Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LUNTrTc4sw-KWUBNBGIBRUW491A.roa
File:                     LUNTrTc4sw-KWUBNBGIBRUW491A.roa (raw, json)
Hash identifier:          rPO9I0f52QU0uzU9TdeZ+xC4qQfe8NDP4yhSgeVSJ5I=
Subject key identifier:   2D:43:53:AD:37:38:B3:0F:8A:59:40:4D:04:62:01:45:45:B8:F7:50
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422200CF6332F329A80314133BE412DF7
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LUNTrTc4sw-KWUBNBGIBRUW491A.roa
Signing time:             Wed 01 Jan 2025 13:48:33 +0000
ROA not before:           Wed 01 Jan 2025 13:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9312
IP address blocks:        193.19.108.0/24 maxlen: 24
                          194.242.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:0c:f6:33:2f:32:9a:80:31:41:33:be:41:2d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d4353ad3738b30f8a59404d0462014545b8f750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7b:58:d1:fb:75:7a:dc:15:95:e7:b4:85:95:
                    a4:7a:a3:12:db:db:80:74:5c:bc:71:8e:bf:63:92:
                    13:2a:39:46:71:56:72:88:f5:5b:22:02:21:7c:de:
                    e8:8f:ac:69:72:6b:f6:0b:32:03:52:7a:32:69:38:
                    3e:8e:bc:51:d2:85:9a:44:25:36:66:22:6a:74:48:
                    59:a1:a1:fc:74:94:47:d4:0d:84:fb:16:2c:b5:65:
                    bf:ae:46:f4:b4:5f:98:47:a0:ad:b0:27:69:ba:ea:
                    8f:af:8e:69:7c:d3:16:92:86:e5:67:ce:cd:11:f8:
                    5b:e6:fb:96:d1:1c:37:56:12:01:72:55:1a:e9:e2:
                    10:00:64:bf:0e:d6:14:e9:b2:90:85:d2:e6:0a:96:
                    d1:89:70:6d:8b:21:a1:2a:48:08:51:30:e3:64:55:
                    fe:f9:ac:a0:c4:28:9f:92:90:8d:89:8e:15:8b:04:
                    6a:10:a5:ec:f4:e3:cf:af:35:f8:75:59:15:49:6b:
                    8b:11:5e:8f:c0:d4:cc:e2:06:f1:20:da:61:9b:37:
                    86:fe:0a:9c:81:ab:f3:1c:84:ac:e2:a2:dd:6a:93:
                    40:d8:2a:1a:ad:b8:49:1e:41:11:2b:3d:aa:68:dd:
                    fd:68:21:80:51:ec:3a:b7:2f:00:71:dc:73:0d:24:
                    27:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:43:53:AD:37:38:B3:0F:8A:59:40:4D:04:62:01:45:45:B8:F7:50
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LUNTrTc4sw-KWUBNBGIBRUW491A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24
                  194.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:05:3e:42:d2:04:6b:91:f1:3a:0e:ac:bb:62:6c:45:7e:b8:
         f5:05:de:ad:0f:eb:4c:33:35:22:c0:fd:d7:92:5e:75:77:2d:
         16:87:f2:de:45:44:81:74:4b:ce:5d:3a:63:60:a8:ce:1e:64:
         0b:f4:f3:1b:26:03:58:be:c7:8e:c2:e3:6a:c8:c7:f1:33:d1:
         05:e7:2c:57:32:6d:86:26:96:89:41:d0:55:dc:f2:ea:d9:86:
         07:25:87:e6:78:39:24:66:b8:c5:20:40:41:58:3e:54:a6:83:
         8e:46:f6:96:bf:b2:31:f6:4a:57:22:a1:a7:70:3b:04:54:e5:
         6c:db:4c:c3:a3:85:26:0c:fc:b0:5b:c6:a6:46:5b:41:ed:5e:
         0d:02:af:8c:d2:92:a5:ea:f1:bb:e3:db:13:d4:12:a3:45:c9:
         b8:5a:95:c6:03:73:73:46:ef:88:29:71:ab:9f:69:c6:ae:0c:
         7e:5f:61:13:f8:ab:bc:f2:1a:f2:3a:b3:20:e2:5b:f7:dc:fa:
         df:ed:8d:d4:46:72:a1:35:70:94:c4:8b:00:64:f6:cf:7e:b8:
         59:c1:8f:aa:10:56:a9:fa:47:49:39:38:a9:58:4a:ea:f7:9a:
         3c:2d:7c:e0:57:62:82:31:40:98:9f:10:62:80:bc:3f:13:af:
         a6:08:86:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIAz2My8ymoAxQTO+QS33MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDQzNTNhZDM3MzhiMzBmOGE1OTQwNGQwNDYyMDE0NTQ1YjhmNzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXtY0ft1etwVlee0hZWkeqMS29uA
dFy8cY6/Y5ITKjlGcVZyiPVbIgIhfN7oj6xpcmv2CzIDUnoyaTg+jrxR0oWaRCU2
ZiJqdEhZoaH8dJRH1A2E+xYstWW/rkb0tF+YR6CtsCdpuuqPr45pfNMWkoblZ87N
Efhb5vuW0Rw3VhIBclUa6eIQAGS/DtYU6bKQhdLmCpbRiXBtiyGhKkgIUTDjZFX+
+aygxCifkpCNiY4ViwRqEKXs9OPPrzX4dVkVSWuLEV6PwNTM4gbxINphmzeG/gqc
gavzHISs4qLdapNA2CoarbhJHkERKz2qaN39aCGAUew6ty8AcdxzDSQnKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC1DU603OLMPillATQRiAUVFuPdQMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTFVOVHJUYzRzdy1LV1VCTkJHSUJSVVc0OTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRNsAwQA
wvICMA0GCSqGSIb3DQEBCwUAA4IBAQBRBT5C0gRrkfE6Dqy7YmxFfrj1Bd6tD+tM
MzUiwP3Xkl51dy0Wh/LeRUSBdEvOXTpjYKjOHmQL9PMbJgNYvseOwuNqyMfxM9EF
5yxXMm2GJpaJQdBV3PLq2YYHJYfmeDkkZrjFIEBBWD5UpoOORvaWv7Ix9kpXIqGn
cDsEVOVs20zDo4UmDPywW8amRltB7V4NAq+M0pKl6vG749sT1BKjRcm4WpXGA3Nz
Ru+IKXGrn2nGrgx+X2ET+Ku88hryOrMg4lv33Prf7Y3URnKhNXCUxIsAZPbPfrhZ
wY+qEFap+kdJOTipWErq95o8LXzgV2KCMUCYnxBigLw/E6+mCIaw
-----END CERTIFICATE-----