Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XK2VwE64uGnTO8tYLTRVPWA1cx0.roa
File:                     XK2VwE64uGnTO8tYLTRVPWA1cx0.roa (raw, json)
Hash identifier:          1sXtZBImpxhNI9qcaIxFcd2Fi2YioR8rqSmk+oDAcoo=
Subject key identifier:   5C:AD:95:C0:4E:B8:B8:69:D3:3B:CB:58:2D:34:55:3D:60:35:73:1D
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501223DA3662B497CBEE2903D4B3245
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XK2VwE64uGnTO8tYLTRVPWA1cx0.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200202
IP address blocks:        45.156.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:22:3d:a3:66:2b:49:7c:be:e2:90:3d:4b:32:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cad95c04eb8b869d33bcb582d34553d6035731d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:81:b4:f5:7c:9b:48:c4:2a:70:df:ff:70:7c:
                    07:35:b1:ec:2c:0a:0e:c0:a2:51:1e:ae:4e:9d:c2:
                    51:a6:46:75:ce:60:78:c4:5e:ff:54:28:b7:4f:4b:
                    e0:6d:6d:a4:6c:42:9a:93:e1:36:04:ae:71:f8:ea:
                    69:84:e0:61:49:f7:f1:24:fa:bc:2a:34:67:a4:55:
                    ca:6c:0d:17:0a:14:ca:00:5b:72:95:2d:50:dd:ba:
                    3d:8f:10:1e:53:b8:9e:af:9b:22:17:9d:a6:24:ac:
                    d2:28:d7:d0:f7:89:91:da:0f:c4:cc:cd:9c:0e:ea:
                    d8:14:7b:9a:08:81:f1:19:6f:47:99:b6:9d:a7:b4:
                    c7:02:3c:8a:e8:23:ba:d6:31:d8:bb:cb:74:9e:07:
                    fb:22:cf:dd:e7:6e:39:cd:64:66:a0:19:5c:6b:49:
                    ce:f2:4b:96:64:dd:f1:2b:59:79:5d:e8:07:75:2a:
                    73:36:81:c3:4a:2e:21:1e:5d:4e:eb:ab:7a:22:40:
                    41:2f:87:c2:4b:36:8b:f4:2c:76:09:5d:4d:3e:44:
                    42:03:b5:9a:7a:64:9a:62:c8:ee:14:b8:0d:92:82:
                    81:45:33:07:7c:94:d7:92:c7:3d:0c:52:f5:18:bc:
                    79:5a:41:85:72:81:28:d4:cf:55:dd:ff:f9:d4:dc:
                    2a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AD:95:C0:4E:B8:B8:69:D3:3B:CB:58:2D:34:55:3D:60:35:73:1D
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XK2VwE64uGnTO8tYLTRVPWA1cx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:95:68:b1:70:8e:08:50:b7:48:ea:0e:28:73:cf:23:f0:29:
         94:72:82:e1:c1:80:af:56:25:44:22:1d:a3:54:7d:15:6e:b2:
         88:63:94:87:ef:7d:33:a4:9a:70:f6:93:0c:6e:07:7b:66:73:
         8b:f9:eb:57:92:1a:43:57:9a:ae:be:2f:46:58:ac:c7:0f:c1:
         6a:69:c8:41:2d:e0:cf:c1:b1:46:b2:e9:53:38:d1:cc:0b:39:
         44:bf:b6:4e:6b:a1:91:d1:b7:2f:3d:c3:1b:d0:e5:63:f3:11:
         7c:c4:c6:3e:44:98:2c:c6:53:67:ed:d6:9d:2f:96:8f:f9:f3:
         00:ff:07:98:41:35:f0:88:58:9c:3b:59:a1:94:34:24:bc:dc:
         f2:a2:9e:58:00:43:0b:ae:09:17:23:ea:5b:02:49:04:f7:14:
         3f:0c:00:65:5e:52:84:0b:a2:c7:e8:b7:ed:6f:ad:e1:a5:11:
         8f:51:96:69:0d:ff:53:e9:9c:ed:57:80:d2:50:9a:3a:6f:39:
         f0:ac:2b:59:3b:e3:c7:4d:9a:bb:bb:f2:73:bc:3a:97:e1:a9:
         f0:d9:e0:5c:78:1a:5b:ad:75:41:01:ee:24:58:55:1f:01:b7:
         fc:31:fb:69:1d:ee:bf:ae:01:97:dd:f2:21:21:4d:2a:75:df:
         f6:fb:ed:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASI9o2YrSXy+4pA9SzJFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FkOTVjMDRlYjhiODY5ZDMzYmNiNTgyZDM0NTUzZDYwMzU3MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6IG09XybSMQqcN//cHwHNbHsLAoO
wKJRHq5OncJRpkZ1zmB4xF7/VCi3T0vgbW2kbEKak+E2BK5x+OpphOBhSffxJPq8
KjRnpFXKbA0XChTKAFtylS1Q3bo9jxAeU7ier5siF52mJKzSKNfQ94mR2g/EzM2c
DurYFHuaCIHxGW9Hmbadp7THAjyK6CO61jHYu8t0ngf7Is/d5245zWRmoBlca0nO
8kuWZN3xK1l5XegHdSpzNoHDSi4hHl1O66t6IkBBL4fCSzaL9Cx2CV1NPkRCA7Wa
emSaYsjuFLgNkoKBRTMHfJTXksc9DFL1GLx5WkGFcoEo1M9V3f/51NwqNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFytlcBOuLhp0zvLWC00VT1gNXMdMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWEsyVndFNjR1R25UTzh0WUxUUlZQV0ExY3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZycMA0G
CSqGSIb3DQEBCwUAA4IBAQAOlWixcI4IULdI6g4oc88j8CmUcoLhwYCvViVEIh2j
VH0VbrKIY5SH730zpJpw9pMMbgd7ZnOL+etXkhpDV5quvi9GWKzHD8FqachBLeDP
wbFGsulTONHMCzlEv7ZOa6GR0bcvPcMb0OVj8xF8xMY+RJgsxlNn7dadL5aP+fMA
/weYQTXwiFicO1mhlDQkvNzyop5YAEMLrgkXI+pbAkkE9xQ/DABlXlKEC6LH6Lft
b63hpRGPUZZpDf9T6ZztV4DSUJo6bznwrCtZO+PHTZq7u/JzvDqX4anw2eBceBpb
rXVBAe4kWFUfAbf8MftpHe6/rgGX3fIhIU0qdd/2++1i
-----END CERTIFICATE-----