Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Iqcdsh5gc7oiRid1aDmjJmtJ7w4.roa
File:                     Iqcdsh5gc7oiRid1aDmjJmtJ7w4.roa (raw, json)
Hash identifier:          Fo1Hvyvue8ah49797L1ZrWoUQPo+vabv4Idj5VBwd/o=
Subject key identifier:   22:A7:1D:B2:1E:60:73:BA:22:46:27:75:68:39:A3:26:6B:49:EF:0E
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018E9F2B67E95C07DBCE750099422EBBFB25
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Iqcdsh5gc7oiRid1aDmjJmtJ7w4.roa
Signing time:             Tue 02 Apr 2024 14:16:45 +0000
ROA not before:           Tue 02 Apr 2024 14:16:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50267
IP address blocks:        212.46.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:2b:67:e9:5c:07:db:ce:75:00:99:42:2e:bb:fb:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  2 14:16:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22a71db21e6073ba224627756839a3266b49ef0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:3a:87:5b:27:09:8a:c9:02:2c:eb:23:a7:aa:
                    56:32:01:d0:fc:40:8b:af:09:c8:0c:77:6a:33:a7:
                    69:10:a7:76:dc:f9:41:61:90:56:1e:4e:79:2b:92:
                    94:98:c8:59:1c:88:03:b1:65:15:22:7c:b3:7d:23:
                    aa:39:d9:28:7a:da:62:24:0e:41:18:94:59:0b:ae:
                    fb:f3:57:b1:a2:7c:2c:20:1f:69:24:1b:5c:35:9d:
                    bd:b2:9b:2c:e3:1d:ce:80:46:a2:61:98:d7:5a:02:
                    06:4a:d3:89:c0:61:b2:de:f2:ae:ff:18:38:b9:9d:
                    cd:85:b7:d5:1d:76:bb:de:c0:77:28:1a:63:17:72:
                    af:ee:cc:46:c2:d8:15:77:69:08:79:9d:93:ad:67:
                    e8:62:6d:df:39:19:47:20:ca:0b:96:22:fa:b3:2b:
                    09:e7:f7:db:f8:5b:65:f3:57:23:05:fd:1e:5b:81:
                    83:ac:06:a9:db:da:47:eb:55:c2:94:00:a7:d3:5f:
                    29:47:aa:db:b9:7a:f3:4f:3e:e1:69:62:9a:19:77:
                    cb:9b:df:ca:7e:e4:39:3e:a1:3d:35:12:a5:5d:cc:
                    29:34:71:17:2f:08:85:17:b1:de:6c:19:85:ec:02:
                    c4:9e:da:4a:e2:cd:17:86:e5:75:2c:84:b9:c1:7a:
                    39:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A7:1D:B2:1E:60:73:BA:22:46:27:75:68:39:A3:26:6B:49:EF:0E
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/Iqcdsh5gc7oiRid1aDmjJmtJ7w4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:d8:99:fa:79:97:2c:2e:6e:e0:19:fb:2c:7a:6e:b5:bd:f8:
         d6:67:87:87:da:28:39:9d:dc:5a:ed:66:c3:58:5c:3f:2a:b8:
         c6:6b:3e:13:e9:8d:62:d2:96:eb:43:5c:b2:35:71:46:86:05:
         2c:d2:7b:73:8a:15:fd:b9:92:7f:1a:32:0d:4e:e6:60:a1:e2:
         21:f5:0d:82:df:50:a6:b6:4b:0c:02:7c:c8:c4:2c:49:82:5a:
         99:66:f6:fb:c9:3f:a6:50:e8:e6:34:f4:f7:2f:e5:35:87:d8:
         a4:76:0f:18:ae:4c:2f:c0:35:10:3e:bf:ba:e5:0b:8a:b9:2c:
         d4:a2:f1:43:65:1c:2d:eb:9e:dc:06:8c:96:1a:75:bc:d3:85:
         12:45:d7:40:5f:dd:11:c0:6d:d2:fe:c9:69:65:87:a1:58:45:
         72:1f:9a:46:25:f5:88:99:19:b6:b0:1d:67:76:23:25:a9:fe:
         87:ac:8a:55:70:b5:51:52:9c:8c:59:45:9b:e9:76:63:cc:d4:
         0b:65:9f:15:71:3b:d2:76:15:e6:dc:dc:53:cf:c0:45:20:cc:
         26:fb:d4:e6:7b:95:f5:ed:f3:96:a2:44:92:66:35:f5:87:ca:
         78:e2:86:68:5e:fa:a3:4f:03:87:b8:31:8d:38:16:f0:62:4d:
         37:f6:9a:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6fK2fpXAfbznUAmUIuu/slMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDAyMTQxNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmE3MWRiMjFlNjA3M2JhMjI0NjI3NzU2ODM5YTMyNjZiNDllZjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DqHWycJiskCLOsjp6pWMgHQ/ECL
rwnIDHdqM6dpEKd23PlBYZBWHk55K5KUmMhZHIgDsWUVInyzfSOqOdkoetpiJA5B
GJRZC67781exonwsIB9pJBtcNZ29spss4x3OgEaiYZjXWgIGStOJwGGy3vKu/xg4
uZ3NhbfVHXa73sB3KBpjF3Kv7sxGwtgVd2kIeZ2TrWfoYm3fORlHIMoLliL6sysJ
5/fb+Ftl81cjBf0eW4GDrAap29pH61XClACn018pR6rbuXrzTz7haWKaGXfLm9/K
fuQ5PqE9NRKlXcwpNHEXLwiFF7HebBmF7ALEntpK4s0XhuV1LIS5wXo5eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKnHbIeYHO6IkYndWg5oyZrSe8OMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvSXFjZHNoNWdjN29pUmlkMWFEbWpKbXRKN3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4kMA0G
CSqGSIb3DQEBCwUAA4IBAQBS2Jn6eZcsLm7gGfssem61vfjWZ4eH2ig5ndxa7WbD
WFw/KrjGaz4T6Y1i0pbrQ1yyNXFGhgUs0ntzihX9uZJ/GjINTuZgoeIh9Q2C31Cm
tksMAnzIxCxJglqZZvb7yT+mUOjmNPT3L+U1h9ikdg8YrkwvwDUQPr+65QuKuSzU
ovFDZRwt657cBoyWGnW804USRddAX90RwG3S/slpZYehWEVyH5pGJfWImRm2sB1n
diMlqf6HrIpVcLVRUpyMWUWb6XZjzNQLZZ8VcTvSdhXm3NxTz8BFIMwm+9Tme5X1
7fOWokSSZjX1h8p44oZoXvqjTwOHuDGNOBbwYk039pqh
-----END CERTIFICATE-----