Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/4bd00a-83ce-4134-b592-7243d9347143/1/nJg4iVJarxL5e8x1HAXywUZfgJY.roa
File:                     nJg4iVJarxL5e8x1HAXywUZfgJY.roa (raw, json)
Hash identifier:          NiZzY5Nv1CyjvlOLrpebpFq/Db6Ohdr8QNXiyqe3bqY=
Subject key identifier:   9C:98:38:89:52:5A:AF:12:F9:7B:CC:75:1C:05:F2:C1:46:5F:80:96
Certificate issuer:       /CN=304d706d759b0213114fb319cb593315d7e3409b
Certificate serial:       018CC4253A099E6021B6961929AE4B0D4A6F
Authority key identifier: 30:4D:70:6D:75:9B:02:13:11:4F:B3:19:CB:59:33:15:D7:E3:40:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ME1wbXWbAhMRT7MZy1kzFdfjQJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/4bd00a-83ce-4134-b592-7243d9347143/1/nJg4iVJarxL5e8x1HAXywUZfgJY.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12552
IP address blocks:        185.236.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/4bd00a-83ce-4134-b592-7243d9347143/1/ME1wbXWbAhMRT7MZy1kzFdfjQJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/4bd00a-83ce-4134-b592-7243d9347143/1/ME1wbXWbAhMRT7MZy1kzFdfjQJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ME1wbXWbAhMRT7MZy1kzFdfjQJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3a:09:9e:60:21:b6:96:19:29:ae:4b:0d:4a:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=304d706d759b0213114fb319cb593315d7e3409b
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c983889525aaf12f97bcc751c05f2c1465f8096
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:3d:df:8e:12:54:6f:2f:6c:b9:da:ed:28:63:
                    af:d6:33:c5:14:20:d6:bc:1a:b9:08:ae:47:09:59:
                    c5:48:74:06:4c:94:e9:a6:08:23:90:33:47:29:b8:
                    6e:33:45:58:65:94:04:0a:d3:a7:7c:52:dc:c3:a6:
                    c1:32:a8:0a:c0:87:76:ba:ab:fd:39:79:36:61:33:
                    63:76:ad:c9:70:f7:38:89:3b:5b:15:a7:98:23:72:
                    a4:53:fe:75:9b:54:50:b3:d8:f2:cb:7b:41:95:12:
                    c9:19:c7:86:ca:43:5b:8e:91:46:7a:82:7a:f2:7a:
                    5f:e2:4e:a8:ea:26:0b:ee:91:83:e5:3c:0c:42:42:
                    e7:1c:f0:3a:05:1e:da:83:54:87:88:9e:fc:ce:2d:
                    82:6e:21:4c:6d:43:2e:d6:81:d1:bc:67:98:04:f7:
                    4b:b3:43:66:ad:b3:d0:fe:6e:00:95:04:c1:6b:24:
                    61:6b:2e:8b:54:bb:94:60:0a:1b:24:29:ce:2f:d4:
                    bd:fd:55:a1:0a:e5:67:26:fc:90:ce:0c:9e:f0:5c:
                    4c:4f:d4:54:fa:86:2e:93:3b:30:3e:86:d6:e8:03:
                    55:65:9e:86:4d:75:6b:f9:5a:2d:30:5a:c6:48:8f:
                    87:4e:4d:c5:88:cb:05:a9:c0:2f:b7:b2:27:00:1b:
                    f2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:98:38:89:52:5A:AF:12:F9:7B:CC:75:1C:05:F2:C1:46:5F:80:96
            X509v3 Authority Key Identifier:
