Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/pKNX2LuiAcPrSsAJL-sH5bW97Hk.roa
File:                     pKNX2LuiAcPrSsAJL-sH5bW97Hk.roa (raw, json)
Hash identifier:          B5QeIno3orqrRB3Ub3fJhHZZWxl+6wwatX4u1ow+ImY=
Subject key identifier:   A4:A3:57:D8:BB:A2:01:C3:EB:4A:C0:09:2F:EB:07:E5:B5:BD:EC:79
Certificate issuer:       /CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
Certificate serial:       018CC4245F592BBBA59AFA487A97C39A03FF
Authority key identifier: 36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/pKNX2LuiAcPrSsAJL-sH5bW97Hk.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205093
IP address blocks:        185.230.236.0/24 maxlen: 24
                          185.230.238.0/24 maxlen: 24
                          185.230.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5f:59:2b:bb:a5:9a:fa:48:7a:97:c3:9a:03:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36f76211f3c58f6c98af99cf65a6f1e8ff7c43ba
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4a357d8bba201c3eb4ac0092feb07e5b5bdec79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:75:9a:ae:97:73:d3:85:d8:61:0b:01:3d:91:
                    99:8a:ed:78:00:da:2f:3f:0f:62:b7:8a:ea:32:07:
                    3b:86:55:56:d0:a1:38:88:ce:b7:f1:5e:f1:61:45:
                    74:c2:2a:f6:89:46:3c:90:72:c2:a0:de:f4:e4:1d:
                    46:cc:05:23:d7:61:cd:cd:0f:67:9d:1d:b0:7c:4e:
                    09:94:4a:5e:ec:2b:ed:c0:42:9a:c5:1b:41:fb:f0:
                    b0:c3:9b:4e:9f:75:54:89:aa:a5:7b:15:ec:db:f8:
                    5d:5b:61:fb:90:10:e8:61:3c:b4:91:6b:16:01:a7:
                    21:21:43:f2:af:3e:59:33:2f:8f:ce:c6:03:fd:16:
                    29:0c:d6:11:90:4d:59:cd:c1:ec:fc:cf:33:7d:46:
                    ea:60:df:03:7b:7b:9e:1e:6b:a6:7c:40:b5:ed:ba:
                    3a:44:5b:c1:d5:b4:4f:a2:d1:f1:d2:2a:cd:e8:82:
                    e9:a1:db:a9:11:92:26:70:77:d8:1a:55:a6:d8:78:
                    52:42:29:ed:a0:b0:c1:56:1a:17:3b:64:70:b2:5e:
                    69:7f:c9:5a:f0:a6:8b:32:e6:25:c5:0b:ef:f8:ec:
                    68:b0:bd:8a:7f:1e:76:2a:47:e7:e1:d2:4a:99:55:
                    80:fa:bb:c7:e3:9f:ba:71:f6:a1:65:c0:24:86:88:
                    ab:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A3:57:D8:BB:A2:01:C3:EB:4A:C0:09:2F:EB:07:E5:B5:BD:EC:79
            X509v3 Authority Key Identifier:
                keyid:36:F7:62:11:F3:C5:8F:6C:98:AF:99:CF:65:A6:F1:E8:FF:7C:43:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NvdiEfPFj2yYr5nPZabx6P98Q7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/pKNX2LuiAcPrSsAJL-sH5bW97Hk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/fcad2d-86d9-42b1-b115-2fcf396253b8/1/NvdiEfPFj2yYr5nPZabx6P98Q7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.236.0-185.230.238.255

