Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LSR13wSQrTKOrB8RQ5gZylHMu5E.roa
File:                     LSR13wSQrTKOrB8RQ5gZylHMu5E.roa (raw, json)
Hash identifier:          H+Qt9SKdsIgDCHvWxW5fziwIHbmbPoEG8SDP19Gb8CA=
Subject key identifier:   2D:24:75:DF:04:90:AD:32:8E:AC:1F:11:43:98:19:CA:51:CC:BB:91
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220240319FEE77E5826019587BBD02B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LSR13wSQrTKOrB8RQ5gZylHMu5E.roa
Signing time:             Wed 01 Jan 2025 13:48:39 +0000
ROA not before:           Wed 01 Jan 2025 13:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60068
IP address blocks:        193.19.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:24:03:19:fe:e7:7e:58:26:01:95:87:bb:d0:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d2475df0490ad328eac1f11439819ca51ccbb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:90:a6:9d:6c:e8:18:1b:af:a8:ab:66:5c:25:
                    88:7f:ca:74:95:3e:96:46:99:92:05:9f:57:69:cf:
                    d6:a1:20:0d:fe:fa:29:95:3c:db:26:20:fe:b1:b5:
                    09:51:ae:c7:79:2d:2d:92:b5:fc:e0:a7:a1:2b:0c:
                    30:cb:be:06:03:84:2e:38:d5:96:6c:1e:b3:62:03:
                    fa:50:97:f9:6e:70:55:b3:e5:83:5f:88:6d:17:16:
                    31:c9:51:55:be:57:07:a8:12:bd:04:1f:01:84:4f:
                    98:24:c3:ca:12:38:90:1f:f1:04:c2:01:55:89:c4:
                    c5:2c:9b:85:79:3c:b5:9e:4f:4c:23:dd:33:66:a8:
                    c4:54:33:92:6c:c0:5b:8e:5c:b7:d8:5e:d6:19:33:
                    4f:65:e9:9d:a8:34:b7:8b:9d:d1:ac:7b:1e:64:ab:
                    e9:ac:37:05:58:8d:ee:37:40:dd:15:6a:d7:57:86:
                    0b:5a:a8:35:27:ef:83:21:57:1e:3b:e0:0a:1e:f2:
                    e3:0e:b3:e4:74:a9:6f:63:bb:53:e5:36:7b:73:f7:
                    df:27:d2:62:aa:12:c0:75:21:0a:9e:69:46:3a:fc:
                    78:f4:1b:e8:13:a5:62:74:75:dc:9f:fe:0b:90:ae:
                    8e:8a:7d:b7:b8:5a:a8:8c:15:72:72:eb:d6:45:85:
                    94:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:24:75:DF:04:90:AD:32:8E:AC:1F:11:43:98:19:CA:51:CC:BB:91
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LSR13wSQrTKOrB8RQ5gZylHMu5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:29:f8:bb:00:71:35:11:df:a2:88:a3:28:36:9c:21:a8:32:
         f4:22:ba:ef:67:6c:49:37:b9:8f:ef:0a:43:7d:ff:e8:ca:53:
         68:eb:ff:12:5f:52:bb:d6:dd:d1:99:e3:b8:cb:18:72:6b:bc:
         d5:27:3b:1b:4c:a0:93:11:98:4f:db:23:e1:e6:9a:5d:ab:f0:
         25:87:d8:db:00:0d:c8:d1:96:46:a8:38:ad:2c:3d:17:17:fe:
         54:4d:ab:00:e6:54:40:d0:bf:a3:b8:4e:86:5d:1e:41:cd:09:
         f9:f5:f4:11:2e:ac:5f:d5:fb:34:e6:e1:f8:b0:42:fe:c9:7c:
         a3:57:be:ea:39:e5:5f:d1:4d:f9:f9:00:fb:34:3c:be:7b:d0:
         b3:61:31:8a:12:cf:c0:72:36:d7:77:9b:3c:d3:3d:b8:a9:34:
         1e:ae:bb:cf:2f:02:93:62:a0:3d:d8:06:88:7d:e5:84:94:bd:
         33:a5:8a:14:02:5c:3d:3f:81:54:49:03:85:16:d9:31:b5:f7:
         36:1a:6d:db:1e:45:6b:b1:d8:d9:c2:64:fc:32:17:31:11:69:
         f5:31:1a:95:49:9a:5c:db:59:68:61:3b:79:89:25:62:3b:3f:
         74:5c:0b:85:1c:de:50:24:f0:22:57:40:4d:91:b7:41:28:2d:
         1a:8f:f4:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICQDGf7nflgmAZWHu9ArMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDI0NzVkZjA0OTBhZDMyOGVhYzFmMTE0Mzk4MTljYTUxY2NiYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZCmnWzoGBuvqKtmXCWIf8p0lT6W
RpmSBZ9Xac/WoSAN/voplTzbJiD+sbUJUa7HeS0tkrX84KehKwwwy74GA4QuONWW
bB6zYgP6UJf5bnBVs+WDX4htFxYxyVFVvlcHqBK9BB8BhE+YJMPKEjiQH/EEwgFV
icTFLJuFeTy1nk9MI90zZqjEVDOSbMBbjly32F7WGTNPZemdqDS3i53RrHseZKvp
rDcFWI3uN0DdFWrXV4YLWqg1J++DIVceO+AKHvLjDrPkdKlvY7tT5TZ7c/ffJ9Ji
qhLAdSEKnmlGOvx49BvoE6VidHXcn/4LkK6Oin23uFqojBVycuvWRYWU2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0kdd8EkK0yjqwfEUOYGcpRzLuRMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTFNSMTN3U1FyVEtPckI4UlE1Z1p5bEhNdTVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRNsMA0G
CSqGSIb3DQEBCwUAA4IBAQAXKfi7AHE1Ed+iiKMoNpwhqDL0IrrvZ2xJN7mP7wpD
ff/oylNo6/8SX1K71t3RmeO4yxhya7zVJzsbTKCTEZhP2yPh5ppdq/Alh9jbAA3I
0ZZGqDitLD0XF/5UTasA5lRA0L+juE6GXR5BzQn59fQRLqxf1fs05uH4sEL+yXyj
V77qOeVf0U35+QD7NDy+e9CzYTGKEs/AcjbXd5s80z24qTQerrvPLwKTYqA92AaI
feWElL0zpYoUAlw9P4FUSQOFFtkxtfc2Gm3bHkVrsdjZwmT8MhcxEWn1MRqVSZpc
21loYTt5iSViOz90XAuFHN5QJPAiV0BNkbdBKC0aj/Tp
-----END CERTIFICATE-----