Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_64Fhc5gM5EKFAJhmBI405b7VP8.roa
File:                     _64Fhc5gM5EKFAJhmBI405b7VP8.roa (raw, json)
Hash identifier:          2+lyPC/n7Y5zF7q23iZxdg0aPd7Y+7sHl6IQrrrdzKw=
Subject key identifier:   FF:AE:05:85:CE:60:33:91:0A:14:02:61:98:12:38:D3:96:FB:54:FF
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501168D77072269D5CC913CDE802D16
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_64Fhc5gM5EKFAJhmBI405b7VP8.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56488
IP address blocks:        194.76.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:16:8d:77:07:22:69:d5:cc:91:3c:de:80:2d:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffae0585ce6033910a140261981238d396fb54ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c9:09:b3:26:ba:71:d3:ab:01:5d:8a:8a:35:
                    ab:65:a5:2d:08:5b:f0:0c:51:e1:aa:32:51:e0:9e:
                    09:d3:a8:b2:b1:cf:d7:b0:f0:60:c2:4c:36:58:9c:
                    ec:31:ea:d4:30:a7:b2:4e:57:8d:a5:48:1a:5d:c2:
                    aa:6e:c6:11:33:c1:78:11:0d:e6:5e:cc:14:6e:7d:
                    f9:d0:7e:56:31:e2:35:e1:d9:51:c4:a7:c4:22:84:
                    c9:fc:2d:50:84:7a:41:4e:b8:a3:9e:ef:81:50:17:
                    91:bc:39:03:8d:50:b5:36:b5:07:6a:f5:ed:a9:61:
                    50:bc:70:07:d0:f2:ba:3c:60:60:3a:0a:50:6c:67:
                    ae:c3:ad:cc:95:0e:62:30:bc:9b:66:8f:ca:19:01:
                    f6:e6:55:5e:5a:29:b4:1f:7b:e9:b0:fb:83:2c:42:
                    b2:56:ea:ab:18:3b:50:1b:bc:f1:19:32:fe:0a:26:
                    be:f8:36:5f:47:ed:70:01:98:24:7a:5f:2d:00:57:
                    1a:c5:c9:8e:1b:7e:c9:12:b9:55:64:30:41:70:f4:
                    11:06:45:14:1c:de:12:f8:73:b5:f3:23:d2:ad:33:
                    a0:2c:9d:a4:ba:2b:6c:80:b0:b1:fd:03:a5:c3:26:
                    1c:25:73:d7:d9:c5:ff:53:e1:b6:b9:9b:4c:c4:8c:
                    97:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:AE:05:85:CE:60:33:91:0A:14:02:61:98:12:38:D3:96:FB:54:FF
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_64Fhc5gM5EKFAJhmBI405b7VP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:75:e8:ed:05:16:d0:7b:15:10:52:06:a7:59:79:7a:24:62:
         85:2c:82:07:18:83:c5:3a:79:bc:3d:ea:03:c5:a3:26:1a:68:
         13:b1:e5:e6:1d:85:b8:5c:99:8e:fb:b6:a8:fd:ec:2a:d7:af:
         89:b1:dd:6f:af:72:c4:5d:0a:3f:6a:b1:fa:f9:b6:32:ad:15:
         f2:0d:c1:ad:a8:a0:43:03:54:b9:35:8c:c5:55:df:a2:26:38:
         67:a7:d3:4f:4c:86:0c:f0:71:a6:40:1d:df:f0:d2:1f:03:47:
         be:d7:2b:e4:6d:fe:c4:6c:c4:28:8c:97:39:53:4c:45:c4:c6:
         75:15:01:bb:5f:75:1b:0e:51:2d:80:01:c3:d5:c9:02:53:51:
         8d:16:4c:0b:ff:5c:10:84:1b:95:26:b3:3d:df:a1:33:81:12:
         b8:be:89:9b:66:5a:32:86:e0:40:57:48:40:16:6b:27:32:77:
         91:4e:b5:8f:b6:8a:47:a6:62:71:4b:fb:c0:da:88:ca:b9:1d:
         c2:c1:ab:8e:f8:bd:47:53:ec:44:06:73:e0:3c:1e:89:12:58:
         e2:10:81:8f:d1:31:55:47:e8:60:09:b3:b9:e5:9a:98:fc:0e:
         cc:12:56:fc:87:8c:65:37:b2:3f:3e:d3:cb:3c:d4:51:4f:dc:
         43:f5:fd:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARaNdwciadXMkTzegC0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmFlMDU4NWNlNjAzMzkxMGExNDAyNjE5ODEyMzhkMzk2ZmI1NGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzskJsya6cdOrAV2KijWrZaUtCFvw
DFHhqjJR4J4J06iysc/XsPBgwkw2WJzsMerUMKeyTleNpUgaXcKqbsYRM8F4EQ3m
XswUbn350H5WMeI14dlRxKfEIoTJ/C1QhHpBTrijnu+BUBeRvDkDjVC1NrUHavXt
qWFQvHAH0PK6PGBgOgpQbGeuw63MlQ5iMLybZo/KGQH25lVeWim0H3vpsPuDLEKy
VuqrGDtQG7zxGTL+Cia++DZfR+1wAZgkel8tAFcaxcmOG37JErlVZDBBcPQRBkUU
HN4S+HO18yPSrTOgLJ2kuitsgLCx/QOlwyYcJXPX2cX/U+G2uZtMxIyXtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+uBYXOYDORChQCYZgSONOW+1T/MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvXzY0RmhjNWdNNUVLRkFKaG1CSTQwNWI3VlA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkyHMA0G
CSqGSIb3DQEBCwUAA4IBAQAbdejtBRbQexUQUganWXl6JGKFLIIHGIPFOnm8PeoD
xaMmGmgTseXmHYW4XJmO+7ao/ewq16+Jsd1vr3LEXQo/arH6+bYyrRXyDcGtqKBD
A1S5NYzFVd+iJjhnp9NPTIYM8HGmQB3f8NIfA0e+1yvkbf7EbMQojJc5U0xFxMZ1
FQG7X3UbDlEtgAHD1ckCU1GNFkwL/1wQhBuVJrM936EzgRK4vombZloyhuBAV0hA
FmsnMneRTrWPtopHpmJxS/vA2ojKuR3CwauO+L1HU+xEBnPgPB6JEljiEIGP0TFV
R+hgCbO55ZqY/A7MElb8h4xlN7I/PtPLPNRRT9xD9f0D
-----END CERTIFICATE-----