Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/940a74-a2f2-4bd6-8e5a-9554a5ac36bb/1/vGj9owWwDQXkqkBximamafN1MDo.roa
File:                     vGj9owWwDQXkqkBximamafN1MDo.roa (raw, json)
Hash identifier:          2HpBMt8X11r2hGWaV9sCh0EoHqDuXgMkFmsTG04vFYg=
Subject key identifier:   BC:68:FD:A3:05:B0:0D:05:E4:AA:40:71:8A:66:A6:69:F3:75:30:3A
Certificate issuer:       /CN=7bb3382c16a0a5615990d4bce634dc51682f2eaa
Certificate serial:       018CC64AF640214BA4020F050981D6DCFF87
Authority key identifier: 7B:B3:38:2C:16:A0:A5:61:59:90:D4:BC:E6:34:DC:51:68:2F:2E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e7M4LBagpWFZkNS85jTcUWgvLqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/940a74-a2f2-4bd6-8e5a-9554a5ac36bb/1/vGj9owWwDQXkqkBximamafN1MDo.roa
Signing time:             Mon 01 Jan 2024 18:30:50 +0000
ROA not before:           Mon 01 Jan 2024 18:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47160
IP address blocks:        87.236.35.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/940a74-a2f2-4bd6-8e5a-9554a5ac36bb/1/e7M4LBagpWFZkNS85jTcUWgvLqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/940a74-a2f2-4bd6-8e5a-9554a5ac36bb/1/e7M4LBagpWFZkNS85jTcUWgvLqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e7M4LBagpWFZkNS85jTcUWgvLqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:f6:40:21:4b:a4:02:0f:05:09:81:d6:dc:ff:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bb3382c16a0a5615990d4bce634dc51682f2eaa
        Validity
            Not Before: Jan  1 18:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bc68fda305b00d05e4aa40718a66a669f375303a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:90:71:2a:4d:1c:bd:1f:c0:f7:de:bb:94:ed:
                    ff:37:66:95:22:7f:48:44:5a:d6:55:35:9d:31:cf:
                    6f:d8:2d:d0:d0:6b:07:de:aa:6c:83:b8:80:72:40:
                    04:37:62:f4:56:90:b8:0e:24:0b:48:a5:66:0e:0f:
                    91:56:a1:34:a6:96:5c:08:24:16:fb:67:e4:71:da:
                    0c:1d:a8:a5:20:65:f0:59:bd:28:c1:ef:4a:cc:63:
                    df:45:c0:91:fa:60:0d:0b:66:5e:db:8a:a8:ec:10:
                    6e:56:e0:8c:36:8b:c3:2a:cb:e2:20:4d:9f:0d:70:
                    5c:5f:76:f9:fa:a9:04:51:52:98:26:35:e7:aa:b9:
                    67:67:1c:e0:5b:ea:e8:26:a0:7a:64:f5:85:e6:78:
                    a7:46:65:4a:34:6f:b1:0e:cf:eb:51:33:03:2d:a6:
                    5d:da:45:c5:15:44:90:9b:06:3d:57:3a:21:51:ad:
                    9c:fe:e9:8f:5f:a3:ed:a9:14:70:62:91:e4:6f:be:
                    e3:ad:94:de:ae:24:76:0c:26:41:3d:1b:7f:5a:f3:
                    82:8d:1a:df:2e:44:9c:5d:25:09:2c:76:35:42:b1:
                    2e:68:83:f0:e7:ce:d1:d4:ce:eb:a2:ab:59:3a:28:
                    4b:86:a0:4a:02:6a:44:80:c6:35:fc:a7:e5:48:e7:
                    c3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:68:FD:A3:05:B0:0D:05:E4:AA:40:71:8A:66:A6:69:F3:75:30:3A
            X509v3 Authority Key Identifier:
                keyid:7B:B3:38:2C:16:A0:A5:61:59:90:D4:BC:E6:34:DC:51:68:2F:2E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7M4LBagpWFZkNS85jTcUWgvLqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/940a74-a2f2-4bd6-8e5a-9554a5ac36bb/1/vGj9owWwDQXkqkBximamafN1MDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/940a74-a2f2-4bd6-8e5a-9554a5ac36bb/1/e7M4LBagpWFZkNS85jTcUWgvLqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:d3:2d:00:bc:b6:cc:f5:a1:69:3d:e8:5d:72:18:76:ed:b7:
         89:d0:4f:b2:98:ee:73:33:32:e3:02:48:37:ca:64:c3:01:06:
         63:b9:b9:00:e5:d6:c2:c7:85:ca:eb:d6:ed:97:6d:01:fa:bc:
         d1:1d:d5:18:44:39:c3:d8:22:9b:2d:60:6b:38:d9:39:0e:cb:
         83:ae:99:f2:c5:a4:47:db:86:72:7d:c5:96:f9:e4:10:9c:84:
         c5:cf:3d:77:02:a6:bc:53:de:28:e2:b8:1e:db:89:aa:10:18:
         4e:fa:84:f8:15:34:8a:7d:f6:d6:f6:2f:f9:6b:2f:dc:d3:0d:
         9e:2c:1c:ab:93:ef:5c:5d:b6:04:c4:1c:9a:e9:90:c0:c0:a9:
         6c:a7:11:58:78:1f:4c:34:ff:e2:2e:84:b7:ad:a3:bd:3a:ab:
         4d:6c:1f:01:67:56:bf:3a:f6:b6:d5:10:81:3a:49:9b:02:5a:
         3a:c9:2b:0c:cc:78:0c:65:f6:a8:0f:81:9d:61:7b:21:9d:84:
         3a:c9:cd:50:d4:28:75:1f:1f:b1:72:2a:2e:17:50:36:5a:bd:
         9f:8f:cd:c5:8f:c8:79:eb:96:b4:04:6a:36:04:55:eb:bb:82:
         3d:6d:eb:1e:c8:29:f2:ff:0d:12:82:14:dc:b0:42:f2:48:d7:
         8a:ae:a4:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSvZAIUukAg8FCYHW3P+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYjMzODJjMTZhMGE1NjE1OTkwZDRiY2U2MzRkYzUxNjgy
ZjJlYWEwHhcNMjQwMTAxMTgzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzY4ZmRhMzA1YjAwZDA1ZTRhYTQwNzE4YTY2YTY2OWYzNzUzMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pBxKk0cvR/A9967lO3/N2aVIn9I
RFrWVTWdMc9v2C3Q0GsH3qpsg7iAckAEN2L0VpC4DiQLSKVmDg+RVqE0ppZcCCQW
+2fkcdoMHailIGXwWb0owe9KzGPfRcCR+mANC2Ze24qo7BBuVuCMNovDKsviIE2f
DXBcX3b5+qkEUVKYJjXnqrlnZxzgW+roJqB6ZPWF5ninRmVKNG+xDs/rUTMDLaZd
2kXFFUSQmwY9VzohUa2c/umPX6PtqRRwYpHkb77jrZTeriR2DCZBPRt/WvOCjRrf
LkScXSUJLHY1QrEuaIPw587R1M7roqtZOihLhqBKAmpEgMY1/KflSOfDOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxo/aMFsA0F5KpAcYpmpmnzdTA6MB8GA1UdIwQY
MBaAFHuzOCwWoKVhWZDUvOY03FFoLy6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTdNNExCYWdwV0Zaa05TODVqVGNVV2d2THFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85NDBhNzQtYTJmMi00YmQ2LThlNWEt
OTU1NGE1YWMzNmJiLzEvdkdqOW93V3dEUVhrcWtCeGltYW1hZk4xTURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85NDBhNzQtYTJmMi00YmQ2LThlNWEtOTU1NGE1YWMzNmJi
LzEvZTdNNExCYWdwV0Zaa05TODVqVGNVV2d2THFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+wjMA0G
CSqGSIb3DQEBCwUAA4IBAQBc0y0AvLbM9aFpPehdchh27beJ0E+ymO5zMzLjAkg3
ymTDAQZjubkA5dbCx4XK69btl20B+rzRHdUYRDnD2CKbLWBrONk5DsuDrpnyxaRH
24ZyfcWW+eQQnITFzz13Aqa8U94o4rge24mqEBhO+oT4FTSKffbW9i/5ay/c0w2e
LByrk+9cXbYExBya6ZDAwKlspxFYeB9MNP/iLoS3raO9OqtNbB8BZ1a/Ova21RCB
OkmbAlo6ySsMzHgMZfaoD4GdYXshnYQ6yc1Q1Ch1Hx+xciouF1A2Wr2fj83Fj8h5
65a0BGo2BFXru4I9beseyCny/w0SghTcsELySNeKrqRA
-----END CERTIFICATE-----