Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bEUdgjKOAHdDcHlI2q4lhrExV8E.roa
File:                     bEUdgjKOAHdDcHlI2q4lhrExV8E.roa (raw, json)
Hash identifier:          BY6xBOGBcFVfliJIJnQNPhHo0EPgD3wGzFExGXzNdT8=
Subject key identifier:   6C:45:1D:82:32:8E:00:77:43:70:79:48:DA:AE:25:86:B1:31:57:C1
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501090D6C7112198F5A4445DAD356FE
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bEUdgjKOAHdDcHlI2q4lhrExV8E.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14315
IP address blocks:        192.159.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:09:0d:6c:71:12:19:8f:5a:44:45:da:d3:56:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c451d82328e007743707948daae2586b13157c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0b:0e:dd:59:42:e2:1a:29:9f:88:0f:36:6a:
                    63:8b:e6:de:d1:39:79:6b:2b:c7:05:01:9f:e2:3b:
                    0d:54:58:1e:6c:cc:e8:26:79:79:60:83:34:0d:81:
                    a5:1c:3d:dc:ae:83:48:4d:ba:a7:21:fb:6c:54:53:
                    70:8b:d1:f0:f9:20:54:e3:09:28:19:c4:d3:1f:c4:
                    7c:1f:b4:53:31:13:7f:b0:18:26:48:5e:46:fa:94:
                    05:b3:43:a0:19:61:0f:c8:22:4b:4a:26:44:1f:0b:
                    55:73:a6:b1:d7:ff:6a:39:d7:67:dc:2b:3d:4f:b3:
                    a5:97:21:b4:c0:de:d8:4b:70:e4:27:11:5c:3a:eb:
                    76:43:5e:ef:2f:14:da:9c:9f:a4:ab:4d:b1:15:b4:
                    cb:c7:8b:0a:1a:5d:a8:0c:36:71:64:4e:48:3e:01:
                    eb:7c:da:aa:39:54:2a:fd:cd:2f:6e:7d:6c:8b:3e:
                    d9:2e:4b:e0:32:c0:0d:b0:3e:c1:31:c2:3e:ed:b9:
                    bc:26:9d:6b:8a:b1:da:cb:5b:6d:01:77:9f:7c:1b:
                    fc:89:24:48:5c:3b:f6:81:38:65:7d:5d:a9:af:2e:
                    25:be:71:e8:59:c3:3a:37:86:e3:77:41:19:75:5d:
                    70:01:9d:c1:1f:c8:e0:ce:d5:30:ef:ec:8f:51:16:
                    d6:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:45:1D:82:32:8E:00:77:43:70:79:48:DA:AE:25:86:B1:31:57:C1
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/bEUdgjKOAHdDcHlI2q4lhrExV8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.159.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ed:ff:a5:08:46:1d:41:f7:d3:3b:b7:ed:ef:31:84:c5:0d:
         16:0d:65:c0:ad:82:45:7d:d3:6d:d7:e1:90:aa:ec:83:cd:b4:
         4f:e4:40:df:29:f2:15:00:e1:04:ae:ca:f2:bf:83:c7:e7:7c:
         6e:a1:9d:13:c3:99:cf:a0:2e:ee:eb:5c:db:2e:54:d5:df:1a:
         a4:20:97:5c:70:49:f2:85:1d:a0:68:32:a4:66:ed:6f:13:26:
         b9:d5:68:c1:b3:05:20:7b:44:31:d9:58:31:a5:e6:30:a0:8b:
         d7:a6:f1:df:a0:59:9f:ff:4a:79:c5:70:7d:c8:97:5a:7a:86:
         6b:a7:2b:60:0a:3b:8b:d1:c4:c9:27:1a:33:c4:8f:da:ee:e5:
         a1:13:7b:e2:df:32:ad:c5:ab:26:d4:07:69:7e:fa:a3:f4:7b:
         a0:f9:d4:ca:79:7e:bd:8f:7b:62:00:03:42:21:50:1e:e6:9b:
         ae:56:90:45:dc:e8:14:cc:cf:41:2b:4c:5c:92:c1:9d:c8:3a:
         ec:4e:47:a9:5b:b7:63:ed:83:6e:46:d9:5d:b9:83:06:11:62:
         6b:ba:90:e1:7e:e4:69:e7:fe:f0:54:28:65:91:d4:5c:05:cd:
         d7:28:b4:0c:48:ce:64:70:11:07:55:de:28:4c:2c:e6:51:fe:
         10:b0:08:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQkNbHESGY9aREXa01b+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQ1MWQ4MjMyOGUwMDc3NDM3MDc5NDhkYWFlMjU4NmIxMzE1N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwsO3VlC4hopn4gPNmpji+be0Tl5
ayvHBQGf4jsNVFgebMzoJnl5YIM0DYGlHD3croNITbqnIftsVFNwi9Hw+SBU4wko
GcTTH8R8H7RTMRN/sBgmSF5G+pQFs0OgGWEPyCJLSiZEHwtVc6ax1/9qOddn3Cs9
T7OllyG0wN7YS3DkJxFcOut2Q17vLxTanJ+kq02xFbTLx4sKGl2oDDZxZE5IPgHr
fNqqOVQq/c0vbn1siz7ZLkvgMsANsD7BMcI+7bm8Jp1rirHay1ttAXeffBv8iSRI
XDv2gThlfV2pry4lvnHoWcM6N4bjd0EZdV1wAZ3BH8jgztUw7+yPURbWZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxFHYIyjgB3Q3B5SNquJYaxMVfBMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvYkVVZGdqS09BSGREY0hsSTJxNGxockV4VjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJ9jMA0G
CSqGSIb3DQEBCwUAA4IBAQCX7f+lCEYdQffTO7ft7zGExQ0WDWXArYJFfdNt1+GQ
quyDzbRP5EDfKfIVAOEErsryv4PH53xuoZ0Tw5nPoC7u61zbLlTV3xqkIJdccEny
hR2gaDKkZu1vEya51WjBswUge0Qx2VgxpeYwoIvXpvHfoFmf/0p5xXB9yJdaeoZr
pytgCjuL0cTJJxozxI/a7uWhE3vi3zKtxasm1Adpfvqj9Hug+dTKeX69j3tiAANC
IVAe5puuVpBF3OgUzM9BK0xcksGdyDrsTkepW7dj7YNuRtlduYMGEWJrupDhfuRp
5/7wVChlkdRcBc3XKLQMSM5kcBEHVd4oTCzmUf4QsAhC
-----END CERTIFICATE-----