Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/cc_r40oUhgL_7XkYPn0Hil9x9VQ.roa
File:                     cc_r40oUhgL_7XkYPn0Hil9x9VQ.roa (raw, json)
Hash identifier:          M7FNtwf1+sOPDqpusepS/0UE7yEpfca4+uiOS67bjG4=
Subject key identifier:   71:CF:EB:E3:4A:14:86:02:FF:ED:79:18:3E:7D:07:8A:5F:71:F5:54
Certificate issuer:       /CN=b236f231f35beef1bc6c2fc241750b4460f468c3
Certificate serial:       018CC86EF754720C1EBD578A7ED40D512E7D
Authority key identifier: B2:36:F2:31:F3:5B:EE:F1:BC:6C:2F:C2:41:75:0B:44:60:F4:68:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sjbyMfNb7vG8bC_CQXULRGD0aMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/cc_r40oUhgL_7XkYPn0Hil9x9VQ.roa
Signing time:             Tue 02 Jan 2024 04:29:24 +0000
ROA not before:           Tue 02 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25193
IP address blocks:        194.150.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/sjbyMfNb7vG8bC_CQXULRGD0aMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/sjbyMfNb7vG8bC_CQXULRGD0aMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sjbyMfNb7vG8bC_CQXULRGD0aMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:f7:54:72:0c:1e:bd:57:8a:7e:d4:0d:51:2e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b236f231f35beef1bc6c2fc241750b4460f468c3
        Validity
            Not Before: Jan  2 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71cfebe34a148602ffed79183e7d078a5f71f554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ce:e0:0a:8c:87:ec:d8:34:90:ab:eb:18:d8:
                    c4:e9:f4:4d:c1:73:dc:06:a1:ff:9e:75:94:ab:9c:
                    e4:2c:c7:b9:2f:9f:8f:cf:5e:7c:53:9c:3d:f6:cb:
                    d0:0f:e4:cf:e1:31:50:10:8e:94:a4:7a:9a:aa:c7:
                    a0:96:0d:36:01:9e:6b:b9:0e:95:92:80:1f:c4:2a:
                    bb:94:52:fb:cc:59:c7:ad:c8:a1:cf:08:d4:88:18:
                    6b:2c:67:2d:15:68:ea:84:9a:0a:da:55:1e:d2:36:
                    e4:fc:6f:49:04:f4:b0:df:ba:ee:69:0a:06:9e:f0:
                    71:7f:f3:7b:a6:e4:76:23:3e:2d:a6:80:95:e1:71:
                    d2:d1:36:38:9c:df:fb:47:df:e1:85:42:99:69:32:
                    6e:8b:47:5e:84:d4:75:ef:b9:f1:3c:a8:d4:39:09:
                    29:bb:b8:b3:75:f4:9a:55:88:dc:5c:3c:e1:f9:9e:
                    85:dc:21:b5:51:d9:0c:08:b1:01:d1:e0:7b:b6:dd:
                    ef:ef:ae:f4:4f:9a:b7:d9:5c:d8:4a:f9:d3:1f:75:
                    5a:84:4c:af:2b:6f:18:b3:84:9a:48:1c:c9:1a:26:
                    69:88:66:3a:e0:5b:37:1b:97:c0:3a:6f:69:9b:d0:
                    a0:64:31:1a:41:1b:bf:e6:64:09:6d:fe:5c:6f:2f:
                    70:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:CF:EB:E3:4A:14:86:02:FF:ED:79:18:3E:7D:07:8A:5F:71:F5:54
            X509v3 Authority Key Identifier:
                keyid:B2:36:F2:31:F3:5B:EE:F1:BC:6C:2F:C2:41:75:0B:44:60:F4:68:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sjbyMfNb7vG8bC_CQXULRGD0aMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/cc_r40oUhgL_7XkYPn0Hil9x9VQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/117b96-fe6d-4ac3-b499-23399b128639/1/sjbyMfNb7vG8bC_CQXULRGD0aMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.150.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:e0:64:d1:be:61:91:4a:2e:dc:45:54:e8:0d:67:cc:b8:87:
         23:15:7d:cb:d9:61:e4:15:86:b3:ee:82:7c:68:b1:48:34:05:
         ff:68:a4:98:dd:9f:ee:61:4b:0b:78:98:cc:69:7f:15:db:ad:
         14:3b:38:6d:12:54:5c:22:24:60:32:95:63:b0:42:6d:db:79:
         d0:eb:09:0e:09:2e:6f:00:81:ee:13:14:5a:6c:a7:1a:6a:f3:
         a0:45:18:10:e9:0b:e5:0c:85:f0:8d:f4:6e:85:e4:8d:c6:02:
         45:cc:ee:1c:32:b7:d4:22:7c:4c:18:7e:b2:a6:6f:89:32:fe:
         e3:26:23:74:7e:81:f0:c3:9d:f7:05:0d:b2:8b:96:6a:d6:5e:
         6c:0d:89:3d:f2:c5:27:8f:14:3d:ba:6e:4d:0c:f0:d8:57:0e:
         15:38:97:b4:68:50:48:8d:de:77:a8:ff:e9:25:72:f2:ca:1f:
         49:05:dc:b5:80:74:1a:4d:0f:87:33:55:3e:6b:6d:1c:19:d6:
         0a:c2:c3:34:c4:3f:ec:5f:5e:d3:c3:01:2f:20:b7:5e:6a:59:
         0d:f8:84:aa:87:4e:dd:c8:38:28:b0:6e:62:ca:73:e5:a0:80:
         bd:61:47:fc:a8:f3:17:7a:4d:52:a8:f1:74:c0:27:3a:0b:30:
         b8:e4:40:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvdUcgwevVeKftQNUS59MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMzZmMjMxZjM1YmVlZjFiYzZjMmZjMjQxNzUwYjQ0NjBm
NDY4YzMwHhcNMjQwMTAyMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWNmZWJlMzRhMTQ4NjAyZmZlZDc5MTgzZTdkMDc4YTVmNzFmNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgs7gCoyH7Ng0kKvrGNjE6fRNwXPc
BqH/nnWUq5zkLMe5L5+Pz158U5w99svQD+TP4TFQEI6UpHqaqseglg02AZ5ruQ6V
koAfxCq7lFL7zFnHrcihzwjUiBhrLGctFWjqhJoK2lUe0jbk/G9JBPSw37ruaQoG
nvBxf/N7puR2Iz4tpoCV4XHS0TY4nN/7R9/hhUKZaTJui0dehNR177nxPKjUOQkp
u7izdfSaVYjcXDzh+Z6F3CG1UdkMCLEB0eB7tt3v7670T5q32VzYSvnTH3VahEyv
K28Ys4SaSBzJGiZpiGY64Fs3G5fAOm9pm9CgZDEaQRu/5mQJbf5cby9wHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHP6+NKFIYC/+15GD59B4pfcfVUMB8GA1UdIwQY
MBaAFLI28jHzW+7xvGwvwkF1C0Rg9GjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2pieU1mTmI3dkc4YkNfQ1FYVUxSR0QwYU1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8xMTdiOTYtZmU2ZC00YWMzLWI0OTkt
MjMzOTliMTI4NjM5LzEvY2NfcjQwb1VoZ0xfN1hrWVBuMEhpbDl4OVZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8xMTdiOTYtZmU2ZC00YWMzLWI0OTktMjMzOTliMTI4NjM5
LzEvc2pieU1mTmI3dkc4YkNfQ1FYVUxSR0QwYU1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpbpMA0G
CSqGSIb3DQEBCwUAA4IBAQCp4GTRvmGRSi7cRVToDWfMuIcjFX3L2WHkFYaz7oJ8
aLFINAX/aKSY3Z/uYUsLeJjMaX8V260UOzhtElRcIiRgMpVjsEJt23nQ6wkOCS5v
AIHuExRabKcaavOgRRgQ6QvlDIXwjfRuheSNxgJFzO4cMrfUInxMGH6ypm+JMv7j
JiN0foHww533BQ2yi5Zq1l5sDYk98sUnjxQ9um5NDPDYVw4VOJe0aFBIjd53qP/p
JXLyyh9JBdy1gHQaTQ+HM1U+a20cGdYKwsM0xD/sX17TwwEvILdealkN+ISqh07d
yDgosG5iynPloIC9YUf8qPMXek1SqPF0wCc6CzC45EAE
-----END CERTIFICATE-----