Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/x6Cel_08OWE19q-AcizBR0ACi2Y.roa
File:                     x6Cel_08OWE19q-AcizBR0ACi2Y.roa (raw, json)
Hash identifier:          Sht5kyrGhRMA3M4THfiOB/W3LAiYhjT0defWZa2cBtA=
Subject key identifier:   C7:A0:9E:97:FD:3C:39:61:35:F6:AF:80:72:2C:C1:47:40:02:8B:66
Certificate issuer:       /CN=07da339e5cd3c1be02ce6802a0421856aa0b547b
Certificate serial:       0194221F9272AF9CAC438EB830AA4D052014
Authority key identifier: 07:DA:33:9E:5C:D3:C1:BE:02:CE:68:02:A0:42:18:56:AA:0B:54:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9oznlzTwb4CzmgCoEIYVqoLVHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/x6Cel_08OWE19q-AcizBR0ACi2Y.roa
Signing time:             Wed 01 Jan 2025 13:48:01 +0000
ROA not before:           Wed 01 Jan 2025 13:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7155
IP address blocks:        37.1.160.0/21 maxlen: 24
                          37.252.104.0/21 maxlen: 24
                          185.19.36.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/B9oznlzTwb4CzmgCoEIYVqoLVHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/B9oznlzTwb4CzmgCoEIYVqoLVHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9oznlzTwb4CzmgCoEIYVqoLVHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:92:72:af:9c:ac:43:8e:b8:30:aa:4d:05:20:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07da339e5cd3c1be02ce6802a0421856aa0b547b
        Validity
            Not Before: Jan  1 13:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7a09e97fd3c396135f6af80722cc14740028b66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:58:e1:29:95:50:64:28:f6:13:ba:10:47:46:
                    37:a1:13:83:bb:32:7b:6d:33:b7:51:3d:c8:9d:5d:
                    50:0d:f6:30:e4:5b:e6:ac:79:32:73:ed:14:ac:ea:
                    c8:4e:d8:b2:0c:24:62:3c:d1:d8:a8:7b:14:a7:51:
                    cd:29:1d:35:8b:cd:11:80:2a:41:9b:50:a6:5e:a0:
                    b0:6a:66:d7:67:8d:6e:8f:b8:9d:fa:cc:65:b1:3f:
                    94:32:78:21:2b:2f:5c:08:d2:03:ef:36:c8:9e:42:
                    26:38:d8:e3:89:76:9d:38:7f:4c:88:5c:46:36:67:
                    77:67:36:1a:ca:99:2c:02:cc:d5:c9:70:b7:1f:71:
                    d4:3d:9d:93:e6:f8:5c:7c:c9:06:5f:2c:a6:fe:1b:
                    bc:85:e5:46:b7:c4:95:71:7b:51:ee:96:86:ce:89:
                    b5:18:d7:98:d1:3d:d2:71:bf:5d:a8:a9:5f:f9:d8:
                    ef:97:85:e3:82:29:c4:74:80:e2:c3:dc:5b:d9:86:
                    68:3d:23:12:a3:ba:f6:f5:20:a6:6c:6b:b2:b9:c2:
                    d4:ac:e5:f9:62:42:80:5c:4c:0e:ff:dc:82:5b:3c:
                    c0:07:90:db:54:24:ca:0b:39:56:1d:3b:2c:d7:9f:
                    34:9b:cc:37:97:39:44:49:1f:2d:74:83:df:66:02:
                    a7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:A0:9E:97:FD:3C:39:61:35:F6:AF:80:72:2C:C1:47:40:02:8B:66
            X509v3 Authority Key Identifier:
