Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_m2tjcEufL0oIOHX_xBheXCqP4s.roa
File:                     _m2tjcEufL0oIOHX_xBheXCqP4s.roa (raw, json)
Hash identifier:          /9d3t486OpFqqxblzXkn8XpEzqLlH3Kgsv7UhgXuxJY=
Subject key identifier:   FE:6D:AD:8D:C1:2E:7C:BD:28:20:E1:D7:FF:10:61:79:70:AA:3F:8B
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5012CBDB249B7F408ED00ACE77B4920
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_m2tjcEufL0oIOHX_xBheXCqP4s.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        93.115.254.0/24 maxlen: 24
                          93.114.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2c:bd:b2:49:b7:f4:08:ed:00:ac:e7:7b:49:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe6dad8dc12e7cbd2820e1d7ff10617970aa3f8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:73:c6:1d:92:d0:ba:11:09:77:74:57:59:91:
                    b2:5b:0d:8b:db:0f:2a:58:fb:3c:91:49:a1:e7:75:
                    70:2e:68:f9:ac:9d:4f:d9:60:9d:a4:81:b8:dc:92:
                    45:16:f9:a9:5e:f1:29:35:7e:19:32:5c:40:7a:cf:
                    33:1f:9f:ee:ca:3c:5f:d2:e5:b2:84:62:dd:11:ae:
                    37:38:c1:f4:55:c5:24:37:d8:43:ba:89:4e:9e:5c:
                    b4:99:3d:00:24:c1:ff:db:14:6b:d2:ee:33:40:8d:
                    c1:5a:64:7a:6c:2f:42:37:f6:e5:af:9b:dd:c5:bc:
                    dc:d9:64:4e:95:2a:93:b6:86:dd:6e:38:c2:e4:f5:
                    2a:d1:d1:34:48:83:7d:7a:a1:29:89:4c:7f:39:b8:
                    15:7a:e6:63:2f:b2:b0:55:55:81:6e:41:c2:8a:62:
                    f7:75:f6:e1:02:21:54:f2:31:a1:b0:98:cf:e7:21:
                    0b:d6:50:0b:2e:53:80:6c:74:ca:af:71:91:fb:86:
                    ae:2f:78:6e:86:e4:68:a7:70:4c:5c:0e:10:52:25:
                    ee:0c:db:17:6d:bf:b6:b8:55:b0:08:95:0b:2d:1f:
                    4e:7b:96:6f:91:92:4a:69:e9:52:a7:9d:58:74:f3:
                    2e:4c:bf:a5:73:58:18:38:48:a9:13:85:d1:74:83:
                    d5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:6D:AD:8D:C1:2E:7C:BD:28:20:E1:D7:FF:10:61:79:70:AA:3F:8B
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/_m2tjcEufL0oIOHX_xBheXCqP4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.193.0/24
                  93.115.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:82:54:67:91:45:0b:a6:ef:77:8d:1f:cd:0f:89:3e:63:b3:
         32:94:7f:bd:d8:94:51:16:64:da:15:be:a5:f8:69:d0:55:26:
         f0:99:68:33:82:dd:ab:1e:61:c1:bf:01:f0:7d:cb:0b:1a:d7:
         4a:c8:9b:ae:e4:24:a1:a3:51:bd:30:44:17:95:67:3f:71:86:
         d1:cd:5a:6f:97:44:63:cf:7f:5d:10:62:b3:01:0e:e2:45:df:
         55:36:66:e2:9a:12:1a:16:e2:f1:a3:fa:30:79:11:d2:3d:6c:
         d7:12:f5:e4:50:6b:ac:36:df:23:a0:84:ca:b1:1b:15:69:d5:
         cb:63:5d:09:0f:21:d5:52:e4:1c:39:87:cb:ad:01:ed:e6:72:
         ad:73:34:a9:02:0b:8f:da:7f:78:f0:d5:a2:eb:7d:23:d2:fc:
         a6:2a:4b:9a:d7:68:88:db:8d:a7:52:e0:53:a9:6d:49:be:05:
         a0:97:70:41:54:0d:7e:2b:bb:9c:75:1d:d0:2f:93:15:35:49:
         d6:3b:55:e9:13:9a:d3:86:38:48:4c:34:c7:2e:b0:f1:cd:ab:
         2e:70:35:a8:fb:b5:33:05:84:31:31:3b:30:28:56:fb:c2:5d:
         12:29:8f:b8:97:de:87:74:38:b7:d3:b4:14:24:c8:1c:73:03:
         e8:cc:2f:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFASy9skm39AjtAKzne0kgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTZkYWQ4ZGMxMmU3Y2JkMjgyMGUxZDdmZjEwNjE3OTcwYWEzZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3PGHZLQuhEJd3RXWZGyWw2L2w8q
WPs8kUmh53VwLmj5rJ1P2WCdpIG43JJFFvmpXvEpNX4ZMlxAes8zH5/uyjxf0uWy
hGLdEa43OMH0VcUkN9hDuolOnly0mT0AJMH/2xRr0u4zQI3BWmR6bC9CN/blr5vd
xbzc2WROlSqTtobdbjjC5PUq0dE0SIN9eqEpiUx/ObgVeuZjL7KwVVWBbkHCimL3
dfbhAiFU8jGhsJjP5yEL1lALLlOAbHTKr3GR+4auL3huhuRop3BMXA4QUiXuDNsX
bb+2uFWwCJULLR9Oe5ZvkZJKaelSp51YdPMuTL+lc1gYOEipE4XRdIPVTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP5trY3BLny9KCDh1/8QYXlwqj+LMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvX20ydGpjRXVmTDBvSU9IWF94QmhlWENxUDRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXXLBAwQA
XXP+MA0GCSqGSIb3DQEBCwUAA4IBAQAHglRnkUULpu93jR/ND4k+Y7MylH+92JRR
FmTaFb6l+GnQVSbwmWgzgt2rHmHBvwHwfcsLGtdKyJuu5CSho1G9MEQXlWc/cYbR
zVpvl0Rjz39dEGKzAQ7iRd9VNmbimhIaFuLxo/oweRHSPWzXEvXkUGusNt8joITK
sRsVadXLY10JDyHVUuQcOYfLrQHt5nKtczSpAguP2n948NWi630j0vymKkua12iI
242nUuBTqW1JvgWgl3BBVA1+K7ucdR3QL5MVNUnWO1XpE5rThjhITDTHLrDxzasu
cDWo+7UzBYQxMTswKFb7wl0SKY+4l96HdDi307QUJMgccwPozC9D
-----END CERTIFICATE-----