Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_JJc1M2yTkF2A5xQbDk_ITDxDyA.roa
File:                     _JJc1M2yTkF2A5xQbDk_ITDxDyA.roa (raw, json)
Hash identifier:          vcC5G72pdVw38OXnzB2hrV0nlA6GMM290I2lOjvBq8U=
Subject key identifier:   FC:92:5C:D4:CD:B2:4E:41:76:03:9C:50:6C:39:3F:21:30:F1:0F:20
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501214857F41B765D047F3780839FC2
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_JJc1M2yTkF2A5xQbDk_ITDxDyA.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199700
IP address blocks:        194.5.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:21:48:57:f4:1b:76:5d:04:7f:37:80:83:9f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc925cd4cdb24e4176039c506c393f2130f10f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c9:28:b6:10:92:84:2d:fc:34:0b:fc:0a:88:
                    20:dd:0f:7b:f4:4d:48:f4:09:41:ab:c3:9b:02:25:
                    f1:be:c0:6d:15:f1:f5:63:fa:0a:ca:39:73:c0:03:
                    2d:a9:21:69:64:1c:d8:1b:48:f4:65:9f:df:3a:18:
                    fd:98:8d:23:f4:81:96:bc:0f:de:bd:7a:2f:3d:2c:
                    36:bf:96:08:ee:f5:9f:62:d4:ad:48:c0:8d:f5:9f:
                    54:d0:89:16:50:96:a3:68:3f:78:fa:ab:89:a4:03:
                    8a:d3:28:cb:6f:ac:5b:04:ef:51:6c:03:29:16:46:
                    0e:ac:b1:8e:29:1b:ac:9a:f5:fb:b3:e3:0e:95:7c:
                    5b:ce:18:bf:48:54:fe:48:00:18:3f:63:aa:78:ec:
                    2c:47:41:cc:d7:88:e1:8c:e4:07:ce:9d:b8:bc:ef:
                    db:43:0c:7c:e3:17:3b:43:30:6b:0f:ee:4a:ca:a1:
                    c2:fd:9b:1e:1e:86:d0:a8:6d:51:cc:3b:26:e2:09:
                    0a:8c:31:06:d7:40:79:4f:4c:0e:10:03:84:76:33:
                    0e:99:f9:b6:fe:92:9c:a3:f4:0f:dd:eb:2d:f4:96:
                    2c:9b:ee:6e:37:0b:81:a4:17:d8:aa:45:aa:55:b5:
                    e1:3e:1f:7b:4d:58:f6:0c:32:93:d2:26:9b:fd:27:
                    37:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:92:5C:D4:CD:B2:4E:41:76:03:9C:50:6C:39:3F:21:30:F1:0F:20
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_JJc1M2yTkF2A5xQbDk_ITDxDyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:21:8d:b9:6e:1d:b7:da:1f:dd:a7:3d:28:5a:b0:63:23:65:
         29:d0:18:29:22:08:66:7a:0c:e6:37:46:6c:f8:04:28:65:7f:
         f5:b6:ef:a7:38:73:a1:c0:8e:8f:b9:1a:90:16:70:52:0e:75:
         0f:1d:05:0d:9f:4a:84:3d:8b:cb:35:3f:7c:ea:d0:91:30:05:
         5d:fc:42:ee:b3:e0:72:64:84:5a:f2:31:25:27:8f:07:95:26:
         1c:29:57:a4:7a:59:aa:91:24:fb:76:30:db:e8:1a:64:1d:fe:
         f6:65:7c:36:6a:86:e5:d3:a8:40:ef:a7:8b:92:1c:54:6f:fb:
         46:31:01:99:e6:b5:fb:e6:8c:fc:81:84:e7:9c:dd:3d:c8:27:
         e0:5d:de:78:40:ee:b8:19:56:c7:9f:75:71:e9:50:c6:bd:1a:
         2e:12:b4:e9:49:49:cc:f2:e9:1c:39:b2:0d:11:da:95:2a:6c:
         cd:84:cb:38:76:d1:2c:23:b6:96:e4:b0:0a:ad:18:fb:e7:61:
         c6:3a:22:d7:02:8b:82:ca:82:f1:e8:bb:6e:53:bf:fb:2d:21:
         a4:d8:63:33:ae:d8:f3:a0:03:75:7c:b1:96:0e:aa:ee:06:d0:
         37:53:ba:0f:41:fe:1f:38:0e:43:6c:1f:c3:a8:bd:9d:e7:ea:
         66:43:19:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASFIV/Qbdl0EfzeAg5/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzkyNWNkNGNkYjI0ZTQxNzYwMzljNTA2YzM5M2YyMTMwZjEwZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8kothCShC38NAv8Cogg3Q979E1I
9AlBq8ObAiXxvsBtFfH1Y/oKyjlzwAMtqSFpZBzYG0j0ZZ/fOhj9mI0j9IGWvA/e
vXovPSw2v5YI7vWfYtStSMCN9Z9U0IkWUJajaD94+quJpAOK0yjLb6xbBO9RbAMp
FkYOrLGOKRusmvX7s+MOlXxbzhi/SFT+SAAYP2OqeOwsR0HM14jhjOQHzp24vO/b
Qwx84xc7QzBrD+5KyqHC/ZseHobQqG1RzDsm4gkKjDEG10B5T0wOEAOEdjMOmfm2
/pKco/QP3est9JYsm+5uNwuBpBfYqkWqVbXhPh97TVj2DDKT0iab/Sc3JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPySXNTNsk5BdgOcUGw5PyEw8Q8gMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvX0pKYzFNMnlUa0YyQTV4UWJEa19JVER4RHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgVVMA0G
CSqGSIb3DQEBCwUAA4IBAQCUIY25bh232h/dpz0oWrBjI2Up0BgpIghmegzmN0Zs
+AQoZX/1tu+nOHOhwI6PuRqQFnBSDnUPHQUNn0qEPYvLNT986tCRMAVd/ELus+By
ZIRa8jElJ48HlSYcKVekelmqkST7djDb6BpkHf72ZXw2aobl06hA76eLkhxUb/tG
MQGZ5rX75oz8gYTnnN09yCfgXd54QO64GVbHn3Vx6VDGvRouErTpSUnM8ukcObIN
EdqVKmzNhMs4dtEsI7aW5LAKrRj752HGOiLXAouCyoLx6LtuU7/7LSGk2GMzrtjz
oAN1fLGWDqruBtA3U7oPQf4fOA5DbB/DqL2d5+pmQxmg
-----END CERTIFICATE-----