Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/cXNxAp2HAjkfEU1D3oyTlOcksQs.roa
File:                     cXNxAp2HAjkfEU1D3oyTlOcksQs.roa (raw, json)
Hash identifier:          t6UpFGQn5NU5RDplI+pDcV7l7rqO14b/joH1ZePmqY8=
Subject key identifier:   71:73:71:02:9D:87:02:39:1F:11:4D:43:DE:8C:93:94:E7:24:B1:0B
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424FB84665806DF094189B2A229001E
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/cXNxAp2HAjkfEU1D3oyTlOcksQs.roa
Signing time:             Mon 01 Jan 2024 08:30:07 +0000
ROA not before:           Mon 01 Jan 2024 08:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212598
IP address blocks:        194.62.54.0/24 maxlen: 24
                          185.254.236.0/24 maxlen: 24
                          185.254.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 03:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fb:84:66:58:06:df:09:41:89:b2:a2:29:00:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=717371029d8702391f114d43de8c9394e724b10b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:47:e7:17:8b:50:7e:1c:2b:46:de:7b:15:c7:
                    3c:c2:a9:6c:eb:a7:c1:12:58:b0:25:b1:1e:c1:c1:
                    c7:81:81:ab:22:36:78:1b:b4:54:46:05:5e:d8:5c:
                    17:d2:22:4e:1e:db:01:46:1d:8d:0f:7f:74:40:f8:
                    50:26:e7:44:04:01:0b:c3:77:5c:21:d2:71:0f:6f:
                    23:d7:88:30:6e:54:d5:ea:14:fc:73:fa:3a:01:37:
                    c6:a3:68:f5:24:73:d4:65:0e:d6:21:40:39:a8:37:
                    be:dd:db:fe:8d:b9:9f:1a:e5:c9:ae:fa:75:81:48:
                    1e:45:62:82:40:f2:f3:8f:77:1a:69:4e:97:e6:97:
                    62:b5:6b:b8:fc:6d:50:e3:1e:4e:05:9e:87:86:97:
                    5e:c1:4e:35:19:15:73:59:ab:87:65:16:81:49:03:
                    4e:94:56:0c:7f:fe:db:04:57:ca:f5:eb:c4:1c:01:
                    68:47:05:0e:07:4c:7c:1d:ec:72:e9:e0:d1:82:9c:
                    2b:2e:d6:f7:8d:bf:d3:33:8c:2e:b1:74:b3:5c:97:
                    3b:04:3d:98:bd:1d:e7:98:ea:0a:05:27:3a:4e:68:
                    d7:9a:8d:d0:98:f1:a3:68:ed:63:7e:d1:c8:c5:bf:
                    5b:9d:9b:52:87:fa:67:24:e3:d6:c2:cd:04:50:4b:
                    88:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:73:71:02:9D:87:02:39:1F:11:4D:43:DE:8C:93:94:E7:24:B1:0B
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/cXNxAp2HAjkfEU1D3oyTlOcksQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.236.0/24
                  185.254.239.0/24
                  194.62.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:63:62:d7:dd:2d:4f:7f:15:28:a0:eb:f3:7e:9e:1f:64:e5:
         41:04:07:6f:73:53:d4:24:5b:ed:8f:05:fe:54:b7:bb:36:3f:
         df:e3:34:98:32:5d:0b:c4:60:d7:c2:0b:f5:23:8c:5e:46:bb:
         e7:e7:bf:8a:f9:a8:c1:0e:f2:f2:1e:ef:a4:1d:75:c9:b4:a0:
         be:b5:28:5c:81:ac:43:dd:e8:dd:91:e6:1f:1a:68:19:a7:13:
         c7:18:ee:8c:7a:5d:d1:b0:86:3d:3f:a4:3e:f8:83:cc:19:3f:
         70:a5:74:2b:fb:db:21:c7:03:18:34:2b:73:44:12:64:9b:0d:
         c9:43:25:58:4d:a9:b9:82:5d:00:f2:8c:be:05:b8:57:34:aa:
         4e:df:23:2c:d8:cb:4a:5e:cb:cf:58:40:27:c5:16:74:b5:b9:
         fe:31:77:5b:02:0f:86:54:6c:76:23:34:87:2b:75:9b:11:c1:
         37:bc:80:c3:71:47:05:71:a8:df:ea:d7:88:95:d9:7b:a0:de:
         73:ba:0f:e0:eb:9e:0e:15:f8:63:1a:6c:17:ec:d7:5e:6e:38:
         27:fa:16:fc:90:cf:7e:53:f9:f4:09:e4:a7:e8:05:a6:44:a3:
         a1:d3:d2:bd:9a:76:2d:ea:9c:f5:df:ab:f4:4a:b3:bb:4c:25:
         ab:a9:08:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEJPuEZlgG3wlBibKiKQAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTczNzEwMjlkODcwMjM5MWYxMTRkNDNkZThjOTM5NGU3MjRiMTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkfnF4tQfhwrRt57Fcc8wqls66fB
EliwJbEewcHHgYGrIjZ4G7RURgVe2FwX0iJOHtsBRh2ND390QPhQJudEBAELw3dc
IdJxD28j14gwblTV6hT8c/o6ATfGo2j1JHPUZQ7WIUA5qDe+3dv+jbmfGuXJrvp1
gUgeRWKCQPLzj3caaU6X5pditWu4/G1Q4x5OBZ6HhpdewU41GRVzWauHZRaBSQNO
lFYMf/7bBFfK9evEHAFoRwUOB0x8Hexy6eDRgpwrLtb3jb/TM4wusXSzXJc7BD2Y
vR3nmOoKBSc6TmjXmo3QmPGjaO1jftHIxb9bnZtSh/pnJOPWws0EUEuIYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHFzcQKdhwI5HxFNQ96Mk5TnJLELMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvY1hOeEFwMkhBamtmRVUxRDNveVRsT2Nrc1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuf7sAwQA
uf7vAwQAwj42MA0GCSqGSIb3DQEBCwUAA4IBAQAYY2LX3S1PfxUooOvzfp4fZOVB
BAdvc1PUJFvtjwX+VLe7Nj/f4zSYMl0LxGDXwgv1I4xeRrvn57+K+ajBDvLyHu+k
HXXJtKC+tShcgaxD3ejdkeYfGmgZpxPHGO6Mel3RsIY9P6Q++IPMGT9wpXQr+9sh
xwMYNCtzRBJkmw3JQyVYTam5gl0A8oy+BbhXNKpO3yMs2MtKXsvPWEAnxRZ0tbn+
MXdbAg+GVGx2IzSHK3WbEcE3vIDDcUcFcajf6teIldl7oN5zug/g654OFfhjGmwX
7Ndebjgn+hb8kM9+U/n0CeSn6AWmRKOh09K9mnYt6pz136v0SrO7TCWrqQgo
-----END CERTIFICATE-----