Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/oFbJbYcc6gdpEGAqxFN_CO5NGtg.roa
File:                     oFbJbYcc6gdpEGAqxFN_CO5NGtg.roa (raw, json)
Hash identifier:          8SJGBpKrbrQeCbjG0qEZPHrYb5oSUWBNsnVX4isR9/0=
Subject key identifier:   A0:56:C9:6D:87:1C:EA:07:69:10:60:2A:C4:53:7F:08:EE:4D:1A:D8
Certificate issuer:       /CN=177e11f5233e933999a2a0c68903fc275ae459e6
Certificate serial:       018E08EE57BBEA669B202D95758F1F8CAA8C
Authority key identifier: 17:7E:11:F5:23:3E:93:39:99:A2:A0:C6:89:03:FC:27:5A:E4:59:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/oFbJbYcc6gdpEGAqxFN_CO5NGtg.roa
Signing time:             Mon 04 Mar 2024 10:07:01 +0000
ROA not before:           Mon 04 Mar 2024 10:07:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34636
IP address blocks:        185.63.113.0/24 maxlen: 24
                          2a14:fc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:08:ee:57:bb:ea:66:9b:20:2d:95:75:8f:1f:8c:aa:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=177e11f5233e933999a2a0c68903fc275ae459e6
        Validity
            Not Before: Mar  4 10:07:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a056c96d871cea076910602ac4537f08ee4d1ad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:39:51:af:c9:0d:3b:64:20:70:ce:8f:06:67:
                    93:49:6b:78:ff:8d:da:79:1a:28:f0:e4:a0:d7:2a:
                    e3:09:4a:06:93:a4:08:61:70:1e:05:ed:15:7d:09:
                    ac:87:67:d8:34:24:f6:eb:ec:7a:e1:c8:9b:a6:2f:
                    4a:28:5c:b5:2b:9f:1a:59:48:39:16:a4:71:6c:06:
                    0b:27:75:82:2a:ed:61:c7:78:f9:f2:f5:d3:57:79:
                    aa:f1:ae:09:69:a9:cb:8b:62:d5:7c:c9:00:00:f9:
                    a0:fb:17:0a:27:44:de:4f:ed:34:29:87:57:5c:bd:
                    6f:0f:66:7a:c1:24:2c:81:e3:d3:0d:ef:01:1f:aa:
                    58:e9:e7:c7:a8:a6:fd:aa:62:45:fa:c3:c2:73:3c:
                    05:34:88:e2:67:55:a1:e1:99:0f:55:65:ce:6f:70:
                    f4:e2:9a:52:b3:0b:ff:52:00:61:4e:53:15:7b:62:
                    4f:a3:bc:42:f5:e7:31:b9:97:4f:ee:89:df:bf:ff:
                    87:e3:70:0e:1b:ce:08:0d:a7:89:05:85:99:5c:df:
                    59:81:b2:13:c7:09:6c:b7:64:bd:c5:7c:0d:95:7f:
                    4b:ab:86:d7:de:e2:58:dc:81:fe:7b:20:69:96:8c:
                    6d:4c:0a:a9:c7:ff:42:28:24:91:18:86:4f:15:b8:
                    14:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:56:C9:6D:87:1C:EA:07:69:10:60:2A:C4:53:7F:08:EE:4D:1A:D8
            X509v3 Authority Key Identifier:
                keyid:17:7E:11:F5:23:3E:93:39:99:A2:A0:C6:89:03:FC:27:5A:E4:59:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F34R9SM-kzmZoqDGiQP8J1rkWeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/oFbJbYcc6gdpEGAqxFN_CO5NGtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/119dcd-84e1-48d5-a280-aa09d6e1ffee/1/F34R9SM-kzmZoqDGiQP8J1rkWeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.113.0/24
