Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/jScU1zFVjCaRKrDbPPQusY4_bns.roa
File:                     jScU1zFVjCaRKrDbPPQusY4_bns.roa (raw, json)
Hash identifier:          4SG9zb228Iu48jTcU1xr7DFLeKIwml/oUjk+0F3n0UE=
Subject key identifier:   8D:27:14:D7:31:55:8C:26:91:2A:B0:DB:3C:F4:2E:B1:8E:3F:6E:7B
Certificate issuer:       /CN=134bc7e6fdfbf738d23fc5ee5e5acb52befbc051
Certificate serial:       019420D662E73AC48CEF158140E1767B41BF
Authority key identifier: 13:4B:C7:E6:FD:FB:F7:38:D2:3F:C5:EE:5E:5A:CB:52:BE:FB:C0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E0vH5v379zjSP8XuXlrLUr77wFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/jScU1zFVjCaRKrDbPPQusY4_bns.roa
Signing time:             Wed 01 Jan 2025 07:48:28 +0000
ROA not before:           Wed 01 Jan 2025 07:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35368
IP address blocks:        185.36.136.0/22 maxlen: 22
                          2a04:6440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/E0vH5v379zjSP8XuXlrLUr77wFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/E0vH5v379zjSP8XuXlrLUr77wFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E0vH5v379zjSP8XuXlrLUr77wFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:62:e7:3a:c4:8c:ef:15:81:40:e1:76:7b:41:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=134bc7e6fdfbf738d23fc5ee5e5acb52befbc051
        Validity
            Not Before: Jan  1 07:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d2714d731558c26912ab0db3cf42eb18e3f6e7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8b:74:d3:24:58:da:d6:2b:50:41:0b:66:9b:
                    70:85:e2:99:2a:9f:82:fc:d7:51:b7:4a:18:3b:ee:
                    ae:4c:93:db:62:cb:83:21:c4:0c:57:b4:8f:b1:69:
                    4e:7c:dc:19:90:dc:c5:65:15:ec:d5:aa:9a:da:b1:
                    13:22:8b:bc:91:94:c8:5f:13:7c:3a:cc:c9:85:e4:
                    38:a3:4f:82:bc:37:35:91:24:88:b4:1c:e6:6e:79:
                    e0:68:77:56:7a:5b:9e:ba:57:91:9c:8a:e7:d3:f6:
                    de:5a:ee:85:90:07:70:d6:1b:01:c0:37:cc:92:a2:
                    8f:36:ee:5d:cd:9c:f2:91:97:dc:16:6b:61:e3:b7:
                    14:42:b3:ff:06:46:75:9e:6c:9c:53:c0:c7:8e:f8:
                    a9:21:be:1e:43:2f:a2:a4:23:ac:58:c9:92:c4:0e:
                    64:be:3e:da:70:e3:7a:0c:f8:90:a6:07:f6:58:56:
                    8e:04:a3:bd:94:14:1a:16:a0:f0:f5:79:47:f5:51:
                    9f:b6:62:0b:4f:97:56:32:f5:9a:26:8d:23:5d:2d:
                    ec:61:d1:60:bb:cd:9b:3a:58:03:51:b6:45:3d:17:
                    19:84:97:67:21:51:89:b2:98:8e:0a:dd:89:cf:82:
                    3d:b6:6c:55:56:44:e1:d6:f9:49:e9:63:bc:45:29:
                    06:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:27:14:D7:31:55:8C:26:91:2A:B0:DB:3C:F4:2E:B1:8E:3F:6E:7B
            X509v3 Authority Key Identifier:
