Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/g7WmST5rlFt9OaPiANPoMEb5jsI.roa
File:                     g7WmST5rlFt9OaPiANPoMEb5jsI.roa (raw, json)
Hash identifier:          daUwEjxNd0yCeFuSOb6HD+3HV0n3odQx3xxCSS/0QiU=
Subject key identifier:   83:B5:A6:49:3E:6B:94:5B:7D:39:A3:E2:00:D3:E8:30:46:F9:8E:C2
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5012D8DD3C4D962352E69AE2D900235
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/g7WmST5rlFt9OaPiANPoMEb5jsI.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211826
IP address blocks:        194.32.123.0/24 maxlen: 24
                          45.135.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2d:8d:d3:c4:d9:62:35:2e:69:ae:2d:90:02:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83b5a6493e6b945b7d39a3e200d3e83046f98ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:43:f6:00:f0:f1:3a:a3:16:db:2e:85:c0:90:
                    a7:b4:25:d3:94:9e:de:a2:5a:4e:fd:18:53:08:4b:
                    d7:1d:e1:e8:ce:07:df:0c:03:d8:4b:b7:65:db:fa:
                    49:3f:07:5a:41:56:a8:ad:50:06:17:e4:17:ea:0a:
                    26:37:60:5b:08:3c:fc:a6:4b:10:ac:b8:5f:5b:63:
                    e5:f3:07:52:83:5b:d8:59:95:42:66:b6:04:16:d0:
                    6a:f9:db:70:b8:e1:ea:57:42:d6:25:13:c9:ba:00:
                    eb:50:d2:a5:c0:1a:eb:94:52:fb:9e:20:79:b8:2e:
                    f6:8d:2c:49:8c:da:02:60:6c:13:61:55:ae:10:c5:
                    1d:3c:a5:01:82:95:5c:aa:92:2b:3b:ba:72:a5:ad:
                    2d:4d:78:86:eb:df:ab:5c:5a:73:a9:d5:72:db:74:
                    fc:e8:9a:bf:97:e7:fc:9b:1d:3d:ee:2d:46:bb:80:
                    1a:73:8c:bf:34:35:16:1d:73:3f:ef:89:64:a1:4d:
                    f6:f5:45:c3:3d:b9:d0:cd:25:6a:ff:4a:97:1a:33:
                    88:bd:16:ba:49:a6:ac:2d:da:59:67:88:5e:53:55:
                    a6:3d:d1:98:68:69:e9:fa:7e:36:3e:13:9e:bf:42:
                    60:9d:99:2a:1f:67:7f:10:4f:23:11:d0:7c:40:21:
                    a3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:B5:A6:49:3E:6B:94:5B:7D:39:A3:E2:00:D3:E8:30:46:F9:8E:C2
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/g7WmST5rlFt9OaPiANPoMEb5jsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.185.0/24
                  194.32.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:cf:bb:b7:bc:e0:0b:ce:93:58:6f:66:d6:35:13:1a:9f:bb:
         88:d7:1a:d8:17:af:5e:3e:c1:9c:72:4d:4f:74:09:c8:b5:9e:
         22:9b:dc:73:a5:e1:3f:96:fc:12:45:97:0d:d7:24:32:27:1f:
         f7:2e:78:ff:09:80:e8:8e:b2:a5:66:fc:58:ae:44:c5:47:e8:
         be:b8:0a:20:40:e9:eb:39:8a:ee:2d:f7:79:86:63:7d:76:13:
         f3:86:45:87:a0:16:d0:f8:4b:88:27:ca:67:2b:68:e3:f6:1e:
         d3:14:d7:f4:f9:06:59:a9:74:44:ca:26:b3:99:ef:1e:a6:1a:
         14:28:4f:78:40:53:80:27:db:b1:8f:de:e9:e1:39:07:fd:49:
         3a:31:d3:ce:cb:22:7e:f2:d4:0f:dc:39:f1:49:8f:03:c4:58:
         f4:21:83:b2:97:90:42:68:00:3d:19:09:54:6e:4a:1c:ae:95:
         4e:5c:43:da:1d:67:5f:dd:9a:3b:6e:e9:ed:6b:05:0e:3e:d6:
         0a:e3:68:ce:54:34:5c:1a:a4:b3:b8:b7:14:d4:91:38:3b:ab:
         4c:c6:87:72:6a:c5:e9:a0:07:42:ef:93:1b:8b:a5:26:ff:3b:
         b4:fd:82:a9:86:f7:64:81:e5:5e:63:5c:93:28:07:d0:ce:59:
         54:28:dd:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAS2N08TZYjUuaa4tkAI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2I1YTY0OTNlNmI5NDViN2QzOWEzZTIwMGQzZTgzMDQ2Zjk4ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkP2APDxOqMW2y6FwJCntCXTlJ7e
olpO/RhTCEvXHeHozgffDAPYS7dl2/pJPwdaQVaorVAGF+QX6gomN2BbCDz8pksQ
rLhfW2Pl8wdSg1vYWZVCZrYEFtBq+dtwuOHqV0LWJRPJugDrUNKlwBrrlFL7niB5
uC72jSxJjNoCYGwTYVWuEMUdPKUBgpVcqpIrO7pypa0tTXiG69+rXFpzqdVy23T8
6Jq/l+f8mx097i1Gu4Aac4y/NDUWHXM/74lkoU329UXDPbnQzSVq/0qXGjOIvRa6
SaasLdpZZ4heU1WmPdGYaGnp+n42PhOev0JgnZkqH2d/EE8jEdB8QCGjlQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIO1pkk+a5RbfTmj4gDT6DBG+Y7CMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZzdXbVNUNXJsRnQ5T2FQaUFOUG9NRWI1anNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYe5AwQA
wiB7MA0GCSqGSIb3DQEBCwUAA4IBAQCUz7u3vOALzpNYb2bWNRMan7uI1xrYF69e
PsGcck1PdAnItZ4im9xzpeE/lvwSRZcN1yQyJx/3Lnj/CYDojrKlZvxYrkTFR+i+
uAogQOnrOYruLfd5hmN9dhPzhkWHoBbQ+EuIJ8pnK2jj9h7TFNf0+QZZqXREyiaz
me8ephoUKE94QFOAJ9uxj97p4TkH/Uk6MdPOyyJ+8tQP3DnxSY8DxFj0IYOyl5BC
aAA9GQlUbkocrpVOXEPaHWdf3Zo7buntawUOPtYK42jOVDRcGqSzuLcU1JE4O6tM
xodyasXpoAdC75Mbi6Um/zu0/YKphvdkgeVeY1yTKAfQzllUKN0I
-----END CERTIFICATE-----