Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/6rPBlspAliQsyBwRK5xlIM1S83g.roa
File:                     6rPBlspAliQsyBwRK5xlIM1S83g.roa (raw, json)
Hash identifier:          bUEQSQ1Nz0K20Ik0s9H7aTpKRuRypjg8WE1O+QHoENc=
Subject key identifier:   EA:B3:C1:96:CA:40:96:24:2C:C8:1C:11:2B:9C:65:20:CD:52:F3:78
Certificate issuer:       /CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
Certificate serial:       018CC8017E399BBD62F066C620958B804F90
Authority key identifier: 3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/6rPBlspAliQsyBwRK5xlIM1S83g.roa
Signing time:             Tue 02 Jan 2024 02:29:50 +0000
ROA not before:           Tue 02 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29384
IP address blocks:        86.36.49.0/24 maxlen: 24
                          86.36.48.0/24 maxlen: 24
                          86.36.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:7e:39:9b:bd:62:f0:66:c6:20:95:8b:80:4f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c4d3fb044eb1c0a11be0602aceef88e5f5d2ddf
        Validity
            Not Before: Jan  2 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eab3c196ca4096242cc81c112b9c6520cd52f378
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fa:e9:a4:01:ac:92:51:3a:66:bd:5b:21:32:
                    19:79:c9:ec:97:c4:77:c4:d1:10:3a:53:0a:fb:ff:
                    e9:02:c5:f4:26:d1:6c:82:ca:08:5a:da:68:95:e4:
                    e4:e3:3c:5e:80:38:c1:c6:73:e3:dd:2b:d4:8e:d1:
                    50:5f:05:d9:de:63:62:3b:04:82:26:98:1f:fb:f1:
                    b7:89:a4:27:7c:23:c0:6b:3e:42:ea:fb:d5:b7:d6:
                    a4:7c:a4:09:df:2e:7c:ff:17:b5:db:c3:04:46:fb:
                    27:cd:77:d8:77:10:47:6e:5d:dd:91:89:5c:c3:63:
                    c9:13:2c:5d:98:92:e7:11:9f:e3:12:46:8b:6f:92:
                    08:77:48:37:bb:cf:97:23:07:6e:3d:d9:c2:17:ff:
                    6f:9f:4b:60:b3:70:0f:07:10:fa:01:04:d0:24:f2:
                    ba:c0:49:96:cc:a4:93:b3:5a:b0:58:e5:e7:ec:4c:
                    85:05:c2:27:98:02:44:bd:b3:e2:1c:11:b2:85:0a:
                    91:bd:de:1f:9c:88:7f:74:6c:db:c2:32:27:00:23:
                    9a:63:37:80:75:11:bf:8c:c7:73:09:e3:41:29:ae:
                    d2:6a:8a:c6:2a:bc:68:6d:d5:b6:bf:f4:de:45:33:
                    fa:ff:6c:84:aa:33:f7:df:d7:79:53:cf:36:52:8b:
                    cc:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:B3:C1:96:CA:40:96:24:2C:C8:1C:11:2B:9C:65:20:CD:52:F3:78
            X509v3 Authority Key Identifier:
                keyid:3C:4D:3F:B0:44:EB:1C:0A:11:BE:06:02:AC:EE:F8:8E:5F:5D:2D:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE0_sETrHAoRvgYCrO74jl9dLd8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/6rPBlspAliQsyBwRK5xlIM1S83g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/76e07c-8a32-489d-91d1-b184e3f4b50e/1/PE0_sETrHAoRvgYCrO74jl9dLd8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.36.48.0/23
