Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ya1L4AUDCL38rb4FxaiLd86xV0w.roa
File:                     Ya1L4AUDCL38rb4FxaiLd86xV0w.roa (raw, json)
Hash identifier:          REX4V/p3gs3ZAZjMHT4pdzm242sME17zk0t2TNe9dEc=
Subject key identifier:   61:AD:4B:E0:05:03:08:BD:FC:AD:BE:05:C5:A8:8B:77:CE:B1:57:4C
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5010DFC8140FD6C1340E73623E1D463
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ya1L4AUDCL38rb4FxaiLd86xV0w.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     38337
IP address blocks:        188.241.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0d:fc:81:40:fd:6c:13:40:e7:36:23:e1:d4:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61ad4be0050308bdfcadbe05c5a88b77ceb1574c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:19:d6:d2:94:2c:33:7a:db:e2:a9:4e:de:ea:
                    2d:44:e8:9d:69:9a:30:f6:0f:74:b6:f4:fa:e5:93:
                    b0:af:69:7c:ce:9f:e6:ad:01:fd:b0:51:0f:ff:2a:
                    c0:3c:bb:4b:32:75:f7:6b:53:6a:51:27:16:dd:af:
                    17:14:9c:51:2b:06:50:0e:f8:50:ad:58:ef:49:f7:
                    ec:2d:f1:84:82:08:4f:c3:5f:81:c5:e5:95:83:df:
                    09:99:df:8b:5d:b0:6e:9b:d6:c4:c7:f1:51:f4:98:
                    14:bb:86:50:16:01:01:51:5d:ef:a3:bd:05:86:2d:
                    40:53:fd:14:29:16:82:aa:df:34:df:7e:50:a7:05:
                    9a:0d:da:ea:12:13:e7:e8:ac:27:32:23:c3:67:9c:
                    06:c6:9f:80:4a:98:24:b6:8d:e4:b8:91:dd:bc:03:
                    71:5b:f4:71:7f:ff:0f:2a:14:d8:84:b9:65:87:9b:
                    4c:91:2d:c5:c6:3a:75:4a:a8:cb:99:58:b9:ae:d3:
                    77:e7:1b:f1:f1:93:c3:1e:10:27:ed:08:6b:e8:e9:
                    36:e5:13:6e:1b:f8:de:6f:4a:e1:f7:16:4b:4f:cf:
                    ea:a9:99:27:9a:25:ba:ab:d6:bf:b6:18:e8:a7:4c:
                    f5:1c:5e:22:8d:0f:0b:6f:98:38:63:f2:e4:35:b1:
                    ea:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:AD:4B:E0:05:03:08:BD:FC:AD:BE:05:C5:A8:8B:77:CE:B1:57:4C
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ya1L4AUDCL38rb4FxaiLd86xV0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:4f:7c:3c:db:ec:cf:5f:47:8b:99:b0:f1:65:b9:7a:f9:0e:
         8b:0c:3a:c3:6c:e8:2c:76:63:54:46:a7:33:56:41:3e:4b:73:
         ac:af:6c:f5:53:fe:4d:15:d4:1f:96:bb:84:12:26:aa:f0:ec:
         35:84:bb:da:4e:19:7a:30:27:e9:8e:97:a9:8d:47:a1:87:4d:
         88:c0:ed:47:72:d4:8e:36:6a:9c:33:90:d7:b6:dd:82:55:6b:
         7e:12:40:3e:85:16:19:ba:85:b7:64:6c:f6:8d:be:60:10:2a:
         b8:5c:81:3f:bc:a1:85:16:31:20:fc:e4:0c:24:c2:26:88:22:
         42:fa:78:e8:ea:1b:87:d3:e6:9e:ff:b7:6e:ad:54:9a:96:f5:
         61:3f:8a:eb:49:5a:17:44:58:69:7c:28:c1:ec:b4:52:51:d3:
         14:7b:00:fa:f2:e6:bf:4e:94:38:26:72:07:16:3a:2b:b3:1d:
         08:53:1e:e9:f5:1f:27:bd:44:80:61:2b:7b:5a:ee:b2:a8:56:
         a9:5b:da:53:bd:5e:58:98:89:b0:17:73:5b:04:eb:9b:2b:7a:
         c7:bc:d6:30:e3:c5:34:38:87:0f:39:2f:64:f5:4d:b2:c3:bf:
         9c:2d:ec:6f:81:66:3e:0d:b7:c9:6e:ee:30:db:2c:d1:18:ed:
         14:f7:12:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQ38gUD9bBNA5zYj4dRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWFkNGJlMDA1MDMwOGJkZmNhZGJlMDVjNWE4OGI3N2NlYjE1NzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBnW0pQsM3rb4qlO3uotROidaZow
9g90tvT65ZOwr2l8zp/mrQH9sFEP/yrAPLtLMnX3a1NqUScW3a8XFJxRKwZQDvhQ
rVjvSffsLfGEgghPw1+BxeWVg98Jmd+LXbBum9bEx/FR9JgUu4ZQFgEBUV3vo70F
hi1AU/0UKRaCqt80335QpwWaDdrqEhPn6KwnMiPDZ5wGxp+ASpgkto3kuJHdvANx
W/Rxf/8PKhTYhLllh5tMkS3Fxjp1SqjLmVi5rtN35xvx8ZPDHhAn7Qhr6Ok25RNu
G/jeb0rh9xZLT8/qqZknmiW6q9a/thjop0z1HF4ijQ8Lb5g4Y/LkNbHqHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGtS+AFAwi9/K2+BcWoi3fOsVdMMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWWExTDRBVURDTDM4cmI0RnhhaUxkODZ4VjB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPHzMA0G
CSqGSIb3DQEBCwUAA4IBAQBdT3w82+zPX0eLmbDxZbl6+Q6LDDrDbOgsdmNURqcz
VkE+S3Osr2z1U/5NFdQflruEEiaq8Ow1hLvaThl6MCfpjpepjUehh02IwO1HctSO
NmqcM5DXtt2CVWt+EkA+hRYZuoW3ZGz2jb5gECq4XIE/vKGFFjEg/OQMJMImiCJC
+njo6huH0+ae/7durVSalvVhP4rrSVoXRFhpfCjB7LRSUdMUewD68ua/TpQ4JnIH
Fjorsx0IUx7p9R8nvUSAYSt7Wu6yqFapW9pTvV5YmImwF3NbBOubK3rHvNYw48U0
OIcPOS9k9U2yw7+cLexvgWY+DbfJbu4w2yzRGO0U9xJM
-----END CERTIFICATE-----