Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/ac7d5a-02bf-4803-86fe-e65d35883093/1/cxGh9vne57jOWZda-oaB91SGlww.roa
File:                     cxGh9vne57jOWZda-oaB91SGlww.roa (raw, json)
Hash identifier:          3L5CnyvEyY1xND0Y6b9V6QtK1gLCz1HJrRRwabccIHU=
Subject key identifier:   73:11:A1:F6:F9:DE:E7:B8:CE:59:97:5A:FA:86:81:F7:54:86:97:0C
Certificate issuer:       /CN=cbdfda21ede018edff5498116357a8c6152ec7ef
Certificate serial:       018ED1DC6ABA61262C8C8C2D4BD87AFC9FAF
Authority key identifier: CB:DF:DA:21:ED:E0:18:ED:FF:54:98:11:63:57:A8:C6:15:2E:C7:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9_aIe3gGO3_VJgRY1eoxhUux-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/ac7d5a-02bf-4803-86fe-e65d35883093/1/cxGh9vne57jOWZda-oaB91SGlww.roa
Signing time:             Fri 12 Apr 2024 10:31:07 +0000
ROA not before:           Fri 12 Apr 2024 10:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41354
IP address blocks:        194.35.96.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/ac7d5a-02bf-4803-86fe-e65d35883093/1/y9_aIe3gGO3_VJgRY1eoxhUux-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/ac7d5a-02bf-4803-86fe-e65d35883093/1/y9_aIe3gGO3_VJgRY1eoxhUux-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9_aIe3gGO3_VJgRY1eoxhUux-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:dc:6a:ba:61:26:2c:8c:8c:2d:4b:d8:7a:fc:9f:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbdfda21ede018edff5498116357a8c6152ec7ef
        Validity
            Not Before: Apr 12 10:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7311a1f6f9dee7b8ce59975afa8681f75486970c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:c5:0e:66:ad:74:45:66:09:11:c4:13:93:ad:
                    fb:9e:9d:63:00:c7:0b:c1:33:ee:9e:66:c0:56:af:
                    90:a1:54:1d:4a:22:66:51:ee:e5:58:cd:ca:e8:2e:
                    da:89:16:84:55:c2:39:09:10:4e:a8:2e:c1:0b:1f:
                    0f:e9:d9:b8:35:2b:e1:e6:81:21:9a:65:42:46:da:
                    78:77:ec:b5:4b:ce:f3:d0:32:53:31:0f:62:c4:03:
                    9e:76:92:b4:88:be:8f:00:01:89:10:ba:bc:10:0a:
                    ea:f7:19:93:eb:4f:41:6b:c4:1a:3d:b3:28:09:c8:
                    3c:69:0a:ca:53:b7:12:c2:e4:e6:1a:bc:34:9f:7f:
                    cd:cb:a9:a1:49:e4:60:c0:5b:8e:03:a4:af:7a:93:
                    7d:98:14:02:9d:83:15:29:dd:bc:61:be:41:cb:2e:
                    de:68:f2:8a:7c:8a:e8:f4:8a:95:12:02:c4:89:d1:
                    5a:73:12:16:e1:15:99:4c:f8:bd:6c:97:b4:94:d1:
                    84:67:68:cd:67:92:2b:61:14:ce:15:7d:c7:25:9b:
                    12:96:20:a1:c5:df:4d:5f:4c:42:b6:70:d8:45:87:
                    9b:f4:bb:ed:a3:da:a7:13:74:75:04:23:0d:94:09:
                    c9:2b:57:cb:26:95:4c:25:62:cc:30:a5:c1:b0:a6:
                    83:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:11:A1:F6:F9:DE:E7:B8:CE:59:97:5A:FA:86:81:F7:54:86:97:0C
            X509v3 Authority Key Identifier:
                keyid:CB:DF:DA:21:ED:E0:18:ED:FF:54:98:11:63:57:A8:C6:15:2E:C7:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9_aIe3gGO3_VJgRY1eoxhUux-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/ac7d5a-02bf-4803-86fe-e65d35883093/1/cxGh9vne57jOWZda-oaB91SGlww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/ac7d5a-02bf-4803-86fe-e65d35883093/1/y9_aIe3gGO3_VJgRY1eoxhUux-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.35.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:03:8e:46:a8:1b:70:90:75:65:31:99:16:3a:e3:5f:7e:9a:
         43:3b:dd:a4:c9:16:25:d4:0d:d1:fc:1a:dd:bf:ec:6d:f0:ca:
         94:ff:b6:c4:f4:25:76:18:7e:a6:ef:3c:f3:12:9f:a1:c2:a0:
         e5:95:d6:81:fb:8a:b4:30:27:4b:e9:09:4d:d6:05:91:44:03:
         6e:c9:4a:4a:e4:4c:23:73:d6:b4:c0:40:ec:9e:6a:e3:62:78:
         22:6b:c9:11:84:3d:4d:f7:ea:fa:c2:4a:cd:df:35:4c:b5:21:
         90:5e:c8:a3:69:28:02:e7:aa:d8:42:3e:29:a2:62:07:b2:bc:
         0d:3d:e8:6a:31:5d:35:a5:8a:95:c5:06:07:df:97:f3:81:56:
         34:d4:75:bb:b2:ec:8f:2d:7c:df:08:e9:56:68:1f:84:5c:e8:
         60:b1:f2:1a:ab:8b:53:4a:dd:49:b3:84:3c:9d:79:97:cc:96:
         00:97:10:8f:76:b9:12:f6:9f:7c:aa:cc:92:b3:54:55:b7:bd:
         f8:b4:03:38:7e:2c:3f:f4:a6:a1:fd:ac:c3:c5:8a:bb:11:c8:
         03:86:55:ec:26:1b:c9:be:f2:3a:a4:0c:fd:60:b7:2c:cd:49:
         3b:31:4d:2e:f4:83:6f:33:b5:f6:c9:f8:ec:7d:ff:dc:d2:d4:
         74:65:0c:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7R3Gq6YSYsjIwtS9h6/J+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZGZkYTIxZWRlMDE4ZWRmZjU0OTgxMTYzNTdhOGM2MTUy
ZWM3ZWYwHhcNMjQwNDEyMTAzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzExYTFmNmY5ZGVlN2I4Y2U1OTk3NWFmYTg2ODFmNzU0ODY5NzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5sUOZq10RWYJEcQTk637np1jAMcL
wTPunmbAVq+QoVQdSiJmUe7lWM3K6C7aiRaEVcI5CRBOqC7BCx8P6dm4NSvh5oEh
mmVCRtp4d+y1S87z0DJTMQ9ixAOedpK0iL6PAAGJELq8EArq9xmT609Ba8QaPbMo
Ccg8aQrKU7cSwuTmGrw0n3/Ny6mhSeRgwFuOA6SvepN9mBQCnYMVKd28Yb5Byy7e
aPKKfIro9IqVEgLEidFacxIW4RWZTPi9bJe0lNGEZ2jNZ5IrYRTOFX3HJZsSliCh
xd9NX0xCtnDYRYeb9Lvto9qnE3R1BCMNlAnJK1fLJpVMJWLMMKXBsKaDpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMRofb53ue4zlmXWvqGgfdUhpcMMB8GA1UdIwQY
MBaAFMvf2iHt4Bjt/1SYEWNXqMYVLsfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlfYUllM2dHTzNfVkpnUlkxZW94aFV1eC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9hYzdkNWEtMDJiZi00ODAzLTg2ZmUt
ZTY1ZDM1ODgzMDkzLzEvY3hHaDl2bmU1N2pPV1pkYS1vYUI5MVNHbHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9hYzdkNWEtMDJiZi00ODAzLTg2ZmUtZTY1ZDM1ODgzMDkz
LzEveTlfYUllM2dHTzNfVkpnUlkxZW94aFV1eC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiNgMA0G
CSqGSIb3DQEBCwUAA4IBAQBGA45GqBtwkHVlMZkWOuNffppDO92kyRYl1A3R/Brd
v+xt8MqU/7bE9CV2GH6m7zzzEp+hwqDlldaB+4q0MCdL6QlN1gWRRANuyUpK5Ewj
c9a0wEDsnmrjYngia8kRhD1N9+r6wkrN3zVMtSGQXsijaSgC56rYQj4pomIHsrwN
PehqMV01pYqVxQYH35fzgVY01HW7suyPLXzfCOlWaB+EXOhgsfIaq4tTSt1Js4Q8
nXmXzJYAlxCPdrkS9p98qsySs1RVt734tAM4fiw/9Kah/azDxYq7EcgDhlXsJhvJ
vvI6pAz9YLcszUk7MU0u9INvM7X2yfjsff/c0tR0ZQxl
-----END CERTIFICATE-----