    Signature Algorithm: sha256WithRSAEncryption
         5f:61:6e:64:53:96:bd:42:88:d3:8f:0b:b0:f8:cf:58:48:19:
         36:70:06:f4:7f:ea:1b:d2:2a:4b:ba:95:a9:03:74:10:bd:8e:
         24:04:b4:3d:1c:b0:ba:79:6e:91:69:3a:28:24:19:af:2c:91:
         eb:82:e9:e3:54:62:26:63:0b:51:32:b1:33:aa:29:11:f9:0a:
         0a:36:a6:05:49:d7:35:76:0d:48:45:fd:7e:59:8a:02:4d:4c:
         f9:db:93:56:09:1d:fb:25:e2:a0:2d:3b:b4:1e:6a:80:37:ed:
         27:b5:ed:b4:30:fe:46:99:63:90:a4:42:98:9d:08:13:20:b8:
         86:07:9e:a3:2d:db:fd:a3:e6:b1:d2:79:a0:84:c0:59:40:35:
         24:75:11:ca:3d:5d:e8:8c:2a:36:0f:a0:15:f6:fc:67:b9:16:
         c4:4d:bb:6c:ea:10:61:28:42:ca:05:75:ec:cf:b4:4c:20:99:
         77:d3:2e:fb:e8:9d:30:52:8d:49:96:2c:73:de:4e:54:ee:06:
         05:b7:dd:55:d7:5b:18:a4:87:9f:5e:22:02:06:8a:98:87:2f:
         d8:78:79:46:2b:4f:ec:48:cd:29:d8:d2:e0:23:d7:f1:5a:fd:
         a1:b9:c7:e3:94:ef:51:ed:b9:46:98:50:b4:d9:cd:16:d2:29:
         d8:74:08:ee
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJF9ZK7ulmvpIepfDmgP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2Zjc2MjExZjNjNThmNmM5OGFmOTljZjY1YTZmMWU4ZmY3
YzQzYmEwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGEzNTdkOGJiYTIwMWMzZWI0YWMwMDkyZmViMDdlNWI1YmRlYzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3Warpdz04XYYQsBPZGZiu14ANov
Pw9it4rqMgc7hlVW0KE4iM638V7xYUV0wir2iUY8kHLCoN705B1GzAUj12HNzQ9n
nR2wfE4JlEpe7CvtwEKaxRtB+/Cww5tOn3VUiaqlexXs2/hdW2H7kBDoYTy0kWsW
AachIUPyrz5ZMy+PzsYD/RYpDNYRkE1ZzcHs/M8zfUbqYN8De3ueHmumfEC17bo6
RFvB1bRPotHx0irN6ILpodupEZImcHfYGlWm2HhSQintoLDBVhoXO2Rwsl5pf8la
8KaLMuYlxQvv+OxosL2Kfx52Kkfn4dJKmVWA+rvH45+6cfahZcAkhoirvwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKSjV9i7ogHD60rACS/rB+W1vex5MB8GA1UdIwQY
MBaAFDb3YhHzxY9smK+Zz2Wm8ej/fEO6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUt
MmZjZjM5NjI1M2I4LzEvcEtOWDJMdWlBY1ByU3NBSkwtc0g1Ylc5N0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9mY2FkMmQtODZkOS00MmIxLWIxMTUtMmZjZjM5NjI1M2I4
LzEvTnZkaUVmUEZqMnlZcjVuUFphYng2UDk4UTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK55uwD
BAC55u4wDQYJKoZIhvcNAQELBQADggEBAF9hbmRTlr1CiNOPC7D4z1hIGTZwBvR/
6hvSKku6lakDdBC9jiQEtD0csLp5bpFpOigkGa8skeuC6eNUYiZjC1EysTOqKRH5
Cgo2pgVJ1zV2DUhF/X5ZigJNTPnbk1YJHfsl4qAtO7QeaoA37Se17bQw/kaZY5Ck
QpidCBMguIYHnqMt2/2j5rHSeaCEwFlANSR1Eco9XeiMKjYPoBX2/Ge5FsRNu2zq
EGEoQsoFdezPtEwgmXfTLvvonTBSjUmWLHPeTlTuBgW33VXXWxikh59eIgIGipiH
L9h4eUYrT+xIzSnY0uAj1/Fa/aG5x+OU71HtuUaYULTZzRbSKdh0CO4=
-----END CERTIFICATE-----