                  86.36.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:97:d8:3d:dc:a6:b4:97:bf:dc:a7:8a:83:b0:e4:85:67:56:
         e8:90:84:32:78:ec:be:4e:63:3e:ed:6c:f2:c3:ea:f7:94:86:
         b4:03:85:6d:52:86:7f:a0:5c:1e:e2:26:c7:24:01:72:c1:a7:
         ae:c1:4b:92:46:42:8a:21:06:15:22:dc:11:61:26:bc:6c:a9:
         b7:4f:51:29:5a:8e:c7:aa:4f:d7:ff:60:71:e8:70:e8:9d:32:
         1f:e0:53:af:f7:70:34:52:40:95:c5:62:17:0f:b0:53:41:56:
         a8:05:33:b0:68:e6:1e:da:0a:34:d3:22:c4:9a:a2:c7:61:d0:
         74:fa:02:14:79:7e:bf:d5:76:bb:1a:27:19:44:94:62:48:fb:
         11:3a:c7:22:7b:f5:87:95:27:5f:88:d4:4a:a7:63:fd:68:20:
         99:1d:06:c3:67:ba:f0:88:54:26:f5:e7:5f:c5:b1:f6:17:0b:
         3d:19:e1:62:b2:a2:24:50:19:48:54:ef:18:65:b2:36:8f:d3:
         7c:4f:ea:f4:22:07:e9:2d:0d:63:02:0c:ed:6a:0b:30:72:57:
         ee:a4:7c:51:c7:32:d0:d7:76:e8:ef:34:2a:b2:f9:72:17:d2:
         93:de:5f:15:0d:1d:ab:fa:c6:81:ce:71:44:56:3a:89:fa:c1:
         b6:00:0f:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIAX45m71i8GbGIJWLgE+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGQzZmIwNDRlYjFjMGExMWJlMDYwMmFjZWVmODhlNWY1
ZDJkZGYwHhcNMjQwMTAyMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWIzYzE5NmNhNDA5NjI0MmNjODFjMTEyYjljNjUyMGNkNTJmMzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvrppAGsklE6Zr1bITIZecnsl8R3
xNEQOlMK+//pAsX0JtFsgsoIWtpoleTk4zxegDjBxnPj3SvUjtFQXwXZ3mNiOwSC
Jpgf+/G3iaQnfCPAaz5C6vvVt9akfKQJ3y58/xe128MERvsnzXfYdxBHbl3dkYlc
w2PJEyxdmJLnEZ/jEkaLb5IId0g3u8+XIwduPdnCF/9vn0tgs3APBxD6AQTQJPK6
wEmWzKSTs1qwWOXn7EyFBcInmAJEvbPiHBGyhQqRvd4fnIh/dGzbwjInACOaYzeA
dRG/jMdzCeNBKa7SaorGKrxobdW2v/TeRTP6/2yEqjP339d5U882UovM1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOqzwZbKQJYkLMgcESucZSDNUvN4MB8GA1UdIwQY
MBaAFDxNP7BE6xwKEb4GAqzu+I5fXS3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEt
YjE4NGUzZjRiNTBlLzEvNnJQQmxzcEFsaVFzeUJ3Uks1eGxJTTFTODNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS83NmUwN2MtOGEzMi00ODlkLTkxZDEtYjE4NGUzZjRiNTBl
LzEvUEUwX3NFVHJIQW9SdmdZQ3JPNzRqbDlkTGQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBViQwAwQA
ViRoMA0GCSqGSIb3DQEBCwUAA4IBAQAxl9g93Ka0l7/cp4qDsOSFZ1bokIQyeOy+
TmM+7Wzyw+r3lIa0A4VtUoZ/oFwe4ibHJAFywaeuwUuSRkKKIQYVItwRYSa8bKm3
T1EpWo7Hqk/X/2Bx6HDonTIf4FOv93A0UkCVxWIXD7BTQVaoBTOwaOYe2go00yLE
mqLHYdB0+gIUeX6/1Xa7GicZRJRiSPsROscie/WHlSdfiNRKp2P9aCCZHQbDZ7rw
iFQm9edfxbH2Fws9GeFisqIkUBlIVO8YZbI2j9N8T+r0IgfpLQ1jAgztagswclfu
pHxRxzLQ13bo7zQqsvlyF9KT3l8VDR2r+saBznFEVjqJ+sG2AA9/
-----END CERTIFICATE-----