Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/CXzhaginQm8wMXa5xQ8ZwG1naCM.roa
File:                     CXzhaginQm8wMXa5xQ8ZwG1naCM.roa (raw, json)
Hash identifier:          EjINqhMlozpu5mlXsSbKPvUq3AcuVqdUt/ohLh+uhN4=
Subject key identifier:   09:7C:E1:6A:08:A7:42:6F:30:31:76:B9:C5:0F:19:C0:6D:67:68:23
Certificate issuer:       /CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
Certificate serial:       018CC94D7BF62D2A25EE5D7E912C157DD2D7
Authority key identifier: 9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/CXzhaginQm8wMXa5xQ8ZwG1naCM.roa
Signing time:             Tue 02 Jan 2024 08:32:27 +0000
ROA not before:           Tue 02 Jan 2024 08:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39558
IP address blocks:        195.244.4.0/23 maxlen: 23
                          91.221.132.0/24 maxlen: 24
                          91.221.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7b:f6:2d:2a:25:ee:5d:7e:91:2c:15:7d:d2:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
        Validity
            Not Before: Jan  2 08:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=097ce16a08a7426f303176b9c50f19c06d676823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:18:05:41:75:61:b8:bc:2f:41:46:0b:7e:09:
                    14:fa:5b:8d:8b:21:1e:76:46:2c:3a:e3:ae:63:5e:
                    ab:25:bc:fc:7a:94:54:c4:97:b1:33:30:c9:25:de:
                    1b:8d:52:cf:55:1e:3b:43:cb:a2:f0:88:05:0a:9c:
                    f4:4a:ed:28:60:a1:a6:c6:0a:d8:9e:bb:73:de:8d:
                    16:b7:14:74:d2:12:b0:ee:79:08:3d:ec:8f:20:1b:
                    af:8d:d2:bf:54:8f:31:44:5c:d9:98:6b:41:b1:73:
                    1c:ce:15:5b:4a:0d:93:64:80:55:cf:ee:ad:c5:b6:
                    b8:d2:ed:a9:78:f4:d8:5a:65:66:af:54:59:b8:40:
                    d9:f2:73:89:63:1b:84:4c:b9:35:47:23:f5:28:24:
                    04:a8:65:ce:f7:01:f0:30:ce:fe:9e:86:0c:8f:cd:
                    a7:c3:85:42:44:0d:8c:fa:92:b1:03:00:87:ed:3c:
                    2e:b0:48:1c:85:14:5f:ff:49:b0:ef:f3:84:d1:7e:
                    0b:17:b5:89:e1:f2:15:03:81:b6:42:a3:34:f0:c7:
                    d0:fd:ef:1c:18:18:6d:e4:78:d1:b0:30:9e:eb:33:
                    47:19:23:71:84:fd:d7:5f:f0:99:d9:84:cb:65:c4:
                    73:19:18:b1:18:b9:83:f7:3f:03:7a:9d:f9:98:16:
                    4d:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:7C:E1:6A:08:A7:42:6F:30:31:76:B9:C5:0F:19:C0:6D:67:68:23
            X509v3 Authority Key Identifier:
                keyid:9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/CXzhaginQm8wMXa5xQ8ZwG1naCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.132.0/23
                  195.244.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:93:32:a9:87:ee:5c:56:72:cc:0d:1f:6e:64:6d:89:fb:fc:
         81:f4:1a:6f:c3:ec:6e:d0:b2:13:52:9c:20:27:42:3c:5c:35:
         c8:23:fe:68:82:f3:41:04:a3:3e:14:e5:70:1e:6b:03:ef:ab:
         56:3e:3f:9e:83:2c:06:8b:b2:0b:d1:4a:a7:9f:c8:29:95:a6:
         35:08:8b:b1:fe:24:c6:56:ad:01:8b:a8:a4:4e:3b:7f:4c:df:
         e4:95:5a:96:99:4e:3f:0c:45:45:e5:cf:71:3f:ff:4b:ef:93:
         22:e4:42:6e:a5:60:e3:c9:af:d0:d7:a3:c4:a6:62:9e:7f:44:
         19:e4:c1:7b:ca:fe:73:73:94:ce:30:23:d2:21:63:64:a7:7e:
         39:e4:50:b0:6a:26:0a:34:a6:33:c4:62:75:fb:f3:f0:ac:7d:
         0c:66:0e:c8:3b:7a:89:23:6a:53:5b:ae:fa:91:4b:e0:53:3f:
         48:15:13:85:63:53:14:7c:0e:6e:fd:d2:ce:64:d8:c0:fc:90:
         7f:16:f6:d3:e2:e4:ce:7b:e0:9b:1f:ef:93:cf:60:58:ab:6f:
         45:e2:d1:e1:f0:2f:16:d7:f0:96:ea:5d:15:ad:63:95:89:25:
         7e:9b:b0:b3:13:c6:19:6c:84:df:4e:0e:ba:33:8f:75:12:ef:
         53:ed:88:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTXv2LSol7l1+kSwVfdLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOGNkN2Q2YTQxMDU3NTBiZjg5NzVhN2QwYjk2Nzk0YzFl
ZmU2MjIwHhcNMjQwMTAyMDgzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTdjZTE2YTA4YTc0MjZmMzAzMTc2YjljNTBmMTljMDZkNjc2ODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghgFQXVhuLwvQUYLfgkU+luNiyEe
dkYsOuOuY16rJbz8epRUxJexMzDJJd4bjVLPVR47Q8ui8IgFCpz0Su0oYKGmxgrY
nrtz3o0WtxR00hKw7nkIPeyPIBuvjdK/VI8xRFzZmGtBsXMczhVbSg2TZIBVz+6t
xba40u2pePTYWmVmr1RZuEDZ8nOJYxuETLk1RyP1KCQEqGXO9wHwMM7+noYMj82n
w4VCRA2M+pKxAwCH7TwusEgchRRf/0mw7/OE0X4LF7WJ4fIVA4G2QqM08MfQ/e8c
GBht5HjRsDCe6zNHGSNxhP3XX/CZ2YTLZcRzGRixGLmD9z8Dep35mBZNPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAl84WoIp0JvMDF2ucUPGcBtZ2gjMB8GA1UdIwQY
MBaAFJ6M19akEFdQv4l1p9C5Z5TB7+YiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2Qt
OGMyZGY1YTVjNmQ3LzEvQ1h6aGFnaW5RbTh3TVhhNXhROFp3RzFuYUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2QtOGMyZGY1YTVjNmQ3
LzEvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW92EAwQB
w/QEMA0GCSqGSIb3DQEBCwUAA4IBAQACkzKph+5cVnLMDR9uZG2J+/yB9Bpvw+xu
0LITUpwgJ0I8XDXII/5ogvNBBKM+FOVwHmsD76tWPj+egywGi7IL0Uqnn8gplaY1
CIux/iTGVq0Bi6ikTjt/TN/klVqWmU4/DEVF5c9xP/9L75Mi5EJupWDjya/Q16PE
pmKef0QZ5MF7yv5zc5TOMCPSIWNkp3455FCwaiYKNKYzxGJ1+/PwrH0MZg7IO3qJ
I2pTW676kUvgUz9IFROFY1MUfA5u/dLOZNjA/JB/FvbT4uTOe+CbH++Tz2BYq29F
4tHh8C8W1/CW6l0VrWOViSV+m7CzE8YZbITfTg66M491Eu9T7YiM
-----END CERTIFICATE-----