Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/5GWIf6QBPTWIF2o7l0wMVGH5uXs.roa
File:                     5GWIf6QBPTWIF2o7l0wMVGH5uXs.roa (raw, json)
Hash identifier:          vDP1vSRp5ijRNvACYNhkKTKwvZzb0Lqt0et8BqNfen4=
Subject key identifier:   E4:65:88:7F:A4:01:3D:35:88:17:6A:3B:97:4C:0C:54:61:F9:B9:7B
Certificate issuer:       /CN=36a4668ff83814af90a78b4fc8d262325058cbc6
Certificate serial:       018CC2DB3806EAD0F08D1E09780D824FA472
Authority key identifier: 36:A4:66:8F:F8:38:14:AF:90:A7:8B:4F:C8:D2:62:32:50:58:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/5GWIf6QBPTWIF2o7l0wMVGH5uXs.roa
Signing time:             Mon 01 Jan 2024 02:29:55 +0000
ROA not before:           Mon 01 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36916
IP address blocks:        85.235.76.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:38:06:ea:d0:f0:8d:1e:09:78:0d:82:4f:a4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36a4668ff83814af90a78b4fc8d262325058cbc6
        Validity
            Not Before: Jan  1 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e465887fa4013d3588176a3b974c0c5461f9b97b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:09:e4:c2:cb:ed:00:35:5a:d0:ac:cb:46:35:
                    75:27:91:a8:d5:f8:ce:c9:60:4e:74:02:41:9e:c9:
                    6a:f9:42:6a:c3:c4:e6:f2:c6:00:b8:a5:5c:7b:8d:
                    40:0d:e6:27:7e:78:e5:d6:55:dc:b8:7f:5d:72:7a:
                    19:91:a7:10:48:4f:6c:49:3d:c8:bd:cc:dd:ae:87:
                    cf:a1:91:db:b6:01:00:15:1b:ea:b8:ce:aa:02:1e:
                    ff:79:14:59:9b:83:5d:f6:ab:cf:47:5e:b2:56:c0:
                    d9:28:34:78:76:a7:8e:84:d4:8f:12:86:d6:8b:1c:
                    8f:85:57:00:4f:11:a5:44:51:c3:28:34:c4:40:a5:
                    dc:e5:70:77:82:0f:98:a4:2f:c1:f7:be:d3:86:3a:
                    93:db:b4:73:cb:6a:32:6a:9e:a5:bd:3a:66:cb:48:
                    66:ea:13:3b:08:71:3b:1b:ee:c4:04:70:2c:7b:ee:
                    86:01:2c:1d:40:c5:5a:49:90:cb:c0:de:b7:72:30:
                    34:c7:1a:35:a5:3b:b1:7e:39:2b:79:6f:a3:9f:ba:
                    1c:bb:e0:52:b4:cb:33:98:e1:df:40:f0:f0:e9:ac:
                    f5:a2:29:78:85:2b:6c:62:51:36:23:e8:79:1c:b2:
                    2f:61:5d:2a:e9:34:ee:b2:dd:b9:1a:6f:bc:2e:81:
                    8b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:65:88:7F:A4:01:3D:35:88:17:6A:3B:97:4C:0C:54:61:F9:B9:7B
            X509v3 Authority Key Identifier:
                keyid:36:A4:66:8F:F8:38:14:AF:90:A7:8B:4F:C8:D2:62:32:50:58:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/5GWIf6QBPTWIF2o7l0wMVGH5uXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/031fcb-b74e-4e75-a7b9-90e65412252a/1/NqRmj_g4FK-Qp4tPyNJiMlBYy8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:72:4a:84:0a:f5:84:32:d9:ee:cb:e7:e3:e0:4e:07:9c:15:
