Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/XEtJeFdkjism6SpbVYheQ4pGw5o.roa
File:                     XEtJeFdkjism6SpbVYheQ4pGw5o.roa (raw, json)
Hash identifier:          EOAYeNZwF2WAc+Q/WFDNqpw5eovC3WR8S+hg0Cewls0=
Subject key identifier:   5C:4B:49:78:57:64:8E:2B:26:E9:2A:5B:55:88:5E:43:8A:46:C3:9A
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       018CC5DCEE86B36AC0927E42422A86963C20
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/XEtJeFdkjism6SpbVYheQ4pGw5o.roa
Signing time:             Mon 01 Jan 2024 16:30:39 +0000
ROA not before:           Mon 01 Jan 2024 16:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61244
IP address blocks:        46.236.224.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:ee:86:b3:6a:c0:92:7e:42:42:2a:86:96:3c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jan  1 16:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c4b497857648e2b26e92a5b55885e438a46c39a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0f:30:36:09:a8:35:16:11:69:81:c5:f0:ee:
                    19:88:6a:4b:11:0e:83:81:e0:46:ff:08:cf:dc:7d:
                    8a:6c:6c:b5:8a:f0:8e:05:28:15:9c:a4:b1:d6:62:
                    92:10:72:87:13:85:80:f3:d0:c2:4c:f1:a4:8f:69:
                    b2:d8:a8:64:9a:a2:68:50:31:14:15:54:51:44:c6:
                    bc:40:09:de:55:91:6a:8b:c5:8e:e7:90:05:a5:6b:
                    57:e4:e9:3f:f1:15:db:50:8c:a7:2d:e5:8e:6d:39:
                    d9:99:0c:db:23:fe:e4:88:b6:50:f9:41:a7:74:95:
                    4d:f7:52:c6:6b:12:c5:17:04:e3:85:bb:21:af:70:
                    13:9f:c1:a9:30:4e:98:ed:68:92:fc:ec:cc:67:a1:
                    c3:c0:fc:72:aa:56:32:f3:3c:16:f9:d6:d8:72:9d:
                    dd:74:0a:79:be:f6:ff:66:07:ef:ac:76:c8:bc:09:
                    96:55:83:15:a6:5e:3c:d7:a6:b0:c0:d7:c8:6a:76:
                    74:2d:38:68:79:3d:83:ae:49:0b:a0:c7:3f:dd:de:
                    58:33:77:dd:c6:c2:8e:38:b1:a2:25:0e:21:32:e1:
                    89:57:1a:be:1f:de:5a:f5:18:d1:a8:95:22:a5:57:
                    01:29:79:91:fa:84:0a:f5:c2:93:f9:57:6b:a0:00:
                    f6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:4B:49:78:57:64:8E:2B:26:E9:2A:5B:55:88:5E:43:8A:46:C3:9A
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/XEtJeFdkjism6SpbVYheQ4pGw5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4a:12:4b:da:10:4d:58:d8:e3:34:f3:35:be:5b:dd:6d:8c:d5:
         4f:1f:b1:3f:6c:92:bc:90:bd:fa:69:bd:94:16:35:9c:c5:e1:
         bb:2e:4e:4f:39:03:a9:f6:f0:dc:8d:e1:4b:90:42:01:eb:13:
         a7:f6:53:46:5f:97:70:0e:2d:a4:b8:99:c5:be:23:e7:ca:66:
         64:37:a7:40:f0:cc:1f:82:84:3e:d0:5a:ca:41:b2:8a:cd:4f:
         5c:47:8b:0f:31:12:d4:8a:63:22:86:ca:bd:01:09:52:d4:99:
         dd:89:4b:b0:6c:74:b9:2f:83:73:97:27:54:d3:fa:02:4c:31:
         c5:22:68:e0:7f:ca:42:aa:ab:4b:02:0f:55:49:c3:50:59:6a:
         3a:c5:ea:e5:e0:ea:f8:7d:b1:48:e9:d0:5b:ea:7a:c3:bc:69:
         fd:ce:9b:be:2d:72:ec:23:59:93:bd:bc:23:44:8e:eb:43:6a:
         ae:fb:86:8b:d4:e1:76:42:a1:12:43:e5:92:e5:35:6d:30:35:
         8b:08:29:a5:29:69:05:ab:d4:77:66:c1:01:22:dd:39:85:95:
         b9:ba:b0:45:1c:fe:8d:92:cc:42:ef:95:9f:d7:65:8b:d3:30:
         97:c2:b7:0b:5a:63:08:a0:74:ae:50:b5:fb:1b:97:63:9c:c0:
         28:0a:7c:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3O6Gs2rAkn5CQiqGljwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjQwMTAxMTYzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzRiNDk3ODU3NjQ4ZTJiMjZlOTJhNWI1NTg4NWU0MzhhNDZjMzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA8wNgmoNRYRaYHF8O4ZiGpLEQ6D
geBG/wjP3H2KbGy1ivCOBSgVnKSx1mKSEHKHE4WA89DCTPGkj2my2KhkmqJoUDEU
FVRRRMa8QAneVZFqi8WO55AFpWtX5Ok/8RXbUIynLeWObTnZmQzbI/7kiLZQ+UGn
dJVN91LGaxLFFwTjhbshr3ATn8GpME6Y7WiS/OzMZ6HDwPxyqlYy8zwW+dbYcp3d
dAp5vvb/ZgfvrHbIvAmWVYMVpl4816awwNfIanZ0LThoeT2DrkkLoMc/3d5YM3fd
xsKOOLGiJQ4hMuGJVxq+H95a9RjRqJUipVcBKXmR+oQK9cKT+VdroAD2QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxLSXhXZI4rJukqW1WIXkOKRsOaMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvWEV0SmVGZGtqaXNtNlNwYlZZaGVRNHBHdzVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFLuzgMA0G
CSqGSIb3DQEBCwUAA4IBAQBKEkvaEE1Y2OM08zW+W91tjNVPH7E/bJK8kL36ab2U
FjWcxeG7Lk5POQOp9vDcjeFLkEIB6xOn9lNGX5dwDi2kuJnFviPnymZkN6dA8Mwf
goQ+0FrKQbKKzU9cR4sPMRLUimMihsq9AQlS1JndiUuwbHS5L4NzlydU0/oCTDHF
Imjgf8pCqqtLAg9VScNQWWo6xerl4Or4fbFI6dBb6nrDvGn9zpu+LXLsI1mTvbwj
RI7rQ2qu+4aL1OF2QqESQ+WS5TVtMDWLCCmlKWkFq9R3ZsEBIt05hZW5urBFHP6N
ksxC75Wf12WL0zCXwrcLWmMIoHSuULX7G5djnMAoCnzf
-----END CERTIFICATE-----