Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/NiL73yOoy8sg99tJk9iLOgPf11w.roa
File:                     NiL73yOoy8sg99tJk9iLOgPf11w.roa (raw, json)
Hash identifier:          0dWhE8LkPTCFlkzHTxRS8a+mDqEgM8ZRYJMdBlp3Gyg=
Subject key identifier:   36:22:FB:DF:23:A8:CB:CB:20:F7:DB:49:93:D8:8B:3A:03:DF:D7:5C
Certificate issuer:       /CN=705e75dbcce5fcdd91d8a99e5a1b2c995b812775
Certificate serial:       018CC80148188861B6AC0EB48C85616BF57D
Authority key identifier: 70:5E:75:DB:CC:E5:FC:DD:91:D8:A9:9E:5A:1B:2C:99:5B:81:27:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cF5128zl_N2R2KmeWhssmVuBJ3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/NiL73yOoy8sg99tJk9iLOgPf11w.roa
Signing time:             Tue 02 Jan 2024 02:29:36 +0000
ROA not before:           Tue 02 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48309
IP address blocks:        188.136.137.0/24 maxlen: 24
                          188.136.136.0/24 maxlen: 24
                          188.136.139.0/24 maxlen: 24
                          188.136.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/cF5128zl_N2R2KmeWhssmVuBJ3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/cF5128zl_N2R2KmeWhssmVuBJ3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cF5128zl_N2R2KmeWhssmVuBJ3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:48:18:88:61:b6:ac:0e:b4:8c:85:61:6b:f5:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=705e75dbcce5fcdd91d8a99e5a1b2c995b812775
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3622fbdf23a8cbcb20f7db4993d88b3a03dfd75c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:37:4e:08:0a:fd:0e:60:eb:f6:25:f6:ea:9e:
                    75:6d:1d:b5:51:42:c2:66:84:35:be:b8:01:c9:80:
                    85:73:8d:35:5a:c1:1c:7e:af:43:2e:aa:f3:d4:41:
                    de:bf:f0:7d:3d:c1:85:c0:97:06:83:fc:7e:2c:90:
                    f0:78:d5:5f:d8:64:e9:8e:0d:03:22:0a:19:3b:a9:
                    97:bd:a5:c9:4d:e6:5f:ab:f8:40:4d:88:01:83:52:
                    0d:35:af:e4:ee:56:4b:e1:bc:72:d2:fd:56:91:76:
                    bf:35:e1:26:41:1d:93:ec:c9:f0:da:b3:0d:f9:20:
                    e2:1a:81:14:91:ff:26:d4:b2:be:ac:f4:ad:9d:c6:
                    cc:a4:40:ce:96:39:eb:50:fe:0e:e3:0a:2d:87:74:
                    4e:b8:97:2b:92:9f:2b:10:fc:ad:c5:76:f6:7a:32:
                    df:46:82:28:98:bd:8b:08:f2:9b:1b:57:6e:73:ed:
                    73:3e:3f:6e:8a:a1:a4:b3:13:b5:66:03:58:ed:ca:
                    bd:ab:5c:85:99:dd:6b:46:cf:c8:b2:c1:c3:ca:5d:
                    b6:cb:be:ee:41:b7:b7:f5:d7:c3:23:e7:5c:36:50:
                    f6:a4:2f:be:5f:cb:66:9c:87:7d:b0:31:34:7a:de:
                    7c:28:6a:c9:fc:1f:f4:9c:22:84:7e:a4:f2:0d:b3:
                    05:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:22:FB:DF:23:A8:CB:CB:20:F7:DB:49:93:D8:8B:3A:03:DF:D7:5C
            X509v3 Authority Key Identifier:
                keyid:70:5E:75:DB:CC:E5:FC:DD:91:D8:A9:9E:5A:1B:2C:99:5B:81:27:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cF5128zl_N2R2KmeWhssmVuBJ3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/NiL73yOoy8sg99tJk9iLOgPf11w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/c1f448-8808-4a2f-bffa-f8b48baccd9b/1/cF5128zl_N2R2KmeWhssmVuBJ3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.136.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:73:09:88:d9:1d:93:82:39:4b:51:9a:2a:46:8a:b2:fb:87:
         72:8b:26:95:e3:54:24:ac:4b:65:82:eb:58:03:48:e5:66:10:
         26:7d:e2:6d:76:88:b9:0b:77:77:7f:68:a5:53:8a:45:c0:5d:
         fc:95:e3:f5:0b:02:eb:51:d0:66:e9:64:0a:37:02:e3:d9:30:
         f8:0c:34:b3:2f:bc:1e:a1:cf:29:2a:35:f3:7d:13:53:28:14:
         47:b0:bd:b0:32:43:46:8f:c5:44:04:6f:e0:9b:94:28:b4:33:
         3e:73:39:a3:1e:cc:67:de:35:6c:70:e8:79:ea:92:d6:11:68:
         2f:63:7b:0d:04:2e:99:14:fd:d8:a2:45:f9:96:c1:36:90:b5:
         de:78:da:c3:23:15:03:f8:f3:88:f7:99:71:18:c8:57:3a:7a:
         da:6c:3a:75:62:73:b6:ff:6c:aa:53:2e:bd:eb:ac:a5:29:e6:
         92:af:23:13:42:d5:29:46:0b:a4:be:b5:9f:ed:ce:3b:98:5f:
         92:02:2a:eb:8e:ca:01:b6:3f:66:6d:bc:17:65:ac:e2:b4:f7:
         81:bb:d2:70:87:76:db:f5:da:a4:0f:ff:e1:1d:b0:a0:ba:47:
         da:97:02:0b:ce:6f:41:ed:e7:c8:f8:ca:78:2b:c3:05:d2:0f:
         dc:db:16:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUgYiGG2rA60jIVha/V9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNWU3NWRiY2NlNWZjZGQ5MWQ4YTk5ZTVhMWIyYzk5NWI4
MTI3NzUwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjIyZmJkZjIzYThjYmNiMjBmN2RiNDk5M2Q4OGIzYTAzZGZkNzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjdOCAr9DmDr9iX26p51bR21UULC
ZoQ1vrgByYCFc401WsEcfq9DLqrz1EHev/B9PcGFwJcGg/x+LJDweNVf2GTpjg0D
IgoZO6mXvaXJTeZfq/hATYgBg1INNa/k7lZL4bxy0v1WkXa/NeEmQR2T7Mnw2rMN
+SDiGoEUkf8m1LK+rPStncbMpEDOljnrUP4O4woth3ROuJcrkp8rEPytxXb2ejLf
RoIomL2LCPKbG1duc+1zPj9uiqGksxO1ZgNY7cq9q1yFmd1rRs/IssHDyl22y77u
Qbe39dfDI+dcNlD2pC++X8tmnId9sDE0et58KGrJ/B/0nCKEfqTyDbMF2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYi+98jqMvLIPfbSZPYizoD39dcMB8GA1UdIwQY
MBaAFHBeddvM5fzdkdipnlobLJlbgSd1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0Y1MTI4emxfTjJSMkttZVdoc3NtVnVCSjNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9jMWY0NDgtODgwOC00YTJmLWJmZmEt
ZjhiNDhiYWNjZDliLzEvTmlMNzN5T295OHNnOTl0Sms5aUxPZ1BmMTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9jMWY0NDgtODgwOC00YTJmLWJmZmEtZjhiNDhiYWNjZDli
LzEvY0Y1MTI4emxfTjJSMkttZVdoc3NtVnVCSjNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvIiIMA0G
CSqGSIb3DQEBCwUAA4IBAQCucwmI2R2TgjlLUZoqRoqy+4dyiyaV41QkrEtlgutY
A0jlZhAmfeJtdoi5C3d3f2ilU4pFwF38leP1CwLrUdBm6WQKNwLj2TD4DDSzL7we
oc8pKjXzfRNTKBRHsL2wMkNGj8VEBG/gm5QotDM+czmjHsxn3jVscOh56pLWEWgv
Y3sNBC6ZFP3YokX5lsE2kLXeeNrDIxUD+POI95lxGMhXOnrabDp1YnO2/2yqUy69
66ylKeaSryMTQtUpRgukvrWf7c47mF+SAirrjsoBtj9mbbwXZazitPeBu9Jwh3bb
9dqkD//hHbCgukfalwILzm9B7efI+Mp4K8MF0g/c2xZX
-----END CERTIFICATE-----