                IPv6:
                  2a14:fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9e:79:05:36:30:9f:d2:04:24:83:e7:69:c2:8e:da:ca:3a:98:
         5e:f6:2c:0c:51:1d:a6:86:49:9e:48:d4:2b:f7:29:65:98:44:
         f0:61:0a:79:37:4b:81:9c:e6:e4:2b:4c:e3:59:d3:d5:ed:29:
         66:4d:e6:b5:d3:dc:e0:47:e1:5d:88:0a:72:fc:77:91:1f:0e:
         57:63:e0:c7:6f:15:ec:bf:a4:cb:e6:42:ad:19:c2:dc:c6:e7:
         c0:7b:43:4f:15:5a:c8:e4:56:86:f7:86:a2:39:cc:de:e4:32:
         c3:0a:68:52:c2:9b:16:4a:c6:a1:10:1c:bf:14:c8:5a:bd:82:
         ef:cd:cf:39:e6:e3:e4:3d:e7:a3:70:e0:88:d3:c3:a1:7f:49:
         cd:d8:0b:c3:36:58:82:ec:a0:d8:29:3f:b4:b8:55:28:af:9e:
         44:af:78:c8:66:b5:58:37:25:c1:e1:f0:a6:3e:06:04:53:85:
         9a:41:d4:cb:de:f0:27:44:a7:96:8b:06:96:ce:a0:a5:56:52:
         b5:7a:a0:b2:60:e1:19:57:e0:1e:7b:57:2b:2d:bc:0b:94:67:
         30:e6:bb:f5:f3:46:83:c0:cb:3b:3d:7f:e2:5c:5d:ee:ce:8d:
         95:30:c3:f9:df:e1:a2:1d:c7:13:e7:c1:e7:69:4d:40:a9:f9:
         b8:22:81:e6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY4I7le76mabIC2VdY8fjKqMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3N2UxMWY1MjMzZTkzMzk5OWEyYTBjNjg5MDNmYzI3NWFl
NDU5ZTYwHhcNMjQwMzA0MTAwNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDU2Yzk2ZDg3MWNlYTA3NjkxMDYwMmFjNDUzN2YwOGVlNGQxYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDlRr8kNO2QgcM6PBmeTSWt4/43a
eRoo8OSg1yrjCUoGk6QIYXAeBe0VfQmsh2fYNCT26+x64cibpi9KKFy1K58aWUg5
FqRxbAYLJ3WCKu1hx3j58vXTV3mq8a4JaanLi2LVfMkAAPmg+xcKJ0TeT+00KYdX
XL1vD2Z6wSQsgePTDe8BH6pY6efHqKb9qmJF+sPCczwFNIjiZ1Wh4ZkPVWXOb3D0
4ppSswv/UgBhTlMVe2JPo7xC9ecxuZdP7onfv/+H43AOG84IDaeJBYWZXN9ZgbIT
xwlst2S9xXwNlX9Lq4bX3uJY3IH+eyBploxtTAqpx/9CKCSRGIZPFbgUCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKBWyW2HHOoHaRBgKsRTfwjuTRrYMB8GA1UdIwQY
MBaAFBd+EfUjPpM5maKgxokD/Cda5FnmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjM0UjlTTS1rem1ab3FER2lRUDhKMXJrV2VZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xMTlkY2QtODRlMS00OGQ1LWEyODAt
YWEwOWQ2ZTFmZmVlLzEvb0ZiSmJZY2M2Z2RwRUdBcXhGTl9DTzVOR3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xMTlkY2QtODRlMS00OGQ1LWEyODAtYWEwOWQ2ZTFmZmVl
LzEvRjM0UjlTTS1rem1ab3FER2lRUDhKMXJrV2VZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuT9xMA0E
AgACMAcDBQMqFA/AMA0GCSqGSIb3DQEBCwUAA4IBAQCeeQU2MJ/SBCSD52nCjtrK
Ophe9iwMUR2mhkmeSNQr9yllmETwYQp5N0uBnObkK0zjWdPV7SlmTea109zgR+Fd
iApy/HeRHw5XY+DHbxXsv6TL5kKtGcLcxufAe0NPFVrI5FaG94aiOcze5DLDCmhS
wpsWSsahEBy/FMhavYLvzc855uPkPeejcOCI08Ohf0nN2AvDNliC7KDYKT+0uFUo
r55Er3jIZrVYNyXB4fCmPgYEU4WaQdTL3vAnRKeWiwaWzqClVlK1eqCyYOEZV+Ae
e1crLbwLlGcw5rv180aDwMs7PX/iXF3uzo2VMMP53+GiHccT58HnaU1Aqfm4IoHm
-----END CERTIFICATE-----