Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/t-xzdQJWLUoja1feuK0igdeYs8o.roa
File:                     t-xzdQJWLUoja1feuK0igdeYs8o.roa (raw, json)
Hash identifier:          WE7DECkHVrZBteFWxVDITGkr8rCJw20pqm3N9TLIyIA=
Subject key identifier:   B7:EC:73:75:02:56:2D:4A:23:6B:57:DE:B8:AD:22:81:D7:98:B3:CA
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFAFDC8A1F27F422D85A658D0DF7B1
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/t-xzdQJWLUoja1feuK0igdeYs8o.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209962
IP address blocks:        194.36.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:af:dc:8a:1f:27:f4:22:d8:5a:65:8d:0d:f7:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7ec737502562d4a236b57deb8ad2281d798b3ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8e:17:29:64:8c:e0:19:f5:f1:73:94:7d:86:
                    39:3c:10:4a:4f:07:07:ad:74:cd:1b:5a:90:67:6a:
                    1d:2c:86:d3:22:96:d9:b7:f2:0a:53:80:a5:cd:72:
                    70:1c:c9:69:a6:17:f8:ec:62:d8:54:fa:47:5f:64:
                    1a:36:7c:01:d3:b0:d0:ce:4d:18:c4:58:36:ff:ae:
                    cd:ca:a6:ea:b1:03:85:b3:a8:91:ec:04:ca:fd:a1:
                    db:69:98:63:31:99:b3:32:0e:92:a1:9f:8b:94:73:
                    15:61:53:9c:50:e2:dd:18:42:72:0d:77:fd:c9:41:
                    34:a1:bd:2a:25:bc:fa:19:42:b6:2f:9f:24:08:1d:
                    73:8e:81:ff:7b:1e:bd:b9:b5:c2:32:66:55:74:83:
                    95:e0:93:8c:08:89:16:2b:13:29:4c:93:b6:4c:dc:
                    dc:bb:b0:f6:89:df:7b:2a:13:68:02:68:e5:e5:22:
                    9b:3e:1e:92:a0:06:ad:22:4a:c0:53:c0:42:fc:94:
                    d4:b8:46:f6:f7:9a:dc:1c:66:34:e3:67:4b:1a:79:
                    e8:fa:3c:58:0d:64:88:a3:4e:59:28:a5:44:75:87:
                    bb:7d:8f:4f:ba:19:d8:8e:74:53:5e:cc:42:58:5d:
                    71:9d:a5:c9:d0:cf:17:61:93:70:be:97:79:13:10:
                    3f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:EC:73:75:02:56:2D:4A:23:6B:57:DE:B8:AD:22:81:D7:98:B3:CA
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/t-xzdQJWLUoja1feuK0igdeYs8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:8e:ab:9a:7b:47:4e:89:53:02:58:15:58:93:09:25:31:7e:
         cb:00:ab:6c:3a:7a:d9:2c:54:4e:52:c3:33:9a:19:66:f7:ee:
         8b:9a:2a:66:f3:8f:b9:ba:29:80:55:7b:0d:db:c0:95:e4:5a:
         52:bb:74:b5:b5:02:7b:2b:36:f6:e1:85:be:ce:16:12:62:d6:
         0c:d2:d6:27:15:ab:63:31:e5:32:80:ba:bc:8c:b2:1a:69:2e:
         f1:34:14:03:fe:44:c0:cc:4c:ec:ce:17:dd:d8:55:16:32:2d:
         ea:b4:be:16:36:b3:8f:a8:13:6d:6c:22:d7:39:e6:5f:a3:f7:
         38:b2:d4:64:67:25:ac:58:b3:5c:84:6d:f6:21:14:ad:21:7d:
         6b:b5:02:da:a5:1c:8c:e6:c5:2b:69:0a:92:7b:eb:db:b9:6b:
         22:24:4e:3f:f1:4d:87:4a:cc:3c:03:32:c1:11:aa:2c:68:78:
         8f:b3:81:3b:f7:ba:c8:ad:4e:55:bc:17:56:ac:85:6a:bd:05:
         96:57:c0:f1:69:04:fe:26:15:88:0a:61:0e:d3:81:f0:78:a3:
         ce:23:47:e7:5f:88:e4:0b:be:14:42:ac:e7:52:68:0e:53:ba:
         e5:fd:96:4f:db:30:e4:05:26:4b:c5:ef:e8:c2:9e:82:d3:2b:
         90:da:1e:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36/cih8n9CLYWmWNDfexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2VjNzM3NTAyNTYyZDRhMjM2YjU3ZGViOGFkMjI4MWQ3OThiM2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvI4XKWSM4Bn18XOUfYY5PBBKTwcH
rXTNG1qQZ2odLIbTIpbZt/IKU4ClzXJwHMlpphf47GLYVPpHX2QaNnwB07DQzk0Y
xFg2/67NyqbqsQOFs6iR7ATK/aHbaZhjMZmzMg6SoZ+LlHMVYVOcUOLdGEJyDXf9
yUE0ob0qJbz6GUK2L58kCB1zjoH/ex69ubXCMmZVdIOV4JOMCIkWKxMpTJO2TNzc
u7D2id97KhNoAmjl5SKbPh6SoAatIkrAU8BC/JTUuEb295rcHGY042dLGnno+jxY
DWSIo05ZKKVEdYe7fY9PuhnYjnRTXsxCWF1xnaXJ0M8XYZNwvpd5ExA/4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLfsc3UCVi1KI2tX3ritIoHXmLPKMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvdC14emRRSldMVW9qYTFmZXVLMGlnZGVZczhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiSwMA0G
CSqGSIb3DQEBCwUAA4IBAQCvjquae0dOiVMCWBVYkwklMX7LAKtsOnrZLFROUsMz
mhlm9+6Lmipm84+5uimAVXsN28CV5FpSu3S1tQJ7Kzb24YW+zhYSYtYM0tYnFatj
MeUygLq8jLIaaS7xNBQD/kTAzEzszhfd2FUWMi3qtL4WNrOPqBNtbCLXOeZfo/c4
stRkZyWsWLNchG32IRStIX1rtQLapRyM5sUraQqSe+vbuWsiJE4/8U2HSsw8AzLB
EaosaHiPs4E797rIrU5VvBdWrIVqvQWWV8DxaQT+JhWICmEO04HweKPOI0fnX4jk
C74UQqznUmgOU7rl/ZZP2zDkBSZLxe/owp6C0yuQ2h7m
-----END CERTIFICATE-----