Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/55YeWzPZnDcp2IAS-tEbPVhOEjY.roa
File:                     55YeWzPZnDcp2IAS-tEbPVhOEjY.roa (raw, json)
Hash identifier:          UKJDchCpUEcIUAj0LpuGG2Dsis1DTVSIF2UIwRzgGLs=
Subject key identifier:   E7:96:1E:5B:33:D9:9C:37:29:D8:80:12:FA:D1:1B:3D:58:4E:12:36
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50123762A912FAC5D385827B395A197
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/55YeWzPZnDcp2IAS-tEbPVhOEjY.roa
Signing time:             Mon 01 Jan 2024 12:30:35 +0000
ROA not before:           Mon 01 Jan 2024 12:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202602
IP address blocks:        188.215.229.0/24 maxlen: 24
                          185.214.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:23:76:2a:91:2f:ac:5d:38:58:27:b3:95:a1:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7961e5b33d99c3729d88012fad11b3d584e1236
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:3b:2b:2c:75:33:24:81:28:52:35:13:03:eb:
                    fa:d1:fa:12:10:bc:4a:71:9d:ce:c9:9c:cd:17:f3:
                    2a:a4:0d:a6:eb:e6:d6:b1:91:bd:ae:fe:c9:93:27:
                    e1:bd:61:aa:82:26:40:20:65:67:d6:c8:94:04:1b:
                    63:14:93:95:ed:17:2e:27:33:c1:52:65:dc:36:db:
                    1a:f5:93:43:ae:c8:f6:1d:21:e7:48:ab:f2:9c:39:
                    bc:dd:0e:ea:33:8e:3a:fa:d4:1e:a3:5c:ab:5a:ad:
                    62:0e:3a:b1:08:08:5e:f4:d9:c6:c4:8b:ad:bf:46:
                    fa:2f:e3:33:82:46:a1:67:f6:1b:5c:14:28:ad:94:
                    a6:46:07:f8:a4:1a:42:76:a1:79:d9:fd:ae:eb:c4:
                    78:81:69:34:7b:94:15:b5:40:77:f7:52:b3:75:96:
                    0b:fc:93:ec:72:fa:6d:7b:38:25:d3:e4:ef:fe:f4:
                    d9:ae:c0:71:6d:ef:21:17:0e:73:6d:a8:81:85:c9:
                    08:4e:3a:70:10:1e:c8:60:f5:ce:aa:ef:57:e4:31:
                    71:b9:8b:51:0d:80:44:7f:b7:72:3f:d3:7a:35:a0:
                    6d:2d:85:ed:f2:89:10:d5:aa:95:51:ad:7d:ae:be:
                    3e:62:df:1f:db:90:a2:f2:1e:d3:9a:ed:65:14:c7:
                    37:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:96:1E:5B:33:D9:9C:37:29:D8:80:12:FA:D1:1B:3D:58:4E:12:36
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/55YeWzPZnDcp2IAS-tEbPVhOEjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.10.0/24
                  188.215.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:11:62:21:1d:ff:92:03:ca:25:4c:76:41:11:43:1b:a2:a3:
         e5:20:cd:1f:44:16:48:0d:41:cb:64:ad:54:84:fb:a0:80:99:
         2d:9d:cb:d6:ff:14:6a:26:9d:82:7f:0c:2f:71:87:97:9d:98:
         f6:48:fe:e2:33:ac:99:97:f7:74:62:ac:6f:02:bb:96:45:b6:
         10:67:22:1d:c0:98:2e:dc:34:45:21:9b:86:da:aa:44:57:34:
         8f:48:a1:c3:50:18:9c:19:b9:42:5a:e7:d3:65:b6:81:9b:b3:
         3f:f6:c1:ab:c1:fb:24:2f:da:a9:66:d6:89:b0:f2:92:d0:6d:
         dc:b9:7f:4a:ab:99:43:6c:43:0a:a8:dc:15:fb:6a:25:46:5a:
         29:0f:db:53:3c:c0:cf:fe:40:f8:b5:73:fa:8a:ea:87:5c:0d:
         08:8f:ab:75:67:0a:75:dd:a5:66:d8:7b:c4:d2:58:76:d9:30:
         ee:46:60:7c:f4:8f:7f:0f:05:62:73:f3:d8:98:1c:ca:74:3a:
         03:e4:9c:82:a7:cb:69:0b:5b:ad:52:e3:d0:f2:be:9f:0d:43:
         d0:61:b6:92:c5:92:5d:17:98:76:c7:11:13:28:1a:5e:89:ba:
         02:9f:f5:6a:d2:dc:ce:72:85:42:27:23:1c:70:4b:90:c7:cc:
         b3:09:a2:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFASN2KpEvrF04WCezlaGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzk2MWU1YjMzZDk5YzM3MjlkODgwMTJmYWQxMWIzZDU4NGUxMjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDsrLHUzJIEoUjUTA+v60foSELxK
cZ3OyZzNF/MqpA2m6+bWsZG9rv7JkyfhvWGqgiZAIGVn1siUBBtjFJOV7RcuJzPB
UmXcNtsa9ZNDrsj2HSHnSKvynDm83Q7qM446+tQeo1yrWq1iDjqxCAhe9NnGxIut
v0b6L+MzgkahZ/YbXBQorZSmRgf4pBpCdqF52f2u68R4gWk0e5QVtUB391KzdZYL
/JPscvptezgl0+Tv/vTZrsBxbe8hFw5zbaiBhckITjpwEB7IYPXOqu9X5DFxuYtR
DYBEf7dyP9N6NaBtLYXt8okQ1aqVUa19rr4+Yt8f25Ci8h7Tmu1lFMc3AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOeWHlsz2Zw3KdiAEvrRGz1YThI2MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNTVZZVd6UFpuRGNwMklBUy10RWJQVmhPRWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudYKAwQA
vNflMA0GCSqGSIb3DQEBCwUAA4IBAQBTEWIhHf+SA8olTHZBEUMboqPlIM0fRBZI
DUHLZK1UhPuggJktncvW/xRqJp2CfwwvcYeXnZj2SP7iM6yZl/d0YqxvAruWRbYQ
ZyIdwJgu3DRFIZuG2qpEVzSPSKHDUBicGblCWufTZbaBm7M/9sGrwfskL9qpZtaJ
sPKS0G3cuX9Kq5lDbEMKqNwV+2olRlopD9tTPMDP/kD4tXP6iuqHXA0Ij6t1Zwp1
3aVm2HvE0lh22TDuRmB89I9/DwVic/PYmBzKdDoD5JyCp8tpC1utUuPQ8r6fDUPQ
YbaSxZJdF5h2xxETKBpeiboCn/Vq0tzOcoVCJyMccEuQx8yzCaIt
-----END CERTIFICATE-----