Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/X6X_P6yukrQPT4SMy-JLxECMeJ8.roa
File:                     X6X_P6yukrQPT4SMy-JLxECMeJ8.roa (raw, json)
Hash identifier:          edTaObTXQVF5bmMlJ2TBmh1E+uSzpaQPM3bD2AXXfnY=
Subject key identifier:   5F:A5:FF:3F:AC:AE:92:B4:0F:4F:84:8C:CB:E2:4B:C4:40:8C:78:9F
Certificate issuer:       /CN=4c988b93ab7a2999a3255eeae4e18ab23b2e0f3e
Certificate serial:       018CC94D9B1B327727AB1878E0C736D75337
Authority key identifier: 4C:98:8B:93:AB:7A:29:99:A3:25:5E:EA:E4:E1:8A:B2:3B:2E:0F:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJiLk6t6KZmjJV7q5OGKsjsuDz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/X6X_P6yukrQPT4SMy-JLxECMeJ8.roa
Signing time:             Tue 02 Jan 2024 08:32:35 +0000
ROA not before:           Tue 02 Jan 2024 08:32:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51731
IP address blocks:        46.36.32.0/19 maxlen: 19
                          2a02:25b0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/TJiLk6t6KZmjJV7q5OGKsjsuDz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/TJiLk6t6KZmjJV7q5OGKsjsuDz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TJiLk6t6KZmjJV7q5OGKsjsuDz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:9b:1b:32:77:27:ab:18:78:e0:c7:36:d7:53:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c988b93ab7a2999a3255eeae4e18ab23b2e0f3e
        Validity
            Not Before: Jan  2 08:32:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fa5ff3facae92b40f4f848ccbe24bc4408c789f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:92:b7:b7:c5:c4:cd:cd:fd:cf:3f:10:bb:d5:
                    2a:c0:85:8f:2e:7a:4a:c6:f2:64:79:c4:ea:f6:ae:
                    ae:c7:21:f6:55:54:87:13:02:8b:b3:20:7c:17:77:
                    e1:6c:d8:ba:32:bb:4b:21:73:74:4c:6e:60:97:65:
                    60:86:5b:79:30:75:bb:61:70:79:5f:c6:66:28:03:
                    2e:ec:ea:22:51:21:b4:9e:45:f3:3a:6b:92:c5:d2:
                    26:38:71:d0:c3:d4:a0:5a:52:5d:3b:48:4f:6b:15:
                    d0:30:1d:ee:4c:5a:66:e8:43:9f:71:d7:81:1b:a9:
                    f3:04:05:0c:13:f6:ca:01:d2:91:06:9a:ab:07:20:
                    21:58:0e:5e:ba:e9:10:2f:21:72:3d:38:2d:c6:0d:
                    1d:82:af:d2:0a:85:75:90:30:e4:bf:c4:3c:ef:af:
                    a8:c4:ee:e3:55:41:21:9f:c8:7a:39:2d:84:15:ef:
                    9a:e7:ce:2a:6f:be:2c:c2:28:7c:57:db:ed:42:1f:
                    c8:92:8f:db:1d:92:c5:9c:a4:e3:41:34:cc:29:ed:
                    53:9c:7f:38:71:b1:89:2c:34:0d:09:d7:e2:5d:b3:
                    0a:ac:db:d2:99:5c:6c:a4:b5:46:c9:ff:82:03:67:
                    18:c3:b9:eb:17:c9:1c:73:c5:b8:04:28:61:d1:1f:
                    80:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A5:FF:3F:AC:AE:92:B4:0F:4F:84:8C:CB:E2:4B:C4:40:8C:78:9F
            X509v3 Authority Key Identifier:
