Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/m5B_Lq6LH_1upE6MZYUUMkpaJi8.roa
File:                     m5B_Lq6LH_1upE6MZYUUMkpaJi8.roa (raw, json)
Hash identifier:          i5r2sY3kpVMzS/VJn/+OX3Nzs0/7wiuvSOcME+jf0B0=
Subject key identifier:   9B:90:7F:2E:AE:8B:1F:FD:6E:A4:4E:8C:65:85:14:32:4A:5A:26:2F
Certificate issuer:       /CN=23b1943087ce69623e76b2145b3479ac204ba1c9
Certificate serial:       018CC726F2E1DFBFAFE3449268B2A60F9DF7
Authority key identifier: 23:B1:94:30:87:CE:69:62:3E:76:B2:14:5B:34:79:AC:20:4B:A1:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/m5B_Lq6LH_1upE6MZYUUMkpaJi8.roa
Signing time:             Mon 01 Jan 2024 22:31:07 +0000
ROA not before:           Mon 01 Jan 2024 22:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17802
IP address blocks:        87.236.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f2:e1:df:bf:af:e3:44:92:68:b2:a6:0f:9d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23b1943087ce69623e76b2145b3479ac204ba1c9
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b907f2eae8b1ffd6ea44e8c658514324a5a262f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:01:d9:2d:0b:e8:15:45:e6:8a:33:1e:a3:2a:
                    e1:5b:7b:11:86:bf:03:07:c3:e8:ce:8a:c8:a8:f0:
                    9d:b0:5e:5a:39:67:a4:d5:5b:82:f3:19:1b:ed:02:
                    a0:0b:1b:ba:cf:35:04:e1:53:ee:ba:3c:03:b1:f2:
                    ca:e6:08:b2:02:ad:d8:d3:ed:10:d8:29:63:71:c1:
                    76:34:88:bd:2a:d8:7a:b3:de:c2:67:dd:a0:ba:94:
                    8f:b2:d6:46:27:a0:4d:b9:89:43:f2:c6:b0:00:a2:
                    d4:31:47:d0:a0:97:b8:1e:6d:fc:3a:12:27:78:1a:
                    f2:d9:bd:bc:26:2a:89:fc:82:38:19:34:de:0d:1d:
                    e0:cd:65:9b:9c:04:e0:b0:f4:87:79:c0:7d:3e:41:
                    3b:ff:2e:c1:33:bb:29:0a:b5:84:a6:11:61:90:fc:
                    59:80:80:f1:e7:80:94:53:e8:f6:c0:95:3e:37:fd:
                    65:58:a7:42:d9:fc:26:dd:75:9b:14:a9:6c:ea:9e:
                    26:6b:df:e6:e8:bb:70:26:7d:7f:b8:85:36:65:1d:
                    fa:13:02:ad:88:37:be:b8:bc:52:cc:cb:c1:09:31:
                    29:a8:5e:c3:77:29:69:eb:6e:9f:00:3f:8d:a4:36:
                    a0:44:42:a3:18:01:d2:e1:2d:b4:43:e5:40:83:31:
                    d5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:90:7F:2E:AE:8B:1F:FD:6E:A4:4E:8C:65:85:14:32:4A:5A:26:2F
            X509v3 Authority Key Identifier:
                keyid:23:B1:94:30:87:CE:69:62:3E:76:B2:14:5B:34:79:AC:20:4B:A1:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/m5B_Lq6LH_1upE6MZYUUMkpaJi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:47:46:aa:33:fa:c6:96:04:79:d5:f4:b7:46:44:87:ad:10:
