Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/145631-b63e-4809-b4ab-bcef9e322f2a/1/gRfnQqbCnmoBKIwrnHJ_3EP6-d0.roa
File:                     gRfnQqbCnmoBKIwrnHJ_3EP6-d0.roa (raw, json)
Hash identifier:          HFykB3N0ksTn92j8RzqmZEfy0vUQ/J22HQfWGM8+pQQ=
Subject key identifier:   81:17:E7:42:A6:C2:9E:6A:01:28:8C:2B:9C:72:7F:DC:43:FA:F9:DD
Certificate issuer:       /CN=ea4e028658912e69697c18553b9529f3d1ce405d
Certificate serial:       018CC795412EDAC498059EA2341229471996
Authority key identifier: EA:4E:02:86:58:91:2E:69:69:7C:18:55:3B:95:29:F3:D1:CE:40:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6k4ChliRLmlpfBhVO5Up89HOQF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/145631-b63e-4809-b4ab-bcef9e322f2a/1/gRfnQqbCnmoBKIwrnHJ_3EP6-d0.roa
Signing time:             Tue 02 Jan 2024 00:31:36 +0000
ROA not before:           Tue 02 Jan 2024 00:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        194.104.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/145631-b63e-4809-b4ab-bcef9e322f2a/1/6k4ChliRLmlpfBhVO5Up89HOQF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/145631-b63e-4809-b4ab-bcef9e322f2a/1/6k4ChliRLmlpfBhVO5Up89HOQF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6k4ChliRLmlpfBhVO5Up89HOQF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:41:2e:da:c4:98:05:9e:a2:34:12:29:47:19:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea4e028658912e69697c18553b9529f3d1ce405d
        Validity
            Not Before: Jan  2 00:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8117e742a6c29e6a01288c2b9c727fdc43faf9dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:14:fb:0a:66:8c:bb:a9:3b:66:77:61:c4:f4:
                    6d:90:05:fc:cd:76:81:93:aa:f5:d4:33:c0:5d:de:
                    f9:00:81:e4:4a:cc:4b:5a:ee:bc:80:cf:14:24:79:
                    33:50:21:e7:03:78:8c:11:46:b4:0a:f9:a4:3e:a8:
                    9a:52:22:f5:8e:73:9c:e4:b2:39:ae:d1:44:40:aa:
                    89:b3:61:01:62:f9:76:29:b2:ee:01:9b:59:08:ea:
                    db:d5:b0:36:16:59:0f:c1:9c:f6:cc:2f:ec:6e:00:
                    d7:b6:ef:e8:e4:ba:ad:6a:b0:64:2a:c7:47:4c:8f:
                    88:34:03:87:86:03:7a:f4:ad:ba:11:e9:bb:56:80:
                    14:5a:f5:31:ea:4b:45:1f:88:f2:96:92:07:2b:6f:
                    5d:6d:13:a4:aa:18:bd:2d:ef:65:5b:d0:b6:20:99:
                    c2:1d:6c:13:93:69:be:67:4e:af:79:68:f5:cf:35:
                    14:a0:ce:a9:02:91:90:18:fe:fc:ec:e8:68:c9:a5:
                    cc:50:99:11:6a:23:5f:32:7a:8a:b7:6e:a3:5c:b0:
                    f0:c8:06:a1:41:10:16:66:f7:82:02:48:e7:ba:96:
                    e7:2b:a1:58:39:1d:cf:7c:49:8d:bc:e5:3a:41:2b:
                    0b:3d:ce:54:27:04:f5:05:89:dd:11:1c:a3:12:59:
                    d1:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:17:E7:42:A6:C2:9E:6A:01:28:8C:2B:9C:72:7F:DC:43:FA:F9:DD
            X509v3 Authority Key Identifier:
                keyid:EA:4E:02:86:58:91:2E:69:69:7C:18:55:3B:95:29:F3:D1:CE:40:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6k4ChliRLmlpfBhVO5Up89HOQF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/145631-b63e-4809-b4ab-bcef9e322f2a/1/gRfnQqbCnmoBKIwrnHJ_3EP6-d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/145631-b63e-4809-b4ab-bcef9e322f2a/1/6k4ChliRLmlpfBhVO5Up89HOQF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:b9:d0:4e:4e:91:c2:58:a8:12:04:d4:05:d1:34:2e:ad:01:
         40:11:d9:43:79:33:9a:5c:86:73:f4:5e:3c:a7:5d:fc:aa:0c:
         a3:0a:76:89:2a:9d:d2:0d:55:0a:9e:bf:63:02:48:cb:06:0c:
         7e:15:ca:8e:f3:7e:94:d6:db:37:1e:e7:41:cf:63:f1:d8:f7:
         22:d2:19:9b:a1:a6:d0:02:fc:b7:e6:1f:5d:cd:ff:59:f8:bc:
         9d:76:aa:39:c1:f4:68:25:8f:73:61:9f:1f:de:e8:77:d1:08:
         19:33:2e:39:21:57:16:8e:12:42:fa:b3:a5:22:d0:88:5f:2c:
         4d:de:30:2b:62:fb:4d:24:76:10:ac:76:54:8a:f4:cc:14:28:
         a2:c5:3e:e3:db:33:97:e1:92:1e:52:e0:c4:2e:dc:55:db:1c:
         94:c8:6a:96:ef:10:cc:0b:92:c9:6b:d6:8f:aa:db:95:d0:30:
         67:25:e3:40:3a:0f:cd:f9:ff:e4:31:da:0c:ea:dc:d4:65:b3:
         cd:54:bc:44:7a:26:50:a3:a8:56:fd:d3:d2:f1:37:64:01:c2:
         34:8d:33:ae:bc:13:94:89:42:d1:46:9b:73:4b:10:c5:14:5f:
         22:70:50:99:a2:3c:23:22:e4:2b:0b:a3:2e:8d:f3:35:e6:d9:
         1d:58:5b:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlUEu2sSYBZ6iNBIpRxmWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhNGUwMjg2NTg5MTJlNjk2OTdjMTg1NTNiOTUyOWYzZDFj
ZTQwNWQwHhcNMjQwMTAyMDAzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTE3ZTc0MmE2YzI5ZTZhMDEyODhjMmI5YzcyN2ZkYzQzZmFmOWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RT7CmaMu6k7ZndhxPRtkAX8zXaB
k6r11DPAXd75AIHkSsxLWu68gM8UJHkzUCHnA3iMEUa0CvmkPqiaUiL1jnOc5LI5
rtFEQKqJs2EBYvl2KbLuAZtZCOrb1bA2FlkPwZz2zC/sbgDXtu/o5LqtarBkKsdH
TI+INAOHhgN69K26Eem7VoAUWvUx6ktFH4jylpIHK29dbROkqhi9Le9lW9C2IJnC
HWwTk2m+Z06veWj1zzUUoM6pApGQGP787OhoyaXMUJkRaiNfMnqKt26jXLDwyAah
QRAWZveCAkjnupbnK6FYOR3PfEmNvOU6QSsLPc5UJwT1BYndERyjElnRlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIEX50Kmwp5qASiMK5xyf9xD+vndMB8GA1UdIwQY
MBaAFOpOAoZYkS5paXwYVTuVKfPRzkBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNms0Q2hsaVJMbWxwZkJoVk81VXA4OUhPUUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8xNDU2MzEtYjYzZS00ODA5LWI0YWIt
YmNlZjllMzIyZjJhLzEvZ1JmblFxYkNubW9CS0l3cm5ISl8zRVA2LWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8xNDU2MzEtYjYzZS00ODA5LWI0YWItYmNlZjllMzIyZjJh
LzEvNms0Q2hsaVJMbWxwZkJoVk81VXA4OUhPUUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwmjsMA0G
CSqGSIb3DQEBCwUAA4IBAQBludBOTpHCWKgSBNQF0TQurQFAEdlDeTOaXIZz9F48
p138qgyjCnaJKp3SDVUKnr9jAkjLBgx+FcqO836U1ts3HudBz2Px2Pci0hmboabQ
Avy35h9dzf9Z+Lyddqo5wfRoJY9zYZ8f3uh30QgZMy45IVcWjhJC+rOlItCIXyxN
3jArYvtNJHYQrHZUivTMFCiixT7j2zOX4ZIeUuDELtxV2xyUyGqW7xDMC5LJa9aP
qtuV0DBnJeNAOg/N+f/kMdoM6tzUZbPNVLxEeiZQo6hW/dPS8TdkAcI0jTOuvBOU
iULRRptzSxDFFF8icFCZojwjIuQrC6MujfM15tkdWFvC
-----END CERTIFICATE-----