Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/1lVPkkjQFhK0hASM76LaKqMw8Zs.roa
File:                     1lVPkkjQFhK0hASM76LaKqMw8Zs.roa (raw, json)
Hash identifier:          XOFVSZleZP5fsRci6+Onq4xznm5gGBHazy8lj9Vtasc=
Subject key identifier:   D6:55:4F:92:48:D0:16:12:B4:84:04:8C:EF:A2:DA:2A:A3:30:F1:9B
Certificate issuer:       /CN=36e1533c3ff94b18c308f1b1c95ba44eb1f0ec77
Certificate serial:       01942747AC1018551BE303AE012C5A455F4B
Authority key identifier: 36:E1:53:3C:3F:F9:4B:18:C3:08:F1:B1:C9:5B:A4:4E:B1:F0:EC:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NuFTPD_5SxjDCPGxyVukTrHw7Hc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/1lVPkkjQFhK0hASM76LaKqMw8Zs.roa
Signing time:             Thu 02 Jan 2025 13:49:56 +0000
ROA not before:           Thu 02 Jan 2025 13:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25460
IP address blocks:        88.214.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/NuFTPD_5SxjDCPGxyVukTrHw7Hc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/NuFTPD_5SxjDCPGxyVukTrHw7Hc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NuFTPD_5SxjDCPGxyVukTrHw7Hc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ac:10:18:55:1b:e3:03:ae:01:2c:5a:45:5f:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36e1533c3ff94b18c308f1b1c95ba44eb1f0ec77
        Validity
            Not Before: Jan  2 13:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6554f9248d01612b484048cefa2da2aa330f19b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f3:c3:34:88:a9:06:75:25:fa:45:ee:47:20:
                    c6:2b:7b:0a:e4:8d:ff:62:40:04:66:a8:8b:5f:49:
                    3b:f6:df:bf:02:15:4c:11:2a:e1:cd:09:fc:57:4b:
                    5d:d1:35:41:9f:fa:ff:e0:41:72:d4:a3:b6:bc:c7:
                    be:39:1a:6b:e5:50:43:b1:6a:16:4f:cb:ae:8d:02:
                    5c:f5:bb:a2:16:94:d5:bd:9a:b9:92:ab:0e:5a:21:
                    fb:a1:a5:be:a0:52:6f:21:50:2a:2a:9f:99:7e:55:
                    fd:40:6f:07:e1:01:0f:cd:33:e3:11:7c:73:b3:48:
                    a7:6c:56:b9:85:94:44:c6:b3:80:02:5d:65:ee:62:
                    10:2d:2f:91:ce:13:49:48:c7:47:4f:f5:c7:22:df:
                    68:dc:36:33:69:7d:e3:d2:e3:49:91:5a:c4:69:86:
                    fa:0e:a4:fd:7a:91:58:a8:99:72:b3:1c:14:39:93:
                    48:00:4c:2e:0d:2f:20:4d:29:a4:2e:d7:03:80:ad:
                    f8:9e:c6:1b:ed:71:39:88:4e:60:ba:22:5f:89:66:
                    3b:ba:44:53:76:1b:47:1c:3b:15:ee:ff:15:55:91:
                    45:5e:b4:a5:df:83:85:9b:b5:69:f6:90:60:e8:2b:
                    0b:3a:d9:a7:fd:e2:bd:b6:f7:e5:70:3f:ba:8f:c2:
                    27:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:55:4F:92:48:D0:16:12:B4:84:04:8C:EF:A2:DA:2A:A3:30:F1:9B
            X509v3 Authority Key Identifier:
                keyid:36:E1:53:3C:3F:F9:4B:18:C3:08:F1:B1:C9:5B:A4:4E:B1:F0:EC:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NuFTPD_5SxjDCPGxyVukTrHw7Hc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/1lVPkkjQFhK0hASM76LaKqMw8Zs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ec592f-2434-4d1c-b775-99b9f33de3b0/1/NuFTPD_5SxjDCPGxyVukTrHw7Hc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.214.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:b3:b5:b1:09:5d:f5:61:40:40:6c:fb:87:f5:01:8f:29:60:
         37:98:97:fa:4d:a8:d3:94:b7:bd:25:22:52:cb:82:4f:0c:8c:
         62:c7:86:b5:c2:a6:51:b5:cd:91:7d:3d:f7:26:e5:65:19:1b:
         e1:b8:6b:61:3e:b2:42:42:80:01:f2:51:d3:21:aa:e2:49:10:
         20:8a:ba:8b:c9:d2:b3:64:b6:11:3c:be:3a:01:27:0e:d7:b6:
         e9:62:19:e7:bc:09:c1:78:0e:15:49:73:96:46:33:c4:89:74:
         7f:45:5a:07:f9:ef:05:4a:da:22:df:a6:21:5c:10:53:31:ae:
         97:da:1a:71:60:02:76:03:98:bc:89:70:b6:d2:ee:bf:bd:7a:
         af:50:92:1b:c0:90:f2:59:20:92:b1:6f:c8:cb:a9:7e:fe:2e:
         ba:b3:f6:14:92:bf:f9:c0:72:e1:86:57:6b:9e:fd:eb:12:da:
         09:4c:81:f1:f4:af:ca:3d:51:58:33:b9:17:1d:fa:b8:01:b3:
         91:3f:4a:1f:8b:d1:6a:f1:de:d1:17:d7:f0:6a:eb:f0:d7:2c:
         cc:16:f5:24:b2:e7:02:75:08:fd:de:3a:d0:1f:3e:22:c2:3a:
         5f:bb:1d:71:f7:18:5e:fe:b9:9e:89:29:6b:e5:9e:9e:7c:d3:
         08:2b:8d:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6wQGFUb4wOuASxaRV9LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZTE1MzNjM2ZmOTRiMThjMzA4ZjFiMWM5NWJhNDRlYjFm
MGVjNzcwHhcNMjUwMTAyMTM0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjU1NGY5MjQ4ZDAxNjEyYjQ4NDA0OGNlZmEyZGEyYWEzMzBmMTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PPDNIipBnUl+kXuRyDGK3sK5I3/
YkAEZqiLX0k79t+/AhVMESrhzQn8V0td0TVBn/r/4EFy1KO2vMe+ORpr5VBDsWoW
T8uujQJc9buiFpTVvZq5kqsOWiH7oaW+oFJvIVAqKp+ZflX9QG8H4QEPzTPjEXxz
s0inbFa5hZRExrOAAl1l7mIQLS+RzhNJSMdHT/XHIt9o3DYzaX3j0uNJkVrEaYb6
DqT9epFYqJlysxwUOZNIAEwuDS8gTSmkLtcDgK34nsYb7XE5iE5guiJfiWY7ukRT
dhtHHDsV7v8VVZFFXrSl34OFm7Vp9pBg6CsLOtmn/eK9tvflcD+6j8InuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZVT5JI0BYStIQEjO+i2iqjMPGbMB8GA1UdIwQY
MBaAFDbhUzw/+UsYwwjxsclbpE6x8Ox3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnVGVFBEXzVTeGpEQ1BHeHlWdWtUckh3N0hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9lYzU5MmYtMjQzNC00ZDFjLWI3NzUt
OTliOWYzM2RlM2IwLzEvMWxWUGtralFGaEswaEFTTTc2TGFLcU13OFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9lYzU5MmYtMjQzNC00ZDFjLWI3NzUtOTliOWYzM2RlM2Iw
LzEvTnVGVFBEXzVTeGpEQ1BHeHlWdWtUckh3N0hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWNYkMA0G
CSqGSIb3DQEBCwUAA4IBAQCDs7WxCV31YUBAbPuH9QGPKWA3mJf6TajTlLe9JSJS
y4JPDIxix4a1wqZRtc2RfT33JuVlGRvhuGthPrJCQoAB8lHTIariSRAgirqLydKz
ZLYRPL46AScO17bpYhnnvAnBeA4VSXOWRjPEiXR/RVoH+e8FStoi36YhXBBTMa6X
2hpxYAJ2A5i8iXC20u6/vXqvUJIbwJDyWSCSsW/Iy6l+/i66s/YUkr/5wHLhhldr
nv3rEtoJTIHx9K/KPVFYM7kXHfq4AbORP0ofi9Fq8d7RF9fwauvw1yzMFvUksucC
dQj93jrQHz4iwjpfux1x9xhe/rmeiSlr5Z6efNMIK409
-----END CERTIFICATE-----