Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2q_yRh3VHPZzv_d-DDHWlBmGz7M.roa
File:                     2q_yRh3VHPZzv_d-DDHWlBmGz7M.roa (raw, json)
Hash identifier:          BICTXrEUURWWGeJyg3xk7FrRUpL1xwwxHZ9IQ9IUVaE=
Subject key identifier:   DA:AF:F2:46:1D:D5:1C:F6:73:BF:F7:7E:0C:31:D6:94:19:86:CF:B3
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501218B2F249F7C56C11B974492C678
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2q_yRh3VHPZzv_d-DDHWlBmGz7M.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        89.35.159.0/24 maxlen: 24
                          92.114.107.0/24 maxlen: 24
                          89.43.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:21:8b:2f:24:9f:7c:56:c1:1b:97:44:92:c6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=daaff2461dd51cf673bff77e0c31d6941986cfb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9d:ba:6a:48:66:9e:ae:60:99:65:b2:f3:83:
                    04:91:92:7b:67:45:87:89:26:46:cd:75:f7:54:2e:
                    43:03:08:5a:e3:48:b9:c1:c7:2c:f9:71:f3:80:90:
                    3a:5b:0e:80:d2:89:1b:df:74:f9:1c:3e:67:d1:ec:
                    c8:d7:89:59:56:c3:a0:1d:d3:58:d4:d0:96:83:39:
                    4b:a8:0c:33:7b:89:b2:9a:ba:59:05:01:1d:56:c8:
                    93:6c:43:88:b9:ab:90:2f:a1:1c:c2:93:2f:04:a1:
                    be:07:51:a4:1b:b9:b3:a9:e4:5a:d9:6b:3d:37:5b:
                    ce:ba:f3:51:3e:ea:85:27:d3:73:d1:70:10:fb:06:
                    fa:9f:33:99:20:b9:6f:d7:68:79:ab:fb:4f:20:9e:
                    76:10:7b:e2:80:6a:93:2c:8b:95:a3:50:de:f2:e4:
                    d8:84:c4:0d:db:bf:79:34:bf:94:12:8e:26:71:cc:
                    de:53:74:e0:ac:96:78:c5:b0:60:98:d2:29:50:e2:
                    43:77:96:9e:fd:3a:28:ec:c1:ad:e0:62:62:5e:fa:
                    53:5b:57:11:2f:94:f2:62:41:75:ef:2e:24:ad:81:
                    88:9e:12:e1:c2:c3:19:86:80:3f:92:97:fe:a6:14:
                    61:0b:01:c9:63:5e:51:5d:91:f3:17:8a:cf:2a:a3:
                    5b:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:AF:F2:46:1D:D5:1C:F6:73:BF:F7:7E:0C:31:D6:94:19:86:CF:B3
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2q_yRh3VHPZzv_d-DDHWlBmGz7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.159.0/24
                  89.43.199.0/24
                  92.114.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:e5:5f:b8:29:87:f4:f2:24:ce:ce:9f:5f:4a:76:94:49:a3:
         26:8c:c3:6e:10:4b:3c:8c:2f:ad:59:44:fe:0d:03:0d:94:94:
         c2:4d:7e:34:76:ea:8f:9b:18:04:02:8c:bd:19:b9:c4:b1:ef:
         98:39:6a:12:fd:ef:6d:b2:92:cb:72:0d:1b:06:5b:d7:56:61:
         ba:2c:e0:07:eb:cc:8f:43:49:b7:ab:b1:ec:1c:1f:24:4c:5a:
         37:a2:3a:14:dc:20:87:1a:88:5b:7f:4e:c6:f3:33:b7:46:20:
         0e:50:47:b7:ab:a9:0d:57:1f:23:14:28:07:f0:2c:ae:0a:55:
         93:28:b4:de:24:73:58:77:a9:be:6c:c2:d2:98:3d:a3:5e:d6:
         6e:43:45:ff:38:5c:f3:11:da:46:cb:c4:0e:14:2e:73:b6:41:
         74:bc:72:dc:7d:29:88:a3:66:cd:7c:db:51:ed:dd:42:87:f0:
         25:74:c9:62:3b:d1:11:00:ad:a6:86:1e:09:0a:9c:c9:44:00:
         15:96:2b:37:7c:93:81:91:4b:12:71:fe:3a:73:02:cc:30:1b:
         c2:fa:df:44:99:b0:1d:9e:b3:81:b8:c1:99:f8:df:c5:a7:b8:
         53:2a:37:ec:08:f1:cd:50:56:9f:69:f5:bf:6a:cd:3f:cf:ae:
         5f:7d:42:71
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFASGLLySffFbBG5dEksZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWFmZjI0NjFkZDUxY2Y2NzNiZmY3N2UwYzMxZDY5NDE5ODZjZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ26akhmnq5gmWWy84MEkZJ7Z0WH
iSZGzXX3VC5DAwha40i5wccs+XHzgJA6Ww6A0okb33T5HD5n0ezI14lZVsOgHdNY
1NCWgzlLqAwze4mymrpZBQEdVsiTbEOIuauQL6EcwpMvBKG+B1GkG7mzqeRa2Ws9
N1vOuvNRPuqFJ9Nz0XAQ+wb6nzOZILlv12h5q/tPIJ52EHvigGqTLIuVo1De8uTY
hMQN2795NL+UEo4mcczeU3TgrJZ4xbBgmNIpUOJDd5ae/Too7MGt4GJiXvpTW1cR
L5TyYkF17y4krYGInhLhwsMZhoA/kpf+phRhCwHJY15RXZHzF4rPKqNb/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNqv8kYd1Rz2c7/3fgwx1pQZhs+zMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMnFfeVJoM1ZIUFp6dl9kLURESFdsQm1HejdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSOfAwQA
WSvHAwQAXHJrMA0GCSqGSIb3DQEBCwUAA4IBAQBX5V+4KYf08iTOzp9fSnaUSaMm
jMNuEEs8jC+tWUT+DQMNlJTCTX40duqPmxgEAoy9GbnEse+YOWoS/e9tspLLcg0b
BlvXVmG6LOAH68yPQ0m3q7HsHB8kTFo3ojoU3CCHGohbf07G8zO3RiAOUEe3q6kN
Vx8jFCgH8CyuClWTKLTeJHNYd6m+bMLSmD2jXtZuQ0X/OFzzEdpGy8QOFC5ztkF0
vHLcfSmIo2bNfNtR7d1Ch/AldMliO9ERAK2mhh4JCpzJRAAVlis3fJOBkUsScf46
cwLMMBvC+t9EmbAdnrOBuMGZ+N/Fp7hTKjfsCPHNUFafafW/as0/z65ffUJx
-----END CERTIFICATE-----