Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7mzY_UR-wE2KyfpbwSyrff1Wfjw.roa
File:                     7mzY_UR-wE2KyfpbwSyrff1Wfjw.roa (raw, json)
Hash identifier:          lBPHOWjG0DGi/ZULY7wVth31Hko0G9kCmYQXXaPEkFk=
Subject key identifier:   EE:6C:D8:FD:44:7E:C0:4D:8A:C9:FA:5B:C1:2C:AB:7D:FD:56:7E:3C
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50106133E9FB3CF8FC3BFE61B71927C
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7mzY_UR-wE2KyfpbwSyrff1Wfjw.roa
Signing time:             Mon 01 Jan 2024 12:30:27 +0000
ROA not before:           Mon 01 Jan 2024 12:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6233
IP address blocks:        194.242.2.0/24 maxlen: 24
                          193.19.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:06:13:3e:9f:b3:cf:8f:c3:bf:e6:1b:71:92:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee6cd8fd447ec04d8ac9fa5bc12cab7dfd567e3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:7a:1e:ab:3f:40:20:c8:13:d2:07:6c:64:39:
                    1d:33:5a:1f:68:a5:2e:56:60:f4:49:d2:42:5d:47:
                    dd:c9:c9:b0:2b:d0:ea:dc:d2:84:b8:ac:5f:5e:fd:
                    b2:cd:b0:35:fc:59:81:5c:ce:fa:62:32:d0:2e:0b:
                    68:86:9b:30:f4:a6:62:31:59:59:fd:17:6d:19:7d:
                    d1:35:ae:c1:1d:c1:f7:08:27:0f:d3:51:3a:22:72:
                    77:73:bc:bd:38:0d:b8:03:b4:ff:66:ac:d8:1a:b6:
                    72:58:37:a1:e0:11:32:a4:3c:19:b3:6e:71:1b:3e:
                    23:31:89:62:39:09:f7:db:b9:ab:59:eb:52:40:96:
                    4d:ac:ce:89:71:a4:49:91:ad:f9:6b:c4:e5:5e:98:
                    85:91:3f:5d:9f:d5:60:67:e9:de:8a:3f:da:5e:26:
                    13:cc:8a:00:11:20:89:9e:34:6a:04:41:02:e4:b9:
                    e6:08:24:2c:c9:79:4d:62:00:ca:da:2d:e2:ef:52:
                    c2:ca:5a:ad:8c:ab:19:6b:2c:b7:7c:08:56:6c:e6:
                    7c:1f:ab:b2:ea:8f:41:84:e9:33:92:36:65:7e:79:
                    17:a4:78:77:2c:8c:83:0d:24:32:88:e5:27:29:1e:
                    96:52:41:73:cb:23:3c:fb:12:b3:8d:fa:a9:3b:e1:
                    c3:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:6C:D8:FD:44:7E:C0:4D:8A:C9:FA:5B:C1:2C:AB:7D:FD:56:7E:3C
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7mzY_UR-wE2KyfpbwSyrff1Wfjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24
                  194.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:7a:37:f0:a7:33:e1:2d:75:7c:f9:20:7c:8b:43:e4:29:16:
         57:7b:5a:26:ab:89:89:3d:f4:26:ff:64:c1:03:ff:8f:63:c7:
         c5:35:0a:df:8f:74:70:15:fa:25:27:21:b6:f3:f4:14:b6:92:
         0b:c6:19:09:aa:14:71:ab:07:93:42:68:c2:80:47:fd:e1:62:
         04:fd:e7:b1:e1:56:c2:45:4c:58:e2:16:6d:51:c9:a0:6d:f3:
         17:f4:9b:a5:30:08:29:b9:28:b0:3b:ea:4d:8a:4a:c4:35:01:
         49:37:61:2e:88:aa:b4:ff:2a:e3:ae:95:56:56:77:b2:b5:3c:
         5f:2d:bf:0b:00:e7:db:53:e4:3e:6f:d4:0f:72:17:31:73:de:
         1d:5c:27:bb:fe:07:62:cd:17:8a:f7:0b:f2:4e:b7:e3:72:f9:
         81:6d:1a:6f:b9:43:a1:f1:01:7e:16:51:f1:77:44:d3:cd:c8:
         32:ab:50:b8:5e:e7:d3:e2:bf:ce:62:d4:ce:ac:de:4c:8a:11:
         36:da:28:cb:1d:64:c6:c8:4e:d1:70:fc:bc:5b:58:cc:e5:78:
         1a:b2:7c:23:93:9e:92:33:1e:b7:2a:4d:23:f5:da:ef:65:a8:
         65:8f:15:27:b4:32:63:37:87:0e:1c:0b:bf:5c:c6:6a:36:6d:
         9c:43:25:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAQYTPp+zz4/Dv+YbcZJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTZjZDhmZDQ0N2VjMDRkOGFjOWZhNWJjMTJjYWI3ZGZkNTY3ZTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA03oeqz9AIMgT0gdsZDkdM1ofaKUu
VmD0SdJCXUfdycmwK9Dq3NKEuKxfXv2yzbA1/FmBXM76YjLQLgtohpsw9KZiMVlZ
/RdtGX3RNa7BHcH3CCcP01E6InJ3c7y9OA24A7T/ZqzYGrZyWDeh4BEypDwZs25x
Gz4jMYliOQn327mrWetSQJZNrM6JcaRJka35a8TlXpiFkT9dn9VgZ+neij/aXiYT
zIoAESCJnjRqBEEC5LnmCCQsyXlNYgDK2i3i71LCylqtjKsZayy3fAhWbOZ8H6uy
6o9BhOkzkjZlfnkXpHh3LIyDDSQyiOUnKR6WUkFzyyM8+xKzjfqpO+HDBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO5s2P1EfsBNisn6W8Esq339Vn48MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvN216WV9VUi13RTJLeWZwYndTeXJmZjFXZmp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRNsAwQA
wvICMA0GCSqGSIb3DQEBCwUAA4IBAQBuejfwpzPhLXV8+SB8i0PkKRZXe1omq4mJ
PfQm/2TBA/+PY8fFNQrfj3RwFfolJyG28/QUtpILxhkJqhRxqweTQmjCgEf94WIE
/eex4VbCRUxY4hZtUcmgbfMX9JulMAgpuSiwO+pNikrENQFJN2EuiKq0/yrjrpVW
VneytTxfLb8LAOfbU+Q+b9QPchcxc94dXCe7/gdizReK9wvyTrfjcvmBbRpvuUOh
8QF+FlHxd0TTzcgyq1C4XufT4r/OYtTOrN5MihE22ijLHWTGyE7RcPy8W1jM5Xga
snwjk56SMx63Kk0j9drvZahljxUntDJjN4cOHAu/XMZqNm2cQyXs
-----END CERTIFICATE-----