                keyid:13:4B:C7:E6:FD:FB:F7:38:D2:3F:C5:EE:5E:5A:CB:52:BE:FB:C0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E0vH5v379zjSP8XuXlrLUr77wFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/jScU1zFVjCaRKrDbPPQusY4_bns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/E0vH5v379zjSP8XuXlrLUr77wFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.136.0/22
                IPv6:
                  2a04:6440::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:ad:df:48:87:49:de:03:d8:06:70:63:61:ec:7b:07:12:bd:
         e5:6b:f5:24:df:ac:f5:a4:d4:ca:7d:61:81:ec:62:d5:b7:2a:
         3e:17:98:22:53:ad:ad:31:a2:1e:43:bb:07:a9:d7:82:36:9c:
         9e:d4:df:75:d5:a9:81:aa:86:50:9e:16:78:4d:5e:22:6a:a4:
         9b:f1:f9:4e:40:ad:ae:a1:eb:b6:39:24:c2:0c:e4:45:f6:84:
         5a:4e:66:7d:fe:bd:d4:85:69:85:31:72:24:19:7f:d1:f6:20:
         58:4c:1c:a8:ac:91:2d:24:32:d1:56:4f:88:76:5e:e1:4e:99:
         48:a5:32:24:29:11:51:a7:a7:14:10:2d:b8:70:82:ac:06:d5:
         0f:f2:be:da:b8:b8:97:35:c5:4f:65:8d:91:81:e6:41:c3:ec:
         9f:dd:af:f7:84:4e:2e:16:57:74:ac:b9:72:15:8b:1b:fd:10:
         f2:1b:6b:31:a2:49:a8:0b:aa:d8:a6:55:2a:bd:68:03:cc:9f:
         75:d0:21:55:d1:2e:5d:aa:61:38:04:4a:f0:b9:76:43:f1:b3:
         64:c2:e2:d4:c3:02:dd:c0:20:88:20:ab:17:a6:80:3f:76:32:
         55:52:0a:97:de:8e:28:61:d8:e1:ae:4e:ad:c8:38:b9:c2:e0:
         b9:b6:fb:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1mLnOsSM7xWBQOF2e0G/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNGJjN2U2ZmRmYmY3MzhkMjNmYzVlZTVlNWFjYjUyYmVm
YmMwNTEwHhcNMjUwMTAxMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDI3MTRkNzMxNTU4YzI2OTEyYWIwZGIzY2Y0MmViMThlM2Y2ZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYt00yRY2tYrUEELZptwheKZKp+C
/NdRt0oYO+6uTJPbYsuDIcQMV7SPsWlOfNwZkNzFZRXs1aqa2rETIou8kZTIXxN8
OszJheQ4o0+CvDc1kSSItBzmbnngaHdWelueuleRnIrn0/beWu6FkAdw1hsBwDfM
kqKPNu5dzZzykZfcFmth47cUQrP/BkZ1nmycU8DHjvipIb4eQy+ipCOsWMmSxA5k
vj7acON6DPiQpgf2WFaOBKO9lBQaFqDw9XlH9VGftmILT5dWMvWaJo0jXS3sYdFg
u82bOlgDUbZFPRcZhJdnIVGJspiOCt2Jz4I9tmxVVkTh1vlJ6WO8RSkGIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI0nFNcxVYwmkSqw2zz0LrGOP257MB8GA1UdIwQY
MBaAFBNLx+b9+/c40j/F7l5ay1K++8BRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTB2SDV2Mzc5empTUDhYdVhsckxVcjc3d0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MDIwZDgtMDY4NC00NGY2LTg0ZDEt
ZDFkMGY5NmNhZDFlLzEvalNjVTF6RlZqQ2FSS3JEYlBQUXVzWTRfYm5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MDIwZDgtMDY4NC00NGY2LTg0ZDEtZDFkMGY5NmNhZDFl
LzEvRTB2SDV2Mzc5empTUDhYdVhsckxVcjc3d0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSSIMA0E
AgACMAcDBQMqBGRAMA0GCSqGSIb3DQEBCwUAA4IBAQAprd9Ih0neA9gGcGNh7HsH
Er3la/Uk36z1pNTKfWGB7GLVtyo+F5giU62tMaIeQ7sHqdeCNpye1N911amBqoZQ
nhZ4TV4iaqSb8flOQK2uoeu2OSTCDORF9oRaTmZ9/r3UhWmFMXIkGX/R9iBYTByo
rJEtJDLRVk+Idl7hTplIpTIkKRFRp6cUEC24cIKsBtUP8r7auLiXNcVPZY2RgeZB
w+yf3a/3hE4uFld0rLlyFYsb/RDyG2sxokmoC6rYplUqvWgDzJ910CFV0S5dqmE4
BErwuXZD8bNkwuLUwwLdwCCIIKsXpoA/djJVUgqX3o4oYdjhrk6tyDi5wuC5tvu1
-----END CERTIFICATE-----