Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/_9wL0fuljVPtrADYR_sMmNzojrM.roa
File:                     _9wL0fuljVPtrADYR_sMmNzojrM.roa (raw, json)
Hash identifier:          387UkCF/ry9sdDxx906h4I2x6H15jWAEKkBa2NTkbh8=
Subject key identifier:   FF:DC:0B:D1:FB:A5:8D:53:ED:AC:00:D8:47:FB:0C:98:DC:E8:8E:B3
Certificate issuer:       /CN=ae736cafddb6ebb8d7c76943f4a271e038510aa9
Certificate serial:       018CC7933DDA52650623954E530A594565DF
Authority key identifier: AE:73:6C:AF:DD:B6:EB:B8:D7:C7:69:43:F4:A2:71:E0:38:51:0A:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnNsr92267jXx2lD9KJx4DhRCqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/_9wL0fuljVPtrADYR_sMmNzojrM.roa
Signing time:             Tue 02 Jan 2024 00:29:24 +0000
ROA not before:           Tue 02 Jan 2024 00:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204369
IP address blocks:        185.137.52.0/22 maxlen: 22
                          185.137.52.0/23 maxlen: 23
                          185.137.54.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/rnNsr92267jXx2lD9KJx4DhRCqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/rnNsr92267jXx2lD9KJx4DhRCqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rnNsr92267jXx2lD9KJx4DhRCqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3d:da:52:65:06:23:95:4e:53:0a:59:45:65:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae736cafddb6ebb8d7c76943f4a271e038510aa9
        Validity
            Not Before: Jan  2 00:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffdc0bd1fba58d53edac00d847fb0c98dce88eb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:62:65:11:65:c0:8e:53:17:86:84:52:da:ce:
                    b9:7a:0e:98:f6:f3:7c:8f:5f:72:2f:70:63:59:95:
                    57:ba:3b:ce:89:c1:5b:4f:0c:a6:a0:27:50:9c:3f:
                    74:46:1d:e8:ce:66:6d:88:8d:bf:cd:74:0d:a3:0c:
                    ed:e1:c6:47:1a:a1:82:95:f8:05:c9:40:cc:f2:f9:
                    43:d9:73:d4:f2:29:9e:50:16:ad:33:28:fa:2c:93:
                    96:dc:cc:dd:7c:5c:47:7a:7e:26:af:7d:bb:06:08:
                    74:7e:74:d7:98:cc:4f:3f:f8:46:0a:be:d2:94:78:
                    93:86:b8:44:8a:d1:2c:f2:f4:de:5a:6d:1f:8c:38:
                    23:04:f4:0d:8d:83:d9:e1:ba:45:e2:7e:f1:12:01:
                    a1:99:cd:be:7f:c8:7c:08:06:b0:db:a1:a4:32:79:
                    12:4c:f6:21:e0:71:cb:71:9c:db:9c:a4:7c:71:40:
                    92:13:0e:88:be:71:90:e6:f7:e1:1d:55:91:dc:d8:
                    51:d9:98:15:c8:fd:f4:e2:36:39:1e:eb:38:be:85:
                    46:cb:0b:48:18:c1:bc:c9:14:ee:bc:ee:10:ff:d4:
                    cd:21:0f:ce:a8:ca:f0:26:5f:d4:a4:ca:bf:26:a8:
                    72:47:84:0d:fb:b4:d0:ba:b7:b7:75:01:47:b6:bb:
                    09:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:DC:0B:D1:FB:A5:8D:53:ED:AC:00:D8:47:FB:0C:98:DC:E8:8E:B3
            X509v3 Authority Key Identifier:
