Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cbnr-Is1YVkoLtUjsaIse7W6bYA.roa
File:                     cbnr-Is1YVkoLtUjsaIse7W6bYA.roa (raw, json)
Hash identifier:          STF3TMv4rRp8fr1D/NYrVgVA5qKblgqwj9XLcbJDquY=
Subject key identifier:   71:B9:EB:F8:8B:35:61:59:28:2E:D5:23:B1:A2:2C:7B:B5:BA:6D:80
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01942220226BD4FDB9F82269436F0FB43827
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cbnr-Is1YVkoLtUjsaIse7W6bYA.roa
Signing time:             Wed 01 Jan 2025 13:48:38 +0000
ROA not before:           Wed 01 Jan 2025 13:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57138
IP address blocks:        193.19.108.0/24 maxlen: 24
                          194.242.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:22:6b:d4:fd:b9:f8:22:69:43:6f:0f:b4:38:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71b9ebf88b356159282ed523b1a22c7bb5ba6d80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ea:71:9b:2e:1e:c5:93:eb:2f:45:0c:0d:f2:
                    b6:00:7e:bc:10:dd:4f:7f:0c:c6:7b:3a:62:50:29:
                    f7:9a:82:dd:fc:9b:19:83:7d:16:64:9e:76:79:b8:
                    f6:66:5c:56:51:a1:5c:a3:b9:6d:15:82:0b:cf:6e:
                    3b:e2:ea:4a:a7:fd:b6:39:63:6e:c4:84:11:25:33:
                    7d:c7:c4:8d:f8:18:e3:aa:24:20:9c:6c:85:55:51:
                    a1:3a:77:ac:8b:f3:2e:90:1d:0c:62:8a:f9:b2:6c:
                    cb:8d:34:a0:14:6c:cb:a3:49:a2:9f:63:09:93:6d:
                    69:70:95:a5:f7:d8:2a:7c:80:5f:b0:df:4a:f3:9b:
                    81:b5:26:64:d8:ab:7d:8d:84:5c:7e:25:c9:db:7e:
                    ee:17:b4:fa:7e:fc:63:5f:bf:36:90:92:29:e6:0a:
                    b6:02:d1:04:09:ef:3b:b1:f2:e2:d4:31:d0:ee:0f:
                    25:46:10:68:eb:55:53:b0:e4:ee:7f:0a:7d:61:01:
                    6b:9f:26:d1:62:11:e7:fa:0a:ba:8d:e5:f8:a3:14:
                    61:eb:1a:3e:ed:bc:9b:67:46:13:23:d2:79:7c:e9:
                    df:4b:a9:6c:a4:bb:3f:22:97:91:fe:39:2f:7c:21:
                    f7:f6:c3:dc:a8:f9:a0:c5:93:f9:1c:fb:23:45:92:
                    e2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B9:EB:F8:8B:35:61:59:28:2E:D5:23:B1:A2:2C:7B:B5:BA:6D:80
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/cbnr-Is1YVkoLtUjsaIse7W6bYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24
                  194.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:78:19:9b:88:5d:5b:a4:d5:f3:b0:96:75:36:02:d8:27:b9:
         2f:3d:2a:51:b7:74:c4:73:a8:3f:d5:03:e2:95:f0:de:0f:8a:
         0b:e3:ef:3e:7f:86:05:c3:a5:46:e0:f1:09:5c:cb:f2:1b:ef:
         ed:be:f1:14:59:2a:29:aa:b4:e7:0b:69:1c:78:31:84:ec:61:
         68:45:77:ca:1e:b5:d2:70:01:1d:e1:7c:8f:48:63:e5:63:70:
         24:05:d6:a8:1f:6d:55:ea:7c:c3:6c:be:56:73:bc:d1:c3:31:
         47:30:84:1b:a7:95:77:0a:a1:cd:18:a4:83:d5:fb:4f:5c:a6:
         c8:ef:d0:5b:e2:14:2e:2c:94:28:18:7f:47:15:97:da:95:3d:
         ba:65:27:39:6c:9b:78:ce:ab:3f:58:79:56:dd:62:a7:d6:8d:
         1d:ad:95:8c:ea:02:85:e5:3d:37:e0:96:06:af:53:b7:20:84:
         ef:29:3f:a2:ac:5e:4a:56:fc:65:3a:d9:58:6a:be:e9:19:9c:
         59:19:96:a8:4d:26:4b:ea:6c:3e:95:53:de:03:ce:87:bc:b1:
         e3:5b:16:70:fb:c7:73:17:12:ee:b1:41:20:ea:15:56:f1:da:
         0f:1b:56:78:e4:89:16:ab:e1:2e:70:55:99:cc:54:45:f3:31:
         41:4c:4a:3a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiICJr1P25+CJpQ28PtDgnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI5ZWJmODhiMzU2MTU5MjgyZWQ1MjNiMWEyMmM3YmI1YmE2ZDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArepxmy4exZPrL0UMDfK2AH68EN1P
fwzGezpiUCn3moLd/JsZg30WZJ52ebj2ZlxWUaFco7ltFYILz2474upKp/22OWNu
xIQRJTN9x8SN+BjjqiQgnGyFVVGhOnesi/MukB0MYor5smzLjTSgFGzLo0min2MJ
k21pcJWl99gqfIBfsN9K85uBtSZk2Kt9jYRcfiXJ237uF7T6fvxjX782kJIp5gq2
AtEECe87sfLi1DHQ7g8lRhBo61VTsOTufwp9YQFrnybRYhHn+gq6jeX4oxRh6xo+
7bybZ0YTI9J5fOnfS6lspLs/IpeR/jkvfCH39sPcqPmgxZP5HPsjRZLitQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHG56/iLNWFZKC7VI7GiLHu1um2AMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvY2Juci1JczFZVmtvTHRVanNhSXNlN1c2YllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRNsAwQA
wvICMA0GCSqGSIb3DQEBCwUAA4IBAQBjeBmbiF1bpNXzsJZ1NgLYJ7kvPSpRt3TE
c6g/1QPilfDeD4oL4+8+f4YFw6VG4PEJXMvyG+/tvvEUWSopqrTnC2kceDGE7GFo
RXfKHrXScAEd4XyPSGPlY3AkBdaoH21V6nzDbL5Wc7zRwzFHMIQbp5V3CqHNGKSD
1ftPXKbI79Bb4hQuLJQoGH9HFZfalT26ZSc5bJt4zqs/WHlW3WKn1o0drZWM6gKF
5T034JYGr1O3IITvKT+irF5KVvxlOtlYar7pGZxZGZaoTSZL6mw+lVPeA86HvLHj
WxZw+8dzFxLusUEg6hVW8doPG1Z45IkWq+EucFWZzFRF8zFBTEo6
-----END CERTIFICATE-----