Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/cXKXhy0DJRJf4Ss_vEcx5NmEjBs.roa
File:                     cXKXhy0DJRJf4Ss_vEcx5NmEjBs.roa (raw, json)
Hash identifier:          8vd64RKt80YUUsXi7DT4XtFP9FdC2+SbNMh/ilOm1NQ=
Subject key identifier:   71:72:97:87:2D:03:25:12:5F:E1:2B:3F:BC:47:31:E4:D9:84:8C:1B
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       018EF5F25FE8BEC2E07A6C4682D8BF2A9DD0
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/cXKXhy0DJRJf4Ss_vEcx5NmEjBs.roa
Signing time:             Fri 19 Apr 2024 10:41:25 +0000
ROA not before:           Fri 19 Apr 2024 10:41:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212042
IP address blocks:        185.36.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 23:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f5:f2:5f:e8:be:c2:e0:7a:6c:46:82:d8:bf:2a:9d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Apr 19 10:41:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=717297872d0325125fe12b3fbc4731e4d9848c1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:89:e7:31:3c:39:f7:84:31:5b:8e:be:7b:4c:
                    85:77:59:41:c1:cb:1b:fc:ce:cb:c0:81:e8:b8:54:
                    fa:28:e9:95:16:76:9f:94:ae:0d:44:13:93:29:bf:
                    48:e8:5f:3e:4b:bd:5c:fe:23:31:5f:44:ac:eb:5c:
                    b8:c8:a7:7a:b6:58:9d:dc:8d:62:6c:a2:c1:69:86:
                    b0:d5:e1:7e:e6:73:ca:60:8d:3f:f6:e0:5a:dd:2a:
                    07:be:7d:c8:6c:f6:ef:9e:66:11:12:f0:9d:9b:56:
                    36:dd:f7:48:cd:02:c9:6f:cd:ea:76:87:9a:03:eb:
                    29:be:cc:73:a0:42:3a:0c:12:d2:96:49:4f:0c:cf:
                    38:b4:7a:3c:1c:d7:1f:3c:91:72:00:56:f7:57:c3:
                    a8:a0:9a:d8:6f:ef:42:b3:84:5e:bd:1a:95:93:cf:
                    7d:97:b7:ad:2d:ef:29:f5:72:70:85:1c:87:71:ef:
                    b9:35:77:b6:23:5f:4b:3e:90:5b:91:d7:0b:32:3c:
                    3e:6f:f9:55:9b:35:df:88:d7:87:7c:23:db:5a:57:
                    88:b3:8b:83:ee:d2:24:f6:3a:0d:30:7a:ea:7d:0c:
                    d8:72:3e:96:4b:76:e0:23:4a:5c:b5:9c:85:a1:0e:
                    95:fc:a6:c4:de:d5:af:55:cf:f7:f2:f6:73:78:6e:
                    e6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:72:97:87:2D:03:25:12:5F:E1:2B:3F:BC:47:31:E4:D9:84:8C:1B
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/cXKXhy0DJRJf4Ss_vEcx5NmEjBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:b2:19:e8:53:86:99:54:3e:5d:a1:d4:19:2c:95:05:91:b5:
         8e:c3:03:f6:8e:20:b9:9f:eb:7e:89:a9:b6:25:62:b4:6d:2c:
         20:c9:55:4f:47:4d:57:46:27:0f:b9:04:35:c0:99:d4:be:75:
         63:bb:e8:d5:d6:e5:c1:65:63:18:92:e6:6c:30:60:81:e1:96:
         12:66:4b:a6:59:66:1d:26:4e:bb:33:06:ac:98:25:42:34:32:
         25:40:dd:0d:d3:5e:56:78:7a:6f:f2:e1:08:42:16:d4:98:80:
         d4:df:19:d5:b7:71:22:18:60:d6:48:67:fe:0f:f2:49:54:d7:
         6b:a5:b2:bd:19:93:3a:ce:85:c8:77:b4:cd:a7:a0:14:46:88:
         2a:f0:d0:cd:8c:3b:6e:e3:56:94:88:70:a2:74:66:a5:62:8a:
         dc:ff:cc:df:93:36:5c:e4:71:58:e6:cc:7b:bf:30:c3:6d:ac:
         dc:0c:ad:84:e4:f7:be:b7:e9:93:0d:cf:c6:8a:6e:6a:b6:c9:
         a7:bd:1a:12:ab:76:90:7e:21:5d:74:ff:f7:1f:c4:b3:e6:b3:
         c4:06:87:4e:f3:1d:ee:4c:65:38:47:86:d2:1a:82:76:80:1d:
         85:c9:b3:4c:ea:93:03:1d:9c:ed:03:dc:a8:91:35:68:c7:12:
         41:31:c6:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY718l/ovsLgemxGgti/Kp3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjQwNDE5MTA0MTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTcyOTc4NzJkMDMyNTEyNWZlMTJiM2ZiYzQ3MzFlNGQ5ODQ4YzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnonnMTw594QxW46+e0yFd1lBwcsb
/M7LwIHouFT6KOmVFnaflK4NRBOTKb9I6F8+S71c/iMxX0Ss61y4yKd6tlid3I1i
bKLBaYaw1eF+5nPKYI0/9uBa3SoHvn3IbPbvnmYREvCdm1Y23fdIzQLJb83qdoea
A+spvsxzoEI6DBLSlklPDM84tHo8HNcfPJFyAFb3V8OooJrYb+9Cs4RevRqVk899
l7etLe8p9XJwhRyHce+5NXe2I19LPpBbkdcLMjw+b/lVmzXfiNeHfCPbWleIs4uD
7tIk9joNMHrqfQzYcj6WS3bgI0pctZyFoQ6V/KbE3tWvVc/38vZzeG7mEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFyl4ctAyUSX+ErP7xHMeTZhIwbMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvY1hLWGh5MERKUkpmNFNzX3ZFY3g1Tm1FakJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR8MA0G
CSqGSIb3DQEBCwUAA4IBAQAAshnoU4aZVD5dodQZLJUFkbWOwwP2jiC5n+t+iam2
JWK0bSwgyVVPR01XRicPuQQ1wJnUvnVju+jV1uXBZWMYkuZsMGCB4ZYSZkumWWYd
Jk67MwasmCVCNDIlQN0N015WeHpv8uEIQhbUmIDU3xnVt3EiGGDWSGf+D/JJVNdr
pbK9GZM6zoXId7TNp6AURogq8NDNjDtu41aUiHCidGalYorc/8zfkzZc5HFY5sx7
vzDDbazcDK2E5Pe+t+mTDc/Gim5qtsmnvRoSq3aQfiFddP/3H8Sz5rPEBodO8x3u
TGU4R4bSGoJ2gB2FybNM6pMDHZztA9yokTVoxxJBMcaa
-----END CERTIFICATE-----