Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/PXNKggnLJHJ79VJZNQ1NNsBM9fk.roa
File:                     PXNKggnLJHJ79VJZNQ1NNsBM9fk.roa (raw, json)
Hash identifier:          jq9E23F1hdYz8aTPK7v37vEK5jeG35ZSnsshWqPR/wU=
Subject key identifier:   3D:73:4A:82:09:CB:24:72:7B:F5:52:59:35:0D:4D:36:C0:4C:F5:F9
Certificate issuer:       /CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
Certificate serial:       018CC6499B881B0A3AD8A4EBDA792DAD0FA2
Authority key identifier: FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/PXNKggnLJHJ79VJZNQ1NNsBM9fk.roa
Signing time:             Mon 01 Jan 2024 18:29:21 +0000
ROA not before:           Mon 01 Jan 2024 18:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47352
IP address blocks:        185.1.236.0/24 maxlen: 24
                          2001:7f8:126::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:9b:88:1b:0a:3a:d8:a4:eb:da:79:2d:ad:0f:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
        Validity
            Not Before: Jan  1 18:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d734a8209cb24727bf55259350d4d36c04cf5f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8f:3d:e6:fa:40:33:82:1c:55:6e:5a:a9:f0:
                    45:94:30:c9:cd:ac:e7:cc:a3:9a:a0:ec:bc:44:b3:
                    2e:6e:f0:1f:52:e9:34:21:4e:4f:5c:3a:29:5b:d5:
                    6c:f2:07:87:c3:16:87:af:47:b6:ee:aa:82:d3:90:
                    a2:90:2b:bf:e5:1d:e2:24:a3:21:39:35:35:ea:fb:
                    13:ff:eb:65:2d:a7:8b:70:21:26:7b:e2:d0:ff:d9:
                    24:88:3f:29:ff:e0:ad:c5:8b:00:c4:4a:01:90:d1:
                    35:b6:07:61:51:e0:8a:eb:76:2d:20:2d:5a:1c:4e:
                    d1:e7:39:44:79:c8:86:9d:f8:13:48:75:95:b9:f8:
                    63:f2:73:30:dd:59:e0:56:2e:e1:41:94:0a:43:d1:
                    cb:42:c7:c3:12:25:94:de:a3:78:36:e8:62:7e:13:
                    97:87:5c:46:59:e5:d3:5a:86:86:7d:a0:a0:2e:61:
                    29:71:9a:ae:fb:94:18:a0:f1:ca:ac:cb:6f:d9:5b:
                    99:32:f3:52:f0:b4:e0:2d:d4:b5:3c:92:a8:3b:95:
                    5e:bf:73:1d:ce:61:d1:e4:97:51:48:30:ad:96:df:
                    37:58:2e:c1:c4:de:fb:ec:b9:39:f6:8f:54:b2:6c:
                    7d:18:16:85:cc:54:7d:0a:40:70:c9:b0:45:f6:49:
                    2a:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:73:4A:82:09:CB:24:72:7B:F5:52:59:35:0D:4D:36:C0:4C:F5:F9
            X509v3 Authority Key Identifier:
                keyid:FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/PXNKggnLJHJ79VJZNQ1NNsBM9fk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.236.0/24
                IPv6:
                  2001:7f8:126::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:53:cb:71:91:72:df:5e:fa:44:4a:1d:b5:d3:63:36:59:31:
         91:ca:f4:d6:69:f1:85:34:35:e9:b6:1c:c7:13:cc:57:2f:cf:
         c6:c2:d0:65:c1:93:a9:d2:48:9d:1b:43:a0:93:a7:22:bd:f5:
         ec:f0:c1:f1:e7:53:c8:9c:b3:48:c9:21:cb:4d:fa:45:62:0b:
         77:9b:ea:78:61:9a:32:2e:61:95:69:c6:76:b6:aa:fd:96:4d:
         94:3e:68:b1:10:ad:69:34:6a:67:3e:12:fe:bb:bc:d9:97:de:
         5f:09:74:f0:98:4c:8b:ac:31:d9:7b:1a:21:88:e1:38:f2:09:
         7e:bc:2a:d3:e6:cb:af:f1:d2:fe:93:3b:0d:f8:52:00:e3:57:
         f9:6a:31:a0:d5:d3:c4:20:e4:59:90:4d:e2:9e:cb:28:d5:12:
         60:d9:f3:af:ad:4c:b8:6a:a9:e6:78:7c:8b:e5:44:c1:52:87:
         fd:6e:35:5b:c2:48:bc:c6:62:73:05:4d:6c:f7:2f:a4:92:fc:
         1c:cb:08:dc:8c:db:49:f2:a6:90:86:9f:a1:33:e5:de:1a:45:
         43:86:ba:13:68:a8:ef:f2:f5:b8:f5:83:57:02:7d:15:56:0b:
         73:17:c2:b3:27:54:18:3e:20:14:a7:ce:1a:28:ae:78:6e:a8:
         d0:11:80:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGSZuIGwo62KTr2nktrQ+iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjk4ZWViMmU0OWZjYjVmOWM2NWE5OTg1N2FmMjljZTA2
NjQxZDkwHhcNMjQwMTAxMTgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDczNGE4MjA5Y2IyNDcyN2JmNTUyNTkzNTBkNGQzNmMwNGNmNWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4895vpAM4IcVW5aqfBFlDDJzazn
zKOaoOy8RLMubvAfUuk0IU5PXDopW9Vs8geHwxaHr0e27qqC05CikCu/5R3iJKMh
OTU16vsT/+tlLaeLcCEme+LQ/9kkiD8p/+CtxYsAxEoBkNE1tgdhUeCK63YtIC1a
HE7R5zlEeciGnfgTSHWVufhj8nMw3VngVi7hQZQKQ9HLQsfDEiWU3qN4NuhifhOX
h1xGWeXTWoaGfaCgLmEpcZqu+5QYoPHKrMtv2VuZMvNS8LTgLdS1PJKoO5Vev3Md
zmHR5JdRSDCtlt83WC7BxN777Lk59o9Usmx9GBaFzFR9CkBwybBF9kkqjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD1zSoIJyyRye/VSWTUNTTbATPX5MB8GA1UdIwQY
MBaAFP9pjusuSfy1+cZamYV68pzgZkHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4Mzkt
NTdjZDY4ZDljYjRlLzEvUFhOS2dnbkxKSEo3OVZKWk5RMU5Oc0JNOWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4MzktNTdjZDY4ZDljYjRl
LzEvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQHsMA8E
AgACMAkDBwAgAQf4ASYwDQYJKoZIhvcNAQELBQADggEBAFdTy3GRct9e+kRKHbXT
YzZZMZHK9NZp8YU0Nem2HMcTzFcvz8bC0GXBk6nSSJ0bQ6CTpyK99ezwwfHnU8ic
s0jJIctN+kViC3eb6nhhmjIuYZVpxna2qv2WTZQ+aLEQrWk0amc+Ev67vNmX3l8J
dPCYTIusMdl7GiGI4TjyCX68KtPmy6/x0v6TOw34UgDjV/lqMaDV08Qg5FmQTeKe
yyjVEmDZ86+tTLhqqeZ4fIvlRMFSh/1uNVvCSLzGYnMFTWz3L6SS/BzLCNyM20ny
ppCGn6Ez5d4aRUOGuhNoqO/y9bj1g1cCfRVWC3MXwrMnVBg+IBSnzhoornhuqNAR
gKM=
-----END CERTIFICATE-----