Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/hXYXulCso30eXgH7Ka5JowG1Cw0.roa
File:                     hXYXulCso30eXgH7Ka5JowG1Cw0.roa (raw, json)
Hash identifier:          fP9fhLz02YmFy0S4H2S1HLdxfvsm6waxPoRF/3UWr4g=
Subject key identifier:   85:76:17:BA:50:AC:A3:7D:1E:5E:01:FB:29:AE:49:A3:01:B5:0B:0D
Certificate issuer:       /CN=2f08df165d497d7a9b99e0e71f15ba07d184615a
Certificate serial:       018CC3489972FDCCE5835673948483BEBDD2
Authority key identifier: 2F:08:DF:16:5D:49:7D:7A:9B:99:E0:E7:1F:15:BA:07:D1:84:61:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/hXYXulCso30eXgH7Ka5JowG1Cw0.roa
Signing time:             Mon 01 Jan 2024 04:29:24 +0000
ROA not before:           Mon 01 Jan 2024 04:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35913
IP address blocks:        193.36.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 05:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:99:72:fd:cc:e5:83:56:73:94:84:83:be:bd:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f08df165d497d7a9b99e0e71f15ba07d184615a
        Validity
            Not Before: Jan  1 04:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=857617ba50aca37d1e5e01fb29ae49a301b50b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b2:59:3f:7e:b6:51:02:47:b4:f3:31:e0:ae:
                    ad:13:be:73:63:bb:c0:53:2b:35:4a:1c:23:2c:b4:
                    f7:59:ee:45:fc:4d:f1:e2:cd:78:78:55:a8:19:5b:
                    54:20:a1:34:33:2d:ec:f8:82:c3:50:d4:7f:0a:02:
                    f4:3a:84:a9:5d:f9:2c:92:ad:1a:3b:a6:bf:f2:73:
                    69:8f:b7:85:96:8e:8c:0f:07:21:e3:f8:b8:75:4e:
                    22:9e:0c:a6:9f:d0:c5:62:5e:28:58:22:20:0b:e7:
                    9e:3c:fd:94:24:af:e4:99:dd:f8:8b:dc:dd:d2:d3:
                    7e:1d:e1:66:23:3c:9c:c9:0b:a6:7e:68:91:0b:d7:
                    2d:46:d1:57:72:b4:c8:0f:b5:7a:18:95:9d:ca:a1:
                    cf:64:a2:93:97:61:d2:8c:ec:16:7f:62:07:04:73:
                    30:bb:17:00:d3:5b:93:81:a0:48:a9:78:51:a1:ec:
                    53:95:ec:63:5e:6f:e9:f5:81:06:2c:d5:e7:be:20:
                    c9:b4:03:94:a6:aa:f3:0e:2b:5b:6e:22:3d:ea:85:
                    89:5d:9d:38:ba:6b:2b:1b:e1:40:d1:66:15:a8:0d:
                    28:cc:94:61:0f:72:1d:40:5c:12:5a:07:c8:dc:20:
                    0a:89:72:76:71:2d:cf:98:ef:56:17:12:f6:d6:f8:
                    b1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:76:17:BA:50:AC:A3:7D:1E:5E:01:FB:29:AE:49:A3:01:B5:0B:0D
            X509v3 Authority Key Identifier:
