Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/E9FfpYHRo1YkVzZHEm_XhRwM2hs.roa
File:                     E9FfpYHRo1YkVzZHEm_XhRwM2hs.roa (raw, json)
Hash identifier:          WXyd/hjgOOWQI+sc6uQlbBQ0GFQcfTNf0dRCsuvYsOQ=
Subject key identifier:   13:D1:5F:A5:81:D1:A3:56:24:57:36:47:12:6F:D7:85:1C:0C:DA:1B
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       018CC5DCC23D6E3A9CAE1F22E2D580BCA0B4
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/E9FfpYHRo1YkVzZHEm_XhRwM2hs.roa
Signing time:             Mon 01 Jan 2024 16:30:28 +0000
ROA not before:           Mon 01 Jan 2024 16:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202561
IP address blocks:        194.124.36.0/24 maxlen: 24
                          194.124.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 14:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:c2:3d:6e:3a:9c:ae:1f:22:e2:d5:80:bc:a0:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  1 16:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13d15fa581d1a35624573647126fd7851c0cda1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:56:37:10:e5:75:62:1f:c7:18:24:fe:03:49:
                    dc:9a:5c:35:21:fd:fd:b8:01:87:3f:19:af:9a:06:
                    82:d7:99:76:27:ca:65:43:d7:b1:a5:6d:01:35:3a:
                    85:0b:09:08:18:f8:fa:44:55:e5:7e:c9:f0:cc:84:
                    18:a2:df:55:62:d8:59:8a:c5:df:a1:b7:41:6e:44:
                    e1:a5:60:e7:65:05:9d:75:3e:c2:88:69:ab:fc:4e:
                    d6:9a:ea:ec:c7:2f:3b:03:af:67:1d:ba:28:21:75:
                    d0:ac:4a:ac:08:06:ec:48:36:78:f5:e2:0c:51:a0:
                    ba:69:8e:2d:22:db:79:ea:2e:dc:d5:bf:8c:f5:44:
                    4f:b2:b5:40:a7:9d:ef:e3:2b:ee:a3:98:b2:9e:ba:
                    77:69:05:60:12:8b:b0:fa:d4:01:94:eb:71:e3:bb:
                    30:33:27:74:3c:dc:33:9a:b6:45:39:5f:2f:16:91:
                    92:32:2d:89:6e:e3:13:45:6e:78:35:8d:89:6f:20:
                    fc:c8:9e:62:4e:66:cb:50:f0:3c:9f:26:77:1a:d2:
                    3b:de:05:9a:bc:21:5b:4c:36:af:5b:df:c7:ca:6b:
                    c9:7e:b0:e7:21:3d:d4:2a:2b:88:56:b5:72:bb:c6:
                    4d:ed:cf:96:a8:6c:6f:ff:09:9f:f8:3d:12:03:7b:
                    10:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:D1:5F:A5:81:D1:A3:56:24:57:36:47:12:6F:D7:85:1C:0C:DA:1B
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/E9FfpYHRo1YkVzZHEm_XhRwM2hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.124.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ab:3d:e1:45:58:86:4c:5b:51:79:75:3e:50:90:06:32:b0:55:
         fd:d2:8d:9f:3d:ca:8c:4c:31:7d:8e:3e:61:75:b5:a1:e9:2c:
         36:7a:f7:f3:a9:55:ea:fd:13:5d:51:2a:96:d1:e0:37:a0:2a:
         b2:87:91:e5:00:d3:29:c7:d1:a6:6f:8a:58:30:b0:d7:19:a6:
         d1:da:36:93:40:86:a7:b4:5a:25:2d:13:c3:52:84:07:f7:9a:
         7d:a2:5a:23:01:f0:65:67:a9:f3:3f:9a:b8:c7:bf:61:29:82:
         a3:82:5a:c3:36:c8:74:f4:76:00:59:32:b9:2c:14:f4:e8:87:
         18:0c:a3:9e:c9:3b:1b:e3:16:72:5b:1c:e5:aa:71:95:c6:15:
         57:e3:ce:84:0d:c5:04:c0:0e:c6:76:d2:34:39:1a:2a:b4:6a:
         90:3a:72:d3:1d:a1:20:8b:64:ae:65:5d:f4:32:82:c7:73:53:
         90:b0:90:a1:90:ce:15:fe:51:87:d3:2c:55:b2:d2:af:c2:f8:
         98:a3:0a:f8:93:04:6a:c9:9c:32:c2:fd:59:73:1e:fb:d1:b9:
         d0:44:40:2c:90:80:2d:3e:9c:26:a8:88:52:a5:35:d6:90:58:
         de:8a:b3:b0:32:71:35:2d:00:aa:d2:94:7e:1a:8a:a6:19:74:
         a4:58:e8:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3MI9bjqcrh8i4tWAvKC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjQwMTAxMTYzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2QxNWZhNTgxZDFhMzU2MjQ1NzM2NDcxMjZmZDc4NTFjMGNkYTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglY3EOV1Yh/HGCT+A0ncmlw1If39
uAGHPxmvmgaC15l2J8plQ9expW0BNTqFCwkIGPj6RFXlfsnwzIQYot9VYthZisXf
obdBbkThpWDnZQWddT7CiGmr/E7Wmursxy87A69nHbooIXXQrEqsCAbsSDZ49eIM
UaC6aY4tItt56i7c1b+M9URPsrVAp53v4yvuo5iynrp3aQVgEouw+tQBlOtx47sw
Myd0PNwzmrZFOV8vFpGSMi2JbuMTRW54NY2JbyD8yJ5iTmbLUPA8nyZ3GtI73gWa
vCFbTDavW9/HymvJfrDnIT3UKiuIVrVyu8ZN7c+WqGxv/wmf+D0SA3sQ0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPRX6WB0aNWJFc2RxJv14UcDNobMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvRTlGZnBZSFJvMVlrVnpaSEVtX1hoUndNMmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwnwkMA0G
CSqGSIb3DQEBCwUAA4IBAQCrPeFFWIZMW1F5dT5QkAYysFX90o2fPcqMTDF9jj5h
dbWh6Sw2evfzqVXq/RNdUSqW0eA3oCqyh5HlANMpx9Gmb4pYMLDXGabR2jaTQIan
tFolLRPDUoQH95p9olojAfBlZ6nzP5q4x79hKYKjglrDNsh09HYAWTK5LBT06IcY
DKOeyTsb4xZyWxzlqnGVxhVX486EDcUEwA7GdtI0ORoqtGqQOnLTHaEgi2SuZV30
MoLHc1OQsJChkM4V/lGH0yxVstKvwviYowr4kwRqyZwywv1Zcx770bnQREAskIAt
PpwmqIhSpTXWkFjeirOwMnE1LQCq0pR+GoqmGXSkWOil
-----END CERTIFICATE-----