                keyid:30:4D:70:6D:75:9B:02:13:11:4F:B3:19:CB:59:33:15:D7:E3:40:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ME1wbXWbAhMRT7MZy1kzFdfjQJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/4bd00a-83ce-4134-b592-7243d9347143/1/nJg4iVJarxL5e8x1HAXywUZfgJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/4bd00a-83ce-4134-b592-7243d9347143/1/ME1wbXWbAhMRT7MZy1kzFdfjQJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.236.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:49:eb:98:ae:38:64:7c:84:d9:ed:92:a5:26:69:c0:c1:18:
         00:5a:dc:20:65:43:19:6b:13:d2:8f:ba:ce:b2:33:73:6c:f9:
         87:30:f1:8c:ec:8c:9a:c5:4e:3e:b1:e5:3f:df:5d:77:12:95:
         44:8d:f2:fa:49:4f:67:48:56:73:12:bb:c4:3c:1c:fe:ed:20:
         a7:23:d5:50:31:2f:39:9e:11:45:7a:b5:5a:b2:8e:ca:47:99:
         09:f0:f5:fc:9e:48:c9:27:26:3c:af:6d:f1:19:50:9e:ce:94:
         02:13:e8:54:9b:45:d5:af:cd:81:23:e2:2d:16:5e:50:01:82:
         97:28:32:6b:3e:52:ae:95:05:e0:f2:bb:e6:64:ab:b7:40:f1:
         78:a3:fe:e5:71:05:3b:84:a8:60:03:cf:37:0c:e0:65:78:1d:
         92:a5:ed:48:51:9b:94:4b:34:2e:33:bb:b9:61:a4:d8:5f:e7:
         27:10:de:91:23:c5:e2:f3:49:01:99:aa:95:58:3b:27:9b:15:
         26:fb:ca:0d:e8:49:dc:88:2f:c7:e2:86:03:01:66:98:bc:06:
         75:a1:ed:09:39:f2:e8:23:07:47:04:40:0f:ce:9f:c6:3f:a0:
         6e:87:84:59:13:10:49:e3:79:c3:93:77:bc:44:13:95:d7:6a:
         0e:e8:2a:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJToJnmAhtpYZKa5LDUpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwNGQ3MDZkNzU5YjAyMTMxMTRmYjMxOWNiNTkzMzE1ZDdl
MzQwOWIwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzk4Mzg4OTUyNWFhZjEyZjk3YmNjNzUxYzA1ZjJjMTQ2NWY4MDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhz3fjhJUby9sudrtKGOv1jPFFCDW
vBq5CK5HCVnFSHQGTJTppggjkDNHKbhuM0VYZZQECtOnfFLcw6bBMqgKwId2uqv9
OXk2YTNjdq3JcPc4iTtbFaeYI3KkU/51m1RQs9jyy3tBlRLJGceGykNbjpFGeoJ6
8npf4k6o6iYL7pGD5TwMQkLnHPA6BR7ag1SHiJ78zi2CbiFMbUMu1oHRvGeYBPdL
s0NmrbPQ/m4AlQTBayRhay6LVLuUYAobJCnOL9S9/VWhCuVnJvyQzgye8FxMT9RU
+oYukzswPobW6ANVZZ6GTXVr+VotMFrGSI+HTk3FiMsFqcAvt7InABvyAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyYOIlSWq8S+XvMdRwF8sFGX4CWMB8GA1UdIwQY
MBaAFDBNcG11mwITEU+zGctZMxXX40CbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUUxd2JYV2JBaE1SVDdNWnkxa3pGZGZqUUpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My80YmQwMGEtODNjZS00MTM0LWI1OTIt
NzI0M2Q5MzQ3MTQzLzEvbkpnNGlWSmFyeEw1ZTh4MUhBWHl3VVpmZ0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My80YmQwMGEtODNjZS00MTM0LWI1OTItNzI0M2Q5MzQ3MTQz
LzEvTUUxd2JYV2JBaE1SVDdNWnkxa3pGZGZqUUpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuewoMA0G
CSqGSIb3DQEBCwUAA4IBAQB1SeuYrjhkfITZ7ZKlJmnAwRgAWtwgZUMZaxPSj7rO
sjNzbPmHMPGM7IyaxU4+seU/3113EpVEjfL6SU9nSFZzErvEPBz+7SCnI9VQMS85
nhFFerVaso7KR5kJ8PX8nkjJJyY8r23xGVCezpQCE+hUm0XVr82BI+ItFl5QAYKX
KDJrPlKulQXg8rvmZKu3QPF4o/7lcQU7hKhgA883DOBleB2Spe1IUZuUSzQuM7u5
YaTYX+cnEN6RI8Xi80kBmaqVWDsnmxUm+8oN6EnciC/H4oYDAWaYvAZ1oe0JOfLo
IwdHBEAPzp/GP6Buh4RZExBJ43nDk3e8RBOV12oO6CoY
-----END CERTIFICATE-----