Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F7DcXL9EbHKw26MaG_qbTLXMfbY.roa
File:                     F7DcXL9EbHKw26MaG_qbTLXMfbY.roa (raw, json)
Hash identifier:          EA3gsD64dMFYNHSnuoEcuykCf+KXswuP5M5/D3Urt88=
Subject key identifier:   17:B0:DC:5C:BF:44:6C:72:B0:DB:A3:1A:1B:FA:9B:4C:B5:CC:7D:B6
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0192B9218F341772C2A6339400CA25B8AF62
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F7DcXL9EbHKw26MaG_qbTLXMfbY.roa
Signing time:             Wed 23 Oct 2024 11:27:17 +0000
ROA not before:           Wed 23 Oct 2024 11:27:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215442
IP address blocks:        93.114.193.0/24 maxlen: 24
                          194.76.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b9:21:8f:34:17:72:c2:a6:33:94:00:ca:25:b8:af:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Oct 23 11:27:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=17b0dc5cbf446c72b0dba31a1bfa9b4cb5cc7db6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d1:b5:17:95:8a:1d:10:60:44:67:90:8d:6b:
                    32:9d:77:3b:41:ce:7b:e8:5b:5c:0d:58:2a:03:e0:
                    29:cc:8a:ba:7d:f8:74:08:b5:ac:7d:35:f1:13:df:
                    e1:fe:cd:46:e8:73:06:d1:aa:d6:e8:fb:d2:25:68:
                    cd:ab:92:c6:17:21:28:49:bd:ea:7c:25:33:cb:b5:
                    f0:6b:d8:0d:2d:0a:de:f1:dc:ec:e1:27:51:02:15:
                    af:5e:b6:c9:11:1a:f3:70:34:a4:ec:b1:30:ba:97:
                    07:21:5f:59:cf:05:6e:32:1f:e0:87:f3:08:d7:b9:
                    6e:09:69:f2:b5:83:15:23:35:2b:3e:27:d3:e0:83:
                    92:6a:e0:85:e6:5c:aa:9c:df:87:ce:5c:60:14:88:
                    d1:9d:9b:d6:ca:78:66:fe:f6:40:c4:9c:d2:90:df:
                    dd:0a:ee:da:0a:38:9e:70:c1:37:3d:ba:0e:66:59:
                    28:b6:a1:b7:b7:41:e8:8b:0a:1c:33:89:13:35:a7:
                    74:44:c6:79:75:71:b6:8f:1c:51:6a:a1:83:c0:31:
                    6d:70:e2:b6:3a:bc:56:b4:58:e6:d9:25:4e:1b:55:
                    25:42:0e:c3:b5:d2:40:a9:9e:43:ca:f7:14:92:c0:
                    ba:f4:ef:1b:8f:52:53:73:0b:6a:37:aa:fc:b4:90:
                    e1:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B0:DC:5C:BF:44:6C:72:B0:DB:A3:1A:1B:FA:9B:4C:B5:CC:7D:B6
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/F7DcXL9EbHKw26MaG_qbTLXMfbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.193.0/24
                  194.76.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:c0:2f:36:90:4f:8c:12:d6:3f:95:a3:67:1f:09:0b:ae:4f:
         0f:88:69:a3:e9:24:37:24:fb:80:78:9b:fd:d6:98:c5:43:d3:
         68:b6:81:75:e8:48:0d:cc:48:43:5d:07:9d:fd:ac:49:58:b8:
         8f:c9:4f:5d:af:53:5c:a2:45:3b:d7:b1:0b:4f:41:d8:d3:b2:
         d8:5b:c4:11:5f:08:3f:d3:c3:98:8e:f7:74:3c:a9:70:4b:ea:
         3c:6a:ca:1a:d6:49:cc:49:ce:34:2f:db:f2:5c:66:a1:9c:b0:
         10:1a:bd:68:a1:6e:ac:8b:a1:7f:14:80:a3:e8:ae:2c:7d:a6:
         59:5c:62:5a:96:cd:89:6e:b4:35:e0:6a:6a:55:40:31:b4:01:
         18:7c:6e:16:79:41:43:a9:8a:3e:f4:9b:7b:b4:1c:a1:e6:eb:
         6c:ce:6c:49:0f:ad:04:10:1e:59:b3:82:83:15:29:33:79:d2:
         29:14:11:81:98:e8:42:a6:18:64:eb:d0:00:04:d0:9b:3f:c3:
         d2:28:dd:b9:ee:aa:87:4c:56:c1:84:d9:52:e0:15:0b:dc:39:
         3d:00:ec:47:f1:26:67:49:3d:40:28:43:b0:53:18:0b:62:8b:
         1a:8f:62:49:28:7f:dd:30:5c:2b:98:c0:cc:25:05:11:7a:31:
         d2:82:09:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK5IY80F3LCpjOUAMoluK9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQxMDIzMTEyNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2IwZGM1Y2JmNDQ2YzcyYjBkYmEzMWExYmZhOWI0Y2I1Y2M3ZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtG1F5WKHRBgRGeQjWsynXc7Qc57
6FtcDVgqA+ApzIq6ffh0CLWsfTXxE9/h/s1G6HMG0arW6PvSJWjNq5LGFyEoSb3q
fCUzy7Xwa9gNLQre8dzs4SdRAhWvXrbJERrzcDSk7LEwupcHIV9ZzwVuMh/gh/MI
17luCWnytYMVIzUrPifT4IOSauCF5lyqnN+HzlxgFIjRnZvWynhm/vZAxJzSkN/d
Cu7aCjiecME3PboOZlkotqG3t0HoiwocM4kTNad0RMZ5dXG2jxxRaqGDwDFtcOK2
OrxWtFjm2SVOG1UlQg7DtdJAqZ5DyvcUksC69O8bj1JTcwtqN6r8tJDhewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBew3Fy/RGxysNujGhv6m0y1zH22MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRjdEY1hMOUViSEt3MjZNYUdfcWJUTFhNZmJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXLBAwQA
wkyGMA0GCSqGSIb3DQEBCwUAA4IBAQBJwC82kE+MEtY/laNnHwkLrk8PiGmj6SQ3
JPuAeJv91pjFQ9NotoF16EgNzEhDXQed/axJWLiPyU9dr1NcokU717ELT0HY07LY
W8QRXwg/08OYjvd0PKlwS+o8asoa1knMSc40L9vyXGahnLAQGr1ooW6si6F/FICj
6K4sfaZZXGJals2JbrQ14GpqVUAxtAEYfG4WeUFDqYo+9Jt7tByh5utszmxJD60E
EB5Zs4KDFSkzedIpFBGBmOhCphhk69AABNCbP8PSKN257qqHTFbBhNlS4BUL3Dk9
AOxH8SZnST1AKEOwUxgLYosaj2JJKH/dMFwrmMDMJQURejHSggk3
-----END CERTIFICATE-----