Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-6xVbHorISpKI8hds7FBWy3Ez3Q.roa
File:                     1-6xVbHorISpKI8hds7FBWy3Ez3Q.roa (raw, json)
Hash identifier:          /9ks9Uaaw8zCHgHyZ3+ZtYNPE1IJYhqNJypAybnA0uU=
Subject key identifier:   FB:AC:55:6C:7A:2B:21:2A:4A:23:C8:5D:B3:B1:41:5B:2D:C4:CF:74
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018D6E85C2A829D1C04DD4B92C1FFFD4D770
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-6xVbHorISpKI8hds7FBWy3Ez3Q.roa
Signing time:             Sat 03 Feb 2024 10:31:16 +0000
ROA not before:           Sat 03 Feb 2024 10:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        203.0.8.0/24 maxlen: 24
                          203.0.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6e:85:c2:a8:29:d1:c0:4d:d4:b9:2c:1f:ff:d4:d7:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb  3 10:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fbac556c7a2b212a4a23c85db3b1415b2dc4cf74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:49:f8:6d:21:fb:6a:66:e3:26:18:60:ba:dc:
                    5a:db:24:f1:43:ec:46:9f:53:2a:5d:48:80:6f:83:
                    62:cf:cb:89:a8:b3:c6:a4:80:e6:d2:29:d5:60:7d:
                    84:4d:d4:d2:a9:4b:de:98:0e:95:d3:05:4b:fd:2b:
                    2f:ec:7e:ed:48:5a:e2:9b:ca:d8:ac:6a:4e:19:3c:
                    34:f5:f5:aa:37:1c:0b:9d:d0:38:24:41:07:75:c7:
                    c7:07:6b:86:5a:ba:0d:58:82:91:8c:45:9a:d6:01:
                    2d:f1:5e:93:f2:8f:27:b4:af:73:13:a2:13:01:0b:
                    57:e3:6d:5a:c3:a0:9d:c2:c9:9d:cf:40:1c:f8:bd:
                    6a:94:b5:ed:9b:43:fe:0b:09:bb:41:5b:07:dc:4f:
                    ea:12:73:d1:cd:81:40:75:f9:cb:db:ac:b9:81:20:
                    6d:f9:f2:16:05:bf:48:6f:b9:9b:cb:6d:f8:58:e0:
                    63:63:62:dc:22:9d:80:61:2b:0b:b8:00:51:89:5b:
                    95:62:4c:f6:40:8d:58:f8:0f:52:da:6d:0a:39:a1:
                    8f:2a:3c:d6:5b:95:e2:cb:bf:cf:f0:53:1f:17:56:
                    d7:2e:ff:01:81:98:59:7e:36:1d:e6:c0:00:4e:09:
                    35:49:ae:4b:85:99:93:54:a5:6d:ef:95:90:50:b9:
                    14:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:AC:55:6C:7A:2B:21:2A:4A:23:C8:5D:B3:B1:41:5B:2D:C4:CF:74
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1-6xVbHorISpKI8hds7FBWy3Ez3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.0.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:de:71:c6:27:5a:2d:00:4a:a1:e7:40:22:24:9b:14:24:91:
         6a:01:67:4e:5e:14:73:f7:e7:1f:6f:a2:3d:83:a1:a0:40:84:
         18:b4:64:ef:1b:e9:e9:c4:48:47:b5:50:a8:32:86:e0:a3:f2:
         e3:8b:a6:34:05:73:20:a2:69:66:a3:d7:59:81:0d:ac:9f:6e:
         4a:44:69:07:c4:9a:41:4b:fa:91:9e:75:d6:f7:d6:da:af:ef:
         10:23:91:65:2c:76:f1:42:34:51:e4:dd:3f:2b:ef:9c:20:8e:
         d1:15:e5:f4:79:92:eb:ec:92:06:b8:17:19:2d:21:a8:34:df:
         7e:69:51:bd:a9:5b:2a:13:4a:d3:84:51:10:84:e6:d9:46:0d:
         6d:70:64:8b:78:d3:9a:24:48:a3:7d:91:11:86:6e:66:df:fe:
         b7:18:07:a3:e6:8f:b5:4a:39:d5:24:52:1a:03:44:e7:e4:cf:
         e5:5e:7a:d2:0e:c1:ad:33:19:ac:ff:47:79:13:0a:4a:7d:ff:
         98:4f:39:c4:02:de:95:2d:e4:c6:fd:43:04:be:8a:00:c7:84:
         ab:a9:ce:2c:05:8a:ba:69:63:1c:01:c5:bc:aa:45:a5:16:50:
         82:18:f8:db:43:48:5b:6f:59:3d:b5:0d:6c:12:fa:1e:85:df:
         5d:c8:c0:74
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY1uhcKoKdHATdS5LB//1NdwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMjAzMTAzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmFjNTU2YzdhMmIyMTJhNGEyM2M4NWRiM2IxNDE1YjJkYzRjZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0n4bSH7ambjJhhgutxa2yTxQ+xG
n1MqXUiAb4Niz8uJqLPGpIDm0inVYH2ETdTSqUvemA6V0wVL/Ssv7H7tSFrim8rY
rGpOGTw09fWqNxwLndA4JEEHdcfHB2uGWroNWIKRjEWa1gEt8V6T8o8ntK9zE6IT
AQtX421aw6Cdwsmdz0Ac+L1qlLXtm0P+Cwm7QVsH3E/qEnPRzYFAdfnL26y5gSBt
+fIWBb9Ib7mby234WOBjY2LcIp2AYSsLuABRiVuVYkz2QI1Y+A9S2m0KOaGPKjzW
W5Xiy7/P8FMfF1bXLv8BgZhZfjYd5sAATgk1Sa5LhZmTVKVt75WQULkU4QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPusVWx6KyEqSiPIXbOxQVstxM90MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMS02eFZiSG9ySVNwS0k4aGRzN0ZCV3kzRXozUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1
OC8xL05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAcsACDAN
BgkqhkiG9w0BAQsFAAOCAQEAlN5xxidaLQBKoedAIiSbFCSRagFnTl4Uc/fnH2+i
PYOhoECEGLRk7xvp6cRIR7VQqDKG4KPy44umNAVzIKJpZqPXWYENrJ9uSkRpB8Sa
QUv6kZ511vfW2q/vECORZSx28UI0UeTdPyvvnCCO0RXl9HmS6+ySBrgXGS0hqDTf
fmlRvalbKhNK04RREITm2UYNbXBki3jTmiRIo32REYZuZt/+txgHo+aPtUo51SRS
GgNE5+TP5V560g7BrTMZrP9HeRMKSn3/mE85xALelS3kxv1DBL6KAMeEq6nOLAWK
umljHAHFvKpFpRZQghj420NIW29ZPbUNbBL6HoXfXcjAdA==
-----END CERTIFICATE-----