Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/fd757c-3a7c-4b31-b4a1-cfa7a310d542/1/36hnPdpbza7qJ2Cg-sU36vju1pU.roa
File:                     36hnPdpbza7qJ2Cg-sU36vju1pU.roa (raw, json)
Hash identifier:          ee11mCrQdrYsADuPBMYK9iFWg06WjoMdJ+7abpX7V40=
Subject key identifier:   DF:A8:67:3D:DA:5B:CD:AE:EA:27:60:A0:FA:C5:37:EA:F8:EE:D6:95
Certificate issuer:       /CN=42004477243ca20b95dc8efe07337639806f6075
Certificate serial:       018CC56EE812804218AAF34F8AFC8468582D
Authority key identifier: 42:00:44:77:24:3C:A2:0B:95:DC:8E:FE:07:33:76:39:80:6F:60:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QgBEdyQ8oguV3I7-BzN2OYBvYHU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/fd757c-3a7c-4b31-b4a1-cfa7a310d542/1/36hnPdpbza7qJ2Cg-sU36vju1pU.roa
Signing time:             Mon 01 Jan 2024 14:30:29 +0000
ROA not before:           Mon 01 Jan 2024 14:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43242
IP address blocks:        185.135.97.0/24 maxlen: 24
                          185.135.98.0/24 maxlen: 24
                          185.135.96.0/24 maxlen: 24
                          185.135.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/fd757c-3a7c-4b31-b4a1-cfa7a310d542/1/QgBEdyQ8oguV3I7-BzN2OYBvYHU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/fd757c-3a7c-4b31-b4a1-cfa7a310d542/1/QgBEdyQ8oguV3I7-BzN2OYBvYHU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QgBEdyQ8oguV3I7-BzN2OYBvYHU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e8:12:80:42:18:aa:f3:4f:8a:fc:84:68:58:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42004477243ca20b95dc8efe07337639806f6075
        Validity
            Not Before: Jan  1 14:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfa8673dda5bcdaeea2760a0fac537eaf8eed695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:07:84:5a:f6:d0:28:54:e5:26:30:29:08:e8:
                    8e:8c:37:7f:4b:d8:d2:a6:8e:1f:27:85:96:78:d9:
                    d7:2f:fa:bc:b9:cc:f3:d4:d0:cf:37:1d:9e:87:81:
                    14:8b:d5:08:e8:f0:a4:ae:89:67:12:9d:7f:3d:67:
                    e5:de:aa:b9:ea:59:0e:ae:9a:fd:c0:d3:05:d0:9b:
                    8f:8e:2e:a3:e5:e6:37:fc:b2:45:2a:eb:88:2f:ab:
                    88:8a:a1:d3:77:6f:15:5d:ea:cd:25:8f:55:dc:6d:
                    5e:b7:f6:83:89:0b:8b:26:87:ae:76:02:aa:1d:07:
                    80:06:d6:37:54:90:ba:14:f0:bf:38:13:78:73:6d:
                    ef:f8:92:8d:67:8c:1d:cd:18:bb:9c:30:5f:56:2f:
                    3c:18:62:0f:d6:8a:b7:62:be:63:c4:e5:0f:3f:6d:
                    8c:e4:f3:b0:89:85:c6:dc:81:c9:88:83:80:79:01:
                    5f:19:d1:6c:cc:9b:ed:e7:55:05:92:6f:5b:3b:77:
                    01:1f:b1:26:06:fd:bd:81:6a:c9:45:c8:b1:c9:63:
                    14:b6:e7:46:ef:03:92:21:c3:a4:6f:e9:c2:d2:03:
                    b7:27:f8:34:78:0b:33:dd:3b:b1:db:ee:0a:e2:c1:
                    f3:22:e3:d5:e5:cb:ec:49:f2:8e:08:39:a8:e1:fc:
                    71:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A8:67:3D:DA:5B:CD:AE:EA:27:60:A0:FA:C5:37:EA:F8:EE:D6:95
