Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5n_O-hdwO664JABzgg_f8qWdiWI.roa
File:                     5n_O-hdwO664JABzgg_f8qWdiWI.roa (raw, json)
Hash identifier:          UXfff/PjZEyStmkEcfgEwLVwcshsI6YQOgv0FZ49wvI=
Subject key identifier:   E6:7F:CE:FA:17:70:3B:AE:B8:24:00:73:82:0F:DF:F2:A5:9D:89:62
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01936365B6EC2E4ECA92090C069B442DE2D1
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5n_O-hdwO664JABzgg_f8qWdiWI.roa
Signing time:             Mon 25 Nov 2024 12:57:10 +0000
ROA not before:           Mon 25 Nov 2024 12:57:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60798
IP address blocks:        37.46.151.0/24 maxlen: 24
                          45.156.156.0/24 maxlen: 24
                          84.245.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:63:65:b6:ec:2e:4e:ca:92:09:0c:06:9b:44:2d:e2:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Nov 25 12:57:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e67fcefa17703baeb8240073820fdff2a59d8962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:77:88:5b:e5:a3:55:f8:3a:b0:db:44:4c:52:
                    5b:38:20:9f:96:a3:20:41:0b:fe:c8:97:f5:a6:dc:
                    1e:8a:36:b0:8d:75:ec:61:76:dc:cb:b3:b9:95:35:
                    5d:d0:db:ed:d2:a8:4c:c9:07:84:2e:fc:b0:ef:47:
                    fd:11:0b:bf:6d:76:52:68:9c:90:07:47:d6:79:c7:
                    43:bf:cd:2d:7b:17:46:2f:97:40:d7:02:1c:ea:6d:
                    a8:48:bd:e0:72:f6:a2:66:69:77:2c:54:92:b9:8d:
                    a6:55:14:7d:ba:cb:bb:c6:99:b2:cc:9b:ae:40:a2:
                    0d:c8:0a:f0:d9:26:27:39:05:0e:33:18:28:a4:a5:
                    4d:bb:a0:a3:c9:b2:ed:5e:35:f4:54:b7:4f:49:cb:
                    e1:39:79:d7:8b:af:b3:cc:02:cf:50:8e:a7:f9:49:
                    46:e6:78:f8:da:e8:58:06:40:c7:68:3b:0f:55:7e:
                    22:fb:6a:c3:8b:41:8a:63:2b:49:e8:e0:4d:95:8d:
                    be:df:4b:28:68:ee:60:42:fc:d9:40:a4:5b:da:62:
                    42:12:99:5a:6d:85:1f:f2:83:12:d7:dd:b4:26:b6:
                    82:c1:2b:54:43:35:3e:ee:54:85:06:54:12:4c:4c:
                    0c:1d:4d:9e:17:e4:00:e2:97:f3:de:d6:65:03:84:
                    7b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7F:CE:FA:17:70:3B:AE:B8:24:00:73:82:0F:DF:F2:A5:9D:89:62
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5n_O-hdwO664JABzgg_f8qWdiWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.151.0/24
                  45.156.156.0/24
                  84.245.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:31:2d:02:49:de:df:c4:94:4a:93:d5:8a:e8:2e:17:f1:54:
         2e:4b:ac:de:1e:b6:eb:33:16:23:d4:1c:5f:eb:cf:02:e7:14:
         f5:dd:89:ef:ed:33:90:dd:e2:26:74:5b:63:79:f0:cd:5f:7b:
         32:d8:05:ab:bf:c9:05:e5:3d:c7:96:a9:fe:4e:e2:23:2d:70:
         26:27:a2:33:30:78:a1:3b:9a:55:18:17:72:cd:a9:73:ac:ec:
         b1:87:ac:3e:31:f5:76:f1:e2:51:86:8b:11:ee:5b:d2:e1:2a:
         25:e6:0c:bf:13:64:17:da:c4:c6:64:b2:01:f2:3a:8f:4a:15:
         1a:6d:d9:4b:85:1a:ef:1d:ad:93:5d:e9:7c:49:70:76:2e:48:
         f3:7a:e7:44:c7:a5:30:07:5e:50:10:05:85:6c:04:09:04:06:
         b0:ab:ab:9c:4c:60:93:bd:c1:9f:93:0e:f0:2d:85:9b:1f:32:
         1e:50:d2:0e:06:2b:b1:ce:ac:58:c4:ed:71:e6:de:de:b9:b6:
         38:70:3f:ba:69:4e:5a:f0:f1:8a:74:39:91:d6:d6:c7:9e:a1:
         73:17:97:d9:1d:05:d9:fd:8b:60:c6:84:23:4f:e0:f8:13:a8:
         73:de:8c:7c:59:1f:d5:70:57:49:92:e8:fe:aa:25:17:06:a4:
         54:6a:60:1f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZNjZbbsLk7KkgkMBptELeLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQxMTI1MTI1NzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjdmY2VmYTE3NzAzYmFlYjgyNDAwNzM4MjBmZGZmMmE1OWQ4OTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHeIW+WjVfg6sNtETFJbOCCflqMg
QQv+yJf1ptweijawjXXsYXbcy7O5lTVd0Nvt0qhMyQeELvyw70f9EQu/bXZSaJyQ
B0fWecdDv80texdGL5dA1wIc6m2oSL3gcvaiZml3LFSSuY2mVRR9usu7xpmyzJuu
QKINyArw2SYnOQUOMxgopKVNu6CjybLtXjX0VLdPScvhOXnXi6+zzALPUI6n+UlG
5nj42uhYBkDHaDsPVX4i+2rDi0GKYytJ6OBNlY2+30soaO5gQvzZQKRb2mJCEpla
bYUf8oMS1920JraCwStUQzU+7lSFBlQSTEwMHU2eF+QA4pfz3tZlA4R7sQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOZ/zvoXcDuuuCQAc4IP3/KlnYliMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNW5fTy1oZHdPNjY0SkFCemdnX2Y4cVdkaVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAJS6XAwQA
LZycAwQAVPU5MA0GCSqGSIb3DQEBCwUAA4IBAQAmMS0CSd7fxJRKk9WK6C4X8VQu
S6zeHrbrMxYj1Bxf688C5xT13Ynv7TOQ3eImdFtjefDNX3sy2AWrv8kF5T3Hlqn+
TuIjLXAmJ6IzMHihO5pVGBdyzalzrOyxh6w+MfV28eJRhosR7lvS4Sol5gy/E2QX
2sTGZLIB8jqPShUabdlLhRrvHa2TXel8SXB2LkjzeudEx6UwB15QEAWFbAQJBAaw
q6ucTGCTvcGfkw7wLYWbHzIeUNIOBiuxzqxYxO1x5t7eubY4cD+6aU5a8PGKdDmR
1tbHnqFzF5fZHQXZ/YtgxoQjT+D4E6hz3ox8WR/VcFdJkuj+qiUXBqRUamAf
-----END CERTIFICATE-----