Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/65c2d9-80d4-459f-ae61-b5bd428f190c/1/N-O2tHBJaejyp6_2GdNk2WLNgsA.roa
File:                     N-O2tHBJaejyp6_2GdNk2WLNgsA.roa (raw, json)
Hash identifier:          fgshQXzM6ocxQi1uwK95ZU1PlhemC7H61Zb6fOFzeIc=
Subject key identifier:   37:E3:B6:B4:70:49:69:E8:F2:A7:AF:F6:19:D3:64:D9:62:CD:82:C0
Certificate issuer:       /CN=82f18b80339d8ae637f4a02f335bbec7c8c26bde
Certificate serial:       018CC492DB52366AF43C7CADBC7D005A9991
Authority key identifier: 82:F1:8B:80:33:9D:8A:E6:37:F4:A0:2F:33:5B:BE:C7:C8:C2:6B:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gvGLgDOdiuY39KAvM1u-x8jCa94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/65c2d9-80d4-459f-ae61-b5bd428f190c/1/N-O2tHBJaejyp6_2GdNk2WLNgsA.roa
Signing time:             Mon 01 Jan 2024 10:30:07 +0000
ROA not before:           Mon 01 Jan 2024 10:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50055
IP address blocks:        185.136.56.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/65c2d9-80d4-459f-ae61-b5bd428f190c/1/gvGLgDOdiuY39KAvM1u-x8jCa94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/65c2d9-80d4-459f-ae61-b5bd428f190c/1/gvGLgDOdiuY39KAvM1u-x8jCa94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gvGLgDOdiuY39KAvM1u-x8jCa94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:db:52:36:6a:f4:3c:7c:ad:bc:7d:00:5a:99:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82f18b80339d8ae637f4a02f335bbec7c8c26bde
        Validity
            Not Before: Jan  1 10:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37e3b6b4704969e8f2a7aff619d364d962cd82c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:57:3d:27:db:be:3e:70:ce:66:a9:bb:6d:50:
                    cb:fb:88:75:27:1a:34:40:06:8a:81:70:6e:3a:e5:
                    d6:52:07:e7:49:81:31:e6:6a:88:3d:0a:b9:a7:ab:
                    e8:dd:bd:54:46:4d:f8:ea:9e:5b:c9:e9:01:78:68:
                    4a:42:a7:c9:ed:1b:fa:01:81:bd:3e:65:1a:08:60:
                    b7:a1:dc:91:5d:de:cb:41:18:a3:f9:b2:fb:15:da:
                    e8:0d:29:6b:b4:de:5d:47:6a:9c:14:9a:c8:dd:10:
                    0c:c7:37:93:e1:6f:e1:f5:95:45:df:f2:58:69:27:
                    26:6a:2a:88:77:2f:0b:f1:b0:4e:aa:f6:25:19:dd:
                    a9:21:8b:22:11:87:34:9f:77:86:56:c0:ec:ce:7c:
                    7a:3f:8e:25:69:37:7f:0a:39:e1:c3:13:53:20:37:
                    24:45:5d:92:f8:82:95:ba:53:6a:d4:78:c7:57:3e:
                    5c:5c:88:60:a2:e9:d4:cf:45:a3:ce:4d:62:fb:15:
                    26:39:20:ba:cc:57:6d:2f:61:d5:76:54:16:e2:ba:
                    18:3e:17:01:3b:bb:f3:c5:5f:53:b0:f6:96:52:fe:
                    f3:22:37:02:88:66:b1:be:0d:16:ca:fb:f6:a2:e0:
                    b8:f3:26:db:d5:c1:77:1d:4c:55:1b:a4:49:6b:95:
                    64:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:E3:B6:B4:70:49:69:E8:F2:A7:AF:F6:19:D3:64:D9:62:CD:82:C0
            X509v3 Authority Key Identifier:
                keyid:82:F1:8B:80:33:9D:8A:E6:37:F4:A0:2F:33:5B:BE:C7:C8:C2:6B:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gvGLgDOdiuY39KAvM1u-x8jCa94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/65c2d9-80d4-459f-ae61-b5bd428f190c/1/N-O2tHBJaejyp6_2GdNk2WLNgsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/65c2d9-80d4-459f-ae61-b5bd428f190c/1/gvGLgDOdiuY39KAvM1u-x8jCa94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:a1:58:4b:e2:fc:48:1d:12:d9:af:62:47:51:4f:b3:74:83:
         7c:3a:4d:f8:7a:68:09:94:21:da:2c:9b:22:21:11:48:7c:eb:
         26:e5:76:82:40:67:15:89:bd:f2:c8:60:a7:3e:13:49:d8:ce:
         e3:bc:6c:0c:da:2e:b8:83:d0:c2:a8:60:b4:d0:0a:da:e5:57:
         9d:dd:a6:00:90:a5:5a:6c:0e:37:76:83:fb:68:2b:e0:3b:94:
         a3:56:88:e7:f6:93:7b:ef:c9:1c:cf:f0:0f:ef:6b:90:40:5a:
         d2:03:77:eb:b4:2a:2b:9f:cb:fb:4d:bc:c9:4d:26:eb:08:8b:
         c5:06:f2:bc:88:d7:8f:e6:3c:24:30:cc:bb:9f:4d:e2:f7:05:
         90:77:af:05:32:76:83:12:fa:40:cf:a6:da:d5:3b:9b:73:1e:
         9d:49:31:3e:60:0e:32:d0:d1:b7:ee:46:68:a9:df:bd:0a:64:
         44:86:9f:90:5f:30:6c:75:b8:6c:a5:05:c0:2b:c1:c3:58:3c:
         3e:c2:7a:dd:8e:8b:1e:3e:96:ea:f5:42:d0:ae:47:5a:65:41:
         1f:cc:16:08:29:76:cf:9b:ec:d4:63:9c:39:fd:2b:c7:e1:ae:
         03:c1:43:49:cd:8c:8f:e6:85:e9:ce:00:d1:f1:2b:35:e0:38:
         95:7f:70:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkttSNmr0PHytvH0AWpmRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyZjE4YjgwMzM5ZDhhZTYzN2Y0YTAyZjMzNWJiZWM3Yzhj
MjZiZGUwHhcNMjQwMTAxMTAzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2UzYjZiNDcwNDk2OWU4ZjJhN2FmZjYxOWQzNjRkOTYyY2Q4MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1c9J9u+PnDOZqm7bVDL+4h1Jxo0
QAaKgXBuOuXWUgfnSYEx5mqIPQq5p6vo3b1URk346p5byekBeGhKQqfJ7Rv6AYG9
PmUaCGC3odyRXd7LQRij+bL7FdroDSlrtN5dR2qcFJrI3RAMxzeT4W/h9ZVF3/JY
aScmaiqIdy8L8bBOqvYlGd2pIYsiEYc0n3eGVsDsznx6P44laTd/CjnhwxNTIDck
RV2S+IKVulNq1HjHVz5cXIhgounUz0Wjzk1i+xUmOSC6zFdtL2HVdlQW4roYPhcB
O7vzxV9TsPaWUv7zIjcCiGaxvg0Wyvv2ouC48ybb1cF3HUxVG6RJa5VkdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfjtrRwSWno8qev9hnTZNlizYLAMB8GA1UdIwQY
MBaAFILxi4AznYrmN/SgLzNbvsfIwmveMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3ZHTGdET2RpdVkzOUtBdk0xdS14OGpDYTk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS82NWMyZDktODBkNC00NTlmLWFlNjEt
YjViZDQyOGYxOTBjLzEvTi1PMnRIQkphZWp5cDZfMkdkTmsyV0xOZ3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS82NWMyZDktODBkNC00NTlmLWFlNjEtYjViZDQyOGYxOTBj
LzEvZ3ZHTGdET2RpdVkzOUtBdk0xdS14OGpDYTk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYg4MA0G
CSqGSIb3DQEBCwUAA4IBAQBNoVhL4vxIHRLZr2JHUU+zdIN8Ok34emgJlCHaLJsi
IRFIfOsm5XaCQGcVib3yyGCnPhNJ2M7jvGwM2i64g9DCqGC00Ara5Ved3aYAkKVa
bA43doP7aCvgO5SjVojn9pN778kcz/AP72uQQFrSA3frtCorn8v7TbzJTSbrCIvF
BvK8iNeP5jwkMMy7n03i9wWQd68FMnaDEvpAz6ba1Tubcx6dSTE+YA4y0NG37kZo
qd+9CmREhp+QXzBsdbhspQXAK8HDWDw+wnrdjosePpbq9ULQrkdaZUEfzBYIKXbP
m+zUY5w5/SvH4a4DwUNJzYyP5oXpzgDR8Ss14DiVf3Bf
-----END CERTIFICATE-----