Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/5e3185-38c5-4a5b-bf24-c953e3398c63/1/SxUvEI7-4z8BCHs8EjbuCx00RrI.roa
File:                     SxUvEI7-4z8BCHs8EjbuCx00RrI.roa (raw, json)
Hash identifier:          4IAVeGq/WHvzEFfp9XLn6edJ2XkPhrU2WqReQjUSQa0=
Subject key identifier:   4B:15:2F:10:8E:FE:E3:3F:01:08:7B:3C:12:36:EE:0B:1D:34:46:B2
Certificate issuer:       /CN=fd11c4654af702e596eb50d13fa486db4d9bce0a
Certificate serial:       018CC5DC5F9B503807F73A10E28F6A5B4F18
Authority key identifier: FD:11:C4:65:4A:F7:02:E5:96:EB:50:D1:3F:A4:86:DB:4D:9B:CE:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_RHEZUr3AuWW61DRP6SG202bzgo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/5e3185-38c5-4a5b-bf24-c953e3398c63/1/SxUvEI7-4z8BCHs8EjbuCx00RrI.roa
Signing time:             Mon 01 Jan 2024 16:30:03 +0000
ROA not before:           Mon 01 Jan 2024 16:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56575
IP address blocks:        194.36.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/5e3185-38c5-4a5b-bf24-c953e3398c63/1/_RHEZUr3AuWW61DRP6SG202bzgo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/5e3185-38c5-4a5b-bf24-c953e3398c63/1/_RHEZUr3AuWW61DRP6SG202bzgo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_RHEZUr3AuWW61DRP6SG202bzgo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:5f:9b:50:38:07:f7:3a:10:e2:8f:6a:5b:4f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd11c4654af702e596eb50d13fa486db4d9bce0a
        Validity
            Not Before: Jan  1 16:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b152f108efee33f01087b3c1236ee0b1d3446b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f5:bb:64:a3:99:8d:30:58:40:f8:ee:e0:59:
                    c8:90:73:bd:6d:2b:ab:f9:71:d6:19:6d:4e:5b:21:
                    20:6b:6a:35:2c:12:dd:6d:0a:f5:c8:35:1d:15:11:
                    08:15:04:5a:3f:c4:1a:63:a3:f1:37:1f:96:1e:cc:
                    82:f4:6f:d6:77:2f:9c:8d:37:b7:b0:ed:b1:bc:d1:
                    70:37:d6:c7:5b:90:0c:30:ba:5e:cd:75:86:40:32:
                    8c:06:73:13:c0:60:06:17:a5:42:07:67:8d:9e:aa:
                    04:f1:23:f3:a6:ca:36:c2:3c:50:3d:fd:dc:d0:03:
                    f4:e7:59:89:b1:11:60:c7:b6:03:3c:e6:16:72:68:
                    e9:f1:ee:a6:57:d5:cf:74:fb:45:3a:ce:25:2e:e9:
                    39:6d:72:19:db:ab:42:a8:91:72:81:98:44:ef:99:
                    af:21:95:d6:9a:7e:a1:91:7f:b4:a4:95:89:e6:e0:
                    0a:e4:ac:39:58:de:be:be:fb:80:e2:d1:9e:8c:2f:
                    3a:25:fe:7d:d5:08:e3:55:46:a9:20:f8:02:1e:99:
                    65:a2:16:b0:dd:ca:ff:9a:5a:29:b2:53:a8:85:e7:
                    bd:04:1b:a6:3c:82:d6:f8:c0:8a:e9:30:02:f0:ed:
                    32:7a:a2:cc:bb:da:ce:6e:2a:db:29:12:c1:ca:8f:
                    ce:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:15:2F:10:8E:FE:E3:3F:01:08:7B:3C:12:36:EE:0B:1D:34:46:B2
            X509v3 Authority Key Identifier:
                keyid:FD:11:C4:65:4A:F7:02:E5:96:EB:50:D1:3F:A4:86:DB:4D:9B:CE:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_RHEZUr3AuWW61DRP6SG202bzgo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/5e3185-38c5-4a5b-bf24-c953e3398c63/1/SxUvEI7-4z8BCHs8EjbuCx00RrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/5e3185-38c5-4a5b-bf24-c953e3398c63/1/_RHEZUr3AuWW61DRP6SG202bzgo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:5a:20:40:c5:76:47:dc:b7:d3:73:79:0e:2c:89:3d:3e:1f:
         84:da:b1:8a:bf:3c:db:9a:f1:04:d3:22:99:7d:9d:83:65:e1:
         91:75:46:2c:d5:64:6d:b8:0e:24:31:af:bc:06:1d:67:95:54:
         fa:69:3a:24:0f:4a:66:39:22:2d:46:4a:1e:7b:80:61:f2:9c:
         9e:bc:df:c4:a8:2e:fd:93:9e:0b:09:2d:27:46:e1:ed:3c:b3:
         ad:63:14:28:3f:af:81:5b:ed:0b:d1:ca:2b:df:df:d8:2f:09:
         de:eb:21:32:6d:f4:c5:90:ca:03:08:de:1e:00:a5:eb:1e:80:
         be:5e:ec:48:15:45:dd:04:00:b5:22:1a:5b:f2:b7:85:5f:a1:
         32:a2:79:89:44:e4:28:87:05:4e:a4:3e:d7:06:b8:c6:3a:2e:
         6b:1d:2f:ed:e5:86:c5:ab:f6:cb:49:9f:a7:ff:b3:59:25:f0:
         a4:ae:e2:72:94:4b:cf:95:8a:73:f2:c8:74:8f:09:9e:e2:99:
         75:cc:bb:4e:e9:18:a0:ed:c6:40:29:2b:7f:75:36:51:d8:d2:
         23:32:ac:cf:71:cc:e1:a9:e9:40:fc:f9:01:0a:1e:d6:b5:17:
         a9:b3:d0:59:a6:55:b8:21:ee:47:45:b5:40:07:46:59:ff:76:
         31:5b:8e:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3F+bUDgH9zoQ4o9qW08YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMTFjNDY1NGFmNzAyZTU5NmViNTBkMTNmYTQ4NmRiNGQ5
YmNlMGEwHhcNMjQwMTAxMTYzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjE1MmYxMDhlZmVlMzNmMDEwODdiM2MxMjM2ZWUwYjFkMzQ0NmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/W7ZKOZjTBYQPju4FnIkHO9bSur
+XHWGW1OWyEga2o1LBLdbQr1yDUdFREIFQRaP8QaY6PxNx+WHsyC9G/Wdy+cjTe3
sO2xvNFwN9bHW5AMMLpezXWGQDKMBnMTwGAGF6VCB2eNnqoE8SPzpso2wjxQPf3c
0AP051mJsRFgx7YDPOYWcmjp8e6mV9XPdPtFOs4lLuk5bXIZ26tCqJFygZhE75mv
IZXWmn6hkX+0pJWJ5uAK5Kw5WN6+vvuA4tGejC86Jf591QjjVUapIPgCHpllohaw
3cr/mlopslOohee9BBumPILW+MCK6TAC8O0yeqLMu9rObirbKRLByo/OFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsVLxCO/uM/AQh7PBI27gsdNEayMB8GA1UdIwQY
MBaAFP0RxGVK9wLllutQ0T+khttNm84KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1JIRVpVcjNBdVdXNjFEUlA2U0cyMDJiemdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC81ZTMxODUtMzhjNS00YTViLWJmMjQt
Yzk1M2UzMzk4YzYzLzEvU3hVdkVJNy00ejhCQ0hzOEVqYnVDeDAwUnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC81ZTMxODUtMzhjNS00YTViLWJmMjQtYzk1M2UzMzk4YzYz
LzEvX1JIRVpVcjNBdVdXNjFEUlA2U0cyMDJiemdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiTMMA0G
CSqGSIb3DQEBCwUAA4IBAQCLWiBAxXZH3LfTc3kOLIk9Ph+E2rGKvzzbmvEE0yKZ
fZ2DZeGRdUYs1WRtuA4kMa+8Bh1nlVT6aTokD0pmOSItRkoee4Bh8pyevN/EqC79
k54LCS0nRuHtPLOtYxQoP6+BW+0L0cor39/YLwne6yEybfTFkMoDCN4eAKXrHoC+
XuxIFUXdBAC1Ihpb8reFX6EyonmJROQohwVOpD7XBrjGOi5rHS/t5YbFq/bLSZ+n
/7NZJfCkruJylEvPlYpz8sh0jwme4pl1zLtO6Rig7cZAKSt/dTZR2NIjMqzPcczh
qelA/PkBCh7WtReps9BZplW4Ie5HRbVAB0ZZ/3YxW46Z
-----END CERTIFICATE-----