                keyid:AE:73:6C:AF:DD:B6:EB:B8:D7:C7:69:43:F4:A2:71:E0:38:51:0A:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnNsr92267jXx2lD9KJx4DhRCqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/_9wL0fuljVPtrADYR_sMmNzojrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/rnNsr92267jXx2lD9KJx4DhRCqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:ba:1f:36:7f:2c:82:ee:1a:9e:09:25:4f:b2:22:68:3b:12:
         16:5a:e5:13:27:55:e5:ec:6b:d3:89:be:91:46:e4:e6:4b:1a:
         19:dd:3c:2f:40:77:b6:84:aa:06:e7:28:1f:85:5d:3f:74:b0:
         4c:40:13:54:98:6d:74:48:10:95:6f:68:1c:75:d4:5b:af:f0:
         f9:b1:c0:e5:0c:fd:7a:49:88:95:2f:d0:49:d7:57:74:5b:11:
         d0:89:ca:b5:87:db:7c:71:1c:71:63:14:14:61:68:21:55:c1:
         59:01:b0:e9:47:10:78:0e:35:a2:e1:21:bf:d9:d9:df:a6:cf:
         c7:f2:29:0b:c8:33:3d:0c:b2:55:77:2c:1f:31:78:6c:db:2d:
         27:dc:bf:ee:f5:e4:89:aa:c5:e7:e4:f5:03:af:c7:a7:ca:39:
         ab:ae:c7:7e:3a:14:57:d6:46:31:66:62:83:17:7b:d5:63:69:
         fb:ac:35:4b:84:70:26:ff:3c:16:16:23:e3:9d:66:c0:e9:d3:
         20:e2:65:bb:6e:76:ce:86:ab:df:9c:00:e6:d5:d4:96:2c:56:
         00:1a:4a:f6:8b:a0:94:ac:08:46:f4:fb:01:4b:6c:41:c4:ea:
         cf:f3:6f:b3:11:12:5b:64:42:f6:a0:e1:5c:07:4f:79:50:00:
         9d:9a:9a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkz3aUmUGI5VOUwpZRWXfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNzM2Y2FmZGRiNmViYjhkN2M3Njk0M2Y0YTI3MWUwMzg1
MTBhYTkwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmRjMGJkMWZiYTU4ZDUzZWRhYzAwZDg0N2ZiMGM5OGRjZTg4ZWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmJlEWXAjlMXhoRS2s65eg6Y9vN8
j19yL3BjWZVXujvOicFbTwymoCdQnD90Rh3ozmZtiI2/zXQNowzt4cZHGqGClfgF
yUDM8vlD2XPU8imeUBatMyj6LJOW3MzdfFxHen4mr327Bgh0fnTXmMxPP/hGCr7S
lHiThrhEitEs8vTeWm0fjDgjBPQNjYPZ4bpF4n7xEgGhmc2+f8h8CAaw26GkMnkS
TPYh4HHLcZzbnKR8cUCSEw6IvnGQ5vfhHVWR3NhR2ZgVyP304jY5Hus4voVGywtI
GMG8yRTuvO4Q/9TNIQ/OqMrwJl/UpMq/JqhyR4QN+7TQure3dQFHtrsJvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/cC9H7pY1T7awA2Ef7DJjc6I6zMB8GA1UdIwQY
MBaAFK5zbK/dtuu418dpQ/SiceA4UQqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5Oc3I5MjI2N2pYeDJsRDlLSng0RGhSQ3FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84NmUzMmItZjA2Ny00NTBmLWI2N2Mt
M2FhMTUwYTkyYWI3LzEvXzl3TDBmdWxqVlB0ckFEWVJfc01tTnpvanJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84NmUzMmItZjA2Ny00NTBmLWI2N2MtM2FhMTUwYTkyYWI3
LzEvcm5Oc3I5MjI2N2pYeDJsRDlLSng0RGhSQ3FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYk0MA0G
CSqGSIb3DQEBCwUAA4IBAQBiuh82fyyC7hqeCSVPsiJoOxIWWuUTJ1Xl7GvTib6R
RuTmSxoZ3TwvQHe2hKoG5ygfhV0/dLBMQBNUmG10SBCVb2gcddRbr/D5scDlDP16
SYiVL9BJ11d0WxHQicq1h9t8cRxxYxQUYWghVcFZAbDpRxB4DjWi4SG/2dnfps/H
8ikLyDM9DLJVdywfMXhs2y0n3L/u9eSJqsXn5PUDr8enyjmrrsd+OhRX1kYxZmKD
F3vVY2n7rDVLhHAm/zwWFiPjnWbA6dMg4mW7bnbOhqvfnADm1dSWLFYAGkr2i6CU
rAhG9PsBS2xBxOrP82+zERJbZEL2oOFcB095UACdmppL
-----END CERTIFICATE-----