Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1SxSceikRCBBtYC59hJFLLYlqr4.roa
File:                     1SxSceikRCBBtYC59hJFLLYlqr4.roa (raw, json)
Hash identifier:          0BenfeIf2/XW2+uLr9tL1oDHTbJpDvDuK7UU1nWmDyM=
Subject key identifier:   D5:2C:52:71:E8:A4:44:20:41:B5:80:B9:F6:12:45:2C:B6:25:AA:BE
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018EE60453DC79C8A5637A428C0FF1F3EFAE
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1SxSceikRCBBtYC59hJFLLYlqr4.roa
Signing time:             Tue 16 Apr 2024 08:27:07 +0000
ROA not before:           Tue 16 Apr 2024 08:27:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210636
IP address blocks:        94.176.111.0/24 maxlen: 24
                          217.74.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:04:53:dc:79:c8:a5:63:7a:42:8c:0f:f1:f3:ef:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr 16 08:27:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d52c5271e8a4442041b580b9f612452cb625aabe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d9:bf:eb:d0:63:ad:05:47:c3:bc:76:8a:82:
                    ef:e6:f2:fd:ef:46:a1:c5:b8:54:1c:46:d1:ee:49:
                    62:4f:d1:56:59:e5:b2:34:33:95:08:f8:c6:65:c4:
                    e0:71:b9:e3:56:54:45:30:19:3e:3c:f3:50:c3:37:
                    14:5a:56:d8:9f:62:a4:b8:64:fb:97:87:a7:28:4f:
                    01:5e:5b:30:8a:2d:f6:8e:7f:ae:83:dc:64:d7:07:
                    5c:ef:e7:f4:42:37:67:20:ac:90:f0:21:bc:8d:94:
                    28:0a:0a:98:95:60:6b:a9:29:ff:07:f4:a6:a3:51:
                    3c:01:dc:18:4a:d8:e3:73:ed:df:c1:76:f6:0a:03:
                    0f:4a:ef:b5:2e:e2:cc:bc:f8:de:f1:c0:f5:3d:c8:
                    fa:05:3f:5a:0b:da:12:4e:29:12:b1:c0:2d:c5:ae:
                    df:73:ce:d8:9b:05:c8:d2:00:94:88:67:e0:cc:a8:
                    f5:40:a5:3d:0b:c3:fc:d9:e3:85:30:b4:e3:2f:c0:
                    c1:c9:56:f8:e4:5b:56:04:2a:f1:f4:f7:98:8e:25:
                    fb:ce:a8:2a:c1:12:ff:61:d3:ff:1b:37:2b:8c:6a:
                    6a:7c:81:4d:ee:aa:02:6a:1e:15:ff:b5:41:a2:d5:
                    b9:1e:56:a4:c6:32:42:5c:24:3d:65:fe:bf:2a:5d:
                    39:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:2C:52:71:E8:A4:44:20:41:B5:80:B9:F6:12:45:2C:B6:25:AA:BE
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/1SxSceikRCBBtYC59hJFLLYlqr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.176.111.0/24
                  217.74.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:ca:73:14:7c:0d:f4:3a:dc:0c:88:ac:32:e7:af:37:84:e5:
         34:62:2d:49:5d:0b:33:e0:53:eb:f9:8b:7b:9e:3a:15:2f:bb:
         d0:1e:bd:e2:f9:20:f7:08:ec:ab:0d:85:64:a4:c5:9b:67:b8:
         c0:d9:3e:4c:80:26:03:b1:7a:29:e2:f3:4e:bc:30:af:47:39:
         b3:ae:42:ee:e8:09:62:3f:6c:21:80:01:e8:a5:33:5e:f4:8f:
         ae:34:74:a5:0c:18:ae:6f:12:0e:cf:2b:d2:f6:64:72:82:8d:
         12:87:38:37:1c:3d:7b:2e:36:04:21:b5:ad:39:23:ce:fa:b0:
         47:d6:9e:5e:57:0c:11:c8:70:0d:6f:15:b5:87:19:a0:82:70:
         a5:b3:c0:79:45:bd:b9:72:55:5b:96:9d:79:28:03:10:67:9e:
         72:47:9b:2a:15:6d:f0:8c:69:42:e0:03:1a:50:ec:1c:19:6e:
         b9:55:32:b4:a1:bb:f4:ca:7d:c2:52:fe:a6:f8:3e:3d:d3:aa:
         38:35:50:3b:c6:9b:7d:d9:7f:22:0c:fd:b7:00:a7:d4:8a:64:
         36:da:6c:ca:66:6f:5f:ec:95:0b:7d:4b:2b:c9:48:6c:b5:07:
         4b:a7:69:4e:a6:5e:66:60:b1:e7:eb:ad:ef:d8:af:a6:d7:44:
         f0:e5:67:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7mBFPcecilY3pCjA/x8++uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwNDE2MDgyNzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTJjNTI3MWU4YTQ0NDIwNDFiNTgwYjlmNjEyNDUyY2I2MjVhYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNm/69BjrQVHw7x2ioLv5vL970ah
xbhUHEbR7kliT9FWWeWyNDOVCPjGZcTgcbnjVlRFMBk+PPNQwzcUWlbYn2KkuGT7
l4enKE8BXlswii32jn+ug9xk1wdc7+f0QjdnIKyQ8CG8jZQoCgqYlWBrqSn/B/Sm
o1E8AdwYStjjc+3fwXb2CgMPSu+1LuLMvPje8cD1Pcj6BT9aC9oSTikSscAtxa7f
c87YmwXI0gCUiGfgzKj1QKU9C8P82eOFMLTjL8DByVb45FtWBCrx9PeYjiX7zqgq
wRL/YdP/GzcrjGpqfIFN7qoCah4V/7VBotW5HlakxjJCXCQ9Zf6/Kl05HQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNUsUnHopEQgQbWAufYSRSy2Jaq+MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMVN4U2NlaWtSQ0JCdFlDNTloSkZMTFlscXI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXrBvAwQA
2UoUMA0GCSqGSIb3DQEBCwUAA4IBAQBPynMUfA30OtwMiKwy5683hOU0Yi1JXQsz
4FPr+Yt7njoVL7vQHr3i+SD3COyrDYVkpMWbZ7jA2T5MgCYDsXop4vNOvDCvRzmz
rkLu6AliP2whgAHopTNe9I+uNHSlDBiubxIOzyvS9mRygo0Shzg3HD17LjYEIbWt
OSPO+rBH1p5eVwwRyHANbxW1hxmggnCls8B5Rb25clVblp15KAMQZ55yR5sqFW3w
jGlC4AMaUOwcGW65VTK0obv0yn3CUv6m+D4906o4NVA7xpt92X8iDP23AKfUimQ2
2mzKZm9f7JULfUsryUhstQdLp2lOpl5mYLHn663v2K+m10Tw5We4
-----END CERTIFICATE-----