                keyid:2F:08:DF:16:5D:49:7D:7A:9B:99:E0:E7:1F:15:BA:07:D1:84:61:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/hXYXulCso30eXgH7Ka5JowG1Cw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:da:3a:0a:86:99:8d:7a:4f:3c:15:15:90:83:10:38:f8:74:
         0d:67:e1:86:16:63:c8:23:32:20:0f:d8:61:d3:95:5f:93:fc:
         bd:51:d8:4d:7c:c0:29:f9:d3:4b:1a:22:12:58:a2:7d:06:ed:
         cf:53:60:e7:9c:f9:45:cb:fa:9a:47:4c:96:4e:04:83:ad:7a:
         df:c9:51:3d:cd:2f:51:38:a7:42:64:19:79:53:7e:3a:9c:04:
         89:18:39:b8:d3:62:80:85:9e:e7:8e:a4:2d:0c:79:01:21:fb:
         e3:04:b3:64:08:9d:d9:2a:13:cb:b1:a9:ca:c8:f7:eb:12:8e:
         18:d5:3d:ef:a1:85:cb:d4:32:15:ae:ea:1c:8f:7d:6b:a4:df:
         79:ee:59:46:62:10:55:67:eb:2b:43:c6:f9:9d:f7:bf:c4:04:
         5a:d0:6e:a1:4f:5b:c4:61:a8:ef:bd:aa:cf:ad:91:d3:22:1f:
         18:a1:ae:54:c0:65:db:ea:67:a0:51:13:cb:27:23:d6:cf:d5:
         72:08:31:e6:2a:a4:52:2d:be:f0:b1:0f:1b:a0:56:64:2d:ce:
         7a:aa:79:32:b2:48:89:5c:7c:d9:cc:43:b1:e1:99:a8:72:c3:
         9f:8b:9b:ba:b0:20:5f:ae:3d:9a:00:c6:5b:06:d0:6a:01:b2:
         f9:6f:d4:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJly/czlg1ZzlISDvr3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMDhkZjE2NWQ0OTdkN2E5Yjk5ZTBlNzFmMTViYTA3ZDE4
NDYxNWEwHhcNMjQwMTAxMDQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTc2MTdiYTUwYWNhMzdkMWU1ZTAxZmIyOWFlNDlhMzAxYjUwYjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLJZP362UQJHtPMx4K6tE75zY7vA
Uys1ShwjLLT3We5F/E3x4s14eFWoGVtUIKE0My3s+ILDUNR/CgL0OoSpXfkskq0a
O6a/8nNpj7eFlo6MDwch4/i4dU4ingymn9DFYl4oWCIgC+eePP2UJK/kmd34i9zd
0tN+HeFmIzycyQumfmiRC9ctRtFXcrTID7V6GJWdyqHPZKKTl2HSjOwWf2IHBHMw
uxcA01uTgaBIqXhRoexTlexjXm/p9YEGLNXnviDJtAOUpqrzDitbbiI96oWJXZ04
umsrG+FA0WYVqA0ozJRhD3IdQFwSWgfI3CAKiXJ2cS3PmO9WFxL21vix/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIV2F7pQrKN9Hl4B+ymuSaMBtQsNMB8GA1UdIwQY
MBaAFC8I3xZdSX16m5ng5x8VugfRhGFaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHdqZkZsMUpmWHFibWVEbkh4VzZCOUdFWVZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi84ZDAzNjAtZmJjMi00NmViLTlhYzIt
Y2FjM2U0MmFlMDNmLzEvaFhZWHVsQ3NvMzBlWGdIN0thNUpvd0cxQ3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi84ZDAzNjAtZmJjMi00NmViLTlhYzItY2FjM2U0MmFlMDNm
LzEvTHdqZkZsMUpmWHFibWVEbkh4VzZCOUdFWVZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSTjMA0G
CSqGSIb3DQEBCwUAA4IBAQBI2joKhpmNek88FRWQgxA4+HQNZ+GGFmPIIzIgD9hh
05Vfk/y9UdhNfMAp+dNLGiISWKJ9Bu3PU2DnnPlFy/qaR0yWTgSDrXrfyVE9zS9R
OKdCZBl5U346nASJGDm402KAhZ7njqQtDHkBIfvjBLNkCJ3ZKhPLsanKyPfrEo4Y
1T3voYXL1DIVruocj31rpN957llGYhBVZ+srQ8b5nfe/xARa0G6hT1vEYajvvarP
rZHTIh8Yoa5UwGXb6megURPLJyPWz9VyCDHmKqRSLb7wsQ8boFZkLc56qnkyskiJ
XHzZzEOx4ZmocsOfi5u6sCBfrj2aAMZbBtBqAbL5b9T3
-----END CERTIFICATE-----