Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/bGk75zezBH0-LB0u5f8If5RVul8.roa
File:                     bGk75zezBH0-LB0u5f8If5RVul8.roa (raw, json)
Hash identifier:          V8j/o1S/2AilqR1bjgaBNAQwb4KTgxfbMKDVehr84iI=
Subject key identifier:   6C:69:3B:E7:37:B3:04:7D:3E:2C:1D:2E:E5:FF:08:7F:94:55:BA:5F
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       018F9AE97F255D4AC8AC45DB49B78378660F
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/bGk75zezBH0-LB0u5f8If5RVul8.roa
Signing time:             Tue 21 May 2024 11:29:04 +0000
ROA not before:           Tue 21 May 2024 11:29:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216050
IP address blocks:        185.36.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9a:e9:7f:25:5d:4a:c8:ac:45:db:49:b7:83:78:66:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: May 21 11:29:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c693be737b3047d3e2c1d2ee5ff087f9455ba5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bc:5a:e8:63:17:9d:ed:34:c1:2a:26:a2:78:
                    f9:10:47:77:8c:49:b1:48:a9:e2:8b:26:46:83:a2:
                    52:0e:cd:9d:2c:25:ee:f4:eb:a5:18:2c:ea:dd:6c:
                    44:d5:bf:7d:cf:c3:11:80:14:ee:7c:c3:ec:d9:b4:
                    37:08:99:1f:44:9c:05:21:6c:be:ef:fe:b4:b5:8a:
                    d5:cb:53:e3:62:d8:38:c4:15:42:ab:4d:51:9d:72:
                    f7:0f:11:d6:28:44:5e:0c:38:f2:f7:3c:d2:3d:84:
                    b8:ac:1f:08:1f:4b:e4:77:cd:b1:f5:d2:d2:2c:24:
                    3e:3e:41:16:0d:5e:22:fd:a7:c1:64:6a:a8:c4:bd:
                    76:2e:fe:29:f0:69:82:ac:5c:d5:bc:b4:cf:1c:f6:
                    db:cd:46:1d:f6:b3:da:de:ef:bd:54:4e:3f:fd:be:
                    e7:2a:35:7e:f2:80:80:68:19:11:10:15:bf:79:0e:
                    d2:4c:65:55:5a:69:5f:83:3f:5e:b8:a9:4b:dc:22:
                    f2:ae:6c:f7:7f:e8:9d:c2:70:ee:dd:b6:d5:96:c2:
                    a5:e1:e1:3e:47:53:df:92:38:df:a7:9f:bc:5c:3d:
                    48:31:f3:42:ea:3c:4e:33:0a:74:cc:36:68:9e:0c:
                    37:4d:e5:70:6c:73:e8:b3:df:19:12:13:d4:0e:78:
                    1f:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:69:3B:E7:37:B3:04:7D:3E:2C:1D:2E:E5:FF:08:7F:94:55:BA:5F
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/bGk75zezBH0-LB0u5f8If5RVul8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:64:50:9a:31:d4:fd:1d:34:1c:80:c6:94:4c:34:c0:9a:58:
         23:7b:57:43:4d:cb:a1:9e:d0:e0:4c:e5:6c:d1:95:20:2c:fb:
         b1:8d:7b:e1:dc:f7:29:49:ca:61:43:c0:c8:4c:ae:9b:e2:4c:
         84:d0:52:fb:fe:6c:f0:02:50:22:f4:ef:80:42:a7:41:b9:b6:
         75:f9:bc:19:e2:98:dd:82:ba:e1:bf:65:27:35:e5:48:45:d6:
         19:39:85:7a:ec:fc:10:9b:49:99:93:e2:d5:99:62:3a:06:cd:
         67:28:8d:9f:5e:21:79:83:b9:6d:5f:18:91:be:fa:da:5c:b2:
         ee:9e:3c:26:c2:ab:93:22:93:48:3f:c8:14:1c:60:7b:87:71:
         fb:85:b6:48:3d:0a:eb:0f:a2:f5:e1:a5:3a:a1:37:45:57:94:
         d5:86:dd:a6:31:41:f4:46:09:2d:60:b4:b4:d5:14:49:f5:7b:
         1f:aa:70:fa:b0:c0:73:c0:24:c5:df:8f:f7:ba:47:ae:b8:9e:
         24:a0:aa:a9:0c:9b:07:35:46:9e:ac:ec:24:2b:b1:97:03:99:
         c1:eb:4c:18:f3:fa:b7:4d:71:4e:b1:8d:a8:de:ed:97:fe:64:
         95:00:e7:2e:64:69:e7:09:bf:3e:f2:8f:c4:63:fd:d7:2d:fd:
         95:8b:eb:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+a6X8lXUrIrEXbSbeDeGYPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjQwNTIxMTEyOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzY5M2JlNzM3YjMwNDdkM2UyYzFkMmVlNWZmMDg3Zjk0NTViYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbxa6GMXne00wSomonj5EEd3jEmx
SKniiyZGg6JSDs2dLCXu9OulGCzq3WxE1b99z8MRgBTufMPs2bQ3CJkfRJwFIWy+
7/60tYrVy1PjYtg4xBVCq01RnXL3DxHWKEReDDjy9zzSPYS4rB8IH0vkd82x9dLS
LCQ+PkEWDV4i/afBZGqoxL12Lv4p8GmCrFzVvLTPHPbbzUYd9rPa3u+9VE4//b7n
KjV+8oCAaBkREBW/eQ7STGVVWmlfgz9euKlL3CLyrmz3f+idwnDu3bbVlsKl4eE+
R1Pfkjjfp5+8XD1IMfNC6jxOMwp0zDZongw3TeVwbHPos98ZEhPUDngfRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxpO+c3swR9PiwdLuX/CH+UVbpfMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvYkdrNzV6ZXpCSDAtTEIwdTVmOElmNVJWdWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR/MA0G
CSqGSIb3DQEBCwUAA4IBAQCUZFCaMdT9HTQcgMaUTDTAmlgje1dDTcuhntDgTOVs
0ZUgLPuxjXvh3PcpScphQ8DITK6b4kyE0FL7/mzwAlAi9O+AQqdBubZ1+bwZ4pjd
grrhv2UnNeVIRdYZOYV67PwQm0mZk+LVmWI6Bs1nKI2fXiF5g7ltXxiRvvraXLLu
njwmwquTIpNIP8gUHGB7h3H7hbZIPQrrD6L14aU6oTdFV5TVht2mMUH0RgktYLS0
1RRJ9XsfqnD6sMBzwCTF34/3ukeuuJ4koKqpDJsHNUaerOwkK7GXA5nB60wY8/q3
TXFOsY2o3u2X/mSVAOcuZGnnCb8+8o/EY/3XLf2Vi+v+
-----END CERTIFICATE-----