Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/aU6VQGsUIKK43zEV9OBVpSYOHxo.roa
File:                     aU6VQGsUIKK43zEV9OBVpSYOHxo.roa (raw, json)
Hash identifier:          qhiKoRYVSj7bpwccZvcm3wYiP3VCymqnt6CJF1KXABQ=
Subject key identifier:   69:4E:95:40:6B:14:20:A2:B8:DF:31:15:F4:E0:55:A5:26:0E:1F:1A
Certificate issuer:       /CN=084059a0ca6078a9b75daa66db806ff22c0eaad9
Certificate serial:       018CC72719A5FCA876344256028E59849447
Authority key identifier: 08:40:59:A0:CA:60:78:A9:B7:5D:AA:66:DB:80:6F:F2:2C:0E:AA:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/aU6VQGsUIKK43zEV9OBVpSYOHxo.roa
Signing time:             Mon 01 Jan 2024 22:31:17 +0000
ROA not before:           Mon 01 Jan 2024 22:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13789
IP address blocks:        185.37.36.0/24 maxlen: 24
                          185.37.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:19:a5:fc:a8:76:34:42:56:02:8e:59:84:94:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=084059a0ca6078a9b75daa66db806ff22c0eaad9
        Validity
            Not Before: Jan  1 22:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=694e95406b1420a2b8df3115f4e055a5260e1f1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:f1:51:5f:e7:cb:28:99:11:f5:c7:5b:cf:22:
                    83:16:ab:9e:37:45:19:0e:21:ce:3a:d0:af:89:2e:
                    e6:4f:a1:ad:75:4f:79:c4:66:8f:21:e9:fb:3c:39:
                    e3:13:d5:1b:da:78:9d:c1:5d:40:e7:25:b9:57:c2:
                    5f:7d:ce:1f:62:f6:c0:b9:7a:b4:30:35:53:01:81:
                    ca:eb:0c:24:08:1a:78:f1:12:5b:1c:50:64:9f:b0:
                    c9:98:dd:05:ef:8e:f9:79:f4:ae:5f:78:f0:06:0c:
                    d7:0a:24:4b:d8:35:3b:fa:06:1e:04:92:49:5a:4a:
                    1e:b5:76:9a:0d:87:0a:fd:24:9d:72:92:ec:ec:ff:
                    53:71:0d:90:81:83:03:73:67:2c:67:30:b8:7a:71:
                    9c:5d:08:30:c1:69:6e:99:48:cf:b0:9d:e0:bd:48:
                    8e:71:bb:be:31:0c:9e:62:8f:3e:e5:c7:b5:82:6e:
                    23:0d:51:a9:d8:b9:ec:84:39:eb:24:d9:3d:bb:2d:
                    1f:e8:02:56:de:98:5e:56:fe:b7:eb:0f:f5:ec:b2:
                    75:82:c5:ca:70:c0:21:60:5d:b8:87:69:ed:d6:e3:
                    42:98:1e:e0:ec:50:d5:96:ca:b4:1f:80:46:0a:22:
                    f2:44:2a:27:0e:36:14:ef:57:63:c5:4f:5c:1c:a4:
                    89:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:4E:95:40:6B:14:20:A2:B8:DF:31:15:F4:E0:55:A5:26:0E:1F:1A
            X509v3 Authority Key Identifier:
