Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/FxDDwgk9DvWPxevsCO5AUgMbbcA.roa
File:                     FxDDwgk9DvWPxevsCO5AUgMbbcA.roa (raw, json)
Hash identifier:          rQkyI6vPSPcy6m2ORmVHC6psFeC5ClNRzzN2ZP+sTYc=
Subject key identifier:   17:10:C3:C2:09:3D:0E:F5:8F:C5:EB:EC:08:EE:40:52:03:1B:6D:C0
Certificate issuer:       /CN=b236f231f35beef1bc6c2fc241750b4460f468c3
Certificate serial:       018CC86EF7A8138079A9CDE79BB7F77F7E32
Authority key identifier: B2:36:F2:31:F3:5B:EE:F1:BC:6C:2F:C2:41:75:0B:44:60:F4:68:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sjbyMfNb7vG8bC_CQXULRGD0aMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/FxDDwgk9DvWPxevsCO5AUgMbbcA.roa
Signing time:             Tue 02 Jan 2024 04:29:24 +0000
ROA not before:           Tue 02 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35057
IP address blocks:        194.150.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/sjbyMfNb7vG8bC_CQXULRGD0aMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/sjbyMfNb7vG8bC_CQXULRGD0aMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sjbyMfNb7vG8bC_CQXULRGD0aMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f7:a8:13:80:79:a9:cd:e7:9b:b7:f7:7f:7e:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b236f231f35beef1bc6c2fc241750b4460f468c3
        Validity
            Not Before: Jan  2 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1710c3c2093d0ef58fc5ebec08ee4052031b6dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:78:3f:46:fc:48:ad:97:14:77:8b:bb:f5:44:
                    c6:b8:4a:82:e5:15:7f:4b:53:3e:d2:48:0a:49:08:
                    e0:2f:1e:ed:38:ef:8f:72:3e:f5:0b:1e:a2:ae:d5:
                    11:02:62:dc:9e:cf:74:eb:d6:8e:0d:b0:57:44:8d:
                    88:a2:41:bc:21:89:86:1d:c9:18:b8:b5:f3:ad:d3:
                    c1:c8:d8:9d:a7:cc:68:26:b5:a3:aa:f4:36:44:c5:
                    03:5c:70:d3:57:5e:b2:55:78:90:a3:20:b8:e4:ca:
                    1d:32:6c:96:fe:1e:39:1d:b8:38:5c:6f:be:ab:59:
                    97:cd:5d:23:31:fe:05:51:ec:a8:22:84:27:b1:65:
                    a3:58:65:88:a5:72:07:d3:71:7b:ee:5c:d8:c0:26:
                    8e:65:43:73:7f:73:77:96:2c:7f:aa:72:4c:8f:6a:
                    54:b4:d5:06:b4:63:5f:c8:6e:f6:ce:fa:98:a0:38:
                    25:33:98:26:ae:de:42:b7:b9:a7:ae:74:9e:6e:06:
                    ff:6f:e5:f2:b3:33:db:24:02:ed:b9:bb:ca:68:9f:
                    f9:f9:7a:b3:1a:21:2c:1f:08:a0:e1:19:13:be:13:
                    24:82:72:80:6f:1d:cd:71:1d:a2:51:e6:70:7d:ec:
                    67:1b:8a:a2:46:22:46:88:03:09:81:cf:11:89:7f:
                    07:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:10:C3:C2:09:3D:0E:F5:8F:C5:EB:EC:08:EE:40:52:03:1B:6D:C0
            X509v3 Authority Key Identifier:
                keyid:B2:36:F2:31:F3:5B:EE:F1:BC:6C:2F:C2:41:75:0B:44:60:F4:68:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sjbyMfNb7vG8bC_CQXULRGD0aMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/FxDDwgk9DvWPxevsCO5AUgMbbcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/sjbyMfNb7vG8bC_CQXULRGD0aMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:64:a7:7c:e6:fb:36:ad:4a:29:dd:b6:6a:40:f0:d9:b6:64:
         45:ad:27:54:b8:5c:a3:16:c0:86:c8:e8:66:27:0e:6f:88:68:
         1f:63:26:a1:e5:aa:4e:39:d7:86:a9:3d:22:4a:ba:0e:f7:f5:
         6f:0c:2d:be:2b:2c:73:cb:08:4e:ab:49:8a:75:9f:3a:48:c6:
         97:d0:e1:f2:c5:19:3f:ec:b0:ce:56:32:2c:aa:fe:fc:60:18:
         35:8e:00:83:bd:68:49:56:93:87:7c:f2:8f:c0:42:4b:82:19:
         e2:85:e7:c6:60:9b:74:bb:a7:d4:7f:45:c7:d8:1e:5e:7f:56:
         06:cd:be:fc:46:47:36:2e:43:7d:e7:9f:51:91:db:6b:84:c3:
         86:1a:1e:ba:ad:ab:b6:61:f1:af:7f:5b:ab:b6:3a:97:c4:18:
         36:96:e1:b7:9d:5b:71:59:c4:ae:4c:61:7a:57:01:6f:e9:fa:
         e6:32:96:ef:3a:59:a7:68:26:8b:89:29:7c:4c:84:f0:8b:46:
         aa:3e:45:71:42:90:52:26:05:a4:f5:d5:9d:3f:0f:bc:1b:00:
         3f:fa:60:5f:96:06:93:e5:8d:87:cd:9b:1c:99:1d:89:4e:82:
         a9:a8:07:02:ef:29:a9:2d:50:f5:fb:93:59:61:d7:80:0a:8d:
         d8:2a:d5:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbveoE4B5qc3nm7f3f34yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMzZmMjMxZjM1YmVlZjFiYzZjMmZjMjQxNzUwYjQ0NjBm
NDY4YzMwHhcNMjQwMTAyMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzEwYzNjMjA5M2QwZWY1OGZjNWViZWMwOGVlNDA1MjAzMWI2ZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHg/RvxIrZcUd4u79UTGuEqC5RV/
S1M+0kgKSQjgLx7tOO+Pcj71Cx6irtURAmLcns9069aODbBXRI2IokG8IYmGHckY
uLXzrdPByNidp8xoJrWjqvQ2RMUDXHDTV16yVXiQoyC45ModMmyW/h45Hbg4XG++
q1mXzV0jMf4FUeyoIoQnsWWjWGWIpXIH03F77lzYwCaOZUNzf3N3lix/qnJMj2pU
tNUGtGNfyG72zvqYoDglM5gmrt5Ct7mnrnSebgb/b+XyszPbJALtubvKaJ/5+Xqz
GiEsHwig4RkTvhMkgnKAbx3NcR2iUeZwfexnG4qiRiJGiAMJgc8RiX8HXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcQw8IJPQ71j8Xr7AjuQFIDG23AMB8GA1UdIwQY
MBaAFLI28jHzW+7xvGwvwkF1C0Rg9GjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2pieU1mTmI3dkc4YkNfQ1FYVUxSR0QwYU1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8xMTdiOTYtZmU2ZC00YWMzLWI0OTkt
MjMzOTliMTI4NjM5LzEvRnhERHdnazlEdldQeGV2c0NPNUFVZ01iYmNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8xMTdiOTYtZmU2ZC00YWMzLWI0OTktMjMzOTliMTI4NjM5
LzEvc2pieU1mTmI3dkc4YkNfQ1FYVUxSR0QwYU1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpboMA0G
CSqGSIb3DQEBCwUAA4IBAQB1ZKd85vs2rUop3bZqQPDZtmRFrSdUuFyjFsCGyOhm
Jw5viGgfYyah5apOOdeGqT0iSroO9/VvDC2+KyxzywhOq0mKdZ86SMaX0OHyxRk/
7LDOVjIsqv78YBg1jgCDvWhJVpOHfPKPwEJLghnihefGYJt0u6fUf0XH2B5ef1YG
zb78Rkc2LkN9559RkdtrhMOGGh66rau2YfGvf1urtjqXxBg2luG3nVtxWcSuTGF6
VwFv6frmMpbvOlmnaCaLiSl8TITwi0aqPkVxQpBSJgWk9dWdPw+8GwA/+mBflgaT
5Y2HzZscmR2JToKpqAcC7ympLVD1+5NZYdeACo3YKtXa
-----END CERTIFICATE-----