Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/C-tI8Ctvd-QFItp1DaSb1mwJecI.roa
File:                     C-tI8Ctvd-QFItp1DaSb1mwJecI.roa (raw, json)
Hash identifier:          znLJRQbCJCGOhqryNfybsbkyj7XEhyzjj8narua6Qc0=
Subject key identifier:   0B:EB:48:F0:2B:6F:77:E4:05:22:DA:75:0D:A4:9B:D6:6C:09:79:C2
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       018CC7273086E72CC7C01F70ED9B630FF70A
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/C-tI8Ctvd-QFItp1DaSb1mwJecI.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59432
IP address blocks:        194.36.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:30:86:e7:2c:c7:c0:1f:70:ed:9b:63:0f:f7:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0beb48f02b6f77e40522da750da49bd66c0979c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:39:76:43:6d:64:cb:99:f6:e9:60:4e:9e:df:
                    f8:27:00:ea:25:f8:e8:30:53:02:c8:b0:44:bd:41:
                    78:b0:5e:38:02:89:d8:46:a9:42:0e:05:3d:14:a8:
                    c0:e5:d0:e6:a0:8b:be:5e:fe:67:de:f1:73:9a:bc:
                    14:a0:5f:7e:a9:a5:12:7b:4f:cd:32:2f:b0:47:3d:
                    dc:a1:d1:58:da:d8:cd:03:7b:c5:f2:2f:7e:37:a7:
                    49:08:c4:5b:1f:88:f6:3d:77:7e:33:2e:75:f7:7c:
                    39:d6:ed:50:b6:9f:01:9f:ce:53:48:a3:b1:1a:cc:
                    4a:0f:b3:73:6e:59:7c:cd:72:94:23:1e:cb:59:13:
                    b3:4f:05:dd:2b:54:b7:42:d2:19:b4:64:39:e3:f3:
                    ba:6e:0f:0c:2b:a9:71:fb:fe:2f:f8:11:f4:69:10:
                    70:ef:45:b4:0a:92:a8:cf:ed:a0:8b:62:48:19:dc:
                    0d:30:b9:9c:dc:41:32:fc:f0:b0:20:c2:53:7a:c4:
                    84:37:fa:9d:49:0d:d0:08:ca:50:88:2c:a5:42:18:
                    53:cd:86:63:f6:25:d4:69:12:c0:c7:a9:f5:90:93:
                    9c:fa:32:cf:3a:5a:8f:39:91:0c:bb:70:a9:9f:78:
                    20:35:93:37:be:c0:03:7e:a5:8f:c7:a9:f6:57:f6:
                    0c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:EB:48:F0:2B:6F:77:E4:05:22:DA:75:0D:A4:9B:D6:6C:09:79:C2
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/C-tI8Ctvd-QFItp1DaSb1mwJecI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e3:d1:b2:7a:1b:8d:f2:02:f9:87:5c:f0:c4:4f:bf:f0:7a:
         5a:73:6c:29:b6:65:d7:90:05:50:c4:26:a0:e2:b9:15:1e:ca:
         85:43:df:20:7b:14:b6:3b:73:d2:ac:75:be:36:e9:b5:47:6a:
         81:6f:88:21:53:4a:40:f6:36:0c:57:d3:fa:64:ff:b9:7b:f7:
         0f:cf:c6:71:45:9f:70:61:6b:73:73:d3:ce:e0:fc:21:60:90:
         21:04:b9:0a:f2:8f:c6:86:0e:38:0e:c7:53:4e:26:c6:3a:39:
         5f:3d:de:d3:31:cb:6f:2d:19:73:30:6d:81:66:56:9d:e7:3f:
         32:d0:f1:45:9c:f7:c3:52:66:f7:ba:d7:1b:db:c7:b5:78:ee:
         aa:ba:3a:62:ec:64:2b:9e:5c:33:d0:af:fd:63:d7:aa:1d:c6:
         68:19:7f:fc:b0:78:83:c2:11:69:01:8c:c9:f0:25:0e:a4:c0:
         85:12:a9:19:c9:75:cf:16:75:d9:23:00:ff:a2:72:21:20:a0:
         20:76:1c:32:15:b5:c2:15:3f:17:90:b5:90:24:0c:df:f3:9f:
         54:91:a6:73:e0:58:8b:6b:8b:eb:06:d1:c4:f3:9d:1e:9f:fe:
         b2:08:41:c5:8c:76:df:bd:ce:6c:f9:45:8e:52:87:b5:8e:9f:
         9f:e8:0d:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzCG5yzHwB9w7ZtjD/cKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmViNDhmMDJiNmY3N2U0MDUyMmRhNzUwZGE0OWJkNjZjMDk3OWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozl2Q21ky5n26WBOnt/4JwDqJfjo
MFMCyLBEvUF4sF44AonYRqlCDgU9FKjA5dDmoIu+Xv5n3vFzmrwUoF9+qaUSe0/N
Mi+wRz3codFY2tjNA3vF8i9+N6dJCMRbH4j2PXd+My5193w51u1Qtp8Bn85TSKOx
GsxKD7Nzbll8zXKUIx7LWROzTwXdK1S3QtIZtGQ54/O6bg8MK6lx+/4v+BH0aRBw
70W0CpKoz+2gi2JIGdwNMLmc3EEy/PCwIMJTesSEN/qdSQ3QCMpQiCylQhhTzYZj
9iXUaRLAx6n1kJOc+jLPOlqPOZEMu3Cpn3ggNZM3vsADfqWPx6n2V/YMUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAvrSPArb3fkBSLadQ2km9ZsCXnCMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvQy10SThDdHZkLVFGSXRwMURhU2IxbXdKZWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiQhMA0G
CSqGSIb3DQEBCwUAA4IBAQAS49GyehuN8gL5h1zwxE+/8Hpac2wptmXXkAVQxCag
4rkVHsqFQ98gexS2O3PSrHW+Num1R2qBb4ghU0pA9jYMV9P6ZP+5e/cPz8ZxRZ9w
YWtzc9PO4PwhYJAhBLkK8o/Ghg44DsdTTibGOjlfPd7TMctvLRlzMG2BZlad5z8y
0PFFnPfDUmb3utcb28e1eO6qujpi7GQrnlwz0K/9Y9eqHcZoGX/8sHiDwhFpAYzJ
8CUOpMCFEqkZyXXPFnXZIwD/onIhIKAgdhwyFbXCFT8XkLWQJAzf859UkaZz4FiL
a4vrBtHE850en/6yCEHFjHbfvc5s+UWOUoe1jp+f6A21
-----END CERTIFICATE-----