Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/636HSGBq33UTNeyQ-5acQFLs8iM.roa
File:                     636HSGBq33UTNeyQ-5acQFLs8iM.roa (raw, json)
Hash identifier:          PqqtGnqJJgrsKBYh7lS0totyET6RYbJRFaSZyuRgFVM=
Subject key identifier:   EB:7E:87:48:60:6A:DF:75:13:35:EC:90:FB:96:9C:40:52:EC:F2:23
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7953B5342318C3CBD2837A6D0A91A5E
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/636HSGBq33UTNeyQ-5acQFLs8iM.roa
Signing time:             Tue 02 Jan 2024 00:31:35 +0000
ROA not before:           Tue 02 Jan 2024 00:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398343
IP address blocks:        193.233.84.0/24 maxlen: 24
                          193.233.204.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3b:53:42:31:8c:3c:bd:28:37:a6:d0:a9:1a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb7e8748606adf751335ec90fb969c4052ecf223
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:19:a2:fc:98:0a:bf:bd:61:da:4a:09:17:3f:
                    ba:ba:a5:cc:ad:19:aa:38:e8:0e:8a:10:1c:55:f8:
                    d5:84:ef:90:59:96:7c:ac:36:89:e7:c1:6b:d2:ce:
                    89:52:b2:25:41:4c:4e:d3:04:ac:dc:cc:7d:84:4e:
                    97:83:13:eb:fe:d0:6e:1a:4f:01:64:7e:4c:6a:9f:
                    d3:c3:06:85:a9:99:a1:87:59:2c:10:85:09:44:a4:
                    83:16:09:0a:ba:64:60:fb:2e:ee:66:b0:cb:df:ec:
                    fd:37:da:60:eb:0b:5e:d1:73:e7:7c:83:e0:8d:df:
                    88:88:dd:6b:dc:6f:a7:e3:63:dd:e8:fd:67:b3:90:
                    55:f7:29:49:40:46:af:76:8b:e0:75:82:bd:c8:4d:
                    ff:3d:1e:29:17:8d:81:c5:cf:49:38:89:e8:45:f0:
                    3a:4d:04:f5:a2:65:6e:57:ee:aa:28:04:76:4d:64:
                    86:18:44:29:ac:db:0b:d6:cf:04:37:51:5d:be:e4:
                    6e:b7:b6:20:b6:7b:3d:a5:a5:39:de:0f:a4:f4:11:
                    f6:87:a2:f5:91:45:83:45:ab:bf:83:45:2b:41:3a:
                    f6:a5:82:d0:47:33:9b:43:29:8f:7d:39:e8:c8:60:
                    a6:09:74:51:d7:3e:71:31:29:bb:68:27:82:77:82:
                    87:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:7E:87:48:60:6A:DF:75:13:35:EC:90:FB:96:9C:40:52:EC:F2:23
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/636HSGBq33UTNeyQ-5acQFLs8iM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.84.0/24
                  193.233.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:1d:82:ac:c4:60:7b:b9:1b:0c:5c:32:fc:33:2c:14:27:b2:
         e0:02:9a:2a:07:4d:f6:d5:1c:d8:e9:6c:85:78:1a:76:58:bc:
         17:87:89:56:1c:7d:63:34:f2:6f:ee:d7:67:68:87:9e:ff:69:
         be:21:de:df:51:ae:55:bb:4d:a5:27:44:ff:58:1d:ac:03:1d:
         9a:ff:fd:6c:cf:e1:f0:c1:5d:c5:f0:70:2e:eb:0e:e0:f5:cb:
         7b:76:e0:f3:db:86:75:42:fc:10:7d:75:b7:0d:63:7e:7f:91:
         65:bb:07:cc:8c:e7:8a:87:3c:a3:ed:8f:ee:a5:cd:ee:66:c6:
         28:6b:f0:36:f4:20:97:d1:02:dd:92:97:66:ae:ce:ed:2c:21:
         49:d7:35:95:f9:84:9b:63:8d:75:58:68:65:c8:64:57:dc:f3:
         a6:99:9b:1b:9e:69:21:50:fd:c0:29:c2:1b:b3:10:53:71:07:
         17:a5:78:83:40:06:cd:3c:f9:03:10:24:92:25:a8:19:d0:0b:
         b9:7e:ca:79:bc:88:57:18:aa:f9:7f:7c:9e:ad:53:bb:d7:dc:
         e8:c7:0b:ab:b6:e1:9f:2c:90:df:6e:49:81:81:ee:35:33:61:
         a1:15:3d:b6:22:4f:2f:80:9f:b7:87:61:17:ed:fe:53:d2:8f:
         6a:9d:4c:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlTtTQjGMPL0oN6bQqRpeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjdlODc0ODYwNmFkZjc1MTMzNWVjOTBmYjk2OWM0MDUyZWNmMjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhmi/JgKv71h2koJFz+6uqXMrRmq
OOgOihAcVfjVhO+QWZZ8rDaJ58Fr0s6JUrIlQUxO0wSs3Mx9hE6XgxPr/tBuGk8B
ZH5Map/TwwaFqZmhh1ksEIUJRKSDFgkKumRg+y7uZrDL3+z9N9pg6wte0XPnfIPg
jd+IiN1r3G+n42Pd6P1ns5BV9ylJQEavdovgdYK9yE3/PR4pF42Bxc9JOInoRfA6
TQT1omVuV+6qKAR2TWSGGEQprNsL1s8EN1FdvuRut7Ygtns9paU53g+k9BH2h6L1
kUWDRau/g0UrQTr2pYLQRzObQymPfTnoyGCmCXRR1z5xMSm7aCeCd4KHKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOt+h0hgat91EzXskPuWnEBS7PIjMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvNjM2SFNHQnEzM1VUTmV5US01YWNRRkxzOGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwelUAwQC
wenMMA0GCSqGSIb3DQEBCwUAA4IBAQCFHYKsxGB7uRsMXDL8MywUJ7LgApoqB032
1RzY6WyFeBp2WLwXh4lWHH1jNPJv7tdnaIee/2m+Id7fUa5Vu02lJ0T/WB2sAx2a
//1sz+HwwV3F8HAu6w7g9ct7duDz24Z1QvwQfXW3DWN+f5FluwfMjOeKhzyj7Y/u
pc3uZsYoa/A29CCX0QLdkpdmrs7tLCFJ1zWV+YSbY411WGhlyGRX3POmmZsbnmkh
UP3AKcIbsxBTcQcXpXiDQAbNPPkDECSSJagZ0Au5fsp5vIhXGKr5f3yerVO719zo
xwurtuGfLJDfbkmBge41M2GhFT22Ik8vgJ+3h2EX7f5T0o9qnUyK
-----END CERTIFICATE-----