Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/XFr37-qI2n4oCYuN6zptOEG5jrU.roa
File:                     XFr37-qI2n4oCYuN6zptOEG5jrU.roa (raw, json)
Hash identifier:          XbMv3O/lF8CPUU7H+x3u2rW6mmkyNe1m71t6/7Xxxvc=
Subject key identifier:   5C:5A:F7:EF:EA:88:DA:7E:28:09:8B:8D:EB:3A:6D:38:41:B9:8E:B5
Certificate issuer:       /CN=46c98b2e4a3e060def45abc62c0e345faa80b5ec
Certificate serial:       018CC86F15FAD238EAB13515DEB8A461F88A
Authority key identifier: 46:C9:8B:2E:4A:3E:06:0D:EF:45:AB:C6:2C:0E:34:5F:AA:80:B5:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RsmLLko-Bg3vRavGLA40X6qAtew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/XFr37-qI2n4oCYuN6zptOEG5jrU.roa
Signing time:             Tue 02 Jan 2024 04:29:32 +0000
ROA not before:           Tue 02 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56504
IP address blocks:        185.61.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/RsmLLko-Bg3vRavGLA40X6qAtew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/RsmLLko-Bg3vRavGLA40X6qAtew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RsmLLko-Bg3vRavGLA40X6qAtew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:15:fa:d2:38:ea:b1:35:15:de:b8:a4:61:f8:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46c98b2e4a3e060def45abc62c0e345faa80b5ec
        Validity
            Not Before: Jan  2 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c5af7efea88da7e28098b8deb3a6d3841b98eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c3:23:d6:65:92:51:54:9f:66:ce:bf:12:01:
                    bd:d1:84:d0:1b:04:e4:7f:e2:39:5a:80:01:ab:61:
                    10:81:25:44:09:1c:04:32:06:c7:3b:43:e4:9b:09:
                    86:62:87:98:ab:d4:27:ee:1b:ce:a7:a3:8d:04:e0:
                    82:10:67:0b:a8:2f:ba:da:d1:91:3e:5b:07:6a:9d:
                    3d:65:58:c5:27:5a:f3:e7:f7:0d:89:60:7d:d5:41:
                    be:a0:4b:c9:72:b9:be:7e:7e:a3:af:95:4d:d6:e3:
                    87:d3:1b:05:fa:41:7d:cd:bd:1f:ec:dc:ba:3a:b1:
                    cf:f9:a7:08:28:d0:db:38:22:8f:ad:17:e5:b7:1b:
                    bc:9c:9d:8c:44:7a:cc:8e:83:02:2c:39:fd:df:70:
                    02:21:c1:a5:5d:0d:3d:9d:89:2c:d2:66:d9:69:4d:
                    9f:98:e6:bf:87:ff:36:95:d5:ea:ef:61:7d:a4:1f:
                    7b:21:d0:18:8b:ea:24:ad:6c:11:68:90:81:5d:5d:
                    e9:28:ad:22:f2:14:fb:4d:f8:06:7a:95:1b:a5:ad:
                    b4:46:02:c6:0f:e0:4d:89:24:9a:10:a3:33:3c:75:
                    74:fc:2b:b1:38:47:55:59:07:04:4c:e3:98:bf:dd:
                    7a:61:87:cb:50:e1:ce:03:ce:b9:07:8a:06:d0:39:
                    28:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:5A:F7:EF:EA:88:DA:7E:28:09:8B:8D:EB:3A:6D:38:41:B9:8E:B5
            X509v3 Authority Key Identifier:
