Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Iqv41CApRPS54zGK_tZCFoYlogU.roa
File:                     Iqv41CApRPS54zGK_tZCFoYlogU.roa (raw, json)
Hash identifier:          G1ITuSriP4NGye6//5XpnuQIvFi5F2cWGSPVUSvm4l8=
Subject key identifier:   22:AB:F8:D4:20:29:44:F4:B9:E3:31:8A:FE:D6:42:16:86:25:A2:05
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50107B62BDD51A277C2CD2D2CA2EEDB
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Iqv41CApRPS54zGK_tZCFoYlogU.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9312
IP address blocks:        194.242.2.0/24 maxlen: 24
                          193.19.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:07:b6:2b:dd:51:a2:77:c2:cd:2d:2c:a2:ee:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22abf8d4202944f4b9e3318afed642168625a205
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9f:ce:80:a9:0a:59:ba:3b:42:4a:61:53:60:
                    04:25:7e:bb:3e:f7:42:b9:06:d4:e6:d6:0b:b6:f0:
                    05:d7:29:32:7e:99:f3:1a:93:f4:c5:8b:5e:fa:3a:
                    6b:ff:d2:ee:87:c5:62:9b:85:fa:4f:81:d2:9b:c6:
                    2f:5b:87:b2:96:fb:d9:76:4e:97:62:0c:c3:d2:e1:
                    65:27:a9:46:b5:61:93:2c:8e:ca:c3:65:3f:f4:9f:
                    b2:62:24:17:23:b6:22:a8:1e:b5:ad:49:71:db:e4:
                    03:b0:02:22:f8:0e:58:b2:be:ce:e7:c7:87:63:61:
                    e3:59:0d:ee:08:0e:83:a2:05:95:b2:d9:1c:40:16:
                    5d:b6:07:06:69:9e:b6:44:ad:b2:1b:10:72:e7:71:
                    a2:6f:8b:7d:b9:98:b1:0f:e6:c4:f4:94:17:48:a0:
                    cf:78:a0:b6:6c:7c:22:a4:05:ec:ab:8e:ce:f7:69:
                    50:09:38:4c:0f:41:9b:23:22:07:6d:3c:13:eb:ec:
                    d1:69:fd:d5:df:48:b6:0e:fd:71:8f:30:b0:c1:f2:
                    d3:45:b2:25:ef:dc:7d:08:4f:a4:00:0a:ae:e3:6c:
                    74:58:0c:16:4a:0a:83:84:a9:0c:87:f2:be:3d:f5:
                    9e:43:fe:3d:5f:49:4f:bf:d8:35:39:f1:70:b5:9c:
                    a4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AB:F8:D4:20:29:44:F4:B9:E3:31:8A:FE:D6:42:16:86:25:A2:05
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Iqv41CApRPS54zGK_tZCFoYlogU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24
                  194.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:36:8d:03:34:48:9b:3f:ea:7f:57:3a:82:7a:b3:76:39:02:
         5d:30:66:cb:26:43:4f:dd:54:63:82:64:df:c9:94:a7:9b:89:
         af:15:00:0c:5d:6b:8c:eb:06:ba:fe:61:83:e7:57:a0:a9:84:
         ff:e0:d9:d5:df:20:9c:c8:e0:1b:c9:b7:a6:df:03:13:80:ae:
         c6:f5:ba:ab:13:39:ec:96:e7:d5:44:7c:cc:7e:0e:82:d8:2f:
         08:b7:29:a9:fd:39:9c:7b:0d:c5:18:ef:1f:3b:9a:9e:a3:6c:
         f9:be:c2:40:1e:8b:bc:44:af:82:48:f7:96:78:d4:8a:63:2d:
         2d:46:13:5e:e6:13:58:21:31:87:fc:59:57:58:a8:6f:7a:b4:
         9f:7f:bd:58:cb:f4:c6:48:7e:89:d6:28:42:0a:92:36:c9:97:
         d9:c9:5e:26:33:66:83:19:74:42:6f:7a:70:78:7e:c1:d1:e1:
         0a:e4:73:8d:1b:7e:18:3d:b3:6c:26:72:68:f9:2e:8b:ba:70:
         ca:05:2c:ed:e2:63:c6:f5:8c:2f:c0:47:60:26:63:79:2d:42:
         75:a7:43:6a:cc:89:d5:dc:71:8b:ae:86:ff:6d:8a:32:a8:2a:
         da:f3:1e:1c:2e:1d:c5:ec:2d:7b:d8:a8:4e:83:6e:10:63:dd:
         3b:60:7d:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAQe2K91RonfCzS0sou7bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFiZjhkNDIwMjk0NGY0YjllMzMxOGFmZWQ2NDIxNjg2MjVhMjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0p/OgKkKWbo7QkphU2AEJX67PvdC
uQbU5tYLtvAF1ykyfpnzGpP0xYte+jpr/9Luh8Vim4X6T4HSm8YvW4eylvvZdk6X
YgzD0uFlJ6lGtWGTLI7Kw2U/9J+yYiQXI7YiqB61rUlx2+QDsAIi+A5Ysr7O58eH
Y2HjWQ3uCA6DogWVstkcQBZdtgcGaZ62RK2yGxBy53Gib4t9uZixD+bE9JQXSKDP
eKC2bHwipAXsq47O92lQCThMD0GbIyIHbTwT6+zRaf3V30i2Dv1xjzCwwfLTRbIl
79x9CE+kAAqu42x0WAwWSgqDhKkMh/K+PfWeQ/49X0lPv9g1OfFwtZykNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCKr+NQgKUT0ueMxiv7WQhaGJaIFMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSXF2NDFDQXBSUFM1NHpHS190WkNGb1lsb2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRNsAwQA
wvICMA0GCSqGSIb3DQEBCwUAA4IBAQAQNo0DNEibP+p/VzqCerN2OQJdMGbLJkNP
3VRjgmTfyZSnm4mvFQAMXWuM6wa6/mGD51egqYT/4NnV3yCcyOAbybem3wMTgK7G
9bqrEznslufVRHzMfg6C2C8Itymp/Tmcew3FGO8fO5qeo2z5vsJAHou8RK+CSPeW
eNSKYy0tRhNe5hNYITGH/FlXWKhverSff71Yy/TGSH6J1ihCCpI2yZfZyV4mM2aD
GXRCb3pweH7B0eEK5HONG34YPbNsJnJo+S6LunDKBSzt4mPG9YwvwEdgJmN5LUJ1
p0NqzInV3HGLrob/bYoyqCra8x4cLh3F7C172KhOg24QY907YH21
-----END CERTIFICATE-----