Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/36xrfuE416F4dzRlTKluNVeSSN0.roa
File:                     36xrfuE416F4dzRlTKluNVeSSN0.roa (raw, json)
Hash identifier:          /28qzxpAmWMCAarvt7YTb2/utfuQqCciyp8UpCgnYBw=
Subject key identifier:   DF:AC:6B:7E:E1:38:D7:A1:78:77:34:65:4C:A9:6E:35:57:92:48:DD
Certificate issuer:       /CN=d5ee40f4589d6a11b24f7bbcc29ab9f9ae689719
Certificate serial:       0191BCE0EBB20068E348280490C70F01F1E7
Authority key identifier: D5:EE:40:F4:58:9D:6A:11:B2:4F:7B:BC:C2:9A:B9:F9:AE:68:97:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1e5A9FidahGyT3u8wpq5-a5olxk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/36xrfuE416F4dzRlTKluNVeSSN0.roa
Signing time:             Wed 04 Sep 2024 11:52:22 +0000
ROA not before:           Wed 04 Sep 2024 11:52:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58323
IP address blocks:        91.196.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/1e5A9FidahGyT3u8wpq5-a5olxk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/1e5A9FidahGyT3u8wpq5-a5olxk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1e5A9FidahGyT3u8wpq5-a5olxk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:e0:eb:b2:00:68:e3:48:28:04:90:c7:0f:01:f1:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5ee40f4589d6a11b24f7bbcc29ab9f9ae689719
        Validity
            Not Before: Sep  4 11:52:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfac6b7ee138d7a1787734654ca96e35579248dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b3:b0:04:e3:ff:f0:5c:51:9d:e8:a2:c9:4a:
                    41:3f:86:69:78:7e:4a:eb:cf:02:71:4c:d1:62:fd:
                    d9:5b:9e:37:65:69:d5:08:73:31:92:8f:28:03:d1:
                    ae:a4:48:30:93:f0:75:b7:f5:13:8e:04:a0:90:ef:
                    99:26:d9:65:47:f0:c1:8e:f9:5f:4e:01:da:12:97:
                    c9:d2:1b:73:63:08:eb:38:4d:12:d4:16:58:ac:d6:
                    61:1a:93:7d:0f:ca:7c:8a:e3:d3:5f:9e:b7:35:59:
                    9a:38:2c:5b:fd:c5:7a:96:1a:c5:93:40:71:0a:46:
                    19:46:2a:d2:e6:dc:db:f3:d3:8c:71:b3:7c:71:55:
                    eb:56:c8:c7:9a:52:24:2a:62:09:70:1a:fe:ae:53:
                    d6:73:41:cc:3f:8d:64:e9:c7:16:af:e3:14:96:cb:
                    57:5e:4e:24:94:16:ca:52:09:86:6f:cf:ca:94:fe:
                    80:53:1e:24:c6:24:a6:1e:14:19:08:fe:35:91:b5:
                    14:e2:6e:14:41:3e:db:2d:a9:e6:22:86:0a:ec:71:
                    ba:14:c8:ae:d8:dc:ff:5a:8c:ab:14:2b:65:66:ba:
                    2e:7c:37:f7:1c:7b:6c:2f:1b:26:12:4f:51:e0:c4:
                    03:eb:11:77:64:14:d6:72:dc:1d:66:06:cd:7a:79:
                    00:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:AC:6B:7E:E1:38:D7:A1:78:77:34:65:4C:A9:6E:35:57:92:48:DD
            X509v3 Authority Key Identifier:
                keyid:D5:EE:40:F4:58:9D:6A:11:B2:4F:7B:BC:C2:9A:B9:F9:AE:68:97:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e5A9FidahGyT3u8wpq5-a5olxk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/36xrfuE416F4dzRlTKluNVeSSN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8c1306-7805-417d-be63-9ea2a6fb6a81/1/1e5A9FidahGyT3u8wpq5-a5olxk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:ee:35:94:bc:f7:31:ba:3a:37:a6:89:98:37:b5:5c:e7:ad:
         bc:ba:4b:e8:5a:19:e1:67:7f:ef:42:53:b8:28:11:a8:91:3f:
         22:4a:17:b0:aa:d9:60:07:d4:24:9c:8a:c2:06:01:7a:0e:cd:
         c9:e3:ca:ff:85:d2:f6:57:6b:0f:02:81:12:c9:46:40:6a:bc:
         af:70:15:5b:9a:13:19:fb:c5:bf:cc:13:c1:e6:d5:8a:9a:71:
         a1:19:da:36:ee:c4:53:31:f3:c7:a9:52:04:1c:2f:2e:65:66:
         f0:b1:f2:8e:6f:8b:c6:bd:c8:4b:9e:a9:7e:04:74:f7:43:a1:
         f5:80:b3:cd:68:72:44:7b:86:14:06:c0:33:e6:ae:58:0e:b7:
         2a:0d:6b:cd:c4:80:20:d2:20:de:93:dd:d8:c5:0f:7e:48:ab:
         91:36:cb:f1:f4:53:75:11:6d:34:95:9a:25:16:dd:76:b3:73:
         1d:55:ff:f8:58:f5:c9:3e:1d:9e:82:f4:10:2a:6d:4b:c6:21:
         f7:bf:f9:44:8e:83:d7:d6:b0:70:96:e5:75:11:ee:4d:52:b2:
         6a:87:45:84:34:66:9c:c0:39:b1:df:5a:bf:fa:40:22:34:3c:
         da:b3:c6:87:32:e4:13:ab:7a:5b:28:2e:ba:ab:11:ec:9f:0c:
         da:a0:c9:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG84OuyAGjjSCgEkMcPAfHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZWU0MGY0NTg5ZDZhMTFiMjRmN2JiY2MyOWFiOWY5YWU2
ODk3MTkwHhcNMjQwOTA0MTE1MjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmFjNmI3ZWUxMzhkN2ExNzg3NzM0NjU0Y2E5NmUzNTU3OTI0OGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7OwBOP/8FxRneiiyUpBP4ZpeH5K
688CcUzRYv3ZW543ZWnVCHMxko8oA9GupEgwk/B1t/UTjgSgkO+ZJtllR/DBjvlf
TgHaEpfJ0htzYwjrOE0S1BZYrNZhGpN9D8p8iuPTX563NVmaOCxb/cV6lhrFk0Bx
CkYZRirS5tzb89OMcbN8cVXrVsjHmlIkKmIJcBr+rlPWc0HMP41k6ccWr+MUlstX
Xk4klBbKUgmGb8/KlP6AUx4kxiSmHhQZCP41kbUU4m4UQT7bLanmIoYK7HG6FMiu
2Nz/WoyrFCtlZroufDf3HHtsLxsmEk9R4MQD6xF3ZBTWctwdZgbNenkAyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+sa37hONeheHc0ZUypbjVXkkjdMB8GA1UdIwQY
MBaAFNXuQPRYnWoRsk97vMKaufmuaJcZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWU1QTlGaWRhaEd5VDN1OHdwcTUtYTVvbHhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84YzEzMDYtNzgwNS00MTdkLWJlNjMt
OWVhMmE2ZmI2YTgxLzEvMzZ4cmZ1RTQxNkY0ZHpSbFRLbHVOVmVTU04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84YzEzMDYtNzgwNS00MTdkLWJlNjMtOWVhMmE2ZmI2YTgx
LzEvMWU1QTlGaWRhaEd5VDN1OHdwcTUtYTVvbHhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8SbMA0G
CSqGSIb3DQEBCwUAA4IBAQAF7jWUvPcxujo3pomYN7Vc5628ukvoWhnhZ3/vQlO4
KBGokT8iShewqtlgB9QknIrCBgF6Ds3J48r/hdL2V2sPAoESyUZAaryvcBVbmhMZ
+8W/zBPB5tWKmnGhGdo27sRTMfPHqVIEHC8uZWbwsfKOb4vGvchLnql+BHT3Q6H1
gLPNaHJEe4YUBsAz5q5YDrcqDWvNxIAg0iDek93YxQ9+SKuRNsvx9FN1EW00lZol
Ft12s3MdVf/4WPXJPh2egvQQKm1LxiH3v/lEjoPX1rBwluV1Ee5NUrJqh0WENGac
wDmx31q/+kAiNDzas8aHMuQTq3pbKC66qxHsnwzaoMlC
-----END CERTIFICATE-----