Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/trBMgjBHsYwT_RPjw7hDAapsqwA.roa
File:                     trBMgjBHsYwT_RPjw7hDAapsqwA.roa (raw, json)
Hash identifier:          OL1wg7qcImLmuEXJ06nxA+KbF799qTPQd+dGG1AgT3c=
Subject key identifier:   B6:B0:4C:82:30:47:B1:8C:13:FD:13:E3:C3:B8:43:01:AA:6C:AB:00
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018DF535029C86F15FF74E946CF0809E39BD
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/trBMgjBHsYwT_RPjw7hDAapsqwA.roa
Signing time:             Thu 29 Feb 2024 14:11:48 +0000
ROA not before:           Thu 29 Feb 2024 14:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     40676
IP address blocks:        87.236.167.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f5:35:02:9c:86:f1:5f:f7:4e:94:6c:f0:80:9e:39:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb 29 14:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6b04c823047b18c13fd13e3c3b84301aa6cab00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b2:e5:e9:c7:24:8f:24:3e:8a:ef:39:bf:9a:
                    d3:f8:5d:5b:4c:27:80:b9:16:71:e3:c8:33:2c:61:
                    9b:fc:e3:f3:e7:01:24:16:45:a6:a4:f9:4b:db:5a:
                    1f:43:43:6c:3b:86:58:a9:1b:41:3e:79:48:22:1d:
                    44:7a:ee:6c:15:c9:f9:72:8f:44:4e:5a:52:b2:b7:
                    61:e0:e7:7a:bb:27:f2:7d:9e:59:4d:ac:bb:20:92:
                    b6:97:88:26:97:56:e0:4a:02:ec:7b:99:c1:91:43:
                    23:d0:83:26:56:d0:09:ee:eb:1c:aa:53:81:51:cf:
                    7c:69:04:20:04:24:93:b5:d7:da:df:6f:fa:1c:89:
                    25:70:51:db:ca:48:dd:53:0b:d4:af:07:c3:ca:93:
                    f5:c0:1d:27:5d:09:23:22:26:2d:eb:9b:47:38:94:
                    40:6d:1d:52:9d:86:c3:59:c6:a0:02:9c:54:16:33:
                    bb:fc:c9:57:8e:5c:77:42:e9:4a:8a:95:a0:fa:bb:
                    b4:3a:07:49:c2:e5:1a:f6:d4:73:24:4b:dd:d9:c4:
                    3c:75:56:fa:31:66:90:37:03:98:d9:30:40:aa:c7:
                    61:62:eb:6e:ca:f8:10:45:40:0f:12:3a:ee:ba:64:
                    01:a3:d5:30:07:b4:82:a3:a4:37:cc:19:29:0d:88:
                    31:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B0:4C:82:30:47:B1:8C:13:FD:13:E3:C3:B8:43:01:AA:6C:AB:00
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/trBMgjBHsYwT_RPjw7hDAapsqwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:72:79:a9:58:33:d8:96:90:a1:52:77:14:a5:16:21:92:db:
         3f:68:aa:e1:e6:0a:ff:c5:ea:7a:c5:31:11:83:fa:60:4f:b7:
         bf:9f:75:aa:4e:b0:36:e4:0c:76:a5:c4:30:ef:8f:83:5a:92:
         c7:04:e5:d6:c5:20:cc:8c:a3:b8:f4:3f:85:54:f5:7c:f1:be:
         b7:dc:c2:94:73:55:94:f9:6d:78:a6:32:61:25:be:8a:07:19:
         d9:9d:47:cc:7f:ca:7e:73:e7:3c:7b:82:c4:b7:d5:52:72:f4:
         79:dc:a6:5b:a1:94:b0:05:64:01:fc:eb:5a:46:55:2a:eb:f8:
         ce:12:10:b4:7a:d7:12:f7:c8:84:94:b5:9f:92:61:b3:f3:e1:
         bd:5c:7e:1e:48:76:03:69:c6:d0:c9:9e:de:1e:8b:8d:6e:86:
         fd:ac:69:b8:d1:ab:f9:41:cd:73:6d:fb:10:34:83:61:af:a0:
         ce:41:65:a0:70:b4:65:a9:08:d8:3c:ba:ae:51:0d:78:57:88:
         94:91:62:c1:bd:27:be:6b:51:43:a2:24:e3:58:b8:c8:a5:d4:
         c3:6e:fd:4a:4f:e1:f2:f5:a5:64:ca:dd:07:66:9b:dd:4e:67:
         84:be:7b:37:ac:16:15:f2:46:27:48:ca:2f:2d:86:fb:4c:2d:
         87:aa:ac:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY31NQKchvFf906UbPCAnjm9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjI5MTQxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmIwNGM4MjMwNDdiMThjMTNmZDEzZTNjM2I4NDMwMWFhNmNhYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLLl6cckjyQ+iu85v5rT+F1bTCeA
uRZx48gzLGGb/OPz5wEkFkWmpPlL21ofQ0NsO4ZYqRtBPnlIIh1Eeu5sFcn5co9E
TlpSsrdh4Od6uyfyfZ5ZTay7IJK2l4gml1bgSgLse5nBkUMj0IMmVtAJ7uscqlOB
Uc98aQQgBCSTtdfa32/6HIklcFHbykjdUwvUrwfDypP1wB0nXQkjIiYt65tHOJRA
bR1SnYbDWcagApxUFjO7/MlXjlx3QulKipWg+ru0OgdJwuUa9tRzJEvd2cQ8dVb6
MWaQNwOY2TBAqsdhYutuyvgQRUAPEjruumQBo9UwB7SCo6Q3zBkpDYgxNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLawTIIwR7GME/0T48O4QwGqbKsAMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvdHJCTWdqQkhzWXdUX1JQanc3aERBYXBzcXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+ynMA0G
CSqGSIb3DQEBCwUAA4IBAQAmcnmpWDPYlpChUncUpRYhkts/aKrh5gr/xep6xTER
g/pgT7e/n3WqTrA25Ax2pcQw74+DWpLHBOXWxSDMjKO49D+FVPV88b633MKUc1WU
+W14pjJhJb6KBxnZnUfMf8p+c+c8e4LEt9VScvR53KZboZSwBWQB/OtaRlUq6/jO
EhC0etcS98iElLWfkmGz8+G9XH4eSHYDacbQyZ7eHouNbob9rGm40av5Qc1zbfsQ
NINhr6DOQWWgcLRlqQjYPLquUQ14V4iUkWLBvSe+a1FDoiTjWLjIpdTDbv1KT+Hy
9aVkyt0HZpvdTmeEvns3rBYV8kYnSMovLYb7TC2Hqqzc
-----END CERTIFICATE-----