Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/_ZxSaD4UJ283ExDA6ARNy2K2OI0.roa
File:                     _ZxSaD4UJ283ExDA6ARNy2K2OI0.roa (raw, json)
Hash identifier:          r64G7CnFWBJ4DwW3Lp4Twl4CnUaf3lMWtt0JR6sItfA=
Subject key identifier:   FD:9C:52:68:3E:14:27:6F:37:13:10:C0:E8:04:4D:CB:62:B6:38:8D
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0191B25A8787D8E5999BCE9CE5D76E79E9E6
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/_ZxSaD4UJ283ExDA6ARNy2K2OI0.roa
Signing time:             Mon 02 Sep 2024 10:49:23 +0000
ROA not before:           Mon 02 Sep 2024 10:49:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215826
IP address blocks:        194.36.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b2:5a:87:87:d8:e5:99:9b:ce:9c:e5:d7:6e:79:e9:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Sep  2 10:49:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd9c52683e14276f371310c0e8044dcb62b6388d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1d:41:ef:d1:84:5e:15:56:0c:ee:37:2b:33:
                    75:de:5a:7a:24:3e:5e:e6:2e:a0:b9:d0:4e:b2:34:
                    cd:54:1c:0e:1e:f9:c1:49:07:2c:9c:28:32:a7:66:
                    5f:14:75:6f:6f:4b:fe:3b:ee:c1:70:8a:53:f6:6c:
                    de:21:a4:e6:2d:d8:44:96:17:7e:53:44:a9:16:fe:
                    08:73:d4:a7:6c:40:44:ae:e6:02:1f:b6:94:34:8c:
                    60:89:ac:3b:84:21:6a:11:be:fc:10:21:c9:b6:69:
                    1e:46:1d:72:04:2e:39:44:18:5b:06:3f:6f:42:38:
                    42:0c:3d:06:16:41:85:0a:70:09:d7:ee:ed:a5:56:
                    2a:f6:20:f7:72:65:fa:29:ff:a2:09:01:b5:9c:7c:
                    2c:be:7f:06:b2:61:4b:32:a0:00:18:2b:53:63:1c:
                    58:2b:89:81:6f:91:33:15:ee:93:f5:ee:df:2d:64:
                    18:ea:57:05:c8:8e:3f:77:ff:ec:41:d7:17:d3:51:
                    df:0d:c8:7a:b1:86:0d:d5:25:67:7c:2b:6a:66:be:
                    01:07:8a:bc:9d:8d:bd:65:ea:20:e0:41:d8:de:f3:
                    3e:56:6e:46:f9:9a:bb:41:6a:23:c2:42:8d:1f:a2:
                    ef:f2:31:26:29:fd:75:0f:81:9f:e9:3f:60:cb:5f:
                    d0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9C:52:68:3E:14:27:6F:37:13:10:C0:E8:04:4D:CB:62:B6:38:8D
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/_ZxSaD4UJ283ExDA6ARNy2K2OI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:a0:17:a6:71:4c:12:22:5f:82:72:8c:48:45:2f:5f:fd:05:
         ca:28:5b:48:b5:0a:b0:12:b7:2e:a0:b5:88:f9:f6:d1:1b:fc:
         4f:9e:a9:00:28:15:66:32:51:c5:59:b0:b7:87:02:1a:9e:92:
         18:2a:8c:01:97:fa:b0:92:f6:c9:18:3b:63:0b:99:73:20:02:
         f4:ce:70:e4:a0:17:b5:2e:f7:2f:cd:a5:9d:d4:24:41:20:d3:
         d5:e2:08:69:76:54:21:fc:c9:85:74:6a:90:36:1c:d7:f7:07:
         a7:e3:43:4b:5c:b1:40:6d:fb:15:fb:31:03:59:a7:7c:f3:de:
         6b:86:de:db:d0:25:e3:5d:0e:41:f3:3e:a8:75:83:59:32:02:
         ed:96:0e:b0:1b:eb:47:43:ad:6f:55:cd:59:9f:eb:97:a9:f5:
         24:4a:5c:c8:2a:50:07:51:a5:c5:70:e7:d6:83:a9:cc:f6:48:
         89:70:d3:de:3c:10:59:41:85:54:c3:07:01:b6:5c:05:33:87:
         4e:25:57:e2:fd:ef:ba:b4:5d:7b:58:89:9c:cc:f8:32:47:39:
         da:98:0b:86:08:05:f9:aa:39:f2:e3:46:b5:68:af:a0:97:15:
         1d:af:2b:5c:ad:ee:61:df:76:a2:7a:cd:19:31:b4:29:d6:1a:
         cb:3c:7f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGyWoeH2OWZm86c5ddueenmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwOTAyMTA0OTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDljNTI2ODNlMTQyNzZmMzcxMzEwYzBlODA0NGRjYjYyYjYzODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsx1B79GEXhVWDO43KzN13lp6JD5e
5i6gudBOsjTNVBwOHvnBSQcsnCgyp2ZfFHVvb0v+O+7BcIpT9mzeIaTmLdhElhd+
U0SpFv4Ic9SnbEBEruYCH7aUNIxgiaw7hCFqEb78ECHJtmkeRh1yBC45RBhbBj9v
QjhCDD0GFkGFCnAJ1+7tpVYq9iD3cmX6Kf+iCQG1nHwsvn8GsmFLMqAAGCtTYxxY
K4mBb5EzFe6T9e7fLWQY6lcFyI4/d//sQdcX01HfDch6sYYN1SVnfCtqZr4BB4q8
nY29Zeog4EHY3vM+Vm5G+Zq7QWojwkKNH6Lv8jEmKf11D4Gf6T9gy1/Q9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2cUmg+FCdvNxMQwOgETctitjiNMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvX1p4U2FENFVKMjgzRXhEQTZBUk55MksyT0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiSxMA0G
CSqGSIb3DQEBCwUAA4IBAQBKoBemcUwSIl+CcoxIRS9f/QXKKFtItQqwErcuoLWI
+fbRG/xPnqkAKBVmMlHFWbC3hwIanpIYKowBl/qwkvbJGDtjC5lzIAL0znDkoBe1
LvcvzaWd1CRBINPV4ghpdlQh/MmFdGqQNhzX9wen40NLXLFAbfsV+zEDWad8895r
ht7b0CXjXQ5B8z6odYNZMgLtlg6wG+tHQ61vVc1Zn+uXqfUkSlzIKlAHUaXFcOfW
g6nM9kiJcNPePBBZQYVUwwcBtlwFM4dOJVfi/e+6tF17WImczPgyRznamAuGCAX5
qjny40a1aK+glxUdrytcre5h33aies0ZMbQp1hrLPH+w
-----END CERTIFICATE-----