Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/X0qrFh2RakX4rnuy1Sc4NcVfdYI.roa
File:                     X0qrFh2RakX4rnuy1Sc4NcVfdYI.roa (raw, json)
Hash identifier:          OKfVF231rej1hZ7I/VAJA88WY2z7uSim+9nsWsfxfDY=
Subject key identifier:   5F:4A:AB:16:1D:91:6A:45:F8:AE:7B:B2:D5:27:38:35:C5:5F:75:82
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018CC56E11AA57CEDD30D7C6FEE625A80DE0
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/X0qrFh2RakX4rnuy1Sc4NcVfdYI.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196886
IP address blocks:        188.255.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 May 2024 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:11:aa:57:ce:dd:30:d7:c6:fe:e6:25:a8:0d:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f4aab161d916a45f8ae7bb2d5273835c55f7582
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:db:3f:c0:6f:ac:ee:31:a4:ff:c3:a1:f0:73:
                    13:d3:1c:16:a3:1a:80:c4:f2:da:bf:f7:c9:26:57:
                    db:14:b8:72:be:76:4e:5d:81:b9:a8:99:6e:3e:a2:
                    45:b6:4a:73:ae:ce:0e:74:e9:e6:76:1f:5b:f4:b8:
                    24:e2:c1:0b:e3:56:24:93:4b:ad:5a:88:ad:ba:7c:
                    4a:34:48:5c:eb:93:dd:28:95:00:35:de:99:fa:00:
                    2c:02:9e:22:b3:24:e5:10:51:40:13:91:0a:d2:3e:
                    54:13:6d:83:7e:1f:a1:b9:aa:08:1d:10:28:b7:c8:
                    6a:26:64:9a:ed:4a:1b:3b:e0:ec:95:71:d1:b0:55:
                    93:13:ae:96:5f:f6:bd:da:39:a9:18:23:74:d9:79:
                    b0:6b:87:bc:1e:cc:7a:4c:f9:54:d5:4f:64:84:a8:
                    d3:fc:e6:cf:12:e4:19:2b:23:dd:91:f5:fd:60:6c:
                    64:71:d3:16:d7:8f:ce:aa:4b:af:e4:81:a6:c0:25:
                    66:1c:61:9b:da:18:3a:4e:f5:35:d1:5d:63:58:77:
                    69:6d:d3:34:fd:10:75:86:e6:2e:96:d7:3e:a6:87:
                    39:a1:1a:c5:d1:7b:0a:c8:3f:bf:ca:23:72:b4:37:
                    8a:df:ab:ba:5c:f0:1c:08:96:2c:43:58:05:55:d3:
                    dc:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:4A:AB:16:1D:91:6A:45:F8:AE:7B:B2:D5:27:38:35:C5:5F:75:82
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/X0qrFh2RakX4rnuy1Sc4NcVfdYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.255.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d3:0e:19:96:3b:d1:21:76:44:56:00:fa:8d:6c:de:f7:4a:
         29:bd:a9:fe:85:ec:90:03:ab:39:48:b7:b2:52:16:ba:55:35:
         f7:55:f8:a2:63:08:38:b0:09:ce:0a:7c:5c:cf:2f:02:6e:bf:
         7a:8a:37:4c:6e:d9:0b:b2:0e:21:f7:7d:15:9c:17:c8:08:a9:
         9c:4e:4b:61:21:6a:5d:e9:5e:d4:25:83:e1:63:a4:a4:be:5a:
         a2:ae:ae:03:db:67:31:ef:ff:1f:40:77:d8:3f:c1:09:57:ed:
         18:93:18:82:db:93:9f:34:09:de:65:e3:af:f8:67:9f:fe:93:
         43:42:75:78:56:4c:eb:a6:24:2c:69:74:88:95:fd:3d:7a:ef:
         25:3a:2f:1b:52:58:3a:af:e2:6d:46:9c:3e:76:37:70:5f:9c:
         ff:b9:14:7d:6f:e6:db:64:d7:4e:cc:45:63:14:17:f9:f8:f9:
         bc:36:10:01:d7:2c:83:b2:ef:f8:58:82:d4:c5:1e:dc:23:dd:
         0b:44:67:f1:bc:15:28:28:97:e3:45:80:71:8b:5a:5e:1b:b0:
         05:b7:a3:8b:0e:35:b1:16:7f:2b:3b:75:5f:d3:c6:ce:5e:06:
         de:e1:7b:70:0f:54:f4:16:bd:23:34:4a:48:70:65:d6:71:9e:
         a5:52:80:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhGqV87dMNfG/uYlqA3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjRhYWIxNjFkOTE2YTQ1ZjhhZTdiYjJkNTI3MzgzNWM1NWY3NTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ts/wG+s7jGk/8Oh8HMT0xwWoxqA
xPLav/fJJlfbFLhyvnZOXYG5qJluPqJFtkpzrs4OdOnmdh9b9Lgk4sEL41Ykk0ut
WoitunxKNEhc65PdKJUANd6Z+gAsAp4isyTlEFFAE5EK0j5UE22Dfh+huaoIHRAo
t8hqJmSa7UobO+DslXHRsFWTE66WX/a92jmpGCN02Xmwa4e8Hsx6TPlU1U9khKjT
/ObPEuQZKyPdkfX9YGxkcdMW14/Oqkuv5IGmwCVmHGGb2hg6TvU10V1jWHdpbdM0
/RB1huYultc+poc5oRrF0XsKyD+/yiNytDeK36u6XPAcCJYsQ1gFVdPcxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF9KqxYdkWpF+K57stUnODXFX3WCMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvWDBxckZoMlJha1g0cm51eTFTYzROY1ZmZFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvP/8MA0G
CSqGSIb3DQEBCwUAA4IBAQCZ0w4ZljvRIXZEVgD6jWze90opvan+heyQA6s5SLey
Uha6VTX3VfiiYwg4sAnOCnxczy8Cbr96ijdMbtkLsg4h930VnBfICKmcTkthIWpd
6V7UJYPhY6Skvlqirq4D22cx7/8fQHfYP8EJV+0YkxiC25OfNAneZeOv+Gef/pND
QnV4VkzrpiQsaXSIlf09eu8lOi8bUlg6r+JtRpw+djdwX5z/uRR9b+bbZNdOzEVj
FBf5+Pm8NhAB1yyDsu/4WILUxR7cI90LRGfxvBUoKJfjRYBxi1peG7AFt6OLDjWx
Fn8rO3Vf08bOXgbe4XtwD1T0Fr0jNEpIcGXWcZ6lUoBX
-----END CERTIFICATE-----