                keyid:4C:98:8B:93:AB:7A:29:99:A3:25:5E:EA:E4:E1:8A:B2:3B:2E:0F:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJiLk6t6KZmjJV7q5OGKsjsuDz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/X6X_P6yukrQPT4SMy-JLxECMeJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4c1f59-0c12-4153-a15c-715f9cd63086/1/TJiLk6t6KZmjJV7q5OGKsjsuDz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.32.0/19
                IPv6:
                  2a02:25b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c1:2a:70:24:61:8d:2b:4f:72:4f:62:a6:39:b0:5a:16:3f:f5:
         23:97:82:e7:3c:d2:5e:9e:69:2f:4b:db:a3:11:67:f5:39:c7:
         75:4d:fe:33:40:e9:79:21:6a:f0:9e:61:dc:c7:2f:94:78:57:
         cf:f3:47:63:3c:28:5f:21:48:a4:68:f9:40:28:86:0f:86:c0:
         b3:a6:91:78:41:0d:7c:3f:09:96:84:93:0e:1b:fa:db:2a:00:
         61:60:a5:9d:4d:63:db:ce:2e:fe:b0:4e:f3:03:ca:bf:44:08:
         8b:f3:77:cd:84:44:c0:85:4c:b9:29:68:a3:a7:07:b8:10:6c:
         92:e2:be:f7:a4:be:71:76:58:37:c1:b7:9a:bd:ca:d7:fe:08:
         b0:14:6b:ec:3e:c2:2f:95:a6:6f:0c:19:73:fe:ab:6f:9d:9a:
         d9:91:95:61:e6:ca:8a:b6:22:46:39:1b:0c:fc:c7:e0:c7:ca:
         03:07:fc:27:a5:b7:75:68:4b:4f:48:63:8c:3c:fc:f4:e9:ad:
         2d:e2:a9:da:2d:b5:52:40:94:9c:41:ec:41:74:1e:6a:e8:8b:
         b6:76:a1:16:11:d3:10:d4:74:37:99:e6:6c:4a:d8:41:2a:3a:
         fe:cc:68:78:c9:b0:6f:4b:93:01:29:55:f3:a3:27:fe:90:1a:
         c0:16:83:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTZsbMncnqxh44Mc211M3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOTg4YjkzYWI3YTI5OTlhMzI1NWVlYWU0ZTE4YWIyM2Iy
ZTBmM2UwHhcNMjQwMTAyMDgzMjM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmE1ZmYzZmFjYWU5MmI0MGY0Zjg0OGNjYmUyNGJjNDQwOGM3ODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZK3t8XEzc39zz8Qu9UqwIWPLnpK
xvJkecTq9q6uxyH2VVSHEwKLsyB8F3fhbNi6MrtLIXN0TG5gl2Vghlt5MHW7YXB5
X8ZmKAMu7OoiUSG0nkXzOmuSxdImOHHQw9SgWlJdO0hPaxXQMB3uTFpm6EOfcdeB
G6nzBAUME/bKAdKRBpqrByAhWA5euukQLyFyPTgtxg0dgq/SCoV1kDDkv8Q876+o
xO7jVUEhn8h6OS2EFe+a584qb74swih8V9vtQh/Iko/bHZLFnKTjQTTMKe1TnH84
cbGJLDQNCdfiXbMKrNvSmVxspLVGyf+CA2cYw7nrF8kcc8W4BChh0R+A4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFF+l/z+srpK0D0+EjMviS8RAjHifMB8GA1UdIwQY
MBaAFEyYi5OreimZoyVe6uThirI7Lg8+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEppTGs2dDZLWm1qSlY3cTVPR0tzanN1RHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80YzFmNTktMGMxMi00MTUzLWExNWMt
NzE1ZjljZDYzMDg2LzEvWDZYX1A2eXVrclFQVDRTTXktSkx4RUNNZUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80YzFmNTktMGMxMi00MTUzLWExNWMtNzE1ZjljZDYzMDg2
LzEvVEppTGs2dDZLWm1qSlY3cTVPR0tzanN1RHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFLiQgMA0E
AgACMAcDBQAqAiWwMA0GCSqGSIb3DQEBCwUAA4IBAQDBKnAkYY0rT3JPYqY5sFoW
P/Ujl4LnPNJenmkvS9ujEWf1Ocd1Tf4zQOl5IWrwnmHcxy+UeFfP80djPChfIUik
aPlAKIYPhsCzppF4QQ18PwmWhJMOG/rbKgBhYKWdTWPbzi7+sE7zA8q/RAiL83fN
hETAhUy5KWijpwe4EGyS4r73pL5xdlg3wbeavcrX/giwFGvsPsIvlaZvDBlz/qtv
nZrZkZVh5sqKtiJGORsM/Mfgx8oDB/wnpbd1aEtPSGOMPPz06a0t4qnaLbVSQJSc
QexBdB5q6Iu2dqEWEdMQ1HQ3meZsSthBKjr+zGh4ybBvS5MBKVXzoyf+kBrAFoPh
-----END CERTIFICATE-----