Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/eIsiY8sitXBadH3wnlwNm1HpD6I.roa
File:                     eIsiY8sitXBadH3wnlwNm1HpD6I.roa (raw, json)
Hash identifier:          olLR6q7vIQLKbcrplFITkZgn6vDDVoeOXPKHFpEBzF8=
Subject key identifier:   78:8B:22:63:CB:22:B5:70:5A:74:7D:F0:9E:5C:0D:9B:51:E9:0F:A2
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5012FE30C010B543E80104403468C08
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/eIsiY8sitXBadH3wnlwNm1HpD6I.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216025
IP address blocks:        45.92.0.0/24 maxlen: 24
                          2a10:7402::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2f:e3:0c:01:0b:54:3e:80:10:44:03:46:8c:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=788b2263cb22b5705a747df09e5c0d9b51e90fa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5b:bc:19:7f:e1:08:5c:ec:c7:6c:32:ca:d6:
                    89:f1:63:21:40:9e:30:ae:78:7d:34:95:eb:4c:9e:
                    c9:61:12:5d:d0:bd:b3:22:ed:cb:98:88:a8:02:53:
                    de:26:ff:a1:a7:b5:3a:95:b8:e4:23:8c:88:74:2d:
                    72:9d:8e:20:51:fd:0c:03:a3:fc:14:4d:76:9c:e0:
                    6c:73:95:fa:26:c1:41:e5:ee:0e:b3:72:ab:61:47:
                    e3:c7:af:ff:48:4a:0e:64:0b:68:32:c0:7c:30:a7:
                    87:79:a2:99:95:51:15:20:e6:2d:91:9e:b7:86:2e:
                    ca:91:eb:ce:37:bc:d1:00:07:c1:b3:2a:f5:66:ea:
                    9e:d9:1b:2e:4f:c8:1b:d7:89:dc:b8:cd:40:06:e9:
                    31:1f:c0:65:fa:b2:7a:bd:e1:af:da:7a:63:a8:af:
                    fc:3a:d2:1a:fa:68:65:af:55:b8:5f:8e:2e:2d:17:
                    b3:35:a5:a9:62:f0:36:69:bc:94:e7:09:56:26:85:
                    ea:a3:3e:6d:c1:02:6c:96:7e:90:b6:fd:80:a8:f6:
                    be:16:01:f5:2a:45:b9:c4:5b:93:04:b8:f9:80:56:
                    00:c0:aa:ff:1c:56:ed:d2:5a:13:a4:31:2e:94:26:
                    7c:87:5a:6e:ea:60:a8:0c:c9:ff:f4:2e:d6:98:1d:
                    27:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:8B:22:63:CB:22:B5:70:5A:74:7D:F0:9E:5C:0D:9B:51:E9:0F:A2
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/eIsiY8sitXBadH3wnlwNm1HpD6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.0.0/24
                IPv6:
                  2a10:7402::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:09:6c:a6:57:43:b4:e8:22:41:e3:52:26:13:a4:6d:b5:2a:
         ff:73:33:a7:97:36:01:7b:bb:5d:65:df:56:c3:81:86:fe:65:
         a0:b8:3f:9e:67:85:02:b3:e3:85:a1:b8:c4:ed:c3:85:b0:6f:
         6d:b7:e9:7c:83:5e:48:b9:c1:f8:0f:26:17:03:de:62:4d:59:
         eb:c2:04:44:4a:52:71:d1:10:cd:78:d0:28:b0:0e:b0:6a:0f:
         81:95:21:76:dd:3a:94:82:a6:d4:d8:34:7b:11:f4:ec:e9:91:
         da:b8:8d:9d:57:99:e7:61:be:88:8d:c5:5a:6b:68:4f:99:c3:
         58:9a:99:45:05:55:95:5b:fc:5b:4c:99:e1:46:81:a4:dd:38:
         3b:54:a0:96:3b:62:07:73:27:cb:cf:6f:6b:a3:8f:cd:c8:15:
         cc:09:6d:bf:ea:88:bf:f4:ee:81:43:92:32:89:aa:d1:38:be:
         d2:a3:01:d5:b4:12:19:7a:73:98:e7:32:0e:45:fa:cf:37:4f:
         7e:96:cf:7a:f4:03:1a:90:c9:2b:39:b9:7f:91:a4:1f:e0:fb:
         cf:d7:29:9b:6e:48:70:26:3e:a5:47:62:b2:86:45:36:8d:fc:
         a0:78:db:91:61:89:28:16:c8:b7:69:73:93:e1:b9:fc:4c:84:
         70:a3:c7:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAS/jDAELVD6AEEQDRowIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODhiMjI2M2NiMjJiNTcwNWE3NDdkZjA5ZTVjMGQ5YjUxZTkwZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFu8GX/hCFzsx2wyytaJ8WMhQJ4w
rnh9NJXrTJ7JYRJd0L2zIu3LmIioAlPeJv+hp7U6lbjkI4yIdC1ynY4gUf0MA6P8
FE12nOBsc5X6JsFB5e4Os3KrYUfjx6//SEoOZAtoMsB8MKeHeaKZlVEVIOYtkZ63
hi7KkevON7zRAAfBsyr1Zuqe2RsuT8gb14ncuM1ABukxH8Bl+rJ6veGv2npjqK/8
OtIa+mhlr1W4X44uLRezNaWpYvA2abyU5wlWJoXqoz5twQJsln6Qtv2AqPa+FgH1
KkW5xFuTBLj5gFYAwKr/HFbt0loTpDEulCZ8h1pu6mCoDMn/9C7WmB0nxQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHiLImPLIrVwWnR98J5cDZtR6Q+iMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZUlzaVk4c2l0WEJhZEgzd25sd05tMUhwRDZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVwAMA0E
AgACMAcDBQAqEHQCMA0GCSqGSIb3DQEBCwUAA4IBAQBbCWymV0O06CJB41ImE6Rt
tSr/czOnlzYBe7tdZd9Ww4GG/mWguD+eZ4UCs+OFobjE7cOFsG9tt+l8g15IucH4
DyYXA95iTVnrwgRESlJx0RDNeNAosA6wag+BlSF23TqUgqbU2DR7EfTs6ZHauI2d
V5nnYb6IjcVaa2hPmcNYmplFBVWVW/xbTJnhRoGk3Tg7VKCWO2IHcyfLz29ro4/N
yBXMCW2/6oi/9O6BQ5IyiarROL7SowHVtBIZenOY5zIORfrPN09+ls969AMakMkr
Obl/kaQf4PvP1ymbbkhwJj6lR2KyhkU2jfygeNuRYYkoFsi3aXOT4bn8TIRwo8dD
-----END CERTIFICATE-----