Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/iUll6dAt52yo_L6IVRBxpuY46bI.roa
File:                     iUll6dAt52yo_L6IVRBxpuY46bI.roa (raw, json)
Hash identifier:          mbpNGcx4lvRouGZ3VOhMS44+PMUPXQn70I3H9OD1n04=
Subject key identifier:   89:49:65:E9:D0:2D:E7:6C:A8:FC:BE:88:55:10:71:A6:E6:38:E9:B2
Certificate issuer:       /CN=d0b849b9bc9042a1557331937e4ad71518af61cf
Certificate serial:       018CC4933141F9E502E89F73EF89D047F489
Authority key identifier: D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/iUll6dAt52yo_L6IVRBxpuY46bI.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50939
IP address blocks:        194.36.140.0/24 maxlen: 24
                          194.36.140.0/23 maxlen: 23
                          194.36.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:31:41:f9:e5:02:e8:9f:73:ef:89:d0:47:f4:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b849b9bc9042a1557331937e4ad71518af61cf
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=894965e9d02de76ca8fcbe88551071a6e638e9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c8:16:d2:2f:bc:ed:44:b1:95:d7:89:47:71:
                    8c:4a:a7:20:34:13:a8:2e:30:73:2c:be:3f:7b:df:
                    6e:85:e5:35:41:9d:3c:76:1d:fd:ce:5c:55:74:4a:
                    d1:df:8c:f8:8b:e8:94:d1:d3:d8:07:8c:0a:cb:52:
                    98:08:48:5e:a2:d7:8e:7f:d0:9e:3a:c8:db:24:34:
                    f8:55:2c:32:fa:d4:68:4e:05:d1:e3:e2:91:ab:de:
                    a8:45:ef:ab:ba:84:08:da:32:08:c5:2e:14:53:50:
                    6a:ca:11:f3:c4:a2:51:7b:49:c2:ed:b9:d5:19:16:
                    21:2f:44:3a:e9:9e:a4:b0:80:0a:4f:c3:bd:a3:24:
                    29:b1:81:ff:2f:ef:55:47:4e:c5:26:1d:f2:0b:a3:
                    d3:7f:82:2f:c0:21:8a:eb:97:9d:21:e9:8a:61:0c:
                    b9:99:dd:fe:ab:90:99:ba:cf:c6:17:05:5b:b5:bd:
                    04:ba:09:fb:93:08:85:eb:b4:a8:dd:ea:a5:b9:77:
                    b5:76:e9:b7:b4:3d:f9:57:72:26:99:f6:63:10:a0:
                    f7:f6:06:23:48:5d:ae:81:30:f2:68:95:72:09:a5:
                    74:4e:60:e7:0b:b6:57:d2:43:f4:65:3a:aa:9d:74:
                    07:3c:9b:f9:1c:8f:35:5e:a1:ea:eb:1c:a7:28:b1:
                    f1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:49:65:E9:D0:2D:E7:6C:A8:FC:BE:88:55:10:71:A6:E6:38:E9:B2
            X509v3 Authority Key Identifier:
                keyid:D0:B8:49:B9:BC:90:42:A1:55:73:31:93:7E:4A:D7:15:18:AF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LhJubyQQqFVczGTfkrXFRivYc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/iUll6dAt52yo_L6IVRBxpuY46bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/a3fb67-d514-4aee-adb9-72bad9d73c80/1/0LhJubyQQqFVczGTfkrXFRivYc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:ff:02:ca:b2:7b:a8:02:37:2f:68:4f:c9:f6:66:27:f7:73:
         da:69:6c:24:ad:12:8e:27:1e:e5:c1:89:88:33:ae:54:ae:64:
         f2:dd:49:7a:b7:cb:78:a9:17:a7:e5:02:fa:8f:c3:64:b6:43:
         ae:19:ad:01:84:8c:86:12:0c:ce:d7:a8:4c:89:27:8c:34:e8:
         e0:d2:96:d0:c7:56:10:19:79:62:d1:40:80:4c:ff:8c:1a:6b:
         1c:ac:09:02:36:85:70:3e:b0:5f:ed:f5:89:ff:b4:0b:1b:04:
         aa:37:2b:4f:8f:61:21:46:de:db:b4:d5:33:23:f7:59:ad:d4:
         e3:4c:ea:99:d8:6f:a4:ac:fd:7e:0b:75:e8:98:a7:9e:6c:bb:
         4a:69:d9:11:2c:19:61:2b:a8:67:2b:80:13:24:e3:66:69:93:
         32:f5:b6:51:68:93:e4:07:06:02:5a:b7:06:76:52:8b:43:1f:
         40:f7:8a:17:07:a7:fa:4d:c8:58:0d:60:c1:41:09:05:dc:57:
         43:b8:03:4b:d6:d5:71:65:58:e5:fa:94:6b:42:e7:57:b9:af:
         02:32:f1:e8:c8:22:3b:9c:8a:48:b0:0d:b4:d8:6f:9d:e7:f1:
         9f:39:e7:f0:f3:67:86:bf:43:c8:9b:ab:cf:b3:a5:00:e6:bb:
         84:67:6a:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkzFB+eUC6J9z74nQR/SJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjg0OWI5YmM5MDQyYTE1NTczMzE5MzdlNGFkNzE1MThh
ZjYxY2YwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQ5NjVlOWQwMmRlNzZjYThmY2JlODg1NTEwNzFhNmU2MzhlOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcgW0i+87USxldeJR3GMSqcgNBOo
LjBzLL4/e99uheU1QZ08dh39zlxVdErR34z4i+iU0dPYB4wKy1KYCEheoteOf9Ce
OsjbJDT4VSwy+tRoTgXR4+KRq96oRe+ruoQI2jIIxS4UU1BqyhHzxKJRe0nC7bnV
GRYhL0Q66Z6ksIAKT8O9oyQpsYH/L+9VR07FJh3yC6PTf4IvwCGK65edIemKYQy5
md3+q5CZus/GFwVbtb0Eugn7kwiF67So3eqluXe1dum3tD35V3ImmfZjEKD39gYj
SF2ugTDyaJVyCaV0TmDnC7ZX0kP0ZTqqnXQHPJv5HI81XqHq6xynKLHxfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlJZenQLedsqPy+iFUQcabmOOmyMB8GA1UdIwQY
MBaAFNC4Sbm8kEKhVXMxk35K1xUYr2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjkt
NzJiYWQ5ZDczYzgwLzEvaVVsbDZkQXQ1MnlvX0w2SVZSQnhwdVk0NmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9hM2ZiNjctZDUxNC00YWVlLWFkYjktNzJiYWQ5ZDczYzgw
LzEvMExoSnVieVFRcUZWY3pHVGZrclhGUml2WWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiSMMA0G
CSqGSIb3DQEBCwUAA4IBAQBN/wLKsnuoAjcvaE/J9mYn93PaaWwkrRKOJx7lwYmI
M65UrmTy3Ul6t8t4qRen5QL6j8NktkOuGa0BhIyGEgzO16hMiSeMNOjg0pbQx1YQ
GXli0UCATP+MGmscrAkCNoVwPrBf7fWJ/7QLGwSqNytPj2EhRt7btNUzI/dZrdTj
TOqZ2G+krP1+C3XomKeebLtKadkRLBlhK6hnK4ATJONmaZMy9bZRaJPkBwYCWrcG
dlKLQx9A94oXB6f6TchYDWDBQQkF3FdDuANL1tVxZVjl+pRrQudXua8CMvHoyCI7
nIpIsA202G+d5/GfOefw82eGv0PIm6vPs6UA5ruEZ2ow
-----END CERTIFICATE-----