Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/f35fb5-0f67-44e4-9a54-fd6f235daf0b/1/_aPn1Zgy3niNjs6Xa_jSXvMkXC8.roa
File:                     _aPn1Zgy3niNjs6Xa_jSXvMkXC8.roa (raw, json)
Hash identifier:          bb8WZ5zc2mCbTAFHvRNaqmIiRjL93GKG//IxPOHGI6U=
Subject key identifier:   FD:A3:E7:D5:98:32:DE:78:8D:8E:CE:97:6B:F8:D2:5E:F3:24:5C:2F
Certificate issuer:       /CN=519e71d1b8605a33b9dd654ba38ddfabc1cef5eb
Certificate serial:       018D3FA14AD398F94C57FB57C20CBD19334C
Authority key identifier: 51:9E:71:D1:B8:60:5A:33:B9:DD:65:4B:A3:8D:DF:AB:C1:CE:F5:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UZ5x0bhgWjO53WVLo43fq8HO9es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/f35fb5-0f67-44e4-9a54-fd6f235daf0b/1/_aPn1Zgy3niNjs6Xa_jSXvMkXC8.roa
Signing time:             Thu 25 Jan 2024 07:59:11 +0000
ROA not before:           Thu 25 Jan 2024 07:59:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34863
IP address blocks:        194.36.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/f35fb5-0f67-44e4-9a54-fd6f235daf0b/1/UZ5x0bhgWjO53WVLo43fq8HO9es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/f35fb5-0f67-44e4-9a54-fd6f235daf0b/1/UZ5x0bhgWjO53WVLo43fq8HO9es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UZ5x0bhgWjO53WVLo43fq8HO9es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3f:a1:4a:d3:98:f9:4c:57:fb:57:c2:0c:bd:19:33:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=519e71d1b8605a33b9dd654ba38ddfabc1cef5eb
        Validity
            Not Before: Jan 25 07:59:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fda3e7d59832de788d8ece976bf8d25ef3245c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:12:2b:8a:3c:9c:70:73:03:a6:ca:96:91:0d:
                    bc:51:49:ea:d9:2c:92:02:db:75:6c:97:39:17:e8:
                    e1:7f:3f:54:70:6f:fd:ce:df:ed:df:15:64:6a:fc:
                    60:f8:33:11:a0:ea:21:81:f6:e8:bf:d1:98:09:27:
                    b4:97:45:79:20:6f:0e:5e:97:37:00:1f:b8:f2:98:
                    f2:a7:f4:52:7c:7c:aa:dc:48:0c:4c:bd:54:b8:95:
                    c1:55:2b:20:92:01:86:c8:fa:67:dd:5d:9a:ce:00:
                    f8:1f:76:cb:56:69:92:f8:df:9c:7d:0b:65:2d:d7:
                    e3:e7:d5:41:11:ca:bc:66:b6:2c:80:f3:be:81:ea:
                    18:c3:e1:cb:94:20:68:33:3d:2f:1a:47:68:2a:6b:
                    cc:89:b1:c6:03:a0:b8:55:87:14:a7:c2:94:4a:af:
                    2a:ab:93:45:7d:c1:5d:1f:c1:cb:e2:ad:6e:39:16:
                    92:11:56:5a:5f:b8:06:04:26:51:d7:00:4d:2d:13:
                    c7:6e:2c:7c:46:c9:0e:73:5a:7c:b2:34:75:87:a9:
                    41:d9:2f:d4:5e:05:f4:b7:32:e3:90:16:d2:a8:c6:
                    18:a9:b5:ba:b0:da:20:29:b5:80:9d:05:7c:d9:77:
                    27:e7:bc:d2:f4:aa:1b:eb:44:8b:1a:17:05:47:fa:
                    39:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:A3:E7:D5:98:32:DE:78:8D:8E:CE:97:6B:F8:D2:5E:F3:24:5C:2F
            X509v3 Authority Key Identifier:
                keyid:51:9E:71:D1:B8:60:5A:33:B9:DD:65:4B:A3:8D:DF:AB:C1:CE:F5:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UZ5x0bhgWjO53WVLo43fq8HO9es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/f35fb5-0f67-44e4-9a54-fd6f235daf0b/1/_aPn1Zgy3niNjs6Xa_jSXvMkXC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/f35fb5-0f67-44e4-9a54-fd6f235daf0b/1/UZ5x0bhgWjO53WVLo43fq8HO9es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:02:73:9a:ab:ab:19:fb:10:f2:db:c0:5b:fb:2b:23:51:cc:
         e8:35:c3:db:a4:e4:34:5d:a6:68:9d:83:cb:15:ff:1f:92:ed:
         5e:76:6e:b8:44:eb:3e:99:6d:dd:dc:5f:7f:00:fc:93:ec:11:
         a5:0c:99:1b:d7:9b:c3:05:49:29:53:50:0e:c8:7f:be:ef:c0:
         a1:0a:3d:1f:80:09:81:a8:ce:4a:33:0f:52:7c:e8:ea:34:c3:
         4a:64:51:20:2e:8b:59:0c:a2:82:7b:b3:64:e3:ae:99:b6:10:
         e8:cb:d4:d0:06:0b:86:d0:a7:93:82:e1:05:ea:25:25:7e:90:
         7f:ee:0d:7c:27:77:17:28:70:d9:c7:e2:32:c7:75:2f:89:37:
         c6:47:22:0c:d2:0e:96:91:83:4c:67:e3:e2:f9:a7:b2:30:9b:
         2f:b9:2c:b3:ac:54:44:50:73:d3:41:46:36:0e:a7:e6:40:be:
         04:4a:81:83:83:1c:c1:65:72:9b:55:d8:77:b8:e2:d1:df:39:
         d4:a5:e4:f4:a5:89:b0:53:c0:01:41:2c:d7:a0:23:64:8b:22:
         3c:18:83:c1:dc:50:af:d2:c3:e6:0d:5d:02:6f:3c:c2:3a:ab:
         ba:a3:dd:32:60:52:eb:26:70:d1:af:03:85:f8:0e:45:ea:62:
         77:9c:71:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0/oUrTmPlMV/tXwgy9GTNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxOWU3MWQxYjg2MDVhMzNiOWRkNjU0YmEzOGRkZmFiYzFj
ZWY1ZWIwHhcNMjQwMTI1MDc1OTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGEzZTdkNTk4MzJkZTc4OGQ4ZWNlOTc2YmY4ZDI1ZWYzMjQ1YzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hIrijyccHMDpsqWkQ28UUnq2SyS
Att1bJc5F+jhfz9UcG/9zt/t3xVkavxg+DMRoOohgfbov9GYCSe0l0V5IG8OXpc3
AB+48pjyp/RSfHyq3EgMTL1UuJXBVSsgkgGGyPpn3V2azgD4H3bLVmmS+N+cfQtl
Ldfj59VBEcq8ZrYsgPO+geoYw+HLlCBoMz0vGkdoKmvMibHGA6C4VYcUp8KUSq8q
q5NFfcFdH8HL4q1uORaSEVZaX7gGBCZR1wBNLRPHbix8RskOc1p8sjR1h6lB2S/U
XgX0tzLjkBbSqMYYqbW6sNogKbWAnQV82Xcn57zS9Kob60SLGhcFR/o5dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2j59WYMt54jY7Ol2v40l7zJFwvMB8GA1UdIwQY
MBaAFFGecdG4YFozud1lS6ON36vBzvXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVo1eDBiaGdXak81M1dWTG80M2ZxOEhPOWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9mMzVmYjUtMGY2Ny00NGU0LTlhNTQt
ZmQ2ZjIzNWRhZjBiLzEvX2FQbjFaZ3kzbmlOanM2WGFfalNYdk1rWEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9mMzVmYjUtMGY2Ny00NGU0LTlhNTQtZmQ2ZjIzNWRhZjBi
LzEvVVo1eDBiaGdXak81M1dWTG80M2ZxOEhPOWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiRSMA0G
CSqGSIb3DQEBCwUAA4IBAQCAAnOaq6sZ+xDy28Bb+ysjUczoNcPbpOQ0XaZonYPL
Ff8fku1edm64ROs+mW3d3F9/APyT7BGlDJkb15vDBUkpU1AOyH++78ChCj0fgAmB
qM5KMw9SfOjqNMNKZFEgLotZDKKCe7Nk466ZthDoy9TQBguG0KeTguEF6iUlfpB/
7g18J3cXKHDZx+Iyx3UviTfGRyIM0g6WkYNMZ+Pi+aeyMJsvuSyzrFREUHPTQUY2
DqfmQL4ESoGDgxzBZXKbVdh3uOLR3znUpeT0pYmwU8ABQSzXoCNkiyI8GIPB3FCv
0sPmDV0CbzzCOqu6o90yYFLrJnDRrwOF+A5F6mJ3nHEZ
-----END CERTIFICATE-----