Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/OX4RsI4c1HdlfaUGxa-gfIVDiAE.roa
File:                     OX4RsI4c1HdlfaUGxa-gfIVDiAE.roa (raw, json)
Hash identifier:          eK0NWtIgPAjlXGUeQ52N+rAyXp+KHTufRU3q5yGoUaU=
Subject key identifier:   39:7E:11:B0:8E:1C:D4:77:65:7D:A5:06:C5:AF:A0:7C:85:43:88:01
Certificate issuer:       /CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
Certificate serial:       018CC86F1A8D56560D5603080A6ABA4FAAC8
Authority key identifier: EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/OX4RsI4c1HdlfaUGxa-gfIVDiAE.roa
Signing time:             Tue 02 Jan 2024 04:29:33 +0000
ROA not before:           Tue 02 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        185.192.36.0/23 maxlen: 23
                          185.192.36.0/22 maxlen: 22
                          185.192.38.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:1a:8d:56:56:0d:56:03:08:0a:6a:ba:4f:aa:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eba8db3b54d081c30bf51bdc7b19e4f6480b7f53
        Validity
            Not Before: Jan  2 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=397e11b08e1cd477657da506c5afa07c85438801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:cb:23:82:f0:16:1f:67:30:2a:32:4f:56:4f:
                    6c:50:33:1f:d0:63:45:f2:81:61:ac:4f:cb:da:9a:
                    3a:d8:8d:3d:b1:75:08:e6:98:ff:84:86:c1:58:29:
                    88:0a:8d:6f:ca:56:52:9b:0b:c2:c4:43:fa:93:13:
                    a8:72:fc:54:82:c0:ce:e9:9a:21:70:ea:8f:82:3b:
                    d3:1b:c4:ea:04:b8:a5:c2:28:91:67:97:ea:82:30:
                    52:12:bd:93:3b:fb:e0:c8:58:c2:5b:a3:b2:7f:e8:
                    ae:b8:8d:5b:b3:97:e3:1d:f0:b9:ed:9d:ae:29:7b:
                    e7:85:b0:1f:25:b2:48:44:f0:1a:22:51:a0:db:da:
                    fb:d0:92:30:d8:4e:da:7e:7d:06:0c:c8:b8:05:2e:
                    be:98:08:28:a1:0c:e0:75:67:ee:e9:97:08:eb:a1:
                    94:0b:de:78:17:f1:42:ae:64:a3:41:44:5f:b9:98:
                    8b:a8:e2:fb:fc:f2:bc:8b:97:bb:ab:a5:21:11:56:
                    e1:53:38:7a:f3:3e:4e:39:db:88:5d:c0:9a:61:a8:
                    74:0f:57:ff:4e:03:91:3b:2a:52:56:c1:23:a0:54:
                    36:5f:b2:9b:c0:34:6e:ea:1a:05:97:2c:18:90:18:
                    02:8d:74:54:9e:5a:46:b0:d4:ff:4d:17:13:16:dc:
                    43:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:7E:11:B0:8E:1C:D4:77:65:7D:A5:06:C5:AF:A0:7C:85:43:88:01
            X509v3 Authority Key Identifier:
                keyid:EB:A8:DB:3B:54:D0:81:C3:0B:F5:1B:DC:7B:19:E4:F6:48:0B:7F:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/66jbO1TQgcML9Rvcexnk9kgLf1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/OX4RsI4c1HdlfaUGxa-gfIVDiAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/6ccf03-090d-416e-86cf-e9dc3f1cf824/1/66jbO1TQgcML9Rvcexnk9kgLf1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cf:32:20:ed:c2:08:a0:be:6f:06:3a:53:d6:58:b2:ba:07:a4:
         63:0d:59:78:0d:dc:b6:18:1f:d8:0b:bd:79:47:3c:c9:18:09:
         b4:43:6b:a8:37:5b:99:3c:2a:7c:8f:81:45:b7:5b:8b:2e:3f:
         f2:4c:29:93:83:87:56:67:15:2b:4d:dc:5d:02:0d:06:f9:3d:
         b9:f5:0a:56:5f:5b:a8:3d:36:61:9e:53:64:a2:6d:58:9a:fb:
         a5:1e:8d:0f:e4:b4:22:62:da:0a:ca:05:b0:ef:2a:be:1b:e9:
         63:6e:b6:2a:9a:4c:39:4e:e0:92:c2:17:3f:00:aa:34:bd:1a:
         10:d6:e2:d6:0b:87:6b:f9:4a:26:82:c9:f6:21:87:dd:18:93:
         d2:4b:a7:11:a9:84:bf:5e:08:49:9e:45:07:23:f5:d6:99:5f:
         8a:36:6a:8d:98:cc:6c:2f:8d:23:3d:9e:06:72:6c:f4:02:cc:
         64:6a:ba:02:45:8f:40:b4:3d:26:59:ab:1e:77:d8:09:60:7e:
         24:e8:21:78:da:b5:5d:44:e0:75:ee:1f:b0:e0:78:10:c9:7c:
         c0:98:d0:12:8d:bb:a8:77:54:63:c8:14:03:f3:fe:60:ed:ff:
         21:58:2e:39:2a:f2:e2:fb:16:a5:99:30:85:97:e7:9d:bb:68:
         64:30:15:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbxqNVlYNVgMICmq6T6rIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViYThkYjNiNTRkMDgxYzMwYmY1MWJkYzdiMTllNGY2NDgw
YjdmNTMwHhcNMjQwMTAyMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTdlMTFiMDhlMWNkNDc3NjU3ZGE1MDZjNWFmYTA3Yzg1NDM4ODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicsjgvAWH2cwKjJPVk9sUDMf0GNF
8oFhrE/L2po62I09sXUI5pj/hIbBWCmICo1vylZSmwvCxEP6kxOocvxUgsDO6Zoh
cOqPgjvTG8TqBLilwiiRZ5fqgjBSEr2TO/vgyFjCW6Oyf+iuuI1bs5fjHfC57Z2u
KXvnhbAfJbJIRPAaIlGg29r70JIw2E7afn0GDMi4BS6+mAgooQzgdWfu6ZcI66GU
C954F/FCrmSjQURfuZiLqOL7/PK8i5e7q6UhEVbhUzh68z5OOduIXcCaYah0D1f/
TgOROypSVsEjoFQ2X7KbwDRu6hoFlywYkBgCjXRUnlpGsNT/TRcTFtxDCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDl+EbCOHNR3ZX2lBsWvoHyFQ4gBMB8GA1UdIwQY
MBaAFOuo2ztU0IHDC/Ub3HsZ5PZIC39TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2Yt
ZTlkYzNmMWNmODI0LzEvT1g0UnNJNGMxSGRsZmFVR3hhLWdmSVZEaUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi82Y2NmMDMtMDkwZC00MTZlLTg2Y2YtZTlkYzNmMWNmODI0
LzEvNjZqYk8xVFFnY01MOVJ2Y2V4bms5a2dMZjFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucAkMA0G
CSqGSIb3DQEBCwUAA4IBAQDPMiDtwgigvm8GOlPWWLK6B6RjDVl4Ddy2GB/YC715
RzzJGAm0Q2uoN1uZPCp8j4FFt1uLLj/yTCmTg4dWZxUrTdxdAg0G+T259QpWX1uo
PTZhnlNkom1YmvulHo0P5LQiYtoKygWw7yq+G+ljbrYqmkw5TuCSwhc/AKo0vRoQ
1uLWC4dr+Uomgsn2IYfdGJPSS6cRqYS/XghJnkUHI/XWmV+KNmqNmMxsL40jPZ4G
cmz0AsxkaroCRY9AtD0mWased9gJYH4k6CF42rVdROB17h+w4HgQyXzAmNASjbuo
d1RjyBQD8/5g7f8hWC45KvLi+xalmTCFl+edu2hkMBXV
-----END CERTIFICATE-----