Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/PNyxGWohBSipMYen7m3oP42uDZ8.roa
File:                     PNyxGWohBSipMYen7m3oP42uDZ8.roa (raw, json)
Hash identifier:          GdCvagHM0bwmnTaACX39Gz2T8bOc/CtqdaptnWTq/T8=
Subject key identifier:   3C:DC:B1:19:6A:21:05:28:A9:31:87:A7:EE:6D:E8:3F:8D:AE:0D:9F
Certificate issuer:       /CN=52b9b9e256580c4344bb241445b4d52e54fdd50b
Certificate serial:       018CC5DBEA4327A01B62CAC77F25F11A7AB6
Authority key identifier: 52:B9:B9:E2:56:58:0C:43:44:BB:24:14:45:B4:D5:2E:54:FD:D5:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/PNyxGWohBSipMYen7m3oP42uDZ8.roa
Signing time:             Mon 01 Jan 2024 16:29:32 +0000
ROA not before:           Mon 01 Jan 2024 16:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35050
IP address blocks:        85.223.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ea:43:27:a0:1b:62:ca:c7:7f:25:f1:1a:7a:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52b9b9e256580c4344bb241445b4d52e54fdd50b
        Validity
            Not Before: Jan  1 16:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cdcb1196a210528a93187a7ee6de83f8dae0d9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:f9:e3:ca:cf:89:f0:1a:49:dd:76:6b:e8:dc:
                    b9:89:25:aa:99:4a:96:01:20:43:89:37:26:c8:37:
                    0a:84:c9:57:94:14:b6:b8:df:4d:7d:09:a2:ea:dc:
                    2f:5b:30:d1:16:a9:33:d0:e1:9a:ab:f7:d5:39:ca:
                    60:3d:ec:e0:8c:0b:4f:9b:3b:1c:85:dd:8e:9d:19:
                    4a:76:c3:50:66:ef:1c:f6:9d:d2:cc:7f:fa:9b:0a:
                    ef:ea:22:7d:8c:d8:66:7c:87:48:76:f6:ca:65:ce:
                    d1:5e:58:cc:4d:a3:76:76:42:a7:d8:16:54:f6:a4:
                    1a:2f:1a:69:9c:df:85:4d:4a:0b:ca:34:f7:ca:36:
                    36:d9:69:8d:a6:2e:69:51:72:1a:d9:43:b7:25:8d:
                    63:5e:0d:3b:56:9d:ab:fd:38:5e:4d:62:75:50:5f:
                    f4:1b:1d:5d:a1:4b:a4:6f:f3:97:d1:5f:bb:3c:42:
                    dd:a6:c4:ed:91:72:b6:fe:0d:8f:f0:2b:75:e2:98:
                    a5:bd:54:ca:2c:4f:fd:5e:79:e4:95:d8:56:25:11:
                    1e:bf:39:1b:48:24:53:4a:7b:98:d7:f8:ca:e3:a0:
                    af:ea:e0:9a:19:dd:43:64:ab:a9:0f:8c:ba:71:f7:
                    3a:b2:06:83:2c:2c:ed:ee:ea:1f:e5:4d:f0:c0:a8:
                    21:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:DC:B1:19:6A:21:05:28:A9:31:87:A7:EE:6D:E8:3F:8D:AE:0D:9F
            X509v3 Authority Key Identifier:
                keyid:52:B9:B9:E2:56:58:0C:43:44:BB:24:14:45:B4:D5:2E:54:FD:D5:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Urm54lZYDENEuyQURbTVLlT91Qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/PNyxGWohBSipMYen7m3oP42uDZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/eaf81d-a9df-4a6a-b610-de05c54045bb/1/Urm54lZYDENEuyQURbTVLlT91Qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.223.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:c0:e8:60:53:60:86:28:a2:31:48:3f:b2:a4:23:17:06:cd:
