Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xjZXuYp13lCmyFISML6VA8g-cNY.roa
File:                     xjZXuYp13lCmyFISML6VA8g-cNY.roa (raw, json)
Hash identifier:          yuYPyhTeN6zI/RAwhUht8DKYx+Bbb0gWfD8ulgrVHGE=
Subject key identifier:   C6:36:57:B9:8A:75:DE:50:A6:C8:52:12:30:BE:95:03:C8:3E:70:D6
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0190E9F01A2E15F032D7B208597C03B045BE
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xjZXuYp13lCmyFISML6VA8g-cNY.roa
Signing time:             Thu 25 Jul 2024 12:49:04 +0000
ROA not before:           Thu 25 Jul 2024 12:49:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57523
IP address blocks:        152.89.198.0/24 maxlen: 24
                          185.155.101.0/24 maxlen: 24
                          194.26.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:35:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e9:f0:1a:2e:15:f0:32:d7:b2:08:59:7c:03:b0:45:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jul 25 12:49:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c63657b98a75de50a6c8521230be9503c83e70d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0f:8d:a2:f3:bd:94:43:77:92:e8:e1:fc:a0:
                    99:6b:93:0c:f8:30:59:47:92:ea:88:e6:d5:29:b7:
                    58:1c:20:0b:ee:f5:b1:ef:c5:6d:73:d0:c9:1f:ba:
                    37:30:03:00:41:22:ce:11:66:e4:db:40:b2:d0:61:
                    30:aa:88:60:db:7d:6d:9f:06:c3:76:bb:85:a4:91:
                    00:fb:3d:68:62:f8:a9:3e:88:53:f2:87:3d:3e:ac:
                    b7:84:f5:10:21:7f:ee:e4:f0:2a:65:33:b2:48:db:
                    8f:1c:7f:3e:02:26:00:5b:c5:58:08:f1:2d:a4:8f:
                    0d:3c:ee:4f:72:67:9a:95:7b:55:79:a0:ee:2a:ea:
                    72:12:46:08:4e:1e:bd:b1:37:55:6a:d9:4e:5b:c0:
                    2e:57:d3:90:e3:32:9e:30:49:a4:a6:da:44:56:c8:
                    d2:02:c8:a5:62:73:80:62:c8:c2:3f:15:f6:78:c5:
                    40:e1:94:3a:1a:15:4a:91:9f:5f:c1:d6:3a:8a:a8:
                    08:ed:62:33:2e:ef:bc:89:a1:08:9d:7e:79:56:2b:
                    6d:a1:67:ed:bb:6d:b6:43:49:f9:ad:05:ed:f4:f5:
                    63:f3:24:e4:41:1c:d9:c0:0f:ff:a9:0b:9c:47:d8:
                    03:bc:29:ca:a9:c5:3a:e6:1e:8b:05:e2:bf:92:56:
                    55:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:36:57:B9:8A:75:DE:50:A6:C8:52:12:30:BE:95:03:C8:3E:70:D6
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/xjZXuYp13lCmyFISML6VA8g-cNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.198.0/24
                  185.155.101.0/24
                  194.26.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:0d:ab:f3:31:02:d3:ba:c1:4e:f6:e2:3d:7b:54:7d:3f:4e:
         b7:0a:de:61:4e:ee:9f:9d:bb:04:18:82:9d:29:bf:a7:cf:67:
         1e:bc:ef:1f:35:4f:0a:0a:d3:7e:00:84:28:3f:7b:ee:7f:85:
         4b:ef:c6:1a:a2:ce:33:63:2c:b2:ac:cd:c3:c4:0b:90:89:63:
         6f:4b:bd:b8:3b:d7:6b:ba:c7:51:f5:94:37:9a:02:e2:dc:bb:
         be:d9:7a:b4:d5:53:1e:3d:d0:45:18:bc:cd:ae:fa:24:bd:7f:
         3a:38:70:16:95:69:73:88:68:57:6a:96:f3:af:cd:d1:b9:e5:
         80:2a:db:fc:d0:75:6a:e8:d9:87:ff:1e:0c:2f:de:f3:2f:39:
         65:45:55:ec:d3:85:c1:92:41:b5:07:c3:6f:15:21:d1:4a:38:
         71:86:53:8e:4b:33:21:0a:3a:b7:76:ee:f6:bf:97:4c:03:84:
         1f:77:ae:fc:92:47:6b:db:24:68:00:8d:9c:d6:58:21:28:78:
         af:a4:eb:34:26:18:bc:b3:37:7c:45:02:b5:0d:a6:88:b6:30:
         1b:3c:1a:d6:9f:5e:eb:52:9b:bc:85:e5:e6:ff:35:e5:27:77:
         d0:1a:c1:62:a1:04:de:36:89:17:d3:5e:8f:ca:70:9a:f5:b4:
         55:44:4c:e5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZDp8BouFfAy17IIWXwDsEW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNzI1MTI0OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjM2NTdiOThhNzVkZTUwYTZjODUyMTIzMGJlOTUwM2M4M2U3MGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw+NovO9lEN3kujh/KCZa5MM+DBZ
R5LqiObVKbdYHCAL7vWx78Vtc9DJH7o3MAMAQSLOEWbk20Cy0GEwqohg231tnwbD
druFpJEA+z1oYvipPohT8oc9Pqy3hPUQIX/u5PAqZTOySNuPHH8+AiYAW8VYCPEt
pI8NPO5PcmealXtVeaDuKupyEkYITh69sTdVatlOW8AuV9OQ4zKeMEmkptpEVsjS
AsilYnOAYsjCPxX2eMVA4ZQ6GhVKkZ9fwdY6iqgI7WIzLu+8iaEInX55VittoWft
u222Q0n5rQXt9PVj8yTkQRzZwA//qQucR9gDvCnKqcU65h6LBeK/klZVSQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMY2V7mKdd5QpshSEjC+lQPIPnDWMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEveGpaWHVZcDEzbENteUZJU01MNlZBOGctY05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAmFnGAwQA
uZtlAwQAwhqHMA0GCSqGSIb3DQEBCwUAA4IBAQAEDavzMQLTusFO9uI9e1R9P063
Ct5hTu6fnbsEGIKdKb+nz2cevO8fNU8KCtN+AIQoP3vuf4VL78Yaos4zYyyyrM3D
xAuQiWNvS724O9drusdR9ZQ3mgLi3Lu+2Xq01VMePdBFGLzNrvokvX86OHAWlWlz
iGhXapbzr83RueWAKtv80HVq6NmH/x4ML97zLzllRVXs04XBkkG1B8NvFSHRSjhx
hlOOSzMhCjq3du72v5dMA4Qfd678kkdr2yRoAI2c1lghKHivpOs0Jhi8szd8RQK1
DaaItjAbPBrWn17rUpu8heXm/zXlJ3fQGsFioQTeNokX016PynCa9bRVREzl
-----END CERTIFICATE-----