Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/XsUV3yVUcv5weCqiqsURBEgaXXY.roa
File:                     XsUV3yVUcv5weCqiqsURBEgaXXY.roa (raw, json)
Hash identifier:          2vI6p11F93XXFNfMhYK7zAMvScbfypBZSjvbJS+JGeY=
Subject key identifier:   5E:C5:15:DF:25:54:72:FE:70:78:2A:A2:AA:C5:11:04:48:1A:5D:76
Certificate issuer:       /CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
Certificate serial:       0194228E2F6F12E9174C9A7D8E8FD01C4BB1
Authority key identifier: AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/XsUV3yVUcv5weCqiqsURBEgaXXY.roa
Signing time:             Wed 01 Jan 2025 15:48:51 +0000
ROA not before:           Wed 01 Jan 2025 15:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62255
IP address blocks:        37.114.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2f:6f:12:e9:17:4c:9a:7d:8e:8f:d0:1c:4b:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa1dc50a4b526df18e8b0a6565d7b9d58a75d315
        Validity
            Not Before: Jan  1 15:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ec515df255472fe70782aa2aac51104481a5d76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7b:0f:1a:96:bd:68:4a:fa:df:77:47:11:89:
                    b4:79:e6:ce:7c:7f:cc:cb:d0:a1:53:cf:56:3e:16:
                    76:cc:24:28:45:03:e0:b0:18:8a:7a:c3:88:54:f5:
                    09:a5:1c:ae:48:68:d0:70:c7:3d:8c:9c:8f:25:5d:
                    2d:b9:f4:27:df:d0:88:17:25:46:f9:00:28:93:6e:
                    42:ed:97:da:24:ef:16:a0:c2:bb:3c:12:8b:6f:e2:
                    91:fc:34:a1:1f:1e:dc:19:5c:cb:cb:57:b4:18:a9:
                    11:37:d0:b3:b4:aa:a0:e3:28:cc:95:34:cf:21:97:
                    76:87:bd:c0:e9:80:78:7f:28:47:b3:3a:bf:81:60:
                    9b:d1:6c:1a:5f:a3:3c:0d:f2:8e:6e:d2:fb:74:43:
                    df:4d:d8:9c:ae:5f:c4:45:5a:a2:9e:fa:27:ba:15:
                    e3:af:d5:5c:53:74:a4:18:1b:e1:a8:42:85:b2:41:
                    0f:a1:04:7f:b6:81:e0:8a:05:74:73:4b:4b:1e:ef:
                    04:9d:c0:7f:d1:5b:8d:87:43:7f:22:4f:69:2a:55:
                    14:ad:58:be:2d:ff:b7:15:b2:42:18:f6:9e:62:cd:
                    6f:17:07:c6:2d:ed:99:9d:3d:94:98:3c:35:b4:07:
                    3d:e6:52:15:5e:34:25:eb:62:fd:59:15:1f:07:3e:
                    db:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C5:15:DF:25:54:72:FE:70:78:2A:A2:AA:C5:11:04:48:1A:5D:76
            X509v3 Authority Key Identifier:
                keyid:AA:1D:C5:0A:4B:52:6D:F1:8E:8B:0A:65:65:D7:B9:D5:8A:75:D3:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qh3FCktSbfGOiwplZde51Yp10xU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/XsUV3yVUcv5weCqiqsURBEgaXXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/f23929-7375-41c8-9973-33d728433c11/1/qh3FCktSbfGOiwplZde51Yp10xU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7e:f8:bd:ab:21:bc:3d:d8:e4:7b:12:15:b2:18:ad:9f:17:3d:
         b6:50:7b:da:ff:7c:6f:72:0f:d5:ab:a6:a4:5a:ee:76:f5:46:
         08:1e:f0:3d:3e:f0:3d:3d:4e:1e:c1:9e:1e:6e:80:39:b7:30:
         f3:45:ef:66:99:09:91:70:ca:98:a4:07:49:fd:1e:40:f0:f9:
         17:80:1e:d7:c8:c9:64:ee:06:81:b1:28:18:a2:a7:82:12:4a:
         aa:13:c1:f5:65:1f:30:04:13:33:fd:35:de:19:8c:03:e0:94:
         da:be:2c:a9:00:7e:69:ce:c0:0f:40:d6:27:3a:4d:bc:3f:cd:
         9c:fb:7e:49:d4:80:c8:1d:00:cd:51:f4:61:1d:2c:d7:37:8a:
         21:76:18:cb:2b:3b:ed:bf:fb:21:82:93:1f:31:c6:05:19:a5:
         07:83:85:c1:06:0b:33:bc:bc:23:03:ee:4e:46:c7:b8:2b:aa:
         cb:81:de:db:4c:e3:1b:93:72:52:79:87:28:ac:f6:6b:50:62:
         10:13:43:83:70:2a:2d:67:44:b7:48:4e:92:d8:ba:52:07:e0:
         fa:67:2f:88:ca:3f:b7:e0:3f:0b:f3:a9:d6:59:38:58:ef:58:
         4c:83:4c:ba:73:a6:0e:24:bb:30:5d:f8:ab:8e:57:56:b3:e7:
         e8:f1:01:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiji9vEukXTJp9jo/QHEuxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMWRjNTBhNGI1MjZkZjE4ZThiMGE2NTY1ZDdiOWQ1OGE3
NWQzMTUwHhcNMjUwMTAxMTU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWM1MTVkZjI1NTQ3MmZlNzA3ODJhYTJhYWM1MTEwNDQ4MWE1ZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3sPGpa9aEr633dHEYm0eebOfH/M
y9ChU89WPhZ2zCQoRQPgsBiKesOIVPUJpRyuSGjQcMc9jJyPJV0tufQn39CIFyVG
+QAok25C7ZfaJO8WoMK7PBKLb+KR/DShHx7cGVzLy1e0GKkRN9CztKqg4yjMlTTP
IZd2h73A6YB4fyhHszq/gWCb0WwaX6M8DfKObtL7dEPfTdicrl/ERVqinvonuhXj
r9VcU3SkGBvhqEKFskEPoQR/toHgigV0c0tLHu8EncB/0VuNh0N/Ik9pKlUUrVi+
Lf+3FbJCGPaeYs1vFwfGLe2ZnT2UmDw1tAc95lIVXjQl62L9WRUfBz7bYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF7FFd8lVHL+cHgqoqrFEQRIGl12MB8GA1UdIwQY
MBaAFKodxQpLUm3xjosKZWXXudWKddMVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMt
MzNkNzI4NDMzYzExLzEvWHNVVjN5VlVjdjV3ZUNxaXFzVVJCRWdhWFhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9mMjM5MjktNzM3NS00MWM4LTk5NzMtMzNkNzI4NDMzYzEx
LzEvcWgzRkNrdFNiZkdPaXdwbFpkZTUxWXAxMHhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFJXJgMA0G
CSqGSIb3DQEBCwUAA4IBAQB++L2rIbw92OR7EhWyGK2fFz22UHva/3xvcg/Vq6ak
Wu529UYIHvA9PvA9PU4ewZ4eboA5tzDzRe9mmQmRcMqYpAdJ/R5A8PkXgB7XyMlk
7gaBsSgYoqeCEkqqE8H1ZR8wBBMz/TXeGYwD4JTaviypAH5pzsAPQNYnOk28P82c
+35J1IDIHQDNUfRhHSzXN4ohdhjLKzvtv/shgpMfMcYFGaUHg4XBBgszvLwjA+5O
Rse4K6rLgd7bTOMbk3JSeYcorPZrUGIQE0ODcCotZ0S3SE6S2LpSB+D6Zy+Iyj+3
4D8L86nWWThY71hMg0y6c6YOJLswXfirjldWs+fo8QHw
-----END CERTIFICATE-----