         2e:d4:8f:10:93:de:d8:17:7c:9d:22:c5:e8:7d:77:2c:e9:1e:
         da:38:35:5c:b3:48:15:51:a9:e8:bc:8a:fe:60:5d:8b:2b:47:
         3c:a0:fd:0c:a3:7c:b8:c1:03:04:00:35:35:37:21:ba:a7:c9:
         3a:29:50:72:72:4b:4a:f7:1c:40:6a:11:0f:86:8e:d1:4a:15:
         38:9e:3a:35:89:37:e3:dd:e5:46:b1:35:de:2d:25:10:bd:40:
         38:36:68:50:60:2c:ee:1d:1a:3c:ce:e1:3d:d2:6b:42:59:0f:
         a8:94:f0:84:46:7c:f3:1c:bf:3b:54:60:be:ae:f2:75:2e:1a:
         93:9e:22:95:b4:fc:08:b4:42:dc:a0:65:76:d9:e6:2a:fd:68:
         19:31:01:96:93:fd:de:6a:8a:dd:9b:10:e9:88:79:4b:e6:ce:
         b9:93:42:de:99:35:40:0a:49:71:10:e9:44:a6:f1:34:26:d8:
         bf:26:1b:c3:e6:ca:34:24:ed:9a:64:5d:aa:eb:26:66:48:13:
         fd:e2:e9:df:2e:b2:f2:fd:e7:54:47:43:a2:a4:88:0b:05:8f:
         67:a9:e0:b6:7e:e0:ce:c6:37:2e:1d:a2:3e:e4:48:2a:db:36:
         2c:78:d4:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+pDJ6AbYsrHfyXxGnq2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYjliOWUyNTY1ODBjNDM0NGJiMjQxNDQ1YjRkNTJlNTRm
ZGQ1MGIwHhcNMjQwMTAxMTYyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2RjYjExOTZhMjEwNTI4YTkzMTg3YTdlZTZkZTgzZjhkYWUwZDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/njys+J8BpJ3XZr6Ny5iSWqmUqW
ASBDiTcmyDcKhMlXlBS2uN9NfQmi6twvWzDRFqkz0OGaq/fVOcpgPezgjAtPmzsc
hd2OnRlKdsNQZu8c9p3SzH/6mwrv6iJ9jNhmfIdIdvbKZc7RXljMTaN2dkKn2BZU
9qQaLxppnN+FTUoLyjT3yjY22WmNpi5pUXIa2UO3JY1jXg07Vp2r/TheTWJ1UF/0
Gx1doUukb/OX0V+7PELdpsTtkXK2/g2P8Ct14pilvVTKLE/9XnnkldhWJREevzkb
SCRTSnuY1/jK46Cv6uCaGd1DZKupD4y6cfc6sgaDLCzt7uof5U3wwKgh/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzcsRlqIQUoqTGHp+5t6D+Nrg2fMB8GA1UdIwQY
MBaAFFK5ueJWWAxDRLskFEW01S5U/dULMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXJtNTRsWllERU5FdXlRVVJiVFZMbFQ5MVFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lYWY4MWQtYTlkZi00YTZhLWI2MTAt
ZGUwNWM1NDA0NWJiLzEvUE55eEdXb2hCU2lwTVllbjdtM29QNDJ1RFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lYWY4MWQtYTlkZi00YTZhLWI2MTAtZGUwNWM1NDA0NWJi
LzEvVXJtNTRsWllERU5FdXlRVVJiVFZMbFQ5MVFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVd+IMA0G
CSqGSIb3DQEBCwUAA4IBAQBowOhgU2CGKKIxSD+ypCMXBs0u1I8Qk97YF3ydIsXo
fXcs6R7aODVcs0gVUanovIr+YF2LK0c8oP0Mo3y4wQMEADU1NyG6p8k6KVBycktK
9xxAahEPho7RShU4njo1iTfj3eVGsTXeLSUQvUA4NmhQYCzuHRo8zuE90mtCWQ+o
lPCERnzzHL87VGC+rvJ1LhqTniKVtPwItELcoGV22eYq/WgZMQGWk/3eaordmxDp
iHlL5s65k0LemTVACklxEOlEpvE0Jti/JhvD5so0JO2aZF2q6yZmSBP94unfLrLy
/edUR0OipIgLBY9nqeC2fuDOxjcuHaI+5Egq2zYseNTz
-----END CERTIFICATE-----