Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/XOKDLrkBEQpa-cDlmHYmtXnAHsY.roa
File:                     XOKDLrkBEQpa-cDlmHYmtXnAHsY.roa (raw, json)
Hash identifier:          6ChnoXQLw0XNJNhH/OMKB/An4kpuJ/y2+g7uT8Bx6Nw=
Subject key identifier:   5C:E2:83:2E:B9:01:11:0A:5A:F9:C0:E5:98:76:26:B5:79:C0:1E:C6
Certificate issuer:       /CN=f4e018fddfd422517c3069e75658657b40e73601
Certificate serial:       018E669A0697DD8AE29E3A5987438250297E
Authority key identifier: F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/XOKDLrkBEQpa-cDlmHYmtXnAHsY.roa
Signing time:             Fri 22 Mar 2024 14:39:14 +0000
ROA not before:           Fri 22 Mar 2024 14:39:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34037
IP address blocks:        141.136.32.0/24 maxlen: 24
                          141.136.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:9a:06:97:dd:8a:e2:9e:3a:59:87:43:82:50:29:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4e018fddfd422517c3069e75658657b40e73601
        Validity
            Not Before: Mar 22 14:39:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ce2832eb901110a5af9c0e5987626b579c01ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:22:0f:af:a2:6c:29:f1:bc:86:dc:3f:67:a1:
                    fc:2b:99:af:c4:aa:5e:74:0a:2b:36:2c:37:3f:b8:
                    7a:f6:d9:7e:4a:ce:5f:da:1e:db:95:12:f9:7a:49:
                    6b:79:9e:b8:0e:4e:c9:11:84:ca:37:67:f0:70:0d:
                    6d:c4:66:9a:36:e9:88:29:6a:5e:6c:24:b7:4d:4d:
                    ff:2f:63:a3:d4:a4:2c:80:7f:34:65:95:be:35:bd:
                    8d:0b:15:31:59:24:81:ea:3e:b5:2c:f8:4a:ef:52:
                    a5:ce:d8:29:60:35:49:1c:7d:5a:c2:84:c7:e3:ac:
                    84:37:b9:80:40:c4:49:39:6c:ac:0c:c1:5e:c1:e0:
                    2b:06:9f:c1:77:4d:21:c2:09:0d:47:3c:08:79:d6:
                    d3:91:d7:95:ba:f1:01:ba:c9:9a:25:ee:05:66:c9:
                    93:b4:a2:99:64:4b:9b:ba:4d:b2:5b:86:98:7b:56:
                    a5:d0:07:14:ea:af:6b:e9:bd:31:0a:74:08:57:08:
                    e7:8e:b6:dc:87:b6:2e:79:93:4c:ad:2a:66:97:20:
                    1c:dd:e3:a9:26:e6:e7:3d:90:f8:cf:a3:23:18:ba:
                    b6:43:79:43:44:a0:4f:e8:86:52:b0:bc:b3:7f:d6:
                    56:2a:c1:d3:d4:a9:0a:d7:48:98:83:4e:0d:b6:30:
                    c9:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:E2:83:2E:B9:01:11:0A:5A:F9:C0:E5:98:76:26:B5:79:C0:1E:C6
            X509v3 Authority Key Identifier:
                keyid:F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/XOKDLrkBEQpa-cDlmHYmtXnAHsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.136.32.0/24
                  141.136.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:24:c7:aa:30:0d:ff:03:8b:64:07:8b:f8:bf:74:46:07:4d:
         3d:b0:f5:2a:be:c3:8f:e4:54:fc:aa:65:7e:88:74:70:45:04:
         6e:ea:86:90:ef:1c:bc:02:03:33:b0:62:6d:08:b4:64:ab:15:
         22:f2:49:a6:d6:41:86:0f:20:eb:f0:89:2b:f7:32:f6:31:51:
         ff:35:73:e5:3d:b6:51:14:38:56:60:de:d0:df:29:72:5f:2c:
         d3:fd:c2:31:08:4f:e3:84:32:72:cd:ed:2f:c8:9a:31:57:46:
         a9:3c:6c:c5:6e:4e:c2:42:c6:40:e6:a4:a2:31:f0:58:c3:c5:
         b4:5f:31:80:6c:8b:78:ed:c5:95:cc:01:d8:05:ed:f8:d7:8f:
         20:70:79:aa:78:91:71:2b:dc:2f:bd:11:9d:3c:ff:46:37:56:
         69:0d:e6:4f:0d:38:8c:4b:08:f5:0c:b6:ae:cb:8e:20:06:64:
         8a:24:34:02:99:44:28:84:25:a0:7d:6e:4c:1c:ff:76:0d:b3:
         17:67:87:c8:0f:39:a3:d6:f6:75:88:87:79:28:13:2e:cd:0c:
         a6:c3:3d:00:40:6b:ae:e4:87:03:32:51:3e:38:6d:c9:e6:ed:
         41:2b:59:e4:cc:09:64:5b:43:a8:e1:4c:7a:4c:9a:12:25:54:
         78:f5:f4:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5mmgaX3YrinjpZh0OCUCl+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTAxOGZkZGZkNDIyNTE3YzMwNjllNzU2NTg2NTdiNDBl
NzM2MDEwHhcNMjQwMzIyMTQzOTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2UyODMyZWI5MDExMTBhNWFmOWMwZTU5ODc2MjZiNTc5YzAxZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApCIPr6JsKfG8htw/Z6H8K5mvxKpe
dAorNiw3P7h69tl+Ss5f2h7blRL5eklreZ64Dk7JEYTKN2fwcA1txGaaNumIKWpe
bCS3TU3/L2Oj1KQsgH80ZZW+Nb2NCxUxWSSB6j61LPhK71KlztgpYDVJHH1awoTH
46yEN7mAQMRJOWysDMFeweArBp/Bd00hwgkNRzwIedbTkdeVuvEBusmaJe4FZsmT
tKKZZEubuk2yW4aYe1al0AcU6q9r6b0xCnQIVwjnjrbch7YueZNMrSpmlyAc3eOp
JubnPZD4z6MjGLq2Q3lDRKBP6IZSsLyzf9ZWKsHT1KkK10iYg04NtjDJ3wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFzigy65AREKWvnA5Zh2JrV5wB7GMB8GA1UdIwQY
MBaAFPTgGP3f1CJRfDBp51ZYZXtA5zYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQt
NzBmOTRkNWVlNWZjLzEvWE9LRExya0JFUXBhLWNEbG1IWW10WG5BSHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQtNzBmOTRkNWVlNWZj
LzEvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjYggAwQA
jYglMA0GCSqGSIb3DQEBCwUAA4IBAQA+JMeqMA3/A4tkB4v4v3RGB009sPUqvsOP
5FT8qmV+iHRwRQRu6oaQ7xy8AgMzsGJtCLRkqxUi8kmm1kGGDyDr8Ikr9zL2MVH/
NXPlPbZRFDhWYN7Q3ylyXyzT/cIxCE/jhDJyze0vyJoxV0apPGzFbk7CQsZA5qSi
MfBYw8W0XzGAbIt47cWVzAHYBe34148gcHmqeJFxK9wvvRGdPP9GN1ZpDeZPDTiM
Swj1DLauy44gBmSKJDQCmUQohCWgfW5MHP92DbMXZ4fIDzmj1vZ1iId5KBMuzQym
wz0AQGuu5IcDMlE+OG3J5u1BK1nkzAlkW0Oo4Ux6TJoSJVR49fTW
-----END CERTIFICATE-----