Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/nVA1lpsZLzCTOSJu1yBy_OVPpp8.roa
File:                     nVA1lpsZLzCTOSJu1yBy_OVPpp8.roa (raw, json)
Hash identifier:          eERDmA1bibMch1tz983bjllVX9LnCw/9lxxwDDzWNSI=
Subject key identifier:   9D:50:35:96:9B:19:2F:30:93:39:22:6E:D7:20:72:FC:E5:4F:A6:9F
Certificate issuer:       /CN=23b1943087ce69623e76b2145b3479ac204ba1c9
Certificate serial:       018CC726F32D424449BE786ACDA52752B90A
Authority key identifier: 23:B1:94:30:87:CE:69:62:3E:76:B2:14:5B:34:79:AC:20:4B:A1:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/nVA1lpsZLzCTOSJu1yBy_OVPpp8.roa
Signing time:             Mon 01 Jan 2024 22:31:07 +0000
ROA not before:           Mon 01 Jan 2024 22:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35405
IP address blocks:        87.236.64.0/24 maxlen: 24
                          87.236.70.0/24 maxlen: 24
                          87.236.65.0/24 maxlen: 24
                          87.236.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f3:2d:42:44:49:be:78:6a:cd:a5:27:52:b9:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23b1943087ce69623e76b2145b3479ac204ba1c9
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d5035969b192f309339226ed72072fce54fa69f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:31:fb:56:e2:35:e0:ff:bc:e3:38:6c:04:7e:
                    d2:4f:d1:7d:da:ff:91:8c:56:ba:ca:36:85:c4:c8:
                    2c:ce:9a:4f:6a:43:8c:4a:63:9e:8b:4c:6f:35:e5:
                    2b:6b:12:0b:96:53:65:ad:bb:77:c8:70:a9:6f:8a:
                    bf:47:86:ac:0b:e4:a0:da:1f:07:86:dd:ba:ab:ac:
                    c6:d0:62:3b:f3:7e:87:28:05:90:e1:2e:93:47:55:
                    25:fb:49:7e:cb:57:4a:6b:e4:fc:93:d1:de:96:31:
                    05:22:97:49:3c:b6:94:fd:d4:04:55:45:18:fa:bc:
                    eb:71:de:05:45:7a:99:8d:e6:37:e5:04:64:77:24:
                    82:02:6c:74:7c:a3:9a:56:8d:15:bb:8f:8e:55:4e:
                    30:2c:2c:48:a0:d3:c5:f4:f8:30:af:8f:f0:ad:e0:
                    f6:8b:16:5a:71:5f:b6:7b:0c:ca:87:8e:13:0a:82:
                    99:34:36:67:99:f1:48:ed:6b:4b:d4:d3:87:f4:b8:
                    20:5a:d9:9c:31:1f:1c:45:02:da:df:fe:83:cc:5c:
                    b4:e3:a1:a2:8e:5e:83:6c:8e:fb:5f:62:82:13:5b:
                    4f:46:ef:1b:57:8f:5d:1c:d1:8d:e3:8b:cf:5f:f1:
                    a2:7b:b6:c4:49:45:b3:d7:a4:fe:21:dd:60:70:91:
                    cf:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:50:35:96:9B:19:2F:30:93:39:22:6E:D7:20:72:FC:E5:4F:A6:9F
            X509v3 Authority Key Identifier:
                keyid:23:B1:94:30:87:CE:69:62:3E:76:B2:14:5B:34:79:AC:20:4B:A1:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I7GUMIfOaWI-drIUWzR5rCBLock.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/nVA1lpsZLzCTOSJu1yBy_OVPpp8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/73f1c9-82b0-4ede-b899-f742f395aaf9/1/I7GUMIfOaWI-drIUWzR5rCBLock.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.64.0/23
