Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Vqb3EKTYt4rpzGGe4hUudVRdshA.roa
File:                     Vqb3EKTYt4rpzGGe4hUudVRdshA.roa (raw, json)
Hash identifier:          bNa36GhOXgYzaQWmOi8ZDaLLMvqbzv8c5OfIqEyo31M=
Subject key identifier:   56:A6:F7:10:A4:D8:B7:8A:E9:CC:61:9E:E2:15:2E:75:54:5D:B2:10
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501198A6EC575CC1CA6F8267C434189
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Vqb3EKTYt4rpzGGe4hUudVRdshA.roa
Signing time:             Mon 01 Jan 2024 12:30:32 +0000
ROA not before:           Mon 01 Jan 2024 12:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60798
IP address blocks:        37.46.151.0/24 maxlen: 24
                          84.245.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:19:8a:6e:c5:75:cc:1c:a6:f8:26:7c:43:41:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56a6f710a4d8b78ae9cc619ee2152e75545db210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e7:f3:69:99:ba:dc:06:62:eb:9b:b6:97:48:
                    14:5e:fb:99:e6:37:61:52:62:00:cf:8f:cf:8b:62:
                    a0:4e:06:b6:4a:95:33:dc:1f:3c:09:c1:71:5b:53:
                    9a:25:35:d8:45:ac:76:0c:ee:6d:b7:16:5b:44:79:
                    1b:8e:e5:65:6a:44:59:f5:30:5e:19:04:45:fb:1f:
                    ec:3f:90:dd:bd:0f:09:d0:b5:6f:1d:2b:f5:84:30:
                    a0:d5:b6:59:f8:6c:54:85:7b:b6:d9:24:9c:fe:1d:
                    c5:83:56:7c:28:28:64:65:d5:1c:a6:cc:27:2b:ba:
                    a6:1a:95:2d:22:a1:dc:77:f2:71:76:09:25:a9:be:
                    c1:fe:1e:26:ed:b5:5d:75:8b:ed:f4:b7:e3:bf:0f:
                    cd:db:65:b1:de:18:5a:b8:46:35:af:06:b2:a4:af:
                    13:80:ae:ad:42:95:f7:4a:10:6d:ea:4d:cd:f8:bd:
                    03:2e:23:cc:09:87:48:c8:9d:f2:47:80:76:88:90:
                    7b:45:38:5a:8c:d9:49:1f:d3:f5:24:ff:9e:c0:5a:
                    f4:f8:4c:ba:a0:e8:78:54:09:f0:c8:db:79:cc:4f:
                    c2:42:16:b0:dc:af:a2:dc:4e:6b:98:b5:5a:cc:9f:
                    2b:94:35:21:c7:29:7e:50:69:f3:60:32:32:a8:6c:
                    ae:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:A6:F7:10:A4:D8:B7:8A:E9:CC:61:9E:E2:15:2E:75:54:5D:B2:10
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Vqb3EKTYt4rpzGGe4hUudVRdshA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.151.0/24
                  84.245.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:4d:d6:f1:6f:72:95:5a:3a:47:34:f1:a6:a3:20:b7:11:55:
         b4:21:e3:73:8c:6e:16:7e:1d:63:e8:e7:6f:be:af:e6:78:62:
         28:2d:99:a3:8b:c2:94:11:4a:62:68:35:84:b7:d3:f8:00:3f:
         a4:b8:d7:82:15:60:de:7c:07:58:52:cd:95:2e:19:83:1a:27:
         17:29:85:a9:43:df:78:7a:53:08:97:75:4e:e9:7d:40:e2:1d:
         41:16:d9:01:b6:cf:0f:52:69:47:2b:2b:6a:36:63:e5:44:0c:
         49:30:e7:33:94:05:28:44:62:72:53:84:0c:50:a6:4f:77:2b:
         54:d1:8a:43:1a:4e:dc:b6:17:15:5e:ca:c4:01:33:92:e0:d4:
         fa:5d:9e:77:aa:76:f6:9b:f0:e8:6c:1e:41:2a:c1:4c:be:59:
         cf:9b:ba:b3:63:2f:ab:f3:51:66:9a:54:e3:eb:a6:fa:98:2e:
         be:87:4f:c6:2a:73:13:67:82:c7:a9:36:3f:c4:6a:88:6a:bb:
         ed:d6:cf:d0:42:f6:48:8c:03:25:ab:b5:5b:63:a7:55:54:0d:
         51:83:c4:6e:1e:82:09:23:23:ce:d0:d5:7b:f2:c3:69:9f:a7:
         2a:59:b5:5c:a8:85:b8:c2:e6:27:b6:5e:e5:72:91:82:85:9c:
         eb:19:c6:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFARmKbsV1zBym+CZ8Q0GJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmE2ZjcxMGE0ZDhiNzhhZTljYzYxOWVlMjE1MmU3NTU0NWRiMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOfzaZm63AZi65u2l0gUXvuZ5jdh
UmIAz4/Pi2KgTga2SpUz3B88CcFxW1OaJTXYRax2DO5ttxZbRHkbjuVlakRZ9TBe
GQRF+x/sP5DdvQ8J0LVvHSv1hDCg1bZZ+GxUhXu22SSc/h3Fg1Z8KChkZdUcpswn
K7qmGpUtIqHcd/Jxdgklqb7B/h4m7bVddYvt9Lfjvw/N22Wx3hhauEY1rwaypK8T
gK6tQpX3ShBt6k3N+L0DLiPMCYdIyJ3yR4B2iJB7RThajNlJH9P1JP+ewFr0+Ey6
oOh4VAnwyNt5zE/CQhaw3K+i3E5rmLVazJ8rlDUhxyl+UGnzYDIyqGyuCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFam9xCk2LeK6cxhnuIVLnVUXbIQMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVnFiM0VLVFl0NHJwekdHZTRoVXVkVlJkc2hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJS6XAwQA
VPU5MA0GCSqGSIb3DQEBCwUAA4IBAQB0Tdbxb3KVWjpHNPGmoyC3EVW0IeNzjG4W
fh1j6Odvvq/meGIoLZmji8KUEUpiaDWEt9P4AD+kuNeCFWDefAdYUs2VLhmDGicX
KYWpQ994elMIl3VO6X1A4h1BFtkBts8PUmlHKytqNmPlRAxJMOczlAUoRGJyU4QM
UKZPdytU0YpDGk7cthcVXsrEATOS4NT6XZ53qnb2m/DobB5BKsFMvlnPm7qzYy+r
81FmmlTj66b6mC6+h0/GKnMTZ4LHqTY/xGqIarvt1s/QQvZIjAMlq7VbY6dVVA1R
g8RuHoIJIyPO0NV78sNpn6cqWbVcqIW4wuYntl7lcpGChZzrGcZO
-----END CERTIFICATE-----