Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/6Qv1sOo4zyD5CHUEv0I3JzBpTNs.roa
File:                     6Qv1sOo4zyD5CHUEv0I3JzBpTNs.roa (raw, json)
Hash identifier:          gmdEJJ4c+Ebq35qVvKC6rnAASNbIlcTY5T8ZJR7Vtdw=
Subject key identifier:   E9:0B:F5:B0:EA:38:CF:20:F9:08:75:04:BF:42:37:27:30:69:4C:DB
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222009E52FA269544C75F748B85AD1CA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/6Qv1sOo4zyD5CHUEv0I3JzBpTNs.roa
Signing time:             Wed 01 Jan 2025 13:48:32 +0000
ROA not before:           Wed 01 Jan 2025 13:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6233
IP address blocks:        193.19.108.0/24 maxlen: 24
                          194.242.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:09:e5:2f:a2:69:54:4c:75:f7:48:b8:5a:d1:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e90bf5b0ea38cf20f9087504bf42372730694cdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:60:c6:f7:11:40:99:d9:cb:76:d4:f8:86:15:
                    27:f6:2d:a8:e3:ff:8c:2c:bc:5c:6a:5c:5b:a1:89:
                    73:d4:aa:06:04:c8:50:a1:52:11:61:eb:27:01:77:
                    83:06:97:01:30:31:f7:d7:22:38:a3:75:bc:7e:ae:
                    69:4e:1b:c9:ba:f2:a6:ed:52:f4:d2:4a:3f:4d:16:
                    96:b3:c1:69:3b:8d:bd:ec:53:be:49:9d:c6:51:22:
                    20:d5:f0:c7:52:01:dd:56:44:f9:0c:ae:33:fa:a6:
                    88:8f:4f:0b:83:8f:ca:31:18:e3:a0:7a:73:27:58:
                    8c:f4:c4:db:b1:d0:f5:7a:f3:95:f9:ef:65:6c:d8:
                    e4:6d:c6:6e:98:7f:64:b3:1f:7c:e8:95:94:88:8c:
                    e4:ed:2c:43:3b:56:6f:bc:1c:46:6c:15:e5:4e:7f:
                    15:fb:2d:08:81:b8:01:93:58:27:df:72:cc:86:71:
                    f4:99:f4:69:35:24:61:72:57:e0:9d:60:43:b4:75:
                    44:e3:f5:2b:7f:21:92:2a:01:0f:f1:a7:bf:89:69:
                    d2:a3:5c:59:8e:4e:85:7e:c4:0f:cc:3d:72:ae:be:
                    59:bc:6b:47:ab:71:a5:56:be:05:49:4b:72:80:75:
                    95:8c:9a:de:b4:c1:f0:b9:7d:c4:2c:3b:2b:34:06:
                    a9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:0B:F5:B0:EA:38:CF:20:F9:08:75:04:BF:42:37:27:30:69:4C:DB
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/6Qv1sOo4zyD5CHUEv0I3JzBpTNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24
                  194.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:bb:f6:8a:6b:b2:6e:81:db:9b:79:23:d2:45:d1:fd:ce:13:
         47:f4:ae:3c:2e:e5:0b:da:d3:24:11:32:de:23:d9:3b:f1:4e:
         be:49:c5:b2:5c:6a:1d:32:83:2b:52:65:12:e7:d3:18:00:90:
         cd:3c:25:2b:21:6c:59:00:e8:7e:4d:30:a8:81:f3:6c:ea:ce:
         35:a4:25:41:8b:ef:69:fc:b1:4c:b9:c9:2b:be:ff:cc:ba:6a:
         a2:b3:68:52:d5:31:4e:0c:66:84:24:97:f8:1a:67:d6:1a:01:
         b3:89:18:ab:63:23:b2:bd:69:1d:b2:1c:78:0f:7f:6c:51:3b:
         d0:5c:1d:da:92:c9:09:71:ad:e8:34:50:ca:e0:26:4d:2e:be:
         86:ab:64:33:bd:6a:72:2f:c4:d0:69:5f:24:33:ca:ba:b0:2b:
         38:40:f8:f6:cf:89:60:a7:74:47:2d:48:ac:ef:65:f2:c9:4f:
         47:f5:3a:6d:eb:2e:10:8a:25:06:bd:e3:50:be:b5:2b:87:c7:
         ce:92:56:3d:98:36:26:f4:67:c0:fd:88:f9:df:ba:7b:4b:26:
         5d:75:7d:4c:b7:4f:97:93:14:ef:a2:6d:43:16:99:a4:9b:ca:
         3c:d8:c5:ce:10:59:c1:a4:e8:bc:97:79:9f:5c:11:7a:70:31:
         be:8e:70:90
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIAnlL6JpVEx190i4WtHKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTBiZjViMGVhMzhjZjIwZjkwODc1MDRiZjQyMzcyNzMwNjk0Y2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2DG9xFAmdnLdtT4hhUn9i2o4/+M
LLxcalxboYlz1KoGBMhQoVIRYesnAXeDBpcBMDH31yI4o3W8fq5pThvJuvKm7VL0
0ko/TRaWs8FpO4297FO+SZ3GUSIg1fDHUgHdVkT5DK4z+qaIj08Lg4/KMRjjoHpz
J1iM9MTbsdD1evOV+e9lbNjkbcZumH9ksx986JWUiIzk7SxDO1ZvvBxGbBXlTn8V
+y0IgbgBk1gn33LMhnH0mfRpNSRhclfgnWBDtHVE4/UrfyGSKgEP8ae/iWnSo1xZ
jk6FfsQPzD1yrr5ZvGtHq3GlVr4FSUtygHWVjJretMHwuX3ELDsrNAapRwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOkL9bDqOM8g+Qh1BL9CNycwaUzbMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNlF2MXNPbzR6eUQ1Q0hVRXYwSTNKekJwVE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRNsAwQA
wvICMA0GCSqGSIb3DQEBCwUAA4IBAQBlu/aKa7JugdubeSPSRdH9zhNH9K48LuUL
2tMkETLeI9k78U6+ScWyXGodMoMrUmUS59MYAJDNPCUrIWxZAOh+TTCogfNs6s41
pCVBi+9p/LFMuckrvv/Mumqis2hS1TFODGaEJJf4GmfWGgGziRirYyOyvWkdshx4
D39sUTvQXB3akskJca3oNFDK4CZNLr6Gq2QzvWpyL8TQaV8kM8q6sCs4QPj2z4lg
p3RHLUis72XyyU9H9Tpt6y4QiiUGveNQvrUrh8fOklY9mDYm9GfA/Yj537p7SyZd
dX1Mt0+XkxTvom1DFpmkm8o82MXOEFnBpOi8l3mfXBF6cDG+jnCQ
-----END CERTIFICATE-----