Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/36DNFidq4QKds8boYhaEJHVKa6I.roa
File:                     36DNFidq4QKds8boYhaEJHVKa6I.roa (raw, json)
Hash identifier:          /iFXDpWKAqmTw3nNVieAW77OvIaF41sD9J8zNrHUjVM=
Subject key identifier:   DF:A0:CD:16:27:6A:E1:02:9D:B3:C6:E8:62:16:84:24:75:4A:6B:A2
Certificate issuer:       /CN=659c356633388e9bd897d000a3f38bc1e546ef4a
Certificate serial:       018CC50133C567986EAAEBE548C9B3E21BCB
Authority key identifier: 65:9C:35:66:33:38:8E:9B:D8:97:D0:00:A3:F3:8B:C1:E5:46:EF:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/36DNFidq4QKds8boYhaEJHVKa6I.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2386
IP address blocks:        193.38.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:33:c5:67:98:6e:aa:eb:e5:48:c9:b3:e2:1b:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=659c356633388e9bd897d000a3f38bc1e546ef4a
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfa0cd16276ae1029db3c6e862168424754a6ba2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:78:28:c7:d1:cb:99:2d:8b:5f:66:f0:33:8f:
                    a6:43:2c:4d:f8:5b:b1:11:f9:4f:88:e9:83:e7:d7:
                    3a:ae:e0:01:10:1f:b6:ec:fa:cf:2f:5f:8f:ff:70:
                    57:65:d8:f2:64:0c:d7:94:a0:35:e3:74:b8:b0:95:
                    19:c0:25:6a:ed:c1:ce:e9:11:ab:6e:9d:55:4f:e8:
                    f1:0b:c6:02:75:10:ec:aa:24:a0:3a:3a:9e:dc:66:
                    2d:fc:5f:2e:37:ce:80:0d:ff:5b:3e:28:2a:a5:9e:
                    0f:78:03:11:e4:6f:0e:ad:0c:d6:2a:1b:fc:82:3e:
                    a7:9f:c5:f2:61:6b:9f:e8:e6:0b:89:83:53:aa:70:
                    6f:b9:32:6c:97:3e:2e:d6:6b:24:ae:e2:89:9b:dd:
                    80:9f:1f:6a:c6:e7:f8:5b:83:78:a9:b5:9c:d1:c6:
                    62:f8:c0:1a:66:b4:2d:ef:7b:5e:56:3e:fb:72:bd:
                    1b:ee:bf:41:1d:fe:11:1a:d0:8a:d1:6a:9a:c9:8f:
                    ee:ad:38:d7:2e:70:5e:1d:2d:21:c7:44:65:7e:5a:
                    c4:de:e6:62:56:fa:f6:38:4a:b1:93:7d:84:ff:19:
                    20:ab:76:63:78:b7:64:c1:3e:d5:86:67:d3:8f:f0:
                    f5:fa:2e:a1:1a:5f:0d:e8:03:70:08:59:42:ad:5c:
                    79:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A0:CD:16:27:6A:E1:02:9D:B3:C6:E8:62:16:84:24:75:4A:6B:A2
            X509v3 Authority Key Identifier:
                keyid:65:9C:35:66:33:38:8E:9B:D8:97:D0:00:A3:F3:8B:C1:E5:46:EF:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/36DNFidq4QKds8boYhaEJHVKa6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:2d:9b:92:0c:7a:60:3b:21:b3:e5:1e:ac:cf:7f:d0:7d:ab:
