Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/xzmUjXz0TFi_Rwk-kyX0xw08cOI.roa
File:                     xzmUjXz0TFi_Rwk-kyX0xw08cOI.roa (raw, json)
Hash identifier:          32uo5MqqbUNI04ZJloklQZ2maj51+OJEZjPnMqNNrO0=
Subject key identifier:   C7:39:94:8D:7C:F4:4C:58:BF:47:09:3E:93:25:F4:C7:0D:3C:70:E2
Certificate issuer:       /CN=e2636e02f1554f70d971a656849c01bdff138ce8
Certificate serial:       01922468EBC833940A87949F5D1A66E4B700
Authority key identifier: E2:63:6E:02:F1:55:4F:70:D9:71:A6:56:84:9C:01:BD:FF:13:8C:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/xzmUjXz0TFi_Rwk-kyX0xw08cOI.roa
Signing time:             Tue 24 Sep 2024 14:21:48 +0000
ROA not before:           Tue 24 Sep 2024 14:21:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134176
IP address blocks:        185.171.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:68:eb:c8:33:94:0a:87:94:9f:5d:1a:66:e4:b7:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2636e02f1554f70d971a656849c01bdff138ce8
        Validity
            Not Before: Sep 24 14:21:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c739948d7cf44c58bf47093e9325f4c70d3c70e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:79:94:92:c2:04:6a:b8:75:02:87:3e:f6:91:
                    28:83:5d:db:bd:6f:5b:a0:10:7a:d7:bd:04:90:2b:
                    f9:dc:76:0e:9a:7d:eb:27:b0:b6:6c:b6:3e:90:78:
                    6f:43:a3:84:b2:d4:84:69:01:08:a2:24:9f:84:f7:
                    e1:41:56:9e:b5:e4:5c:75:15:01:05:e5:f2:b0:85:
                    26:8e:d0:5e:6c:68:a8:32:9d:7b:0d:43:ed:74:a1:
                    ad:50:08:ad:9c:81:b5:00:48:8b:06:8c:90:a1:c4:
                    de:7f:80:1a:8b:5e:fb:c7:80:53:5a:14:a1:35:da:
                    31:39:65:34:cc:91:a9:50:1a:43:7c:e5:ab:ea:b5:
                    8b:2e:99:fc:a3:01:84:14:05:0f:a9:6d:8d:53:f0:
                    c3:e3:7f:9b:36:9e:c8:6e:57:72:69:75:8c:59:de:
                    77:92:3c:41:d5:38:88:71:ed:9e:0b:76:0b:f1:ef:
                    ff:ab:bd:3c:a5:b8:1e:11:60:99:ee:7e:f5:47:e9:
                    c1:d7:24:81:82:92:c5:7f:96:fc:07:33:ab:5e:12:
                    d1:f7:dc:2d:6d:c0:07:14:a2:d7:0b:f3:41:76:ea:
                    85:5e:3d:65:67:0b:bf:a9:28:08:fd:9f:5f:6d:ba:
                    3a:65:8a:a5:15:ee:fa:3e:fa:61:ca:17:cb:93:d0:
                    89:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:39:94:8D:7C:F4:4C:58:BF:47:09:3E:93:25:F4:C7:0D:3C:70:E2
            X509v3 Authority Key Identifier:
                keyid:E2:63:6E:02:F1:55:4F:70:D9:71:A6:56:84:9C:01:BD:FF:13:8C:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4mNuAvFVT3DZcaZWhJwBvf8TjOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/xzmUjXz0TFi_Rwk-kyX0xw08cOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b35513-ebdb-4550-a7d4-12f9f733dc4f/1/4mNuAvFVT3DZcaZWhJwBvf8TjOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:19:b4:d7:34:1d:7a:c8:d3:13:63:5b:c7:ba:84:6f:5e:9f:
         c2:56:16:73:5f:be:ad:b0:3d:5a:7c:69:4d:32:34:c7:02:b3:
         f1:5f:42:2c:f1:f6:17:47:fa:7e:1f:b0:0d:c8:dc:69:e5:ab:
         ff:51:a0:16:54:d4:d8:6a:43:4b:5e:74:e4:a6:6a:f4:14:2b:
         2a:35:47:14:2f:fe:7d:d7:e0:2b:ee:e6:71:72:99:bd:ef:e2:
         52:8d:73:5a:f6:70:55:2c:2b:d1:24:0e:52:0e:ac:32:b3:f3:
         0c:81:36:ed:c3:2f:ad:c2:19:7a:2e:c2:2c:5c:d7:fc:93:78:
         1d:3f:58:6b:8d:78:42:01:f0:5c:68:71:16:ad:44:4b:52:c0:
         94:e6:9a:fa:f6:d1:a4:e0:bb:42:27:b4:e2:20:af:77:21:88:
         a2:74:6b:2b:26:bb:9d:08:d8:41:0c:a0:a4:9d:d7:69:b5:57:
         fc:91:71:b6:0d:33:36:63:4d:0a:04:6f:65:f7:03:f5:8c:be:
         a5:62:41:13:b4:6d:8f:d1:7b:bb:8b:2e:ca:cf:d1:a8:f2:40:
         b3:7b:38:6e:4c:57:05:2f:a7:ad:c5:6f:49:c8:33:68:78:ee:
         fe:cc:65:30:e7:9c:40:7e:4a:56:2c:17:c0:ff:43:84:41:54:
         81:53:0d:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIkaOvIM5QKh5SfXRpm5LcAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNjM2ZTAyZjE1NTRmNzBkOTcxYTY1Njg0OWMwMWJkZmYx
MzhjZTgwHhcNMjQwOTI0MTQyMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzM5OTQ4ZDdjZjQ0YzU4YmY0NzA5M2U5MzI1ZjRjNzBkM2M3MGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3mUksIEarh1Aoc+9pEog13bvW9b
oBB6170EkCv53HYOmn3rJ7C2bLY+kHhvQ6OEstSEaQEIoiSfhPfhQVaeteRcdRUB
BeXysIUmjtBebGioMp17DUPtdKGtUAitnIG1AEiLBoyQocTef4Aai177x4BTWhSh
NdoxOWU0zJGpUBpDfOWr6rWLLpn8owGEFAUPqW2NU/DD43+bNp7IbldyaXWMWd53
kjxB1TiIce2eC3YL8e//q708pbgeEWCZ7n71R+nB1ySBgpLFf5b8BzOrXhLR99wt
bcAHFKLXC/NBduqFXj1lZwu/qSgI/Z9fbbo6ZYqlFe76PvphyhfLk9CJnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMc5lI189ExYv0cJPpMl9McNPHDiMB8GA1UdIwQY
MBaAFOJjbgLxVU9w2XGmVoScAb3/E4zoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG1OdUF2RlZUM0RaY2FaV2hKd0J2ZjhUak9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMzU1MTMtZWJkYi00NTUwLWE3ZDQt
MTJmOWY3MzNkYzRmLzEveHptVWpYejBURmlfUndrLWt5WDB4dzA4Y09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMzU1MTMtZWJkYi00NTUwLWE3ZDQtMTJmOWY3MzNkYzRm
LzEvNG1OdUF2RlZUM0RaY2FaV2hKd0J2ZjhUak9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaugMA0G
CSqGSIb3DQEBCwUAA4IBAQB8GbTXNB16yNMTY1vHuoRvXp/CVhZzX76tsD1afGlN
MjTHArPxX0Is8fYXR/p+H7ANyNxp5av/UaAWVNTYakNLXnTkpmr0FCsqNUcUL/59
1+Ar7uZxcpm97+JSjXNa9nBVLCvRJA5SDqwys/MMgTbtwy+twhl6LsIsXNf8k3gd
P1hrjXhCAfBcaHEWrURLUsCU5pr69tGk4LtCJ7TiIK93IYiidGsrJrudCNhBDKCk
nddptVf8kXG2DTM2Y00KBG9l9wP1jL6lYkETtG2P0Xu7iy7Kz9Go8kCzezhuTFcF
L6etxW9JyDNoeO7+zGUw55xAfkpWLBfA/0OEQVSBUw04
-----END CERTIFICATE-----