Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/3496d1-332c-433b-9980-269a51dd8d38/1/cxFZLdQgw5W_QXSFgXv9rK6qw6o.roa
File:                     cxFZLdQgw5W_QXSFgXv9rK6qw6o.roa (raw, json)
Hash identifier:          qRlll9ajP6zjTVNfNMJ/S0uvQU1HatiKueIbEgCBaX8=
Subject key identifier:   73:11:59:2D:D4:20:C3:95:BF:41:74:85:81:7B:FD:AC:AE:AA:C3:AA
Certificate issuer:       /CN=2a8c8d5186c8771455be131b0c7cfd66e7d38655
Certificate serial:       019086BF3DBE18CF83BD1229D73C1354C498
Authority key identifier: 2A:8C:8D:51:86:C8:77:14:55:BE:13:1B:0C:7C:FD:66:E7:D3:86:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KoyNUYbIdxRVvhMbDHz9ZufThlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/3496d1-332c-433b-9980-269a51dd8d38/1/cxFZLdQgw5W_QXSFgXv9rK6qw6o.roa
Signing time:             Sat 06 Jul 2024 06:33:18 +0000
ROA not before:           Sat 06 Jul 2024 06:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41910
IP address blocks:        194.33.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/3496d1-332c-433b-9980-269a51dd8d38/1/KoyNUYbIdxRVvhMbDHz9ZufThlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/3496d1-332c-433b-9980-269a51dd8d38/1/KoyNUYbIdxRVvhMbDHz9ZufThlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KoyNUYbIdxRVvhMbDHz9ZufThlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:86:bf:3d:be:18:cf:83:bd:12:29:d7:3c:13:54:c4:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a8c8d5186c8771455be131b0c7cfd66e7d38655
        Validity
            Not Before: Jul  6 06:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7311592dd420c395bf417485817bfdacaeaac3aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:95:fe:c4:89:33:fd:3b:3c:15:89:e6:77:3e:
                    b2:53:47:99:69:b3:0d:57:f8:3e:63:71:94:28:d4:
                    96:d9:fc:5a:64:46:71:fa:3e:2a:e8:21:bf:cc:b2:
                    95:ba:8c:74:f1:96:2f:b8:63:3b:d6:86:71:87:5a:
                    c6:fc:e7:d7:02:19:8b:e6:e3:4f:7c:85:8d:02:4c:
                    19:61:d5:dd:c3:bd:43:3a:af:30:a7:2a:43:cb:92:
                    06:af:df:ee:3f:46:41:64:c1:a0:a7:40:6e:09:56:
                    9d:fd:75:f2:75:cf:58:20:4a:f2:94:a1:1f:4c:84:
                    be:f7:cc:ce:60:fa:88:b9:b1:41:01:df:a3:91:e3:
                    d0:ea:f8:be:ca:11:1b:93:f5:91:14:c0:cc:6d:a4:
                    af:ca:f6:27:34:b5:40:5e:36:b4:1c:df:46:8f:f9:
                    6c:55:a3:65:b6:c2:42:90:c0:15:94:df:3c:7e:43:
                    31:d7:2a:77:5c:50:55:fa:ad:c4:2b:0e:a2:ec:43:
                    b4:07:2f:6e:8e:ee:48:b3:9f:e8:38:08:b4:ee:c0:
                    84:b3:95:f8:f8:d8:4f:c6:ea:3f:53:84:b5:af:af:
                    b5:33:97:8c:64:37:47:44:41:a0:fa:aa:f5:11:af:
                    1b:bc:1b:93:1e:8f:32:bc:57:d2:c4:f7:0c:8d:cc:
                    64:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:11:59:2D:D4:20:C3:95:BF:41:74:85:81:7B:FD:AC:AE:AA:C3:AA
            X509v3 Authority Key Identifier:
                keyid:2A:8C:8D:51:86:C8:77:14:55:BE:13:1B:0C:7C:FD:66:E7:D3:86:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KoyNUYbIdxRVvhMbDHz9ZufThlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/3496d1-332c-433b-9980-269a51dd8d38/1/cxFZLdQgw5W_QXSFgXv9rK6qw6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/3496d1-332c-433b-9980-269a51dd8d38/1/KoyNUYbIdxRVvhMbDHz9ZufThlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:d0:10:cc:a3:25:ef:34:21:ed:a0:ef:a2:6d:20:3f:18:e4:
         f7:87:42:bd:30:c0:09:6c:65:fc:7c:85:2e:39:15:dd:16:78:
         b7:fa:eb:e1:1a:b9:a0:13:54:82:43:88:e3:ee:de:ec:6f:1e:
         d7:6f:72:ef:61:a3:75:3e:60:2c:16:9d:59:bc:39:de:61:27:
         40:4c:d2:25:d8:e4:f0:00:57:39:a5:8c:ae:69:e8:c8:ad:bb:
         87:7e:60:59:3d:d1:c2:af:cd:e0:6b:3e:2c:a4:5d:97:77:f4:
         71:3a:e3:e5:3a:a0:0c:ab:b3:f5:41:8e:55:29:e6:a2:41:0c:
         ea:e9:d8:53:2b:b7:32:37:14:5c:f7:4b:66:a1:9a:f0:08:4e:
         43:03:f1:61:e4:36:df:65:39:ca:d7:82:60:4c:51:d8:31:3b:
         4d:f1:c1:78:2d:7e:3c:8e:54:98:f9:e9:0d:66:bb:6d:6c:27:
         af:f8:63:28:9b:58:87:ea:da:5b:05:d9:4d:dc:f6:fa:20:e2:
         89:69:9f:c6:59:b3:84:18:81:83:2b:17:c5:fc:a4:c4:cb:20:
         ea:be:44:95:20:be:24:bd:a6:8e:af:94:2d:7a:7f:33:9c:be:
         e6:ae:c7:b8:7c:b0:4f:c5:a4:36:9d:2f:0f:4f:4c:31:c7:c5:
         b8:a5:6b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCGvz2+GM+DvRIp1zwTVMSYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOGM4ZDUxODZjODc3MTQ1NWJlMTMxYjBjN2NmZDY2ZTdk
Mzg2NTUwHhcNMjQwNzA2MDYzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzExNTkyZGQ0MjBjMzk1YmY0MTc0ODU4MTdiZmRhY2FlYWFjM2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pX+xIkz/Ts8FYnmdz6yU0eZabMN
V/g+Y3GUKNSW2fxaZEZx+j4q6CG/zLKVuox08ZYvuGM71oZxh1rG/OfXAhmL5uNP
fIWNAkwZYdXdw71DOq8wpypDy5IGr9/uP0ZBZMGgp0BuCVad/XXydc9YIErylKEf
TIS+98zOYPqIubFBAd+jkePQ6vi+yhEbk/WRFMDMbaSvyvYnNLVAXja0HN9Gj/ls
VaNltsJCkMAVlN88fkMx1yp3XFBV+q3EKw6i7EO0By9uju5Is5/oOAi07sCEs5X4
+NhPxuo/U4S1r6+1M5eMZDdHREGg+qr1Ea8bvBuTHo8yvFfSxPcMjcxkbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHMRWS3UIMOVv0F0hYF7/ayuqsOqMB8GA1UdIwQY
MBaAFCqMjVGGyHcUVb4TGwx8/Wbn04ZVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS295TlVZYklkeFJWdmhNYkRIejladWZUaGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8zNDk2ZDEtMzMyYy00MzNiLTk5ODAt
MjY5YTUxZGQ4ZDM4LzEvY3hGWkxkUWd3NVdfUVhTRmdYdjlySzZxdzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8zNDk2ZDEtMzMyYy00MzNiLTk5ODAtMjY5YTUxZGQ4ZDM4
LzEvS295TlVZYklkeFJWdmhNYkRIejladWZUaGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiG8MA0G
CSqGSIb3DQEBCwUAA4IBAQB/0BDMoyXvNCHtoO+ibSA/GOT3h0K9MMAJbGX8fIUu
ORXdFni3+uvhGrmgE1SCQ4jj7t7sbx7Xb3LvYaN1PmAsFp1ZvDneYSdATNIl2OTw
AFc5pYyuaejIrbuHfmBZPdHCr83gaz4spF2Xd/RxOuPlOqAMq7P1QY5VKeaiQQzq
6dhTK7cyNxRc90tmoZrwCE5DA/Fh5DbfZTnK14JgTFHYMTtN8cF4LX48jlSY+ekN
ZrttbCev+GMom1iH6tpbBdlN3Pb6IOKJaZ/GWbOEGIGDKxfF/KTEyyDqvkSVIL4k
vaaOr5Qten8znL7mrse4fLBPxaQ2nS8PT0wxx8W4pWuO
-----END CERTIFICATE-----