Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/ddbbab-5edc-4a14-b0e7-eb80221e538d/1/xliANCt49iI2_u-jDN_qmqO4woI.roa
File:                     xliANCt49iI2_u-jDN_qmqO4woI.roa (raw, json)
Hash identifier:          KB2NA65afl5vZKoUN0Sktfu90zovLQgnUFNFR5wKtoo=
Subject key identifier:   C6:58:80:34:2B:78:F6:22:36:FE:EF:A3:0C:DF:EA:9A:A3:B8:C2:82
Certificate issuer:       /CN=8f137200c9ea1560a3f42fd7e100ed28411416bc
Certificate serial:       018CC86EEE06FFEC466A4CA346EBE110A01E
Authority key identifier: 8F:13:72:00:C9:EA:15:60:A3:F4:2F:D7:E1:00:ED:28:41:14:16:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jxNyAMnqFWCj9C_X4QDtKEEUFrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/ddbbab-5edc-4a14-b0e7-eb80221e538d/1/xliANCt49iI2_u-jDN_qmqO4woI.roa
Signing time:             Tue 02 Jan 2024 04:29:22 +0000
ROA not before:           Tue 02 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        194.37.85.0/24 maxlen: 24
                          194.37.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/ddbbab-5edc-4a14-b0e7-eb80221e538d/1/jxNyAMnqFWCj9C_X4QDtKEEUFrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/ddbbab-5edc-4a14-b0e7-eb80221e538d/1/jxNyAMnqFWCj9C_X4QDtKEEUFrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jxNyAMnqFWCj9C_X4QDtKEEUFrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ee:06:ff:ec:46:6a:4c:a3:46:eb:e1:10:a0:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f137200c9ea1560a3f42fd7e100ed28411416bc
        Validity
            Not Before: Jan  2 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c65880342b78f62236feefa30cdfea9aa3b8c282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a8:9e:28:41:6d:25:f1:72:16:11:95:df:49:
                    a7:19:87:12:76:ae:24:4e:f5:52:95:87:f3:a7:4c:
                    c1:eb:3b:38:68:39:6b:96:70:cb:00:b9:d1:42:01:
                    4d:42:be:fa:b0:8a:28:f2:36:13:ca:13:0b:d6:34:
                    55:cf:69:2a:b8:c3:ae:a2:33:7f:73:5c:16:e4:20:
                    bb:f3:95:e5:3d:b8:72:bb:de:c2:e8:c2:ba:fe:db:
                    df:3a:53:05:ae:9f:40:76:46:e6:f2:86:fd:4e:53:
                    df:60:05:42:ea:9b:8e:a3:b5:4b:b0:52:79:70:ea:
                    61:3a:c7:92:55:27:1b:96:21:9c:5e:29:ee:ca:69:
                    14:a9:5f:3d:f0:94:90:c4:8c:0f:c2:19:09:34:34:
                    4b:03:88:44:7f:51:f5:87:66:85:28:00:5d:01:82:
                    6a:6c:9e:48:3c:3c:a7:cd:6a:27:a4:83:b4:e7:87:
                    bb:b9:8f:59:a0:8f:1e:bd:68:7e:bf:fa:66:c1:b4:
                    18:39:9a:9a:9c:0f:c6:17:c1:05:94:96:e9:2e:7c:
                    a8:07:c5:31:6a:21:71:e8:2f:12:94:00:42:11:20:
                    8b:75:0e:c7:37:ef:7f:ac:cd:7f:30:90:13:c5:06:
                    df:42:2b:6c:64:aa:cf:be:56:9e:53:97:91:3c:fa:
                    fb:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:58:80:34:2B:78:F6:22:36:FE:EF:A3:0C:DF:EA:9A:A3:B8:C2:82
            X509v3 Authority Key Identifier:
                keyid:8F:13:72:00:C9:EA:15:60:A3:F4:2F:D7:E1:00:ED:28:41:14:16:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jxNyAMnqFWCj9C_X4QDtKEEUFrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/ddbbab-5edc-4a14-b0e7-eb80221e538d/1/xliANCt49iI2_u-jDN_qmqO4woI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/ddbbab-5edc-4a14-b0e7-eb80221e538d/1/jxNyAMnqFWCj9C_X4QDtKEEUFrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.37.85.0/24
                  194.37.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:d5:c1:b2:bc:b0:38:e1:e7:a7:61:c9:92:cc:97:d2:b8:f7:
         47:c9:9a:fc:57:26:38:99:ba:e4:fb:6b:e3:e5:f9:6e:fd:6d:
         85:fa:25:c2:e1:89:76:0c:42:ed:4c:54:34:19:4c:af:5b:51:
         95:5c:d2:bd:74:61:9c:1e:c2:66:5b:e4:2e:66:14:0d:9f:69:
         ee:57:4a:dc:e2:07:b5:eb:5d:fe:58:be:68:19:a2:5d:5e:76:
         c1:10:33:18:69:d4:37:6d:a5:cd:6d:fc:ae:5a:63:0f:c2:0b:
         b3:97:1b:8b:5e:e5:05:72:81:c9:1a:66:80:85:fb:e6:f4:1c:
         07:ac:52:e3:af:92:9c:5b:de:ef:f4:e2:a2:7b:77:e9:fc:4e:
         ce:6c:d8:bb:aa:21:51:67:dc:7a:cf:19:03:e6:d7:89:ef:79:
         4c:07:0b:1a:21:59:9e:e4:e3:5d:c3:26:f9:e1:cf:82:b6:b0:
         19:8e:21:48:cc:81:1c:57:b7:11:35:28:07:26:28:48:4d:94:
         d1:7b:7f:5f:48:7a:55:c0:00:a4:11:c9:57:03:80:ee:9e:22:
         94:6e:be:b8:28:e0:81:a5:07:c1:00:09:94:0b:29:ac:4f:34:
         e8:5b:fd:8c:da:66:e3:6c:41:61:9a:89:7d:10:d2:f0:e8:ee:
         45:6b:81:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIbu4G/+xGakyjRuvhEKAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMTM3MjAwYzllYTE1NjBhM2Y0MmZkN2UxMDBlZDI4NDEx
NDE2YmMwHhcNMjQwMTAyMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjU4ODAzNDJiNzhmNjIyMzZmZWVmYTMwY2RmZWE5YWEzYjhjMjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKieKEFtJfFyFhGV30mnGYcSdq4k
TvVSlYfzp0zB6zs4aDlrlnDLALnRQgFNQr76sIoo8jYTyhML1jRVz2kquMOuojN/
c1wW5CC785XlPbhyu97C6MK6/tvfOlMFrp9Adkbm8ob9TlPfYAVC6puOo7VLsFJ5
cOphOseSVScbliGcXinuymkUqV898JSQxIwPwhkJNDRLA4hEf1H1h2aFKABdAYJq
bJ5IPDynzWonpIO054e7uY9ZoI8evWh+v/pmwbQYOZqanA/GF8EFlJbpLnyoB8Ux
aiFx6C8SlABCESCLdQ7HN+9/rM1/MJATxQbfQitsZKrPvlaeU5eRPPr71QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMZYgDQrePYiNv7vowzf6pqjuMKCMB8GA1UdIwQY
MBaAFI8TcgDJ6hVgo/Qv1+EA7ShBFBa8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanhOeUFNbnFGV0NqOUNfWDRRRHRLRUVVRnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9kZGJiYWItNWVkYy00YTE0LWIwZTct
ZWI4MDIyMWU1MzhkLzEveGxpQU5DdDQ5aUkyX3UtakROX3FtcU80d29JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9kZGJiYWItNWVkYy00YTE0LWIwZTctZWI4MDIyMWU1Mzhk
LzEvanhOeUFNbnFGV0NqOUNfWDRRRHRLRUVVRnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwiVVAwQA
wiVXMA0GCSqGSIb3DQEBCwUAA4IBAQA71cGyvLA44eenYcmSzJfSuPdHyZr8VyY4
mbrk+2vj5flu/W2F+iXC4Yl2DELtTFQ0GUyvW1GVXNK9dGGcHsJmW+QuZhQNn2nu
V0rc4ge1613+WL5oGaJdXnbBEDMYadQ3baXNbfyuWmMPwguzlxuLXuUFcoHJGmaA
hfvm9BwHrFLjr5KcW97v9OKie3fp/E7ObNi7qiFRZ9x6zxkD5teJ73lMBwsaIVme
5ONdwyb54c+CtrAZjiFIzIEcV7cRNSgHJihITZTRe39fSHpVwACkEclXA4DuniKU
br64KOCBpQfBAAmUCymsTzToW/2M2mbjbEFhmol9ENLw6O5Fa4E+
-----END CERTIFICATE-----