Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Lf2GNwJfje7OBckm_TENmyrqyn4.roa
File:                     Lf2GNwJfje7OBckm_TENmyrqyn4.roa (raw, json)
Hash identifier:          gikXJ3b67njhtAmvTBtRdykEydVqs8Q5wf1vMq47idM=
Subject key identifier:   2D:FD:86:37:02:5F:8D:EE:CE:05:C9:26:FD:31:0D:9B:2A:EA:CA:7E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422203F8B7BD922D6D99330B21AD60DDF
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Lf2GNwJfje7OBckm_TENmyrqyn4.roa
Signing time:             Wed 01 Jan 2025 13:48:46 +0000
ROA not before:           Wed 01 Jan 2025 13:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215442
IP address blocks:        93.114.193.0/24 maxlen: 24
                          194.76.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3f:8b:7b:d9:22:d6:d9:93:30:b2:1a:d6:0d:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2dfd8637025f8deece05c926fd310d9b2aeaca7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:5e:a3:13:39:97:7e:82:4e:ed:b6:44:7c:5d:
                    cf:a6:c0:8a:d8:07:cb:57:51:9e:7e:13:d1:b2:93:
                    f8:91:08:78:5a:d3:7f:7c:ce:14:5e:63:9f:2a:46:
                    cb:04:10:4f:d8:98:aa:39:25:b4:54:2c:6d:1c:18:
                    15:0f:72:80:9f:fc:ce:c4:22:c5:5d:0e:ed:6e:2c:
                    21:22:6a:65:5f:2c:51:82:77:c0:3a:73:36:cd:08:
                    8e:68:4a:3a:1c:06:a8:33:ef:66:6e:df:8b:5c:68:
                    6b:17:06:6f:6e:f7:a9:3b:37:0c:c7:f7:15:05:d1:
                    61:b6:d6:e0:4a:55:17:20:a1:58:b1:a6:db:c8:65:
                    f2:09:7a:0d:aa:45:04:15:91:e4:ab:2d:1d:e1:26:
                    34:a3:40:aa:24:d4:4d:a6:4d:5e:43:50:0f:05:09:
                    e4:c5:aa:c7:32:dd:30:5f:82:bc:74:71:95:ca:e3:
                    f6:0f:9b:87:34:3d:c0:dd:fb:20:cc:ce:f7:59:64:
                    fa:c7:e3:a9:06:aa:a8:c3:c1:14:9e:f5:3b:b0:37:
                    42:23:a3:b0:5d:10:18:5d:07:59:2b:0d:1e:cf:3d:
                    90:90:38:c8:48:1c:31:c6:58:f2:15:db:c1:62:59:
                    02:19:4f:e8:e7:d8:85:e4:e8:51:be:a1:2d:f1:d8:
                    3d:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:FD:86:37:02:5F:8D:EE:CE:05:C9:26:FD:31:0D:9B:2A:EA:CA:7E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Lf2GNwJfje7OBckm_TENmyrqyn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.193.0/24
                  194.76.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:a9:9e:81:fb:9c:b8:4b:14:57:ae:f2:a5:5b:b5:79:01:85:
         27:cd:86:22:0d:6d:cd:4b:06:d5:6e:9f:d3:87:06:29:ff:c7:
         2d:b6:83:9a:c1:71:dd:a8:c1:b0:33:2c:68:60:e8:35:78:61:
         23:2a:fe:38:07:ad:7e:75:5e:08:93:f2:3d:bc:22:1a:8a:1b:
         59:22:79:7b:97:40:62:c0:3c:70:8f:6e:29:80:f0:35:34:15:
         c3:ca:24:8d:32:1b:e1:48:c1:08:ff:35:fd:1d:a0:9d:39:cc:
         65:08:b5:bd:cb:39:dd:46:37:79:a1:31:af:2c:f8:d4:ee:69:
         ed:c7:9c:c0:21:46:f4:4f:c6:ed:c8:4d:88:95:01:f5:41:05:
         d6:66:ff:a5:f4:6d:d4:ad:58:3c:dc:6e:04:e3:f4:fa:35:6c:
         3b:62:3e:0f:84:b4:09:98:d1:f6:ed:47:15:a1:7b:7c:0f:21:
         78:4e:25:84:2f:f4:14:0c:15:4e:95:fb:75:1e:51:7d:d7:5a:
         4d:ad:72:3e:3e:01:24:83:a6:c1:c5:99:89:20:99:01:31:9d:
         66:24:20:ad:d8:52:4a:d1:d9:71:de:92:a4:83:e8:c9:e8:af:
         d7:25:8e:15:d4:26:03:d3:55:4a:09:55:f3:af:f4:9f:18:72:
         6d:8b:9a:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiID+Le9ki1tmTMLIa1g3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGZkODYzNzAyNWY4ZGVlY2UwNWM5MjZmZDMxMGQ5YjJhZWFjYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnV6jEzmXfoJO7bZEfF3PpsCK2AfL
V1GefhPRspP4kQh4WtN/fM4UXmOfKkbLBBBP2JiqOSW0VCxtHBgVD3KAn/zOxCLF
XQ7tbiwhImplXyxRgnfAOnM2zQiOaEo6HAaoM+9mbt+LXGhrFwZvbvepOzcMx/cV
BdFhttbgSlUXIKFYsabbyGXyCXoNqkUEFZHkqy0d4SY0o0CqJNRNpk1eQ1APBQnk
xarHMt0wX4K8dHGVyuP2D5uHND3A3fsgzM73WWT6x+OpBqqow8EUnvU7sDdCI6Ow
XRAYXQdZKw0ezz2QkDjISBwxxljyFdvBYlkCGU/o59iF5OhRvqEt8dg9MQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC39hjcCX43uzgXJJv0xDZsq6sp+MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTGYyR053SmZqZTdPQmNrbV9URU5teXJxeW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXLBAwQA
wkyGMA0GCSqGSIb3DQEBCwUAA4IBAQA5qZ6B+5y4SxRXrvKlW7V5AYUnzYYiDW3N
SwbVbp/ThwYp/8cttoOawXHdqMGwMyxoYOg1eGEjKv44B61+dV4Ik/I9vCIaihtZ
Inl7l0BiwDxwj24pgPA1NBXDyiSNMhvhSMEI/zX9HaCdOcxlCLW9yzndRjd5oTGv
LPjU7mntx5zAIUb0T8btyE2IlQH1QQXWZv+l9G3UrVg83G4E4/T6NWw7Yj4PhLQJ
mNH27UcVoXt8DyF4TiWEL/QUDBVOlft1HlF911pNrXI+PgEkg6bBxZmJIJkBMZ1m
JCCt2FJK0dlx3pKkg+jJ6K/XJY4V1CYD01VKCVXzr/SfGHJti5q4
-----END CERTIFICATE-----