                keyid:07:DA:33:9E:5C:D3:C1:BE:02:CE:68:02:A0:42:18:56:AA:0B:54:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9oznlzTwb4CzmgCoEIYVqoLVHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/x6Cel_08OWE19q-AcizBR0ACi2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c62e0c-4454-43c8-97bc-81674d953d56/1/B9oznlzTwb4CzmgCoEIYVqoLVHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.1.160.0/21
                  37.252.104.0/21
                  185.19.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:ef:1a:af:0a:a7:94:09:56:eb:b3:16:cd:fb:85:c5:c7:e9:
         f8:51:b7:bd:9b:a1:f0:7d:3b:31:0b:c4:b5:3a:6c:af:47:12:
         b4:9a:45:a7:9e:9d:4b:4b:71:71:e1:22:f5:de:e6:3c:2b:99:
         26:5e:8e:e3:ea:ab:2d:78:c8:1a:42:c0:84:49:4a:6a:07:54:
         4c:af:80:18:7b:e5:d0:ac:02:cc:91:81:63:a2:f4:71:0f:f2:
         66:48:06:35:60:79:98:1c:9a:c9:f9:76:29:bb:c7:ab:8b:6f:
         41:d0:aa:02:ce:fb:54:f6:ba:c9:02:01:17:00:d3:d6:dd:8c:
         38:cc:a5:63:82:19:d2:b2:69:e0:20:b0:54:63:1c:d6:2e:63:
         d9:2b:e2:f0:0e:5b:f8:c0:eb:88:09:f6:a8:7b:70:e9:55:58:
         0e:7b:a3:fa:d1:6b:30:67:d5:ca:20:3a:c0:ee:21:10:22:82:
         19:6a:74:cc:e0:48:db:07:be:78:c2:f4:1d:9d:44:55:c8:fd:
         30:70:46:06:b1:33:95:bd:e5:e2:28:12:01:7a:1b:33:53:0b:
         59:c7:31:ad:02:16:89:04:a1:8a:95:d5:81:ed:ad:aa:9c:bd:
         d9:9f:a3:cb:9e:9f:cf:11:5d:84:6b:bf:41:b9:20:89:63:43:
         77:00:a3:c2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiH5Jyr5ysQ464MKpNBSAUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZGEzMzllNWNkM2MxYmUwMmNlNjgwMmEwNDIxODU2YWEw
YjU0N2IwHhcNMjUwMTAxMTM0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2EwOWU5N2ZkM2MzOTYxMzVmNmFmODA3MjJjYzE0NzQwMDI4YjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxljhKZVQZCj2E7oQR0Y3oRODuzJ7
bTO3UT3InV1QDfYw5FvmrHkyc+0UrOrITtiyDCRiPNHYqHsUp1HNKR01i80RgCpB
m1CmXqCwambXZ41uj7id+sxlsT+UMnghKy9cCNID7zbInkImONjjiXadOH9MiFxG
Nmd3ZzYaypksAszVyXC3H3HUPZ2T5vhcfMkGXyym/hu8heVGt8SVcXtR7paGzom1
GNeY0T3Scb9dqKlf+djvl4XjginEdIDiw9xb2YZoPSMSo7r29SCmbGuyucLUrOX5
YkKAXEwO/9yCWzzAB5DbVCTKCzlWHTss1580m8w3lzlESR8tdIPfZgKn4QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMegnpf9PDlhNfavgHIswUdAAotmMB8GA1UdIwQY
MBaAFAfaM55c08G+As5oAqBCGFaqC1R7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlvem5selR3YjRDem1nQ29FSVlWcW9MVkhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jNjJlMGMtNDQ1NC00M2M4LTk3YmMt
ODE2NzRkOTUzZDU2LzEveDZDZWxfMDhPV0UxOXEtQWNpekJSMEFDaTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jNjJlMGMtNDQ1NC00M2M4LTk3YmMtODE2NzRkOTUzZDU2
LzEvQjlvem5selR3YjRDem1nQ29FSVlWcW9MVkhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJQGgAwQD
JfxoAwQCuRMkMA0GCSqGSIb3DQEBCwUAA4IBAQBe7xqvCqeUCVbrsxbN+4XFx+n4
Ube9m6HwfTsxC8S1OmyvRxK0mkWnnp1LS3Fx4SL13uY8K5kmXo7j6qsteMgaQsCE
SUpqB1RMr4AYe+XQrALMkYFjovRxD/JmSAY1YHmYHJrJ+XYpu8eri29B0KoCzvtU
9rrJAgEXANPW3Yw4zKVjghnSsmngILBUYxzWLmPZK+LwDlv4wOuICfaoe3DpVVgO
e6P60WswZ9XKIDrA7iEQIoIZanTM4EjbB754wvQdnURVyP0wcEYGsTOVveXiKBIB
ehszUwtZxzGtAhaJBKGKldWB7a2qnL3Zn6PLnp/PEV2Ea79BuSCJY0N3AKPC
-----END CERTIFICATE-----