         b9:6e:c3:07:27:fc:96:d1:af:d7:2c:75:f7:82:4b:0d:91:cc:
         34:e1:1f:73:21:aa:3d:df:0a:f0:a4:f0:29:b4:92:83:b4:c9:
         f1:1d:ad:a0:70:0c:5c:71:ea:f1:2e:4a:bd:78:03:fe:16:90:
         28:97:1d:e7:83:01:5d:51:72:78:c2:bf:9d:06:0e:13:da:5f:
         a8:1e:0d:25:a9:ef:48:e0:1a:b1:83:d2:52:93:11:99:93:54:
         b9:36:14:2c:e8:4d:4b:5e:27:ab:6e:d2:55:1d:a2:ca:ab:99:
         c1:56:8d:9b:2b:21:58:66:11:2c:d4:73:16:91:b8:d9:d5:c3:
         41:8e:15:84:33:7e:41:cc:22:fa:cb:e1:4e:36:07:fd:95:6e:
         29:e1:2d:78:de:44:20:70:4a:24:c1:16:eb:b3:54:21:cc:53:
         eb:90:39:9f:14:1e:a6:96:ff:23:53:8f:97:51:f4:38:d4:28:
         37:55:0d:77:0d:0c:51:66:1a:02:5b:5e:11:28:c8:03:96:fb:
         91:78:33:dc:99:fc:59:89:6e:8c:c8:f4:5b:6e:0c:92:20:1b:
         22:91:7f:02:de:93:87:4d:9e:b7:67:54:b2:89:0c:c9:11:51:
         2e:3e:be:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvLh37+v40SSaLKmD533MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYjE5NDMwODdjZTY5NjIzZTc2YjIxNDViMzQ3OWFjMjA0
YmExYzkwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjkwN2YyZWFlOGIxZmZkNmVhNDRlOGM2NTg1MTQzMjRhNWEyNjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQHZLQvoFUXmijMeoyrhW3sRhr8D
B8PozorIqPCdsF5aOWek1VuC8xkb7QKgCxu6zzUE4VPuujwDsfLK5giyAq3Y0+0Q
2CljccF2NIi9Kth6s97CZ92gupSPstZGJ6BNuYlD8sawAKLUMUfQoJe4Hm38OhIn
eBry2b28JiqJ/II4GTTeDR3gzWWbnATgsPSHecB9PkE7/y7BM7spCrWEphFhkPxZ
gIDx54CUU+j2wJU+N/1lWKdC2fwm3XWbFKls6p4ma9/m6LtwJn1/uIU2ZR36EwKt
iDe+uLxSzMvBCTEpqF7Ddylp626fAD+NpDagREKjGAHS4S20Q+VAgzHVKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuQfy6uix/9bqROjGWFFDJKWiYvMB8GA1UdIwQY
MBaAFCOxlDCHzmliPnayFFs0eawgS6HJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdHVU1JZk9hV0ktZHJJVVd6UjVyQ0JMb2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83M2YxYzktODJiMC00ZWRlLWI4OTkt
Zjc0MmYzOTVhYWY5LzEvbTVCX0xxNkxIXzF1cEU2TVpZVVVNa3BhSmk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83M2YxYzktODJiMC00ZWRlLWI4OTktZjc0MmYzOTVhYWY5
LzEvSTdHVU1JZk9hV0ktZHJJVVd6UjVyQ0JMb2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+xDMA0G
CSqGSIb3DQEBCwUAA4IBAQB0R0aqM/rGlgR51fS3RkSHrRC5bsMHJ/yW0a/XLHX3
gksNkcw04R9zIao93wrwpPAptJKDtMnxHa2gcAxccerxLkq9eAP+FpAolx3ngwFd
UXJ4wr+dBg4T2l+oHg0lqe9I4Bqxg9JSkxGZk1S5NhQs6E1LXierbtJVHaLKq5nB
Vo2bKyFYZhEs1HMWkbjZ1cNBjhWEM35BzCL6y+FONgf9lW4p4S143kQgcEokwRbr
s1QhzFPrkDmfFB6mlv8jU4+XUfQ41Cg3VQ13DQxRZhoCW14RKMgDlvuReDPcmfxZ
iW6MyPRbbgySIBsikX8C3pOHTZ63Z1SyiQzJEVEuPr7f
-----END CERTIFICATE-----