            X509v3 Authority Key Identifier:
                keyid:42:00:44:77:24:3C:A2:0B:95:DC:8E:FE:07:33:76:39:80:6F:60:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QgBEdyQ8oguV3I7-BzN2OYBvYHU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/fd757c-3a7c-4b31-b4a1-cfa7a310d542/1/36hnPdpbza7qJ2Cg-sU36vju1pU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/fd757c-3a7c-4b31-b4a1-cfa7a310d542/1/QgBEdyQ8oguV3I7-BzN2OYBvYHU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:60:c3:09:2c:16:87:bb:42:40:ff:89:c0:40:04:e9:47:46:
         ce:06:75:6c:54:be:78:60:0e:13:5e:89:87:ee:81:48:63:29:
         77:39:34:8d:75:fa:7b:17:3d:a5:01:08:eb:22:82:b5:8d:66:
         97:0e:25:d4:06:1b:c3:7f:76:7e:06:23:d5:66:dd:7b:b3:1f:
         4e:90:b9:d3:96:31:99:59:16:33:3c:d6:b4:85:fd:01:de:6d:
         5c:c9:cf:6c:d2:8a:98:22:fd:e8:df:8e:5d:c2:98:53:92:9e:
         ac:61:93:84:43:98:f8:f8:4e:f7:8d:47:8b:28:50:f6:3a:ee:
         78:75:83:06:99:4d:0f:c8:a6:c7:d1:76:9b:32:9f:3a:3b:ea:
         80:37:44:2d:64:84:bb:3e:b3:ea:5d:7b:d4:12:ae:d3:86:8b:
         0a:ca:35:3a:b9:65:a2:91:9d:f9:2d:31:f4:d9:03:67:bb:d3:
         d2:dd:4b:4b:e4:08:bb:40:42:1e:05:bf:80:97:a4:00:6b:91:
         e8:3d:44:c9:51:60:ba:9f:7a:ea:9e:a1:b1:f5:52:8d:10:f7:
         c6:b4:f4:7c:18:84:1e:8e:e6:f9:fe:7a:82:96:01:d0:c8:4c:
         a4:a5:6e:56:46:17:7c:20:8a:e0:da:9e:2f:ce:31:97:bb:f2:
         09:54:1f:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbugSgEIYqvNPivyEaFgtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMDA0NDc3MjQzY2EyMGI5NWRjOGVmZTA3MzM3NjM5ODA2
ZjYwNzUwHhcNMjQwMTAxMTQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmE4NjczZGRhNWJjZGFlZWEyNzYwYTBmYWM1MzdlYWY4ZWVkNjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqweEWvbQKFTlJjApCOiOjDd/S9jS
po4fJ4WWeNnXL/q8uczz1NDPNx2eh4EUi9UI6PCkrolnEp1/PWfl3qq56lkOrpr9
wNMF0JuPji6j5eY3/LJFKuuIL6uIiqHTd28VXerNJY9V3G1et/aDiQuLJoeudgKq
HQeABtY3VJC6FPC/OBN4c23v+JKNZ4wdzRi7nDBfVi88GGIP1oq3Yr5jxOUPP22M
5POwiYXG3IHJiIOAeQFfGdFszJvt51UFkm9bO3cBH7EmBv29gWrJRcixyWMUtudG
7wOSIcOkb+nC0gO3J/g0eAsz3Tux2+4K4sHzIuPV5cvsSfKOCDmo4fxxqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+oZz3aW82u6idgoPrFN+r47taVMB8GA1UdIwQY
MBaAFEIARHckPKILldyO/gczdjmAb2B1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWdCRWR5UThvZ3VWM0k3LUJ6TjJPWUJ2WUhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9mZDc1N2MtM2E3Yy00YjMxLWI0YTEt
Y2ZhN2EzMTBkNTQyLzEvMzZoblBkcGJ6YTdxSjJDZy1zVTM2dmp1MXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9mZDc1N2MtM2E3Yy00YjMxLWI0YTEtY2ZhN2EzMTBkNTQy
LzEvUWdCRWR5UThvZ3VWM0k3LUJ6TjJPWUJ2WUhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYdgMA0G
CSqGSIb3DQEBCwUAA4IBAQAdYMMJLBaHu0JA/4nAQATpR0bOBnVsVL54YA4TXomH
7oFIYyl3OTSNdfp7Fz2lAQjrIoK1jWaXDiXUBhvDf3Z+BiPVZt17sx9OkLnTljGZ
WRYzPNa0hf0B3m1cyc9s0oqYIv3o345dwphTkp6sYZOEQ5j4+E73jUeLKFD2Ou54
dYMGmU0PyKbH0XabMp86O+qAN0QtZIS7PrPqXXvUEq7ThosKyjU6uWWikZ35LTH0
2QNnu9PS3UtL5Ai7QEIeBb+Al6QAa5HoPUTJUWC6n3rqnqGx9VKNEPfGtPR8GIQe
jub5/nqClgHQyEykpW5WRhd8IIrg2p4vzjGXu/IJVB8g
-----END CERTIFICATE-----