Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7vjOFYO_xdZ9gVQqEfQURfLm3Ac.roa
File:                     7vjOFYO_xdZ9gVQqEfQURfLm3Ac.roa (raw, json)
Hash identifier:          +FWaYU7ASJ01nNUAGPCoE7aG1Afpqi9oLEdL2uni1SM=
Subject key identifier:   EE:F8:CE:15:83:BF:C5:D6:7D:81:54:2A:11:F4:14:45:F2:E6:DC:07
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50104B41B554D9254AF90C3263E20CA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7vjOFYO_xdZ9gVQqEfQURfLm3Ac.roa
Signing time:             Mon 01 Jan 2024 12:30:27 +0000
ROA not before:           Mon 01 Jan 2024 12:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3507
IP address blocks:        193.23.130.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:04:b4:1b:55:4d:92:54:af:90:c3:26:3e:20:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eef8ce1583bfc5d67d81542a11f41445f2e6dc07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:db:e7:79:ab:82:d0:66:d7:4e:74:45:66:68:
                    58:02:14:1f:9d:13:34:25:2b:d2:91:2e:ee:c1:4c:
                    09:ba:12:98:3a:b2:9b:47:95:ac:56:36:c6:c9:cb:
                    a7:b2:78:cf:ce:d3:29:15:a3:ed:fb:39:ee:90:09:
                    cd:0e:8c:2f:28:a0:34:f9:10:94:c7:43:e0:fb:54:
                    87:04:e5:95:ff:17:bc:8d:86:89:b5:88:c9:72:89:
                    03:3d:e3:23:49:15:f4:a3:18:24:9f:18:5a:d5:75:
                    9e:1c:4e:c9:66:55:a8:af:5e:f5:93:f0:75:aa:6c:
                    3b:23:81:f6:02:7d:81:86:d0:af:1a:5a:9f:d7:b8:
                    e0:a2:c7:28:72:44:1d:3e:65:40:fb:a1:f4:8a:5e:
                    1f:9e:3a:63:d0:20:e7:2f:de:42:97:df:af:1e:cb:
                    a2:78:e2:db:84:d6:80:13:af:be:df:c5:da:b0:30:
                    38:bc:e9:6e:bf:99:9e:cc:e0:32:7f:f1:21:2e:8d:
                    a2:c4:f6:53:47:7a:c7:e3:8f:bd:bf:32:f0:6d:37:
                    46:5b:80:7e:8d:ce:65:65:f9:4c:d5:5d:07:41:01:
                    60:62:c2:f4:49:1b:eb:89:ff:9f:8a:e5:5d:66:ed:
                    b0:1f:3e:3a:23:2e:31:32:88:14:1a:59:70:93:27:
                    6d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:F8:CE:15:83:BF:C5:D6:7D:81:54:2A:11:F4:14:45:F2:E6:DC:07
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/7vjOFYO_xdZ9gVQqEfQURfLm3Ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:9e:10:93:0e:3f:69:06:f2:f7:25:fd:29:2e:f3:5d:2b:bd:
         a6:46:c8:81:71:b5:11:53:f9:3d:30:de:a3:96:65:49:d0:cf:
         39:a7:9b:42:97:fc:59:6f:cc:18:a5:ee:65:ce:68:42:fd:60:
         e4:28:01:72:45:e8:b4:c4:ea:70:07:ab:95:db:3a:2f:9b:4d:
         64:9f:b4:2d:a3:8f:98:3d:b9:ea:1c:6b:c1:a6:a9:75:79:fc:
         f2:01:9e:ce:20:40:9a:6f:cd:15:fc:5f:4e:bf:f1:60:60:51:
         e6:29:ae:d9:90:be:3d:6d:e4:2e:92:81:e5:0e:4f:d1:7c:d3:
         5c:48:90:79:52:72:7f:cd:f9:9e:38:45:c1:5b:59:42:32:72:
         c6:63:04:22:bc:9b:1c:c4:fe:08:82:35:90:79:03:b5:d7:94:
         46:0a:ee:6f:e8:75:54:79:98:11:ba:ce:08:7c:d4:19:54:54:
         6d:43:20:ba:4f:3a:96:83:3f:9d:0f:ce:28:ff:7c:4e:42:28:
         20:43:62:e1:d9:89:35:3b:26:af:d9:23:15:c3:e8:43:07:af:
         05:af:ba:6f:86:1f:5a:c7:56:f9:25:7f:a3:37:15:40:2d:66:
         f2:55:d8:e0:92:37:b5:04:ed:19:d5:38:26:5f:b0:d4:6f:9c:
         6b:5c:ec:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQS0G1VNklSvkMMmPiDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWY4Y2UxNTgzYmZjNWQ2N2Q4MTU0MmExMWY0MTQ0NWYyZTZkYzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tvneauC0GbXTnRFZmhYAhQfnRM0
JSvSkS7uwUwJuhKYOrKbR5WsVjbGycunsnjPztMpFaPt+znukAnNDowvKKA0+RCU
x0Pg+1SHBOWV/xe8jYaJtYjJcokDPeMjSRX0oxgknxha1XWeHE7JZlWor171k/B1
qmw7I4H2An2BhtCvGlqf17jgoscockQdPmVA+6H0il4fnjpj0CDnL95Cl9+vHsui
eOLbhNaAE6++38XasDA4vOluv5mezOAyf/EhLo2ixPZTR3rH44+9vzLwbTdGW4B+
jc5lZflM1V0HQQFgYsL0SRvrif+fiuVdZu2wHz46Iy4xMogUGllwkydt4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO74zhWDv8XWfYFUKhH0FEXy5twHMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvN3ZqT0ZZT194ZFo5Z1ZRcUVmUVVSZkxtM0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwReCMA0G
CSqGSIb3DQEBCwUAA4IBAQB/nhCTDj9pBvL3Jf0pLvNdK72mRsiBcbURU/k9MN6j
lmVJ0M85p5tCl/xZb8wYpe5lzmhC/WDkKAFyRei0xOpwB6uV2zovm01kn7Qto4+Y
PbnqHGvBpql1efzyAZ7OIECab80V/F9Ov/FgYFHmKa7ZkL49beQukoHlDk/RfNNc
SJB5UnJ/zfmeOEXBW1lCMnLGYwQivJscxP4IgjWQeQO115RGCu5v6HVUeZgRus4I
fNQZVFRtQyC6TzqWgz+dD84o/3xOQiggQ2Lh2Yk1Oyav2SMVw+hDB68Fr7pvhh9a
x1b5JX+jNxVALWbyVdjgkje1BO0Z1TgmX7DUb5xrXOwE
-----END CERTIFICATE-----