Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/RheBXVnMibhy3sOsxVvDn76pFW8.roa
File:                     RheBXVnMibhy3sOsxVvDn76pFW8.roa (raw, json)
Hash identifier:          5tO1lztUJdYeriMfZa4+VzMmJMf3OO4khxwik3DB/2I=
Subject key identifier:   46:17:81:5D:59:CC:89:B8:72:DE:C3:AC:C5:5B:C3:9F:BE:A9:15:6F
Certificate issuer:       /CN=5d88e4f7a302412c316a3bb599cdd2042b5ff485
Certificate serial:       018CC493537D81F870784BA1F431392EB71F
Authority key identifier: 5D:88:E4:F7:A3:02:41:2C:31:6A:3B:B5:99:CD:D2:04:2B:5F:F4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/RheBXVnMibhy3sOsxVvDn76pFW8.roa
Signing time:             Mon 01 Jan 2024 10:30:38 +0000
ROA not before:           Mon 01 Jan 2024 10:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204266
IP address blocks:        37.209.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:53:7d:81:f8:70:78:4b:a1:f4:31:39:2e:b7:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d88e4f7a302412c316a3bb599cdd2042b5ff485
        Validity
            Not Before: Jan  1 10:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4617815d59cc89b872dec3acc55bc39fbea9156f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:70:04:6a:22:30:09:b7:38:2f:71:bd:c6:5d:
                    2f:38:d8:23:5b:e1:4f:9e:3f:ec:2a:99:ab:c3:03:
                    b8:17:97:23:f2:04:8b:84:62:74:2f:cc:bf:7a:4c:
                    bf:2c:7e:27:90:d4:86:5f:6a:4f:ef:65:39:e7:a0:
                    3c:96:b1:0c:25:4c:fe:22:db:77:74:a5:ea:9a:37:
                    bd:50:a8:4e:44:dd:eb:fb:fe:d9:04:86:9f:f6:8f:
                    b6:f1:a5:12:d9:5f:50:1a:7b:03:19:d3:a7:1e:f2:
                    90:94:f8:23:86:29:71:20:a6:26:0b:56:fe:1a:4c:
                    59:58:3e:1f:6d:9e:17:5b:a6:d4:65:e2:03:94:60:
                    7a:10:44:23:6c:57:f9:9a:a7:41:f6:cb:06:b8:de:
                    59:3d:7c:74:30:25:76:8f:6e:5d:4e:36:5c:42:3d:
                    59:90:26:43:3c:98:70:dc:f5:02:76:d0:7d:0c:f5:
                    5c:70:64:96:87:74:54:ae:a5:45:e3:84:fb:99:29:
                    13:57:77:cf:08:6e:81:08:96:46:92:f0:ae:e3:bf:
                    e8:c1:c3:a3:d0:9c:e4:5f:62:62:a5:9b:91:61:66:
                    92:f3:7e:7f:1b:71:33:7f:ed:63:9b:ef:4d:11:10:
                    55:90:aa:80:24:0f:43:dd:9d:cf:73:ca:86:e1:ae:
                    bb:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:17:81:5D:59:CC:89:B8:72:DE:C3:AC:C5:5B:C3:9F:BE:A9:15:6F
            X509v3 Authority Key Identifier:
                keyid:5D:88:E4:F7:A3:02:41:2C:31:6A:3B:B5:99:CD:D2:04:2B:5F:F4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYjk96MCQSwxaju1mc3SBCtf9IU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/RheBXVnMibhy3sOsxVvDn76pFW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/760c0f-12ab-483d-8cdb-57e1d5b72b2d/1/XYjk96MCQSwxaju1mc3SBCtf9IU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.209.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:97:a9:53:44:a9:71:0f:5c:68:d6:06:e6:88:b8:6e:a7:ac:
         0f:ab:97:69:d7:54:91:24:f5:10:fa:f3:6e:6e:df:1a:8a:ba:
         ee:16:0d:0d:38:ff:5a:f4:70:3a:8f:16:91:8b:7c:a3:28:2b:
         6a:ed:52:35:d5:7f:50:9b:ae:7d:93:93:df:30:cc:7a:fd:27:
         b3:00:41:a3:ea:ba:46:50:a2:6d:92:03:b5:af:c7:8a:4b:78:
         ec:8d:e6:43:52:b7:4c:23:80:71:78:a1:ba:e7:ec:7d:6e:a9:
         79:56:f4:fe:89:bc:94:bd:ee:f7:47:68:bd:c4:f7:ae:28:f4:
         77:3b:a1:14:25:2f:69:b1:f5:d5:67:8e:8e:a1:26:7f:f2:db:
         e9:9d:30:35:a1:3a:ac:90:52:c7:7b:8a:f5:bc:57:a6:46:c3:
         a1:85:46:7e:f5:03:89:91:64:b9:36:5f:cf:5b:d2:b6:47:66:
         62:a5:cd:58:5b:81:60:fc:1a:e4:57:cd:1f:80:ff:7e:e6:e8:
         da:6f:93:b9:a1:87:df:d9:23:8f:74:ba:28:03:50:bb:a4:ac:
         f0:f5:bb:88:55:88:29:3a:6e:9f:eb:00:c0:bd:8b:ef:2e:b6:
         ba:fe:3e:ec:31:61:7d:9c:fe:20:90:32:b7:50:5d:87:03:7e:
         92:90:48:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1N9gfhweEuh9DE5LrcfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODhlNGY3YTMwMjQxMmMzMTZhM2JiNTk5Y2RkMjA0MmI1
ZmY0ODUwHhcNMjQwMTAxMTAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjE3ODE1ZDU5Y2M4OWI4NzJkZWMzYWNjNTViYzM5ZmJlYTkxNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXAEaiIwCbc4L3G9xl0vONgjW+FP
nj/sKpmrwwO4F5cj8gSLhGJ0L8y/eky/LH4nkNSGX2pP72U556A8lrEMJUz+Itt3
dKXqmje9UKhORN3r+/7ZBIaf9o+28aUS2V9QGnsDGdOnHvKQlPgjhilxIKYmC1b+
GkxZWD4fbZ4XW6bUZeIDlGB6EEQjbFf5mqdB9ssGuN5ZPXx0MCV2j25dTjZcQj1Z
kCZDPJhw3PUCdtB9DPVccGSWh3RUrqVF44T7mSkTV3fPCG6BCJZGkvCu47/owcOj
0JzkX2JipZuRYWaS835/G3Ezf+1jm+9NERBVkKqAJA9D3Z3Pc8qG4a67dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYXgV1ZzIm4ct7DrMVbw5++qRVvMB8GA1UdIwQY
MBaAFF2I5PejAkEsMWo7tZnN0gQrX/SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlqazk2TUNRU3d4YWp1MW1jM1NCQ3RmOUlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NjBjMGYtMTJhYi00ODNkLThjZGIt
NTdlMWQ1YjcyYjJkLzEvUmhlQlhWbk1pYmh5M3NPc3hWdkRuNzZwRlc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NjBjMGYtMTJhYi00ODNkLThjZGItNTdlMWQ1YjcyYjJk
LzEvWFlqazk2TUNRU3d4YWp1MW1jM1NCQ3RmOUlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJdGuMA0G
CSqGSIb3DQEBCwUAA4IBAQCAl6lTRKlxD1xo1gbmiLhup6wPq5dp11SRJPUQ+vNu
bt8airruFg0NOP9a9HA6jxaRi3yjKCtq7VI11X9Qm659k5PfMMx6/SezAEGj6rpG
UKJtkgO1r8eKS3jsjeZDUrdMI4BxeKG65+x9bql5VvT+ibyUve73R2i9xPeuKPR3
O6EUJS9psfXVZ46OoSZ/8tvpnTA1oTqskFLHe4r1vFemRsOhhUZ+9QOJkWS5Nl/P
W9K2R2Zipc1YW4Fg/BrkV80fgP9+5ujab5O5oYff2SOPdLooA1C7pKzw9buIVYgp
Om6f6wDAvYvvLra6/j7sMWF9nP4gkDK3UF2HA36SkEjC
-----END CERTIFICATE-----