                keyid:08:40:59:A0:CA:60:78:A9:B7:5D:AA:66:DB:80:6F:F2:2C:0E:AA:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CEBZoMpgeKm3Xapm24Bv8iwOqtk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/aU6VQGsUIKK43zEV9OBVpSYOHxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/c4c861-b327-41f2-820c-4c0a1c33fa8a/1/CEBZoMpgeKm3Xapm24Bv8iwOqtk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.36.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:53:3a:5f:ce:56:18:09:c4:73:70:89:b3:ae:c8:ed:3f:6f:
         b5:e1:cf:ce:b7:60:90:09:5a:c9:b2:8e:89:f3:a0:59:88:78:
         5b:aa:b3:3b:69:3a:f2:a4:39:41:a0:19:df:85:b5:45:22:5c:
         4a:62:fc:23:1d:b5:88:cc:44:91:e7:ed:e3:e3:3e:4e:ce:01:
         57:33:7f:ae:7e:9f:78:4b:f5:16:de:68:62:a3:5b:94:57:fd:
         f5:d9:77:99:66:29:95:a5:9a:b4:10:00:6e:81:40:64:66:29:
         05:b8:e0:fb:8e:bf:68:16:e2:da:49:b4:de:6a:81:22:83:3a:
         c9:b5:05:f5:ae:d7:37:3d:7f:c0:de:fa:6b:c6:3f:0a:90:61:
         da:07:6b:eb:06:ce:8d:46:ce:f3:26:e1:f0:0b:a7:df:38:1a:
         3b:84:20:42:01:a4:6f:fe:b7:2e:d1:8d:72:4c:18:e5:65:8c:
         15:6b:6d:f7:37:99:97:fa:e5:f2:8d:7c:98:0a:fa:1e:be:9b:
         3b:2b:46:01:84:39:99:df:c9:63:4b:3a:64:9d:95:66:10:f5:
         d5:f2:1a:31:b4:d2:77:3b:b0:8e:83:53:22:d2:3a:32:13:e8:
         30:62:dc:ee:6b:98:93:01:c8:6f:40:8a:3d:b3:ca:ee:db:48:
         2e:81:bd:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJxml/Kh2NEJWAo5ZhJRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NDA1OWEwY2E2MDc4YTliNzVkYWE2NmRiODA2ZmYyMmMw
ZWFhZDkwHhcNMjQwMTAxMjIzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTRlOTU0MDZiMTQyMGEyYjhkZjMxMTVmNGUwNTVhNTI2MGUxZjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9vFRX+fLKJkR9cdbzyKDFqueN0UZ
DiHOOtCviS7mT6GtdU95xGaPIen7PDnjE9Ub2nidwV1A5yW5V8Jffc4fYvbAuXq0
MDVTAYHK6wwkCBp48RJbHFBkn7DJmN0F7475efSuX3jwBgzXCiRL2DU7+gYeBJJJ
WkoetXaaDYcK/SSdcpLs7P9TcQ2QgYMDc2csZzC4enGcXQgwwWlumUjPsJ3gvUiO
cbu+MQyeYo8+5ce1gm4jDVGp2LnshDnrJNk9uy0f6AJW3pheVv636w/17LJ1gsXK
cMAhYF24h2nt1uNCmB7g7FDVlsq0H4BGCiLyRConDjYU71djxU9cHKSJDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlOlUBrFCCiuN8xFfTgVaUmDh8aMB8GA1UdIwQY
MBaAFAhAWaDKYHipt12qZtuAb/IsDqrZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0VCWm9NcGdlS20zWGFwbTI0QnY4aXdPcXRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jNGM4NjEtYjMyNy00MWYyLTgyMGMt
NGMwYTFjMzNmYThhLzEvYVU2VlFHc1VJS0s0M3pFVjlPQlZwU1lPSHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jNGM4NjEtYjMyNy00MWYyLTgyMGMtNGMwYTFjMzNmYThh
LzEvQ0VCWm9NcGdlS20zWGFwbTI0QnY4aXdPcXRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSUkMA0G
CSqGSIb3DQEBCwUAA4IBAQACUzpfzlYYCcRzcImzrsjtP2+14c/Ot2CQCVrJso6J
86BZiHhbqrM7aTrypDlBoBnfhbVFIlxKYvwjHbWIzESR5+3j4z5OzgFXM3+ufp94
S/UW3mhio1uUV/312XeZZimVpZq0EABugUBkZikFuOD7jr9oFuLaSbTeaoEigzrJ
tQX1rtc3PX/A3vprxj8KkGHaB2vrBs6NRs7zJuHwC6ffOBo7hCBCAaRv/rcu0Y1y
TBjlZYwVa233N5mX+uXyjXyYCvoevps7K0YBhDmZ38ljSzpknZVmEPXV8hoxtNJ3
O7COg1Mi0joyE+gwYtzua5iTAchvQIo9s8ru20gugb0H
-----END CERTIFICATE-----