         41:fe:ee:10:7b:79:ed:ed:51:db:a0:65:8f:5f:d9:56:77:cd:
         39:ef:8f:79:e7:9b:b3:c7:3e:a4:34:61:fe:d3:0d:94:aa:c1:
         8a:e9:14:da:e2:85:4e:c0:06:3c:e8:f1:95:55:b9:b8:8a:f0:
         a1:f4:c7:30:97:a1:56:bd:f1:e5:da:8d:5b:82:f0:f0:71:40:
         fe:7d:cc:f4:b2:61:ef:86:ab:f3:33:52:ec:e5:f2:d9:c3:2a:
         3d:8c:03:4e:9b:97:de:b0:04:b3:49:65:db:06:3e:77:a6:45:
         b1:9f:85:a9:80:c6:90:40:b1:11:42:9a:43:ef:c0:7f:40:f5:
         f7:de:af:31:3c:e8:9a:ab:d7:27:9a:70:f3:fd:fb:30:21:23:
         46:4c:76:a9:2b:e5:9d:9f:03:42:61:4c:e8:13:3b:43:43:b7:
         02:d0:d8:f8:66:05:2e:50:77:ad:26:c9:3c:48:52:c1:dc:87:
         3b:be:50:ac:98:61:5c:61:6d:2c:7e:a6:cb:5f:7f:da:f0:33:
         c5:ce:a1:96:a8:a9:4b:fa:8a:96:01:15:0c:56:dc:01:cf:3e:
         db:b0:a0:d0:4c:2c:19:f9:05:41:05:44:4f:a8:fa:de:f2:51:
         7c:57:f2:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATPFZ5huquvlSMmz4hvLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1OWMzNTY2MzMzODhlOWJkODk3ZDAwMGEzZjM4YmMxZTU0
NmVmNGEwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmEwY2QxNjI3NmFlMTAyOWRiM2M2ZTg2MjE2ODQyNDc1NGE2YmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3gox9HLmS2LX2bwM4+mQyxN+Fux
EflPiOmD59c6ruABEB+27PrPL1+P/3BXZdjyZAzXlKA143S4sJUZwCVq7cHO6RGr
bp1VT+jxC8YCdRDsqiSgOjqe3GYt/F8uN86ADf9bPigqpZ4PeAMR5G8OrQzWKhv8
gj6nn8XyYWuf6OYLiYNTqnBvuTJslz4u1mskruKJm92Anx9qxuf4W4N4qbWc0cZi
+MAaZrQt73teVj77cr0b7r9BHf4RGtCK0WqayY/urTjXLnBeHS0hx0RlflrE3uZi
Vvr2OEqxk32E/xkgq3ZjeLdkwT7VhmfTj/D1+i6hGl8N6ANwCFlCrVx5UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+gzRYnauECnbPG6GIWhCR1SmuiMB8GA1UdIwQY
MBaAFGWcNWYzOI6b2JfQAKPzi8HlRu9KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlp3MVpqTTRqcHZZbDlBQW9fT0x3ZVZHNzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC83Yzc4NTEtNTg1Yi00OWYxLThiZTkt
M2M3ZTRmOTNlNDJiLzEvMzZETkZpZHE0UUtkczhib1loYUVKSFZLYTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC83Yzc4NTEtNTg1Yi00OWYxLThiZTktM2M3ZTRmOTNlNDJi
LzEvWlp3MVpqTTRqcHZZbDlBQW9fT0x3ZVZHNzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSarMA0G
CSqGSIb3DQEBCwUAA4IBAQAALZuSDHpgOyGz5R6sz3/QfatB/u4Qe3nt7VHboGWP
X9lWd805749555uzxz6kNGH+0w2UqsGK6RTa4oVOwAY86PGVVbm4ivCh9Mcwl6FW
vfHl2o1bgvDwcUD+fcz0smHvhqvzM1Ls5fLZwyo9jANOm5fesASzSWXbBj53pkWx
n4WpgMaQQLERQppD78B/QPX33q8xPOiaq9cnmnDz/fswISNGTHapK+WdnwNCYUzo
EztDQ7cC0Nj4ZgUuUHetJsk8SFLB3Ic7vlCsmGFcYW0sfqbLX3/a8DPFzqGWqKlL
+oqWARUMVtwBzz7bsKDQTCwZ+QVBBURPqPre8lF8V/LC
-----END CERTIFICATE-----