Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/NwWGX8a-ubOm-Qeq2OhoGWomlLc.roa
File:                     NwWGX8a-ubOm-Qeq2OhoGWomlLc.roa (raw, json)
Hash identifier:          JRxd4B+a1e0ZYAVYBlCsDb/KqiizB2UiviRfcbjDr4Y=
Subject key identifier:   37:05:86:5F:C6:BE:B9:B3:A6:F9:07:AA:D8:E8:68:19:6A:26:94:B7
Certificate issuer:       /CN=79101035d53377c5a72bedca522fc1456e0b8419
Certificate serial:       018CC64AC339E65A551446190F0D5F5F9668
Authority key identifier: 79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/NwWGX8a-ubOm-Qeq2OhoGWomlLc.roa
Signing time:             Mon 01 Jan 2024 18:30:37 +0000
ROA not before:           Mon 01 Jan 2024 18:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62197
IP address blocks:        185.15.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 06:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:c3:39:e6:5a:55:14:46:19:0f:0d:5f:5f:96:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79101035d53377c5a72bedca522fc1456e0b8419
        Validity
            Not Before: Jan  1 18:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3705865fc6beb9b3a6f907aad8e868196a2694b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a3:c6:85:fb:7e:74:ba:ac:0a:fd:44:c9:2a:
                    1c:e0:bc:fd:62:0b:e1:75:e1:2e:8a:da:11:57:41:
                    95:7b:eb:b3:65:67:08:48:0f:37:f3:f2:52:a1:aa:
                    a3:48:96:1c:90:4f:52:84:fb:88:45:35:57:e1:ae:
                    45:4d:92:95:76:18:2e:75:98:eb:f8:ad:c4:89:fb:
                    97:37:90:a5:ef:50:3e:9f:2e:2f:c7:a4:77:7e:10:
                    e1:84:24:c1:c7:9f:c8:ce:a6:a6:9b:45:ab:89:5a:
                    35:19:29:b8:af:88:d8:b0:ac:18:b9:bd:4e:90:b3:
                    3b:56:c4:2b:89:1c:be:b5:bb:4b:b2:f7:c3:9d:06:
                    24:9e:43:4d:15:9d:d8:c2:95:8e:48:46:32:78:1f:
                    2d:d9:e4:16:64:9e:81:39:2f:33:ce:93:64:2d:c1:
                    99:96:6e:f9:39:8d:b0:0c:c9:53:45:5b:57:dc:e2:
                    c3:3a:7c:99:8a:60:7b:5e:5d:41:9a:4b:5d:94:5d:
                    f2:10:0b:04:e5:6a:a5:c9:e1:74:be:0d:e5:4c:dd:
                    4e:6e:89:0c:a3:7b:bd:60:45:67:20:2d:c6:da:40:
                    1b:b9:dd:64:86:b6:23:0b:01:5c:04:86:89:af:70:
                    14:96:d9:e7:5e:e3:58:2d:72:ee:ae:c1:da:bd:d5:
                    80:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:05:86:5F:C6:BE:B9:B3:A6:F9:07:AA:D8:E8:68:19:6A:26:94:B7
            X509v3 Authority Key Identifier:
                keyid:79:10:10:35:D5:33:77:C5:A7:2B:ED:CA:52:2F:C1:45:6E:0B:84:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRAQNdUzd8WnK-3KUi_BRW4LhBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/NwWGX8a-ubOm-Qeq2OhoGWomlLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/958c2c-b4c3-432d-9ab1-0cc83b00fc58/1/eRAQNdUzd8WnK-3KUi_BRW4LhBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.15.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:7c:ab:96:51:5d:72:83:0b:fa:92:e9:1b:14:bf:73:c3:00:
         e8:10:3d:5b:bd:44:23:4f:a6:8b:67:d3:21:4b:22:d1:da:28:
         f6:4a:63:2d:7c:ab:03:fb:8c:b8:c1:d4:b2:11:76:cf:83:34:
         7f:9d:83:ef:ce:fa:16:34:ec:72:4f:84:ed:eb:d2:fa:0f:9d:
         b7:2e:64:b2:31:21:7e:a0:01:83:fb:15:07:32:23:16:9f:10:
         1e:2c:52:e0:fc:2f:27:1d:19:b3:fd:8b:cc:51:f3:50:a7:af:
         86:31:dc:35:17:24:73:62:e3:be:bf:2f:a0:a3:cb:d6:22:cf:
         95:36:57:c4:18:f0:81:d7:67:35:d3:2e:84:47:e4:2a:af:7f:
         95:2e:04:ea:66:83:d4:03:d1:8f:f2:d6:34:3f:67:79:c5:a7:
         bb:a5:99:71:52:c1:d6:55:7f:3b:a2:3d:7a:23:22:b1:eb:e8:
         5e:dc:b1:0d:47:7a:1b:2a:41:4a:2b:77:b5:0f:27:a1:d1:bf:
         0a:1e:4a:bd:b4:bf:c3:2b:b3:e0:01:88:11:80:f8:44:34:4b:
         63:21:a1:1f:14:a5:7a:f3:1a:b8:3f:19:15:0f:6d:7e:f5:de:
         b0:d4:6e:dd:90:0d:39:72:93:f1:89:94:ff:e7:0c:6a:fc:c7:
         08:7b:f6:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSsM55lpVFEYZDw1fX5ZoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTAxMDM1ZDUzMzc3YzVhNzJiZWRjYTUyMmZjMTQ1NmUw
Yjg0MTkwHhcNMjQwMTAxMTgzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzA1ODY1ZmM2YmViOWIzYTZmOTA3YWFkOGU4NjgxOTZhMjY5NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqPGhft+dLqsCv1EySoc4Lz9Ygvh
deEuitoRV0GVe+uzZWcISA838/JSoaqjSJYckE9ShPuIRTVX4a5FTZKVdhgudZjr
+K3EifuXN5Cl71A+ny4vx6R3fhDhhCTBx5/Izqamm0WriVo1GSm4r4jYsKwYub1O
kLM7VsQriRy+tbtLsvfDnQYknkNNFZ3YwpWOSEYyeB8t2eQWZJ6BOS8zzpNkLcGZ
lm75OY2wDMlTRVtX3OLDOnyZimB7Xl1BmktdlF3yEAsE5WqlyeF0vg3lTN1ObokM
o3u9YEVnIC3G2kAbud1khrYjCwFcBIaJr3AUltnnXuNYLXLursHavdWAXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcFhl/GvrmzpvkHqtjoaBlqJpS3MB8GA1UdIwQY
MBaAFHkQEDXVM3fFpyvtylIvwUVuC4QZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEt
MGNjODNiMDBmYzU4LzEvTndXR1g4YS11Yk9tLVFlcTJPaG9HV29tbExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS85NThjMmMtYjRjMy00MzJkLTlhYjEtMGNjODNiMDBmYzU4
LzEvZVJBUU5kVXpkOFduSy0zS1VpX0JSVzRMaEJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ+eMA0G
CSqGSIb3DQEBCwUAA4IBAQBXfKuWUV1ygwv6kukbFL9zwwDoED1bvUQjT6aLZ9Mh
SyLR2ij2SmMtfKsD+4y4wdSyEXbPgzR/nYPvzvoWNOxyT4Tt69L6D523LmSyMSF+
oAGD+xUHMiMWnxAeLFLg/C8nHRmz/YvMUfNQp6+GMdw1FyRzYuO+vy+go8vWIs+V
NlfEGPCB12c10y6ER+Qqr3+VLgTqZoPUA9GP8tY0P2d5xae7pZlxUsHWVX87oj16
IyKx6+he3LENR3obKkFKK3e1Dyeh0b8KHkq9tL/DK7PgAYgRgPhENEtjIaEfFKV6
8xq4PxkVD21+9d6w1G7dkA05cpPxiZT/5wxq/McIe/ZW
-----END CERTIFICATE-----