Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/0lnGtrsFQqblrnk3MEBF9CMLPQs.roa
File:                     0lnGtrsFQqblrnk3MEBF9CMLPQs.roa (raw, json)
Hash identifier:          8BxzrST0hzac3F+ePuU9kY2EGpJTWqKRsaViYLUIDl8=
Subject key identifier:   D2:59:C6:B6:BB:05:42:A6:E5:AE:79:37:30:40:45:F4:23:0B:3D:0B
Certificate issuer:       /CN=6764b9eeca258ae78c4d51321a8bdfef9a2b6a3c
Certificate serial:       018CC5014E8BE842BD70F42FF589B3F6037A
Authority key identifier: 67:64:B9:EE:CA:25:8A:E7:8C:4D:51:32:1A:8B:DF:EF:9A:2B:6A:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/0lnGtrsFQqblrnk3MEBF9CMLPQs.roa
Signing time:             Mon 01 Jan 2024 12:30:46 +0000
ROA not before:           Mon 01 Jan 2024 12:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20912
IP address blocks:        193.36.109.0/24 maxlen: 24
                          193.36.108.0/24 maxlen: 24
                          193.36.108.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4e:8b:e8:42:bd:70:f4:2f:f5:89:b3:f6:03:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6764b9eeca258ae78c4d51321a8bdfef9a2b6a3c
        Validity
            Not Before: Jan  1 12:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d259c6b6bb0542a6e5ae7937304045f4230b3d0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:35:d2:de:57:22:15:cf:e3:e3:b5:f6:ff:d7:
                    52:ea:de:d3:55:e2:27:1f:d8:20:c1:b6:36:cf:8e:
                    ce:6f:f0:aa:47:bc:6f:a4:e1:c8:06:3e:08:b4:14:
                    d8:80:92:d4:fa:fb:7f:71:dd:47:75:ee:a0:cf:8c:
                    e6:6e:93:29:8c:85:cb:25:fe:a4:41:70:ae:f7:ef:
                    b5:b9:cf:95:05:62:45:ed:75:87:ac:ef:1a:31:c6:
                    1c:5c:a4:bc:4e:28:c7:c4:46:e0:d1:5c:8b:b0:05:
                    e3:9c:c3:ef:fb:2c:59:e1:9b:33:12:7a:4e:ba:6f:
                    ca:1c:10:8b:64:a2:5a:37:e1:19:ae:d9:10:0d:8c:
                    27:dd:13:18:ba:a1:f0:a7:7b:52:67:1d:e2:e8:43:
                    2f:a7:9f:42:a9:57:07:f0:c7:47:0e:49:2a:47:a8:
                    24:6e:a6:2f:e8:02:ce:8c:96:cb:96:59:f0:74:f7:
                    fa:b1:96:4e:3e:f1:86:94:00:58:71:20:89:64:55:
                    be:a3:38:4f:20:e9:ee:72:fd:1a:d1:18:50:66:41:
                    13:68:a7:fd:a3:57:d1:55:d8:62:46:00:6c:0d:2e:
                    52:90:70:33:3c:08:23:14:e3:e1:6e:94:12:81:cb:
                    7d:82:ba:4b:52:1e:55:5e:f9:4c:1f:10:39:c1:b1:
                    0d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:59:C6:B6:BB:05:42:A6:E5:AE:79:37:30:40:45:F4:23:0B:3D:0B
            X509v3 Authority Key Identifier:
                keyid:67:64:B9:EE:CA:25:8A:E7:8C:4D:51:32:1A:8B:DF:EF:9A:2B:6A:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z2S57soliueMTVEyGovf75orajw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/0lnGtrsFQqblrnk3MEBF9CMLPQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/e3335f-4114-4482-8e12-4256a46afeec/1/Z2S57soliueMTVEyGovf75orajw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c6:da:4f:9a:a3:c7:38:5b:d1:76:3f:8e:bf:db:7e:47:3b:f7:
         da:96:53:45:73:eb:4e:2a:b0:3d:33:09:a3:af:72:9e:04:01:
         9d:4d:3d:8c:5d:3b:66:e8:ff:b5:12:a5:1f:e9:fa:d6:b4:e2:
         c6:9a:97:5f:4a:e2:ff:c8:1d:32:ae:81:96:72:f7:bf:4b:02:
         60:78:d7:3a:42:21:a0:47:2d:81:86:42:4b:49:a9:4f:ec:32:
         78:1d:06:9b:74:b6:41:c8:46:f3:21:4e:e1:86:9f:aa:26:23:
         60:02:bb:03:cf:8f:06:24:09:a2:d6:c3:3f:5d:34:bb:1b:04:
         94:20:5e:f1:08:20:fb:56:53:a6:e9:9f:85:8e:a6:7b:79:49:
         04:ac:74:44:6a:68:6a:c8:c1:1c:a1:35:f9:1c:ec:d1:87:3f:
         38:63:f3:d5:ac:15:e5:61:33:c4:10:62:8e:9c:c9:94:8f:92:
         19:08:a2:09:7e:ea:d5:48:b8:88:39:d5:37:97:83:94:bf:1f:
         d3:9f:69:86:c0:62:9c:12:28:bd:ef:b6:f7:0c:99:c4:3a:04:
         5a:9c:40:00:82:78:79:51:6c:01:a8:23:8f:23:11:f2:e4:a9:
         72:fc:ba:fc:a8:f8:ad:55:b0:3b:38:17:d2:d7:c5:b7:f2:f5:
         87:da:f2:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAU6L6EK9cPQv9Ymz9gN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NjRiOWVlY2EyNThhZTc4YzRkNTEzMjFhOGJkZmVmOWEy
YjZhM2MwHhcNMjQwMTAxMTIzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjU5YzZiNmJiMDU0MmE2ZTVhZTc5MzczMDQwNDVmNDIzMGIzZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTXS3lciFc/j47X2/9dS6t7TVeIn
H9ggwbY2z47Ob/CqR7xvpOHIBj4ItBTYgJLU+vt/cd1Hde6gz4zmbpMpjIXLJf6k
QXCu9++1uc+VBWJF7XWHrO8aMcYcXKS8TijHxEbg0VyLsAXjnMPv+yxZ4ZszEnpO
um/KHBCLZKJaN+EZrtkQDYwn3RMYuqHwp3tSZx3i6EMvp59CqVcH8MdHDkkqR6gk
bqYv6ALOjJbLllnwdPf6sZZOPvGGlABYcSCJZFW+ozhPIOnucv0a0RhQZkETaKf9
o1fRVdhiRgBsDS5SkHAzPAgjFOPhbpQSgct9grpLUh5VXvlMHxA5wbENiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNJZxra7BUKm5a55NzBARfQjCz0LMB8GA1UdIwQY
MBaAFGdkue7KJYrnjE1RMhqL3++aK2o8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjJTNTdzb2xpdWVNVFZFeUdvdmY3NW9yYWp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9lMzMzNWYtNDExNC00NDgyLThlMTIt
NDI1NmE0NmFmZWVjLzEvMGxuR3Ryc0ZRcWJscm5rM01FQkY5Q01MUFFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9lMzMzNWYtNDExNC00NDgyLThlMTItNDI1NmE0NmFmZWVj
LzEvWjJTNTdzb2xpdWVNVFZFeUdvdmY3NW9yYWp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSRsMA0G
CSqGSIb3DQEBCwUAA4IBAQDG2k+ao8c4W9F2P46/235HO/fallNFc+tOKrA9Mwmj
r3KeBAGdTT2MXTtm6P+1EqUf6frWtOLGmpdfSuL/yB0yroGWcve/SwJgeNc6QiGg
Ry2BhkJLSalP7DJ4HQabdLZByEbzIU7hhp+qJiNgArsDz48GJAmi1sM/XTS7GwSU
IF7xCCD7VlOm6Z+FjqZ7eUkErHREamhqyMEcoTX5HOzRhz84Y/PVrBXlYTPEEGKO
nMmUj5IZCKIJfurVSLiIOdU3l4OUvx/Tn2mGwGKcEii977b3DJnEOgRanEAAgnh5
UWwBqCOPIxHy5Kly/Lr8qPitVbA7OBfS18W38vWH2vIG
-----END CERTIFICATE-----