Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/0b45e9-3f4a-4bd8-bab9-fb9081a16139/1/mG96Y715wDIwvEKSq5Z-71rWs6M.roa
File:                     mG96Y715wDIwvEKSq5Z-71rWs6M.roa (raw, json)
Hash identifier:          Y3E3/3Utv7uEbR1MqLWFqsWoMU44kmtfUjplzEpgK2w=
Subject key identifier:   98:6F:7A:63:BD:79:C0:32:30:BC:42:92:AB:96:7E:EF:5A:D6:B3:A3
Certificate issuer:       /CN=f39f96c20e10f76f03ed47815b7a6a5efdbe03d5
Certificate serial:       01941FFA5FDD37E1B43FCBDCAEA85497F45B
Authority key identifier: F3:9F:96:C2:0E:10:F7:6F:03:ED:47:81:5B:7A:6A:5E:FD:BE:03:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/85-Wwg4Q928D7UeBW3pqXv2-A9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/0b45e9-3f4a-4bd8-bab9-fb9081a16139/1/mG96Y715wDIwvEKSq5Z-71rWs6M.roa
Signing time:             Wed 01 Jan 2025 03:48:09 +0000
ROA not before:           Wed 01 Jan 2025 03:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49158
IP address blocks:        37.60.64.0/18 maxlen: 18
                          37.60.64.0/19 maxlen: 19
                          37.60.96.0/19 maxlen: 19
                          2a00:5bc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/0b45e9-3f4a-4bd8-bab9-fb9081a16139/1/85-Wwg4Q928D7UeBW3pqXv2-A9U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/0b45e9-3f4a-4bd8-bab9-fb9081a16139/1/85-Wwg4Q928D7UeBW3pqXv2-A9U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/85-Wwg4Q928D7UeBW3pqXv2-A9U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:5f:dd:37:e1:b4:3f:cb:dc:ae:a8:54:97:f4:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f39f96c20e10f76f03ed47815b7a6a5efdbe03d5
        Validity
            Not Before: Jan  1 03:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=986f7a63bd79c03230bc4292ab967eef5ad6b3a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ef:33:79:f8:0b:06:59:db:33:7c:68:d6:ac:
                    b9:ce:63:62:1b:9a:c7:5c:a2:8c:ad:65:c8:22:5e:
                    cc:87:17:61:cb:1c:ba:95:ae:34:a7:88:ef:1d:27:
                    4a:e6:c8:71:1a:43:b4:31:33:89:48:4e:17:60:7b:
                    7a:0a:5f:c8:17:b9:06:e5:9f:a5:a7:bc:bc:08:5d:
                    f5:ef:70:af:ce:74:4b:9f:d3:97:76:d5:d2:6a:6f:
                    8f:19:83:d2:20:66:bf:b8:cd:9c:65:bc:ff:0b:e9:
                    3a:75:3c:21:b2:48:a0:8e:d0:4f:ca:0d:de:6f:f0:
                    ec:46:b8:aa:d4:02:3f:e1:98:eb:93:cb:ff:94:38:
                    0c:2c:7b:da:d4:e9:d0:67:8e:91:f8:66:71:77:00:
                    6e:a3:48:eb:c7:60:6d:6e:3f:77:70:4d:fd:79:bb:
                    61:db:12:a0:ca:77:83:b7:a8:4e:f3:a0:38:18:1a:
                    70:e6:18:13:61:f0:aa:42:6a:60:77:10:64:49:20:
                    89:50:c1:29:6f:c4:73:34:c5:b8:31:08:6c:d0:0a:
                    5b:43:1a:a5:54:0f:9e:a9:42:a8:ef:4d:e5:0b:6f:
                    d4:02:86:46:5f:63:b2:b9:02:1c:71:11:e7:ee:b2:
                    2f:13:5f:de:93:88:06:d9:f2:b0:03:d9:4a:7f:d0:
                    c2:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:6F:7A:63:BD:79:C0:32:30:BC:42:92:AB:96:7E:EF:5A:D6:B3:A3
            X509v3 Authority Key Identifier:
                keyid:F3:9F:96:C2:0E:10:F7:6F:03:ED:47:81:5B:7A:6A:5E:FD:BE:03:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/85-Wwg4Q928D7UeBW3pqXv2-A9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/0b45e9-3f4a-4bd8-bab9-fb9081a16139/1/mG96Y715wDIwvEKSq5Z-71rWs6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/0b45e9-3f4a-4bd8-bab9-fb9081a16139/1/85-Wwg4Q928D7UeBW3pqXv2-A9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.60.64.0/18
                IPv6:
                  2a00:5bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:ca:7e:71:c0:e3:5f:a5:90:a2:0e:ca:1a:50:87:35:45:09:
         ba:7f:a7:b1:33:6f:40:7a:47:a6:05:cb:ed:2e:4f:5d:15:2d:
         01:18:81:1f:9f:bb:5d:e7:b7:3b:77:ca:76:2e:11:71:b0:54:
         bf:d7:1d:40:45:51:aa:bb:b1:66:48:d6:83:7f:57:8f:c2:49:
         dd:f5:47:a7:27:bb:1d:4f:60:64:1e:80:ad:42:94:6a:d0:c8:
         c2:7f:6c:ae:e4:57:20:29:f3:8e:99:2a:d7:03:c7:70:c7:9e:
         3e:84:90:86:e7:55:f4:c3:f0:0a:08:48:e5:21:55:f0:9f:6d:
         0b:d1:02:16:60:cc:9d:44:23:e4:85:db:18:6e:1f:9c:de:4d:
         93:bc:be:d2:2d:2e:3b:ae:c0:88:ef:2c:71:bd:af:6f:ff:4a:
         a2:ba:7f:a8:11:91:3d:08:5a:9a:a6:66:12:c1:37:d8:36:36:
         c9:4d:02:42:de:d1:29:9f:f8:d1:1b:4c:d4:09:dc:31:e6:ca:
         f2:7d:ba:d7:1f:b0:31:54:c4:67:3f:a9:bc:c0:09:20:74:da:
         41:0e:89:68:2e:0c:ba:41:f5:34:af:83:21:ed:40:ad:3f:c2:
         c3:c6:30:56:82:1d:4e:5a:cc:44:0c:b7:36:7e:f9:c4:8d:0f:
         8a:b0:9f:3a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+l/dN+G0P8vcrqhUl/RbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzOWY5NmMyMGUxMGY3NmYwM2VkNDc4MTViN2E2YTVlZmRi
ZTAzZDUwHhcNMjUwMTAxMDM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZmN2E2M2JkNzljMDMyMzBiYzQyOTJhYjk2N2VlZjVhZDZiM2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+8zefgLBlnbM3xo1qy5zmNiG5rH
XKKMrWXIIl7Mhxdhyxy6la40p4jvHSdK5shxGkO0MTOJSE4XYHt6Cl/IF7kG5Z+l
p7y8CF3173CvznRLn9OXdtXSam+PGYPSIGa/uM2cZbz/C+k6dTwhskigjtBPyg3e
b/DsRriq1AI/4Zjrk8v/lDgMLHva1OnQZ46R+GZxdwBuo0jrx2Btbj93cE39ebth
2xKgyneDt6hO86A4GBpw5hgTYfCqQmpgdxBkSSCJUMEpb8RzNMW4MQhs0ApbQxql
VA+eqUKo703lC2/UAoZGX2OyuQIccRHn7rIvE1/ek4gG2fKwA9lKf9DCrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJhvemO9ecAyMLxCkquWfu9a1rOjMB8GA1UdIwQY
MBaAFPOflsIOEPdvA+1HgVt6al79vgPVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODUtV3dnNFE5MjhEN1VlQlczcHFYdjItQTlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8wYjQ1ZTktM2Y0YS00YmQ4LWJhYjkt
ZmI5MDgxYTE2MTM5LzEvbUc5Nlk3MTV3REl3dkVLU3E1Wi03MXJXczZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8wYjQ1ZTktM2Y0YS00YmQ4LWJhYjktZmI5MDgxYTE2MTM5
LzEvODUtV3dnNFE5MjhEN1VlQlczcHFYdjItQTlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGJTxAMA0E
AgACMAcDBQAqAFvAMA0GCSqGSIb3DQEBCwUAA4IBAQAJyn5xwONfpZCiDsoaUIc1
RQm6f6exM29AekemBcvtLk9dFS0BGIEfn7td57c7d8p2LhFxsFS/1x1ARVGqu7Fm
SNaDf1ePwknd9UenJ7sdT2BkHoCtQpRq0MjCf2yu5FcgKfOOmSrXA8dwx54+hJCG
51X0w/AKCEjlIVXwn20L0QIWYMydRCPkhdsYbh+c3k2TvL7SLS47rsCI7yxxva9v
/0qiun+oEZE9CFqapmYSwTfYNjbJTQJC3tEpn/jRG0zUCdwx5sryfbrXH7AxVMRn
P6m8wAkgdNpBDoloLgy6QfU0r4Mh7UCtP8LDxjBWgh1OWsxEDLc2fvnEjQ+KsJ86
-----END CERTIFICATE-----