Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/9a_OLlXZeLbXmkr5ffkIHE4daLI.roa
File:                     9a_OLlXZeLbXmkr5ffkIHE4daLI.roa (raw, json)
Hash identifier:          rQ56Cvmxx8PUYiBYD/tBgHUgrRvLFS8E886K39SJfmI=
Subject key identifier:   F5:AF:CE:2E:55:D9:78:B6:D7:9A:4A:F9:7D:F9:08:1C:4E:1D:68:B2
Certificate issuer:       /CN=42ce759320195b9cc18ccfcb1b532aea949258f1
Certificate serial:       018CCA99EC3CADDF3F8541F795A268B90465
Authority key identifier: 42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/9a_OLlXZeLbXmkr5ffkIHE4daLI.roa
Signing time:             Tue 02 Jan 2024 14:35:34 +0000
ROA not before:           Tue 02 Jan 2024 14:35:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136796
IP address blocks:        194.61.236.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 10:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:ec:3c:ad:df:3f:85:41:f7:95:a2:68:b9:04:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42ce759320195b9cc18ccfcb1b532aea949258f1
        Validity
            Not Before: Jan  2 14:35:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f5afce2e55d978b6d79a4af97df9081c4e1d68b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a1:08:5c:e6:15:d4:f6:70:23:6f:45:a2:ce:
                    12:57:b0:2e:cc:c5:da:db:70:29:71:d8:fb:06:a6:
                    8c:90:5c:5b:79:27:ff:56:d6:e1:72:dd:b8:09:97:
                    0c:cb:cd:0e:c3:1d:27:1f:8c:8a:04:ca:3e:4f:93:
                    d1:d7:74:66:34:2d:6f:9d:ce:d4:b8:e0:4c:bd:11:
                    5b:8a:51:7f:e6:0d:40:f1:31:e1:0e:d6:33:f8:1c:
                    fd:c4:9f:af:57:44:8b:c8:45:57:fa:c0:0a:17:ba:
                    f4:ca:3d:08:94:c6:f4:d1:29:52:3e:20:6c:ed:9e:
                    a5:6b:d1:83:73:b7:8d:a0:f7:20:f4:9f:ba:e9:a6:
                    76:88:8b:2c:41:8b:e3:58:9f:86:80:97:50:b5:45:
                    8c:f1:41:72:b1:71:ff:6c:1b:1d:cc:0d:40:4a:02:
                    0d:21:a9:41:3f:17:9a:c7:52:5e:fe:d9:ea:9c:92:
                    b6:e2:ec:a6:dc:bc:f1:c5:2f:c6:40:a8:ea:17:a0:
                    44:53:af:7d:95:2b:33:7f:93:29:54:e2:d7:5b:7a:
                    1e:04:79:c8:2d:84:85:1c:d9:47:20:29:ae:e1:aa:
                    db:f8:53:26:a9:d1:a2:80:ba:81:09:e7:83:94:8b:
                    72:af:ee:bc:8b:2c:fd:3d:ba:ac:43:a5:b6:e3:c5:
                    e5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:AF:CE:2E:55:D9:78:B6:D7:9A:4A:F9:7D:F9:08:1C:4E:1D:68:B2
            X509v3 Authority Key Identifier:
                keyid:42:CE:75:93:20:19:5B:9C:C1:8C:CF:CB:1B:53:2A:EA:94:92:58:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/9a_OLlXZeLbXmkr5ffkIHE4daLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/a52048-12ca-4a03-95be-697948ea71f5/1/Qs51kyAZW5zBjM_LG1Mq6pSSWPE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.61.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:f0:65:51:34:1f:7a:ed:5a:b0:f8:1f:1c:08:f9:92:d8:0e:
         1d:0d:db:36:36:4c:33:06:48:f7:f7:68:d0:d2:28:e4:44:f7:
         91:de:31:47:b5:c8:d3:49:23:0f:f5:33:fe:85:5a:9e:dd:fc:
         f3:81:45:c5:43:d1:6c:dd:1a:b8:a6:3f:80:51:51:11:27:ab:
         db:66:c7:96:9f:37:19:cf:42:d3:92:df:c3:9c:27:6c:fc:51:
         e3:40:bb:0a:44:be:60:61:80:c1:50:59:b2:d5:78:a2:ba:d5:
         36:d6:f1:73:a0:fe:64:33:88:4d:3f:5d:1b:a1:39:a5:33:8a:
         17:79:b8:ff:c9:37:95:4d:36:e1:b5:43:cc:cc:22:df:86:2d:
         9d:c2:5b:d3:5e:70:bc:f5:17:46:2a:f6:04:94:98:1a:a1:5b:
         42:c0:a3:51:38:91:f6:3f:c5:0d:3c:9e:89:03:7b:c6:46:5b:
         5e:5d:31:a1:3e:b2:ab:84:3b:0b:e9:7c:af:a4:f9:8f:ae:59:
         b4:31:d6:a3:9a:cf:9d:80:33:f1:cb:82:73:09:09:be:26:92:
         3e:a1:a7:4e:9e:d2:1f:ad:a6:61:f9:e6:ce:c5:33:7b:4e:ba:
         84:6b:2a:a2:98:b4:79:9f:3a:77:e9:40:cd:19:2e:ec:74:62:
         59:4d:4c:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmew8rd8/hUH3laJouQRlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2U3NTkzMjAxOTViOWNjMThjY2ZjYjFiNTMyYWVhOTQ5
MjU4ZjEwHhcNMjQwMTAyMTQzNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWFmY2UyZTU1ZDk3OGI2ZDc5YTRhZjk3ZGY5MDgxYzRlMWQ2OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaEIXOYV1PZwI29Fos4SV7AuzMXa
23Apcdj7BqaMkFxbeSf/Vtbhct24CZcMy80Owx0nH4yKBMo+T5PR13RmNC1vnc7U
uOBMvRFbilF/5g1A8THhDtYz+Bz9xJ+vV0SLyEVX+sAKF7r0yj0IlMb00SlSPiBs
7Z6la9GDc7eNoPcg9J+66aZ2iIssQYvjWJ+GgJdQtUWM8UFysXH/bBsdzA1ASgIN
IalBPxeax1Je/tnqnJK24uym3LzxxS/GQKjqF6BEU699lSszf5MpVOLXW3oeBHnI
LYSFHNlHICmu4arb+FMmqdGigLqBCeeDlItyr+68iyz9PbqsQ6W248Xl7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWvzi5V2Xi215pK+X35CBxOHWiyMB8GA1UdIwQY
MBaAFELOdZMgGVucwYzPyxtTKuqUkljxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUt
Njk3OTQ4ZWE3MWY1LzEvOWFfT0xsWFplTGJYbWtyNWZma0lIRTRkYUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9hNTIwNDgtMTJjYS00YTAzLTk1YmUtNjk3OTQ4ZWE3MWY1
LzEvUXM1MWt5QVpXNXpCak1fTEcxTXE2cFNTV1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwj3sMA0G
CSqGSIb3DQEBCwUAA4IBAQCC8GVRNB967Vqw+B8cCPmS2A4dDds2NkwzBkj392jQ
0ijkRPeR3jFHtcjTSSMP9TP+hVqe3fzzgUXFQ9Fs3Rq4pj+AUVERJ6vbZseWnzcZ
z0LTkt/DnCds/FHjQLsKRL5gYYDBUFmy1XiiutU21vFzoP5kM4hNP10boTmlM4oX
ebj/yTeVTTbhtUPMzCLfhi2dwlvTXnC89RdGKvYElJgaoVtCwKNROJH2P8UNPJ6J
A3vGRlteXTGhPrKrhDsL6XyvpPmPrlm0Mdajms+dgDPxy4JzCQm+JpI+oadOntIf
raZh+ebOxTN7TrqEayqimLR5nzp36UDNGS7sdGJZTUzV
-----END CERTIFICATE-----