Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/K8BGmaEu2YisyT9jOJObhMeBb-Y.roa
File:                     K8BGmaEu2YisyT9jOJObhMeBb-Y.roa (raw, json)
Hash identifier:          ATI+DR3Da929PGxW4W+NLn5dRmJGQJKrworvHr9NDHw=
Subject key identifier:   2B:C0:46:99:A1:2E:D9:88:AC:C9:3F:63:38:93:9B:84:C7:81:6F:E6
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501191A6915D82C1F6017E181F18253
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/K8BGmaEu2YisyT9jOJObhMeBb-Y.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60068
IP address blocks:        193.19.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 17:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:19:1a:69:15:d8:2c:1f:60:17:e1:81:f1:82:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bc04699a12ed988acc93f6338939b84c7816fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:34:0d:c3:c6:84:05:20:2d:ce:ec:a6:ed:5b:
                    e0:87:50:74:c0:4d:d6:8d:4b:9c:28:1b:96:34:10:
                    01:db:e4:0f:8a:88:29:6c:7d:44:ba:83:4f:93:7a:
                    3e:25:8d:51:21:1e:57:fc:f1:dc:0e:82:cd:d2:49:
                    39:dd:06:ad:2d:b4:84:d2:e3:dd:1d:a3:74:a5:77:
                    12:91:5c:52:e7:27:3e:aa:c2:9f:f7:fb:77:64:ec:
                    eb:55:ef:ff:56:3a:c3:da:7b:13:f3:d9:f2:85:06:
                    a3:68:a3:26:69:fc:f6:ce:f5:ec:0f:1f:0e:1d:e7:
                    80:9b:9d:03:63:3a:a1:24:7d:ec:66:8e:7f:f0:91:
                    ef:2a:ed:a8:e2:3e:50:e9:bc:ed:9a:18:70:f5:f4:
                    7e:57:fd:97:f5:2a:e7:44:25:2b:2b:28:61:3f:9c:
                    90:e9:cb:82:59:a6:85:9c:78:6b:b4:92:63:6b:e0:
                    9f:7b:32:f2:86:3c:ff:34:50:a1:f0:97:5f:63:d9:
                    f6:71:db:3f:c8:4d:5c:fb:c8:d1:f1:ad:f9:13:58:
                    aa:45:d9:c1:d1:84:8f:5e:01:53:8f:04:a1:5e:e4:
                    f5:d0:86:47:a1:e8:32:15:a8:06:b1:01:e0:06:95:
                    32:4f:21:3b:93:00:51:51:fb:ce:cd:a5:71:8c:06:
                    09:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C0:46:99:A1:2E:D9:88:AC:C9:3F:63:38:93:9B:84:C7:81:6F:E6
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/K8BGmaEu2YisyT9jOJObhMeBb-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:17:9c:c3:d2:3c:b8:46:e2:04:fd:51:51:61:87:9b:3a:77:
         b3:70:10:e5:8f:a8:83:a8:91:e6:2d:25:b9:30:ef:91:17:66:
         66:27:b1:75:47:70:65:de:fc:34:3f:3d:1e:47:88:5a:60:f4:
         5b:7c:18:aa:61:42:f9:dd:be:72:39:6b:06:94:57:53:da:7a:
         26:23:b1:8f:7a:fd:e3:ad:c9:5a:ee:bd:51:a7:6c:b7:c7:9e:
         aa:61:66:18:ca:3c:ed:a0:e5:62:ae:4d:9a:ab:96:e4:6b:99:
         a9:85:c8:33:7e:cc:b7:09:63:be:ed:77:82:75:35:66:e1:14:
         f6:07:09:8c:66:6c:41:b0:03:c2:a7:29:54:de:d1:5e:e8:54:
         7f:f0:97:84:f6:b2:d7:d6:25:64:5d:ba:ca:63:a6:97:35:78:
         90:17:95:72:b9:58:40:cb:52:c5:8f:bd:9f:b2:72:6e:56:52:
         3c:0c:e7:58:2b:b3:9c:46:2a:cc:2f:63:ff:5f:8c:8b:8c:08:
         7a:37:8e:02:82:a0:83:56:36:25:23:7d:ee:9d:c4:04:a7:e3:
         b2:d9:1b:27:ee:bc:d3:84:a0:ee:75:8c:df:5d:76:93:72:13:
         82:e9:12:c1:29:e2:b8:ba:2b:51:5b:f1:af:d7:3d:12:2a:68:
         cc:3b:67:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARkaaRXYLB9gF+GB8YJTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmMwNDY5OWExMmVkOTg4YWNjOTNmNjMzODkzOWI4NGM3ODE2ZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTQNw8aEBSAtzuym7Vvgh1B0wE3W
jUucKBuWNBAB2+QPiogpbH1EuoNPk3o+JY1RIR5X/PHcDoLN0kk53QatLbSE0uPd
HaN0pXcSkVxS5yc+qsKf9/t3ZOzrVe//VjrD2nsT89nyhQajaKMmafz2zvXsDx8O
HeeAm50DYzqhJH3sZo5/8JHvKu2o4j5Q6bztmhhw9fR+V/2X9SrnRCUrKyhhP5yQ
6cuCWaaFnHhrtJJja+CfezLyhjz/NFCh8JdfY9n2cds/yE1c+8jR8a35E1iqRdnB
0YSPXgFTjwShXuT10IZHoegyFagGsQHgBpUyTyE7kwBRUfvOzaVxjAYJuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvARpmhLtmIrMk/YziTm4THgW/mMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSzhCR21hRXUyWWlzeVQ5ak9KT2JoTWVCYi1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRNsMA0G
CSqGSIb3DQEBCwUAA4IBAQBjF5zD0jy4RuIE/VFRYYebOnezcBDlj6iDqJHmLSW5
MO+RF2ZmJ7F1R3Bl3vw0Pz0eR4haYPRbfBiqYUL53b5yOWsGlFdT2nomI7GPev3j
rcla7r1Rp2y3x56qYWYYyjztoOVirk2aq5bka5mphcgzfsy3CWO+7XeCdTVm4RT2
BwmMZmxBsAPCpylU3tFe6FR/8JeE9rLX1iVkXbrKY6aXNXiQF5VyuVhAy1LFj72f
snJuVlI8DOdYK7OcRirML2P/X4yLjAh6N44CgqCDVjYlI33uncQEp+Oy2Rsn7rzT
hKDudYzfXXaTchOC6RLBKeK4uitRW/Gv1z0SKmjMO2cv
-----END CERTIFICATE-----