Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/cf6b07-03b2-4ebe-b966-f1e9bf2bff21/1/REcM1tZVxLJoXhs1p-nBsTmsWxo.roa
File:                     REcM1tZVxLJoXhs1p-nBsTmsWxo.roa (raw, json)
Hash identifier:          gmLJ5AAEQWGAWXMZ78FYLEb7869uhdCGKs6yxHjx+y4=
Subject key identifier:   44:47:0C:D6:D6:55:C4:B2:68:5E:1B:35:A7:E9:C1:B1:39:AC:5B:1A
Certificate issuer:       /CN=03bcef976642d54b4b4a1998f0b3ff48845a926d
Certificate serial:       018CC94D70E9C1BA798B4F7F197ABFC3CCE7
Authority key identifier: 03:BC:EF:97:66:42:D5:4B:4B:4A:19:98:F0:B3:FF:48:84:5A:92:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7zvl2ZC1UtLShmY8LP_SIRakm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/cf6b07-03b2-4ebe-b966-f1e9bf2bff21/1/REcM1tZVxLJoXhs1p-nBsTmsWxo.roa
Signing time:             Tue 02 Jan 2024 08:32:24 +0000
ROA not before:           Tue 02 Jan 2024 08:32:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49015
IP address blocks:        193.36.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/cf6b07-03b2-4ebe-b966-f1e9bf2bff21/1/A7zvl2ZC1UtLShmY8LP_SIRakm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/cf6b07-03b2-4ebe-b966-f1e9bf2bff21/1/A7zvl2ZC1UtLShmY8LP_SIRakm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7zvl2ZC1UtLShmY8LP_SIRakm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:70:e9:c1:ba:79:8b:4f:7f:19:7a:bf:c3:cc:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03bcef976642d54b4b4a1998f0b3ff48845a926d
        Validity
            Not Before: Jan  2 08:32:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44470cd6d655c4b2685e1b35a7e9c1b139ac5b1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:cc:73:bd:d5:66:4d:b2:06:e5:1f:6c:45:2d:
                    01:50:3e:b7:29:c9:6a:c1:da:c9:f3:f7:63:86:5d:
                    21:38:d8:15:bb:e2:d9:24:3e:6a:13:76:40:0f:a1:
                    98:f6:0e:88:73:03:bb:f2:90:65:16:02:87:6c:ff:
                    cb:66:b6:77:21:1c:f0:91:7b:74:d6:05:c0:b4:d8:
                    b4:61:75:db:f0:b4:8f:02:65:17:80:45:25:7d:6c:
                    73:2e:3b:3d:a1:f5:d4:24:d6:68:40:72:c3:46:dd:
                    37:3e:7c:44:18:b6:e5:b4:8a:7c:85:54:6e:60:a4:
                    26:fe:0f:1b:ac:49:f8:c9:00:c7:a5:74:29:35:d6:
                    d8:72:4e:73:a4:5f:bb:bc:9b:76:4f:4d:1a:5c:db:
                    67:1a:51:a4:bc:f1:fb:3a:94:b6:d5:e8:ef:63:1c:
                    ee:7a:de:7b:7c:0f:14:fd:1c:7d:d9:cb:0c:3c:4a:
                    9a:fb:bb:64:0f:35:a8:7e:6e:ba:45:5c:c7:ed:2b:
                    97:ff:cc:3c:da:7d:d6:90:a2:b9:11:b7:a8:fb:2b:
                    5a:ef:81:d1:d4:ee:69:4f:e8:36:9e:34:4f:ec:25:
                    42:f7:76:87:f1:09:be:c8:84:15:52:08:23:c2:56:
                    73:ee:da:52:90:40:74:71:b8:e1:a2:50:44:9f:6f:
                    be:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:47:0C:D6:D6:55:C4:B2:68:5E:1B:35:A7:E9:C1:B1:39:AC:5B:1A
            X509v3 Authority Key Identifier:
                keyid:03:BC:EF:97:66:42:D5:4B:4B:4A:19:98:F0:B3:FF:48:84:5A:92:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7zvl2ZC1UtLShmY8LP_SIRakm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/cf6b07-03b2-4ebe-b966-f1e9bf2bff21/1/REcM1tZVxLJoXhs1p-nBsTmsWxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/cf6b07-03b2-4ebe-b966-f1e9bf2bff21/1/A7zvl2ZC1UtLShmY8LP_SIRakm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:85:da:cb:7a:e9:8e:6d:11:56:40:1f:dc:21:44:c8:6b:1c:
         27:23:df:e3:c8:0d:b7:b9:29:59:4b:f3:2e:9d:e6:5e:7c:cd:
         5c:19:8c:06:f2:eb:16:f3:23:48:a4:bd:36:1f:84:9f:70:79:
         ca:e3:53:69:3a:1d:73:d0:05:54:fd:99:7f:ea:ee:01:c5:eb:
         4b:57:29:32:99:d8:a7:82:1e:ab:29:ed:b1:b6:dc:f4:69:23:
         11:72:f3:f6:7a:13:dd:9b:d1:7f:a8:bf:25:d5:cb:65:e3:58:
         e3:02:a1:0b:1e:f6:55:b7:a1:ad:97:68:c4:6e:b5:e9:73:68:
         d1:66:2b:58:8f:56:a9:53:ec:11:72:a5:ae:8a:70:3d:07:18:
         55:b7:f1:9d:59:ff:46:b8:ad:cd:22:33:34:ea:74:79:d3:75:
         da:a3:c7:8f:e1:08:21:97:62:7d:3d:ef:0e:4d:c5:46:ed:77:
         34:88:2e:20:3c:6a:79:c6:02:2f:e2:a8:67:43:ab:62:70:e6:
         6b:94:fb:a6:c9:e5:46:9e:1e:a6:bf:d3:56:73:40:9e:12:a9:
         3d:f4:16:22:77:b8:a8:05:55:bc:ab:30:94:7f:bb:fb:10:86:
         41:77:ca:01:30:1b:4b:8e:ca:c8:21:20:db:f7:fc:62:53:99:
         be:16:c2:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTXDpwbp5i09/GXq/w8znMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzYmNlZjk3NjY0MmQ1NGI0YjRhMTk5OGYwYjNmZjQ4ODQ1
YTkyNmQwHhcNMjQwMTAyMDgzMjI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQ3MGNkNmQ2NTVjNGIyNjg1ZTFiMzVhN2U5YzFiMTM5YWM1YjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcxzvdVmTbIG5R9sRS0BUD63Kclq
wdrJ8/djhl0hONgVu+LZJD5qE3ZAD6GY9g6IcwO78pBlFgKHbP/LZrZ3IRzwkXt0
1gXAtNi0YXXb8LSPAmUXgEUlfWxzLjs9ofXUJNZoQHLDRt03PnxEGLbltIp8hVRu
YKQm/g8brEn4yQDHpXQpNdbYck5zpF+7vJt2T00aXNtnGlGkvPH7OpS21ejvYxzu
et57fA8U/Rx92csMPEqa+7tkDzWofm66RVzH7SuX/8w82n3WkKK5Ebeo+yta74HR
1O5pT+g2njRP7CVC93aH8Qm+yIQVUggjwlZz7tpSkEB0cbjholBEn2++hwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERHDNbWVcSyaF4bNafpwbE5rFsaMB8GA1UdIwQY
MBaAFAO875dmQtVLS0oZmPCz/0iEWpJtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTd6dmwyWkMxVXRMU2htWThMUF9TSVJha20wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9jZjZiMDctMDNiMi00ZWJlLWI5NjYt
ZjFlOWJmMmJmZjIxLzEvUkVjTTF0WlZ4TEpvWGhzMXAtbkJzVG1zV3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9jZjZiMDctMDNiMi00ZWJlLWI5NjYtZjFlOWJmMmJmZjIx
LzEvQTd6dmwyWkMxVXRMU2htWThMUF9TSVJha20wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSQoMA0G
CSqGSIb3DQEBCwUAA4IBAQAphdrLeumObRFWQB/cIUTIaxwnI9/jyA23uSlZS/Mu
neZefM1cGYwG8usW8yNIpL02H4SfcHnK41NpOh1z0AVU/Zl/6u4BxetLVykymdin
gh6rKe2xttz0aSMRcvP2ehPdm9F/qL8l1ctl41jjAqELHvZVt6Gtl2jEbrXpc2jR
ZitYj1apU+wRcqWuinA9BxhVt/GdWf9GuK3NIjM06nR503Xao8eP4Qghl2J9Pe8O
TcVG7Xc0iC4gPGp5xgIv4qhnQ6ticOZrlPumyeVGnh6mv9NWc0CeEqk99BYid7io
BVW8qzCUf7v7EIZBd8oBMBtLjsrIISDb9/xiU5m+FsKZ
-----END CERTIFICATE-----