         46:37:0d:52:57:a4:a5:73:7b:62:ef:c8:6e:b9:46:6b:c0:b6:
         d8:92:b4:18:38:26:e3:21:ca:9e:08:95:6a:89:3b:b1:45:bb:
         4e:56:03:14:63:4d:93:2c:d8:fa:ed:af:f8:30:ed:54:95:16:
         2d:1b:db:6d:a9:b2:a8:a2:04:f1:59:f3:0d:2b:54:80:8c:39:
         67:4b:6b:8a:fc:d6:8d:00:18:46:4a:c0:32:8f:62:63:66:9f:
         19:24:40:bd:cb:57:88:a0:47:93:93:2a:f3:f2:6c:c4:23:c1:
         18:5e:f7:08:25:6d:9c:25:db:41:8d:b3:e8:21:d4:a9:c8:61:
         57:01:6b:9f:7c:86:02:b7:18:91:fd:67:89:f1:21:ad:71:ca:
         f5:3e:12:f8:8e:46:19:64:92:f0:c5:b6:ed:04:5b:57:b3:4a:
         e0:f0:7b:ec:c7:0d:aa:ef:d2:3e:a9:f3:92:d7:a0:f2:c8:0f:
         87:e3:dd:72:7a:41:8f:9c:73:b9:61:b8:df:ac:a5:2d:28:d2:
         0f:5e:6a:6c:95:1a:9d:76:c8:0c:23:e9:16:64:03:5b:05:6b:
         f6:01:6f:3d:fb:5d:f4:1a:7d:7f:f7:69:12:52:0d:cf:84:9b:
         8f:d8:25:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zgG6tDwjR4JeA2CT6RyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YTQ2NjhmZjgzODE0YWY5MGE3OGI0ZmM4ZDI2MjMyNTA1
OGNiYzYwHhcNMjQwMTAxMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDY1ODg3ZmE0MDEzZDM1ODgxNzZhM2I5NzRjMGM1NDYxZjliOTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgAnkwsvtADVa0KzLRjV1J5Go1fjO
yWBOdAJBnslq+UJqw8Tm8sYAuKVce41ADeYnfnjl1lXcuH9dcnoZkacQSE9sST3I
vczdrofPoZHbtgEAFRvquM6qAh7/eRRZm4Nd9qvPR16yVsDZKDR4dqeOhNSPEobW
ixyPhVcATxGlRFHDKDTEQKXc5XB3gg+YpC/B977ThjqT27Rzy2oyap6lvTpmy0hm
6hM7CHE7G+7EBHAse+6GASwdQMVaSZDLwN63cjA0xxo1pTuxfjkreW+jn7ocu+BS
tMszmOHfQPDw6az1oil4hStsYlE2I+h5HLIvYV0q6TTust25Gm+8LoGL7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFORliH+kAT01iBdqO5dMDFRh+bl7MB8GA1UdIwQY
MBaAFDakZo/4OBSvkKeLT8jSYjJQWMvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnFSbWpfZzRGSy1RcDR0UHlOSmlNbEJZeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8wMzFmY2ItYjc0ZS00ZTc1LWE3Yjkt
OTBlNjU0MTIyNTJhLzEvNUdXSWY2UUJQVFdJRjJvN2wwd01WR0g1dVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8wMzFmY2ItYjc0ZS00ZTc1LWE3YjktOTBlNjU0MTIyNTJh
LzEvTnFSbWpfZzRGSy1RcDR0UHlOSmlNbEJZeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVetMMA0G
CSqGSIb3DQEBCwUAA4IBAQBSckqECvWEMtnuy+fj4E4HnBVGNw1SV6Slc3ti78hu
uUZrwLbYkrQYOCbjIcqeCJVqiTuxRbtOVgMUY02TLNj67a/4MO1UlRYtG9ttqbKo
ogTxWfMNK1SAjDlnS2uK/NaNABhGSsAyj2JjZp8ZJEC9y1eIoEeTkyrz8mzEI8EY
XvcIJW2cJdtBjbPoIdSpyGFXAWuffIYCtxiR/WeJ8SGtccr1PhL4jkYZZJLwxbbt
BFtXs0rg8Hvsxw2q79I+qfOS16DyyA+H491yekGPnHO5YbjfrKUtKNIPXmpslRqd
dsgMI+kWZANbBWv2AW89+130Gn1/92kSUg3PhJuP2CXc
-----END CERTIFICATE-----