Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/r0LRX32UNIPoeB9T8-jyrQqFmuE.roa
File:                     r0LRX32UNIPoeB9T8-jyrQqFmuE.roa (raw, json)
Hash identifier:          Epzs9HmV4ZZp1D1yZmMFQ2lMH1d8x3qIYT2mWXlbOyI=
Subject key identifier:   AF:42:D1:5F:7D:94:34:83:E8:78:1F:53:F3:E8:F2:AD:0A:85:9A:E1
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018CC4938AC7BDAAA6C03AB44FDBC2732122
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/r0LRX32UNIPoeB9T8-jyrQqFmuE.roa
Signing time:             Mon 01 Jan 2024 10:30:52 +0000
ROA not before:           Mon 01 Jan 2024 10:30:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     394844
IP address blocks:        185.52.136.0/24 maxlen: 24
                          94.154.180.0/23 maxlen: 23
                          45.67.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8a:c7:bd:aa:a6:c0:3a:b4:4f:db:c2:73:21:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 10:30:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af42d15f7d943483e8781f53f3e8f2ad0a859ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9f:3b:aa:af:e9:4b:34:b7:a9:fc:e3:8b:da:
                    f3:75:9d:0a:a7:2e:fc:ab:3c:06:bb:d7:4a:3f:4f:
                    ec:5b:01:a6:00:31:9b:96:7b:63:b6:75:9d:8f:3c:
                    54:b1:ae:8a:1c:a2:8b:f1:4e:91:53:dc:a8:20:22:
                    e5:51:f9:fc:6d:28:74:d3:bc:8b:c2:cd:32:c3:27:
                    b2:28:86:70:a0:1b:0b:34:60:7b:58:ba:68:a4:45:
                    dd:1b:99:3e:f9:50:22:e1:3a:6b:dd:60:98:fa:47:
                    ec:e3:f5:80:57:dd:3d:49:f4:f6:1d:5c:f1:eb:b8:
                    2a:71:dc:d2:cd:25:34:41:37:91:45:74:46:be:26:
                    49:b0:4c:60:c7:24:00:53:99:c6:dc:9b:7e:73:83:
                    e5:3d:c7:b8:4b:b2:6b:45:79:bb:47:8f:b5:69:04:
                    58:79:2a:12:a7:92:c2:d1:8e:43:8d:72:92:8b:58:
                    04:b1:2f:c3:d4:99:b8:9e:cd:18:12:81:65:20:5c:
                    a1:a4:c5:96:76:91:76:a0:aa:43:3a:3d:39:12:dc:
                    18:b2:a8:ea:6d:be:80:6d:75:25:2f:5b:db:5e:f1:
                    83:31:71:27:45:fd:63:4f:d9:d4:59:3a:5e:56:2c:
                    d5:e1:50:7b:e2:31:b4:d5:95:b7:1a:ff:c8:ab:fd:
                    59:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:42:D1:5F:7D:94:34:83:E8:78:1F:53:F3:E8:F2:AD:0A:85:9A:E1
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/r0LRX32UNIPoeB9T8-jyrQqFmuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.140.0/24
                  94.154.180.0/23
                  185.52.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:d4:4f:4d:5d:aa:d4:6a:fa:c3:27:89:76:16:56:c9:cd:70:
         87:67:cc:f8:3d:19:78:bd:fe:fb:36:a8:fb:77:1c:34:9a:67:
         d6:49:64:f9:88:07:10:c3:e3:22:c0:10:ca:e2:6b:48:74:cf:
         48:26:3c:29:fe:b6:31:56:5f:e6:a9:11:b9:a3:56:db:84:fb:
         59:5b:a1:f4:41:69:4f:cd:5a:81:40:f8:ef:96:e1:78:db:21:
         36:dd:b9:e8:4e:e6:ce:e3:85:c0:1b:d1:bc:64:5c:c5:4f:3a:
         d6:88:80:a3:d9:2d:1e:96:ff:b4:d8:3f:7e:59:55:f8:63:12:
         61:9a:84:01:d7:df:b6:d7:23:ca:e4:eb:63:c6:f8:c4:26:5a:
         4e:b1:e0:cf:bc:96:28:8e:3b:97:71:72:dc:d5:ab:41:dc:31:
         7d:8e:ed:b6:4b:b9:c3:85:ea:d8:fd:05:ce:4c:2d:4e:58:ea:
         24:29:84:8b:98:ed:83:8f:56:e9:e6:a2:ed:b6:38:20:26:84:
         5d:ce:2b:b9:f7:db:78:d4:ef:48:3c:04:7d:24:ac:4a:92:8e:
         e3:64:03:28:3a:58:23:35:0f:69:1e:34:3a:a8:b8:d7:8e:6f:
         95:2f:ac:9e:13:07:1c:eb:f9:35:22:08:7d:a3:c3:7b:46:d3:
         c7:b0:a8:26
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEk4rHvaqmwDq0T9vCcyEiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMTAxMTAzMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQyZDE1ZjdkOTQzNDgzZTg3ODFmNTNmM2U4ZjJhZDBhODU5YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ87qq/pSzS3qfzji9rzdZ0Kpy78
qzwGu9dKP0/sWwGmADGblntjtnWdjzxUsa6KHKKL8U6RU9yoICLlUfn8bSh007yL
ws0ywyeyKIZwoBsLNGB7WLpopEXdG5k++VAi4Tpr3WCY+kfs4/WAV909SfT2HVzx
67gqcdzSzSU0QTeRRXRGviZJsExgxyQAU5nG3Jt+c4PlPce4S7JrRXm7R4+1aQRY
eSoSp5LC0Y5DjXKSi1gEsS/D1Jm4ns0YEoFlIFyhpMWWdpF2oKpDOj05EtwYsqjq
bb6AbXUlL1vbXvGDMXEnRf1jT9nUWTpeVizV4VB74jG01ZW3Gv/Iq/1ZDwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK9C0V99lDSD6HgfU/Po8q0KhZrhMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvcjBMUlgzMlVOSVBvZUI5VDgtanlyUXFGbXVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALUOMAwQB
Xpq0AwQAuTSIMA0GCSqGSIb3DQEBCwUAA4IBAQAS1E9NXarUavrDJ4l2FlbJzXCH
Z8z4PRl4vf77Nqj7dxw0mmfWSWT5iAcQw+MiwBDK4mtIdM9IJjwp/rYxVl/mqRG5
o1bbhPtZW6H0QWlPzVqBQPjvluF42yE23bnoTubO44XAG9G8ZFzFTzrWiICj2S0e
lv+02D9+WVX4YxJhmoQB19+21yPK5OtjxvjEJlpOseDPvJYojjuXcXLc1atB3DF9
ju22S7nDherY/QXOTC1OWOokKYSLmO2Dj1bp5qLttjggJoRdziu599t41O9IPAR9
JKxKko7jZAMoOlgjNQ9pHjQ6qLjXjm+VL6yeEwcc6/k1Igh9o8N7RtPHsKgm
-----END CERTIFICATE-----