Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/NofCREMjdJlWGvnKPIohA3mKdAw.roa
File:                     NofCREMjdJlWGvnKPIohA3mKdAw.roa (raw, json)
Hash identifier:          H5A3s5oR0Io8p0REnzaOgDm7DIFuzei5Cl5y03WaYgE=
Subject key identifier:   36:87:C2:44:43:23:74:99:56:1A:F9:CA:3C:8A:21:03:79:8A:74:0C
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       018CC79356D5C5E92770FE228850FCA8A4DA
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/NofCREMjdJlWGvnKPIohA3mKdAw.roa
Signing time:             Tue 02 Jan 2024 00:29:31 +0000
ROA not before:           Tue 02 Jan 2024 00:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57844
IP address blocks:        194.233.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:56:d5:c5:e9:27:70:fe:22:88:50:fc:a8:a4:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 00:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3687c24443237499561af9ca3c8a2103798a740c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4a:ec:7b:ca:0b:c6:74:7a:f0:26:11:00:01:
                    02:7c:88:f8:0b:29:2f:93:06:38:a9:33:09:83:4a:
                    27:4b:62:40:04:93:d0:7f:1c:a9:85:26:ac:aa:14:
                    3d:3c:de:76:f7:90:f6:83:50:7c:bc:d8:55:18:55:
                    d3:2d:05:a4:a5:a1:ff:cf:16:38:24:04:bc:bd:86:
                    ab:83:57:0a:c5:b2:7d:af:96:68:ff:3e:a8:22:87:
                    c3:0f:8d:62:d7:15:9b:87:92:65:5e:75:5f:00:64:
                    f5:8d:df:e2:c1:3d:60:4b:21:ae:f6:de:07:4b:d9:
                    85:05:5c:2e:90:6c:9e:c6:3d:5f:cf:41:17:9f:0c:
                    8f:0a:1f:c6:6b:51:a0:7f:1e:7e:56:78:dd:47:c4:
                    6b:22:46:72:9d:04:74:7e:0d:43:f9:0e:55:df:ac:
                    61:18:20:33:6b:8b:d3:89:72:d0:44:ac:74:32:49:
                    73:9a:f5:8f:a8:2f:21:f2:18:d3:ca:fc:75:60:79:
                    15:53:71:74:86:4b:e0:97:8c:6d:d1:85:9e:6d:72:
                    28:4a:de:0d:b5:e1:07:e6:72:5d:79:c5:89:91:8c:
                    6f:00:0c:f2:f2:0a:bd:6b:6e:3d:18:49:fe:33:18:
                    93:30:60:67:b9:56:db:5d:f6:67:8a:a1:58:c7:be:
                    46:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:87:C2:44:43:23:74:99:56:1A:F9:CA:3C:8A:21:03:79:8A:74:0C
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/NofCREMjdJlWGvnKPIohA3mKdAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.233.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7d:ab:f3:41:4d:2a:22:09:d4:56:2a:7d:68:15:65:04:91:c1:
         04:11:a1:46:ec:bb:13:96:e8:b5:ee:a2:9f:6f:d1:65:79:ce:
         ae:4b:b1:c5:67:3f:c1:cb:87:23:91:88:e5:22:58:e5:a8:1f:
         87:a5:ec:f4:3d:ec:c6:43:80:88:39:08:8f:dd:cd:3d:33:95:
         39:12:8b:0d:84:39:c4:e8:d6:e6:25:a1:b6:82:0c:ba:3d:df:
         ce:bf:26:8c:3f:ea:ab:49:72:a7:0b:1b:38:79:44:f6:92:25:
         26:65:d5:cb:26:fc:9e:63:aa:47:c0:31:10:b5:cf:b9:4e:7d:
         96:f9:ba:38:d0:78:76:28:5b:20:f8:fb:b9:5b:1c:6a:13:b4:
         31:7d:e3:4d:d3:5a:ac:fc:1e:0a:bd:39:5a:43:e2:2e:56:36:
         63:87:02:f6:ec:41:fe:d6:be:17:a1:7a:60:f7:09:99:e0:26:
         0d:af:19:96:4e:9d:79:65:0d:c6:a6:93:89:14:ce:7d:04:10:
         58:8d:69:36:46:05:33:5b:b9:8e:8d:31:9e:71:38:cc:60:7e:
         41:0c:f9:7a:03:cd:1a:30:c5:d9:db:06:04:ea:c8:d1:58:6f:
         80:53:c2:67:da:ae:67:c0:8b:00:89:a2:0d:97:6e:ab:a9:01:
         c0:d5:85:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1bVxekncP4iiFD8qKTaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjQwMTAyMDAyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjg3YzI0NDQzMjM3NDk5NTYxYWY5Y2EzYzhhMjEwMzc5OGE3NDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlErse8oLxnR68CYRAAECfIj4Cykv
kwY4qTMJg0onS2JABJPQfxyphSasqhQ9PN5295D2g1B8vNhVGFXTLQWkpaH/zxY4
JAS8vYarg1cKxbJ9r5Zo/z6oIofDD41i1xWbh5JlXnVfAGT1jd/iwT1gSyGu9t4H
S9mFBVwukGyexj1fz0EXnwyPCh/Ga1Ggfx5+VnjdR8RrIkZynQR0fg1D+Q5V36xh
GCAza4vTiXLQRKx0MklzmvWPqC8h8hjTyvx1YHkVU3F0hkvgl4xt0YWebXIoSt4N
teEH5nJdecWJkYxvAAzy8gq9a249GEn+MxiTMGBnuVbbXfZniqFYx75GRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaHwkRDI3SZVhr5yjyKIQN5inQMMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvTm9mQ1JFTWpkSmxXR3ZuS1BJb2hBM21LZEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwuk4MA0G
CSqGSIb3DQEBCwUAA4IBAQB9q/NBTSoiCdRWKn1oFWUEkcEEEaFG7LsTlui17qKf
b9Flec6uS7HFZz/By4cjkYjlIljlqB+Hpez0PezGQ4CIOQiP3c09M5U5EosNhDnE
6NbmJaG2ggy6Pd/OvyaMP+qrSXKnCxs4eUT2kiUmZdXLJvyeY6pHwDEQtc+5Tn2W
+bo40Hh2KFsg+Pu5WxxqE7QxfeNN01qs/B4KvTlaQ+IuVjZjhwL27EH+1r4XoXpg
9wmZ4CYNrxmWTp15ZQ3GppOJFM59BBBYjWk2RgUzW7mOjTGecTjMYH5BDPl6A80a
MMXZ2wYE6sjRWG+AU8Jn2q5nwIsAiaINl26rqQHA1YWJ
-----END CERTIFICATE-----