Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/_XCQOMznwFR8_y9f73avkQJ2UwY.roa
File:                     _XCQOMznwFR8_y9f73avkQJ2UwY.roa (raw, json)
Hash identifier:          64c3+YcD2mF4ykcyM57gZ+H7gUCHI9PDEVnUg4LQdiU=
Subject key identifier:   FD:70:90:38:CC:E7:C0:54:7C:FF:2F:5F:EF:76:AF:91:02:76:53:06
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       018CC72731E24A36B6B466033CFF0A006834
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/_XCQOMznwFR8_y9f73avkQJ2UwY.roa
Signing time:             Mon 01 Jan 2024 22:31:23 +0000
ROA not before:           Mon 01 Jan 2024 22:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211500
IP address blocks:        194.36.34.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:31:e2:4a:36:b6:b4:66:03:3c:ff:0a:00:68:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Jan  1 22:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd709038cce7c0547cff2f5fef76af9102765306
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7c:c9:ad:21:44:32:27:70:dd:70:d0:d9:8c:
                    fe:c2:91:69:b7:92:96:77:12:26:95:6c:5c:0c:a8:
                    0d:48:a2:48:51:eb:e2:da:c1:38:69:c3:bf:2e:1a:
                    a3:67:2f:45:ed:8d:ac:58:6a:18:ab:8f:c9:7b:df:
                    3f:4a:2c:d5:67:e3:a9:2a:9e:78:1c:18:2d:cc:6f:
                    26:e4:0a:6b:ab:87:13:54:e3:0a:fa:f2:5d:3e:96:
                    f9:03:d4:c1:ea:6d:a4:3c:28:c7:70:4d:9c:ed:91:
                    54:5b:2a:fc:91:ac:5a:ca:3a:8a:e8:a4:1e:ee:91:
                    d6:6e:cc:d5:d9:7f:97:21:5f:20:82:90:98:1f:61:
                    dc:c7:81:fd:78:3d:e7:cd:d5:3b:98:06:3c:e1:30:
                    df:50:d8:14:c7:cd:62:aa:06:fc:00:93:10:de:4b:
                    c9:4f:ad:51:1e:a4:bb:36:a0:b9:4e:99:fa:a3:67:
                    5e:11:6e:f0:b6:7c:9f:1c:45:7f:1e:b5:dd:59:79:
                    d3:3c:50:ec:2a:04:61:79:0f:8a:7c:a3:7e:22:b1:
                    88:7a:e0:53:e5:df:4d:5f:d8:23:62:fe:24:cc:62:
                    66:b7:0c:1c:a1:ff:04:0c:9b:28:b2:df:30:4c:1c:
                    6f:5e:51:d0:96:17:2e:20:2b:d4:7d:97:5b:85:68:
                    9f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:70:90:38:CC:E7:C0:54:7C:FF:2F:5F:EF:76:AF:91:02:76:53:06
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/_XCQOMznwFR8_y9f73avkQJ2UwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:3c:91:e6:a5:66:c8:df:d8:ef:70:42:8b:24:04:01:a8:9d:
         e1:6c:11:31:1e:f9:45:a1:11:4d:fb:ab:ca:fc:3d:bb:2d:9b:
         02:f3:d4:77:7b:e9:b6:4f:b4:65:40:cf:cd:e5:34:71:0e:67:
         b5:94:4d:8d:90:55:e4:d0:6d:c3:8b:44:cf:3e:1a:9a:70:a1:
         c5:a6:61:46:1b:c9:4c:3a:e8:40:16:cf:07:97:64:88:fc:9e:
         7e:fc:39:a5:5f:54:fb:1b:b6:38:45:34:82:6f:2d:1b:d0:61:
         4f:34:a4:fe:3e:d4:66:3b:6b:ed:7e:64:47:58:49:27:da:3f:
         03:11:8f:02:de:22:10:3a:2b:45:74:d6:06:40:e8:34:4f:01:
         e9:0d:9f:e4:53:f2:2a:b5:28:a6:00:f1:78:72:3b:53:80:48:
         e7:e6:4a:46:6f:ed:04:99:75:10:2e:e2:74:15:91:ea:f7:2a:
         28:d8:68:67:ac:db:28:a0:3f:3d:63:81:3f:ad:e8:9c:95:2a:
         d5:11:98:c0:ba:7c:49:dc:23:ba:68:a1:87:78:45:8d:d5:08:
         a2:05:da:e2:b3:1f:b6:f1:c3:88:7e:c3:0a:93:dd:f6:6d:fe:
         98:e5:f5:24:b1:ce:96:68:24:1e:83:12:e9:19:5c:65:0e:bd:
         1a:2d:d2:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJzHiSja2tGYDPP8KAGg0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjQwMTAxMjIzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDcwOTAzOGNjZTdjMDU0N2NmZjJmNWZlZjc2YWY5MTAyNzY1MzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnzJrSFEMidw3XDQ2Yz+wpFpt5KW
dxImlWxcDKgNSKJIUevi2sE4acO/LhqjZy9F7Y2sWGoYq4/Je98/SizVZ+OpKp54
HBgtzG8m5Aprq4cTVOMK+vJdPpb5A9TB6m2kPCjHcE2c7ZFUWyr8kaxayjqK6KQe
7pHWbszV2X+XIV8ggpCYH2Hcx4H9eD3nzdU7mAY84TDfUNgUx81iqgb8AJMQ3kvJ
T61RHqS7NqC5Tpn6o2deEW7wtnyfHEV/HrXdWXnTPFDsKgRheQ+KfKN+IrGIeuBT
5d9NX9gjYv4kzGJmtwwcof8EDJsost8wTBxvXlHQlhcuICvUfZdbhWifIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1wkDjM58BUfP8vX+92r5ECdlMGMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvX1hDUU9Nem53RlI4X3k5ZjczYXZrUUoyVXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiQiMA0G
CSqGSIb3DQEBCwUAA4IBAQBVPJHmpWbI39jvcEKLJAQBqJ3hbBExHvlFoRFN+6vK
/D27LZsC89R3e+m2T7RlQM/N5TRxDme1lE2NkFXk0G3Di0TPPhqacKHFpmFGG8lM
OuhAFs8Hl2SI/J5+/DmlX1T7G7Y4RTSCby0b0GFPNKT+PtRmO2vtfmRHWEkn2j8D
EY8C3iIQOitFdNYGQOg0TwHpDZ/kU/IqtSimAPF4cjtTgEjn5kpGb+0EmXUQLuJ0
FZHq9yoo2GhnrNsooD89Y4E/reiclSrVEZjAunxJ3CO6aKGHeEWN1QiiBdrisx+2
8cOIfsMKk932bf6Y5fUksc6WaCQegxLpGVxlDr0aLdKZ
-----END CERTIFICATE-----