                keyid:46:C9:8B:2E:4A:3E:06:0D:EF:45:AB:C6:2C:0E:34:5F:AA:80:B5:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RsmLLko-Bg3vRavGLA40X6qAtew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/XFr37-qI2n4oCYuN6zptOEG5jrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/2aa8d1-cb71-4904-a591-3449522710e7/1/RsmLLko-Bg3vRavGLA40X6qAtew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.61.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:2a:8e:ac:30:7a:eb:b6:0c:e4:5e:8e:c1:a1:be:2a:58:27:
         40:30:21:0f:21:7d:29:8f:53:20:82:d4:50:08:9e:b0:ab:fe:
         42:e3:7e:1d:03:01:d8:12:15:0a:8b:9b:fe:95:52:b0:a2:a0:
         53:72:56:1c:70:08:8a:e3:6e:4d:b0:c0:49:93:ca:2c:13:0e:
         65:62:f3:5e:16:52:d8:5b:0f:74:d1:f5:d3:b7:0a:68:dc:a8:
         54:70:25:61:5d:58:a3:5a:10:6b:16:cd:97:25:03:a9:5e:1c:
         d5:10:22:1c:74:14:05:95:5c:7f:8a:d4:42:1f:fb:8c:f5:77:
         eb:7b:4a:1f:c1:7d:b3:b5:5f:26:d6:f9:36:4f:c9:bb:87:26:
         50:43:e9:d4:ef:66:2f:05:5d:c8:1a:ee:59:3a:ba:ce:f7:65:
         73:3a:1d:89:a4:03:a1:c7:cb:1c:cf:22:16:18:d7:f5:82:5d:
         e7:af:a9:64:b5:69:99:84:7f:42:b8:51:98:cd:4a:38:d8:68:
         be:61:56:c9:28:09:0f:2f:0c:17:61:83:71:86:55:da:26:9c:
         f5:49:2d:53:ba:f4:2f:91:de:53:e0:b8:e9:b9:dc:ee:53:6e:
         5b:dc:0e:74:7e:f2:d9:d0:56:a6:a5:72:b0:ca:fe:1e:c1:3c:
         61:71:9d:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxX60jjqsTUV3rikYfiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2Yzk4YjJlNGEzZTA2MGRlZjQ1YWJjNjJjMGUzNDVmYWE4
MGI1ZWMwHhcNMjQwMTAyMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzVhZjdlZmVhODhkYTdlMjgwOThiOGRlYjNhNmQzODQxYjk4ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8Mj1mWSUVSfZs6/EgG90YTQGwTk
f+I5WoABq2EQgSVECRwEMgbHO0PkmwmGYoeYq9Qn7hvOp6ONBOCCEGcLqC+62tGR
PlsHap09ZVjFJ1rz5/cNiWB91UG+oEvJcrm+fn6jr5VN1uOH0xsF+kF9zb0f7Ny6
OrHP+acIKNDbOCKPrRfltxu8nJ2MRHrMjoMCLDn933ACIcGlXQ09nYks0mbZaU2f
mOa/h/82ldXq72F9pB97IdAYi+okrWwRaJCBXV3pKK0i8hT7TfgGepUbpa20RgLG
D+BNiSSaEKMzPHV0/CuxOEdVWQcETOOYv916YYfLUOHOA865B4oG0DkobwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxa9+/qiNp+KAmLjes6bThBuY61MB8GA1UdIwQY
MBaAFEbJiy5KPgYN70WrxiwONF+qgLXsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnNtTExrby1CZzN2UmF2R0xBNDBYNnFBdGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8yYWE4ZDEtY2I3MS00OTA0LWE1OTEt
MzQ0OTUyMjcxMGU3LzEvWEZyMzctcUkybjRvQ1l1TjZ6cHRPRUc1anJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8yYWE4ZDEtY2I3MS00OTA0LWE1OTEtMzQ0OTUyMjcxMGU3
LzEvUnNtTExrby1CZzN2UmF2R0xBNDBYNnFBdGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT2IMA0G
CSqGSIb3DQEBCwUAA4IBAQBbKo6sMHrrtgzkXo7Bob4qWCdAMCEPIX0pj1MggtRQ
CJ6wq/5C434dAwHYEhUKi5v+lVKwoqBTclYccAiK425NsMBJk8osEw5lYvNeFlLY
Ww900fXTtwpo3KhUcCVhXVijWhBrFs2XJQOpXhzVECIcdBQFlVx/itRCH/uM9Xfr
e0ofwX2ztV8m1vk2T8m7hyZQQ+nU72YvBV3IGu5ZOrrO92VzOh2JpAOhx8sczyIW
GNf1gl3nr6lktWmZhH9CuFGYzUo42Gi+YVbJKAkPLwwXYYNxhlXaJpz1SS1TuvQv
kd5T4LjpudzuU25b3A50fvLZ0FampXKwyv4ewTxhcZ0O
-----END CERTIFICATE-----