Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/oxFojUhDbgbvQWJLE662AtGMYd8.roa
File:                     oxFojUhDbgbvQWJLE662AtGMYd8.roa (raw, json)
Hash identifier:          D4p1qN18Lpr9kDtEzYCALPnApaaR+jAbpSvJT1J28Nk=
Subject key identifier:   A3:11:68:8D:48:43:6E:06:EF:41:62:4B:13:AE:B6:02:D1:8C:61:DF
Certificate issuer:       /CN=4456c14cd8724f9a909627b94e006cf69d12307b
Certificate serial:       0194228DC6E0E1D872717A6E9B37481AB5C5
Authority key identifier: 44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/oxFojUhDbgbvQWJLE662AtGMYd8.roa
Signing time:             Wed 01 Jan 2025 15:48:24 +0000
ROA not before:           Wed 01 Jan 2025 15:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26383
IP address blocks:        185.36.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 02:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c6:e0:e1:d8:72:71:7a:6e:9b:37:48:1a:b5:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4456c14cd8724f9a909627b94e006cf69d12307b
        Validity
            Not Before: Jan  1 15:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a311688d48436e06ef41624b13aeb602d18c61df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:f6:5e:cb:83:98:6b:06:6e:ed:a2:7d:04:6b:
                    f1:2e:34:4e:58:68:1c:40:df:dc:18:ef:b8:20:ea:
                    af:32:87:ef:c3:13:38:05:df:d2:19:d6:e1:5a:92:
                    83:ea:2d:7a:f2:bf:ed:b4:51:b1:e1:74:a1:b1:28:
                    94:b9:64:d5:a3:55:e5:f6:b3:50:3d:16:90:b4:9b:
                    b3:52:6a:74:67:66:1a:92:77:0f:b3:f3:36:a2:d9:
                    66:cf:77:57:8b:88:c1:0d:ac:6b:47:5d:3a:2e:45:
                    38:b8:61:20:4f:c9:59:82:8c:7d:9d:5d:fa:4f:7e:
                    ad:70:76:64:07:c4:b3:ed:9d:b6:8d:f4:50:4c:89:
                    f4:6d:5e:29:18:fe:ba:29:a2:ed:ed:7a:99:0e:98:
                    67:2a:1e:4b:50:e2:62:45:ee:3c:88:29:4c:ae:ea:
                    90:41:fa:53:31:e3:58:8f:71:16:c1:40:2f:ec:f6:
                    95:2a:e1:e0:ea:5a:6a:78:61:d9:c0:de:c5:4b:fb:
                    de:f1:59:cc:fa:3b:be:04:e3:c6:f5:d0:28:a3:d2:
                    9b:b6:8e:f2:d0:cf:9d:cc:eb:3a:d5:32:b5:6a:93:
                    6f:fb:86:ef:88:e4:33:3b:27:6b:b1:09:7b:51:0b:
                    aa:0b:7f:6c:94:9e:c2:38:e8:6c:fc:a2:a2:5b:aa:
                    62:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:11:68:8D:48:43:6E:06:EF:41:62:4B:13:AE:B6:02:D1:8C:61:DF
            X509v3 Authority Key Identifier:
                keyid:44:56:C1:4C:D8:72:4F:9A:90:96:27:B9:4E:00:6C:F6:9D:12:30:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFbBTNhyT5qQlie5TgBs9p0SMHs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/oxFojUhDbgbvQWJLE662AtGMYd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/5ecfc2-da70-4333-8f96-5b87825c07ee/1/RFbBTNhyT5qQlie5TgBs9p0SMHs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:84:23:b3:6e:fa:0e:76:b2:12:07:cb:26:06:de:97:9c:a6:
         b3:20:5b:79:0b:83:96:8f:41:97:d6:c4:9a:59:e6:1f:9b:70:
         32:b9:c2:6e:78:b5:04:00:3a:15:0b:30:d8:0e:9f:0a:91:13:
         cf:16:ee:cb:9e:35:14:c1:f0:1b:da:6d:76:6e:71:c2:c7:f0:
         94:37:d7:82:8a:34:4b:93:96:68:e1:4b:ea:b4:04:84:ab:4e:
         7a:2c:86:56:c7:58:7e:fa:c0:a9:4a:d3:ea:18:77:61:6f:09:
         5e:9e:53:f1:8e:03:a7:e5:ef:3a:9c:43:cd:c0:6f:34:46:98:
         6e:61:0d:63:e9:a8:61:98:31:71:92:c5:a5:3f:64:6a:54:3c:
         40:12:ba:8e:13:7c:8a:0d:7e:83:16:00:4d:fd:14:34:35:a8:
         01:87:f2:9a:78:69:db:6c:58:2a:1a:50:5b:f5:7c:1c:11:d6:
         44:b3:a5:a7:95:29:65:41:47:e9:75:71:da:82:f7:19:9b:0c:
         83:84:b6:e3:7e:2e:3f:2a:56:68:05:14:4c:8c:e1:77:06:6c:
         b7:64:ee:eb:fd:44:b3:92:19:08:86:32:72:c4:1e:11:12:fc:
         e4:e6:86:4a:17:f6:76:91:d3:eb:76:1d:ce:9a:18:3f:0b:92:
         ab:d0:83:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijcbg4dhycXpumzdIGrXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTZjMTRjZDg3MjRmOWE5MDk2MjdiOTRlMDA2Y2Y2OWQx
MjMwN2IwHhcNMjUwMTAxMTU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzExNjg4ZDQ4NDM2ZTA2ZWY0MTYyNGIxM2FlYjYwMmQxOGM2MWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvvZey4OYawZu7aJ9BGvxLjROWGgc
QN/cGO+4IOqvMofvwxM4Bd/SGdbhWpKD6i168r/ttFGx4XShsSiUuWTVo1Xl9rNQ
PRaQtJuzUmp0Z2YakncPs/M2otlmz3dXi4jBDaxrR106LkU4uGEgT8lZgox9nV36
T36tcHZkB8Sz7Z22jfRQTIn0bV4pGP66KaLt7XqZDphnKh5LUOJiRe48iClMruqQ
QfpTMeNYj3EWwUAv7PaVKuHg6lpqeGHZwN7FS/ve8VnM+ju+BOPG9dAoo9Kbto7y
0M+dzOs61TK1apNv+4bviOQzOydrsQl7UQuqC39slJ7COOhs/KKiW6pivwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMRaI1IQ24G70FiSxOutgLRjGHfMB8GA1UdIwQY
MBaAFERWwUzYck+akJYnuU4AbPadEjB7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYt
NWI4NzgyNWMwN2VlLzEvb3hGb2pVaERiZ2J2UVdKTEU2NjJBdEdNWWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS81ZWNmYzItZGE3MC00MzMzLThmOTYtNWI4NzgyNWMwN2Vl
LzEvUkZiQlROaHlUNXFRbGllNVRnQnM5cDBTTUhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSR9MA0G
CSqGSIb3DQEBCwUAA4IBAQCchCOzbvoOdrISB8smBt6XnKazIFt5C4OWj0GX1sSa
WeYfm3AyucJueLUEADoVCzDYDp8KkRPPFu7LnjUUwfAb2m12bnHCx/CUN9eCijRL
k5Zo4UvqtASEq056LIZWx1h++sCpStPqGHdhbwlenlPxjgOn5e86nEPNwG80Rphu
YQ1j6ahhmDFxksWlP2RqVDxAErqOE3yKDX6DFgBN/RQ0NagBh/KaeGnbbFgqGlBb
9XwcEdZEs6WnlSllQUfpdXHagvcZmwyDhLbjfi4/KlZoBRRMjOF3Bmy3ZO7r/USz
khkIhjJyxB4REvzk5oZKF/Z2kdPrdh3Omhg/C5Kr0IPC
-----END CERTIFICATE-----