                  87.236.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:a0:91:b0:cb:12:10:60:60:9a:5a:90:4c:ba:d5:76:be:6f:
         8e:cb:ae:35:da:c3:f9:17:81:dc:08:93:34:81:38:1a:58:c5:
         78:5a:24:31:3a:db:2a:ba:3d:49:56:83:0a:a2:dd:93:98:86:
         40:b4:a9:d0:83:14:50:da:aa:a1:5d:77:04:b5:76:35:8b:75:
         88:d5:4b:91:32:88:6b:dc:38:7c:8c:72:69:b7:80:3b:6a:73:
         8b:e9:43:76:f3:49:20:5a:e1:7d:ea:ec:41:55:f1:d6:4e:ef:
         30:12:33:af:dc:a4:ea:70:d4:ee:71:32:f2:52:1f:97:6d:91:
         43:1f:28:b3:01:3f:78:74:fb:31:b8:ef:da:19:40:e3:de:4f:
         c7:d6:60:7e:b6:23:d9:d2:78:54:90:b8:a2:7a:e5:65:5d:ab:
         fc:d6:f6:92:7c:f3:c8:49:c0:1c:e3:fa:af:d3:0f:30:5b:9d:
         88:cf:c0:54:11:92:48:9c:2a:ab:32:36:e4:2f:ae:c4:4c:b0:
         ed:f6:d4:1c:0b:7d:09:1e:5f:a4:5d:0b:40:47:97:8e:8a:3e:
         76:d2:fd:2b:29:6a:20:62:e3:8c:76:8f:71:27:62:b3:4f:94:
         c2:8f:17:49:a7:30:bc:22:bf:9a:65:e2:7a:7f:9c:54:05:25:
         ef:e0:f8:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJvMtQkRJvnhqzaUnUrkKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYjE5NDMwODdjZTY5NjIzZTc2YjIxNDViMzQ3OWFjMjA0
YmExYzkwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDUwMzU5NjliMTkyZjMwOTMzOTIyNmVkNzIwNzJmY2U1NGZhNjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4zH7VuI14P+84zhsBH7ST9F92v+R
jFa6yjaFxMgszppPakOMSmOei0xvNeUraxILllNlrbt3yHCpb4q/R4asC+Sg2h8H
ht26q6zG0GI7836HKAWQ4S6TR1Ul+0l+y1dKa+T8k9HeljEFIpdJPLaU/dQEVUUY
+rzrcd4FRXqZjeY35QRkdySCAmx0fKOaVo0Vu4+OVU4wLCxIoNPF9Pgwr4/wreD2
ixZacV+2ewzKh44TCoKZNDZnmfFI7WtL1NOH9LggWtmcMR8cRQLa3/6DzFy046Gi
jl6DbI77X2KCE1tPRu8bV49dHNGN44vPX/Gie7bESUWz16T+Id1gcJHPZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ1QNZabGS8wkzkibtcgcvzlT6afMB8GA1UdIwQY
MBaAFCOxlDCHzmliPnayFFs0eawgS6HJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTdHVU1JZk9hV0ktZHJJVVd6UjVyQ0JMb2NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83M2YxYzktODJiMC00ZWRlLWI4OTkt
Zjc0MmYzOTVhYWY5LzEvblZBMWxwc1pMekNUT1NKdTF5QnlfT1ZQcHA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83M2YxYzktODJiMC00ZWRlLWI4OTktZjc0MmYzOTVhYWY5
LzEvSTdHVU1JZk9hV0ktZHJJVVd6UjVyQ0JMb2NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBV+xAAwQB
V+xGMA0GCSqGSIb3DQEBCwUAA4IBAQCPoJGwyxIQYGCaWpBMutV2vm+Oy6412sP5
F4HcCJM0gTgaWMV4WiQxOtsquj1JVoMKot2TmIZAtKnQgxRQ2qqhXXcEtXY1i3WI
1UuRMohr3Dh8jHJpt4A7anOL6UN280kgWuF96uxBVfHWTu8wEjOv3KTqcNTucTLy
Uh+XbZFDHyizAT94dPsxuO/aGUDj3k/H1mB+tiPZ0nhUkLiieuVlXav81vaSfPPI
ScAc4/qv0w8wW52Iz8BUEZJInCqrMjbkL67ETLDt9tQcC30JHl+kXQtAR5eOij52
0v0rKWogYuOMdo9xJ2KzT5TCjxdJpzC8Ir+aZeJ6f5xUBSXv4Phq
-----END CERTIFICATE-----