Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/mx8m9BRNHVUqIv94YMMUnWbyuiw.roa
File:                     mx8m9BRNHVUqIv94YMMUnWbyuiw.roa (raw, json)
Hash identifier:          p7JNKoyDAeD9iOth0OgxJ80VoIYzoYDNGE0TRPYHR5s=
Subject key identifier:   9B:1F:26:F4:14:4D:1D:55:2A:22:FF:78:60:C3:14:9D:66:F2:BA:2C
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       018CC5014C709A476EA57BA077C7704796C7
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/mx8m9BRNHVUqIv94YMMUnWbyuiw.roa
Signing time:             Mon 01 Jan 2024 12:30:45 +0000
ROA not before:           Mon 01 Jan 2024 12:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200450
IP address blocks:        185.225.236.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:4c:70:9a:47:6e:a5:7b:a0:77:c7:70:47:96:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  1 12:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b1f26f4144d1d552a22ff7860c3149d66f2ba2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:71:6d:d2:12:27:63:89:34:13:11:b0:32:14:
                    07:4c:64:2a:6e:61:a5:12:91:a3:17:74:05:ed:cc:
                    a1:14:04:3a:1f:43:f0:41:81:63:e2:6e:d9:96:c7:
                    03:1e:d1:99:49:9c:28:bd:c7:37:2f:54:36:ad:cb:
                    4c:01:b3:08:0a:00:f2:1f:97:73:5c:ca:1f:db:72:
                    fc:b2:9b:41:aa:a8:ab:fb:e8:5b:c8:41:c0:19:a9:
                    a3:2a:45:40:a8:e5:41:bc:33:5f:42:88:16:8b:38:
                    4b:ae:4f:15:ce:73:e3:0d:45:38:2a:86:2b:11:25:
                    b7:47:8b:8c:05:86:15:fb:86:2d:99:a4:76:48:8a:
                    c4:8c:97:4e:c5:8d:49:44:87:9f:b8:57:20:22:eb:
                    80:73:01:b6:af:2b:2d:be:16:71:bb:2f:9c:ba:5d:
                    cf:26:68:2e:32:38:53:a2:ba:22:8d:4a:5f:c4:c7:
                    3f:af:e0:61:5a:33:bf:a2:8e:5e:5d:75:f3:3b:79:
                    79:a9:cf:92:23:85:1d:b6:5c:7d:dd:60:53:ef:78:
                    f0:ef:62:b8:7a:34:a6:ab:3d:f4:b2:17:f8:fb:79:
                    a4:9a:5f:4f:11:73:e5:70:a1:68:aa:87:a8:0b:b4:
                    a3:4a:56:24:75:bc:ac:ea:35:7b:65:1d:23:c4:12:
                    72:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:1F:26:F4:14:4D:1D:55:2A:22:FF:78:60:C3:14:9D:66:F2:BA:2C
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/mx8m9BRNHVUqIv94YMMUnWbyuiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:7e:51:9f:69:94:bd:a0:87:51:31:d2:8e:05:ec:0a:86:b0:
         d0:eb:ec:73:2c:28:27:ef:da:b9:b6:47:eb:c1:ca:4b:c1:03:
         47:e5:74:83:ef:d2:22:0d:99:a0:bb:0a:30:8d:cc:25:9f:f2:
         5a:58:94:6f:ba:9a:d0:6e:a3:7c:b2:a3:d1:be:42:41:77:ec:
         e6:b9:b8:1e:0d:db:92:49:aa:78:89:f9:4c:b5:e8:0c:7c:9d:
         c2:cb:dc:96:47:0e:bb:33:b0:62:22:21:7b:d8:6a:2b:d4:ae:
         8d:22:a7:00:f2:c8:26:a5:af:f0:09:48:35:c5:c9:c5:55:2d:
         df:20:69:85:a4:21:7f:4f:85:13:01:70:b4:46:a0:b2:24:6f:
         20:ee:30:50:47:b7:70:f2:30:12:af:b2:e6:d4:ea:a0:ea:98:
         ee:1f:20:e4:a4:f1:12:cb:9a:f8:49:6f:70:56:b1:19:34:58:
         3b:ba:e8:18:36:a8:9b:05:bb:76:bb:63:28:36:5e:23:3f:d3:
         3f:9b:34:3e:91:5d:75:96:27:7c:07:56:47:3b:7d:f2:e2:13:
         37:6a:f2:31:c2:d8:30:a8:10:dc:e9:58:e0:19:97:b4:52:4b:
         ee:92:5f:84:51:ab:7f:48:45:49:5f:fd:dc:f7:e7:d8:95:13:
         0f:40:30:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAUxwmkdupXugd8dwR5bHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjQwMTAxMTIzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjFmMjZmNDE0NGQxZDU1MmEyMmZmNzg2MGMzMTQ5ZDY2ZjJiYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3Ft0hInY4k0ExGwMhQHTGQqbmGl
EpGjF3QF7cyhFAQ6H0PwQYFj4m7ZlscDHtGZSZwovcc3L1Q2rctMAbMICgDyH5dz
XMof23L8sptBqqir++hbyEHAGamjKkVAqOVBvDNfQogWizhLrk8VznPjDUU4KoYr
ESW3R4uMBYYV+4YtmaR2SIrEjJdOxY1JRIefuFcgIuuAcwG2rystvhZxuy+cul3P
JmguMjhToroijUpfxMc/r+BhWjO/oo5eXXXzO3l5qc+SI4Udtlx93WBT73jw72K4
ejSmqz30shf4+3mkml9PEXPlcKFoqoeoC7SjSlYkdbys6jV7ZR0jxBJyQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsfJvQUTR1VKiL/eGDDFJ1m8rosMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvbXg4bTlCUk5IVlVxSXY5NFlNTVVuV2J5dWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHsMA0G
CSqGSIb3DQEBCwUAA4IBAQB5flGfaZS9oIdRMdKOBewKhrDQ6+xzLCgn79q5tkfr
wcpLwQNH5XSD79IiDZmguwowjcwln/JaWJRvuprQbqN8sqPRvkJBd+zmubgeDduS
Sap4iflMtegMfJ3Cy9yWRw67M7BiIiF72Gor1K6NIqcA8sgmpa/wCUg1xcnFVS3f
IGmFpCF/T4UTAXC0RqCyJG8g7jBQR7dw8jASr7Lm1Oqg6pjuHyDkpPESy5r4SW9w
VrEZNFg7uugYNqibBbt2u2MoNl4jP9M/mzQ+kV11lid8B1ZHO33y4hM3avIxwtgw
qBDc6VjgGZe0Ukvukl+EUat/SEVJX/3c9+fYlRMPQDCV
-----END CERTIFICATE-----