOA4lxhbj1poeOCKepNMizklGnaaMEP
95AexdVOTYTKcXHhmOSARUUnxc4Z4ToU2xLCWDBzhWCCmhMi3iT2Kf/JsE3l8mdB
CpFXPpF7SJ/NOPQp7UCStN04tF5AaI+Zv336ojqUkGpSaptZOA5wZcRa9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrtF767LS6MFfbo3BRbM467COSnMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEveXUwWHZyc3RMb3dWOXVqY0ZGc3pqcnNJNUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJebOMA0G
CSqGSIb3DQEBCwUAA4IBAQAZjvVhAL50dEQ1vfwl0Vr5nDQCDOnW7C18uOD9xQFe
/hvT3JJp7uZNj7DQUUo1VVFOVeFJP/ik1inesMEKoocHvZ7uMry83eL/C9RNUSvt
n1euzrOw6DYO/akPBypQaWh7efhw+/ei02Y3vZ0qn8j2p3yGcFpUEhzhLcM9Be1t
BxTAXNTr6GabBEviP8wuqO6lB7Qfp21lr5eAvamcZ+uFQgzlJ/vbhT7UFFcxkHWe
oZZBiH+EMr2SFFY+dl4aWIplDFqWoATjELVibGSt5uy5Zx3nua+bkQkD/uEatYr4
pViiaopvaxf1p5Qj8cHn4zWJO90L1jWvJ4aq83lANKHl
-----END CERTIFICATE-----