Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iCZmkgZPLB0nMZx8cWEZpygP9bk.roa
File:                     iCZmkgZPLB0nMZx8cWEZpygP9bk.roa (raw, json)
Hash identifier:          kOZg+4wVQR+AnPVHNhO8blCI1LSt9EnSPGurL/9IKDo=
Subject key identifier:   88:26:66:92:06:4F:2C:1D:27:31:9C:7C:71:61:19:A7:28:0F:F5:B9
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0192F6EBCE8EB9C85AD45CA7D8DB6021E5F9
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iCZmkgZPLB0nMZx8cWEZpygP9bk.roa
Signing time:             Mon 04 Nov 2024 11:25:01 +0000
ROA not before:           Mon 04 Nov 2024 11:25:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15731
IP address blocks:        188.241.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f6:eb:ce:8e:b9:c8:5a:d4:5c:a7:d8:db:60:21:e5:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Nov  4 11:25:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88266692064f2c1d27319c7c716119a7280ff5b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f8:88:1f:e7:03:ff:23:2e:68:5a:39:e7:ce:
                    66:a7:2f:d8:fa:b9:34:ea:78:ce:50:54:7f:86:26:
                    64:ce:77:e3:51:75:b8:ac:35:da:50:c5:0d:46:a3:
                    37:74:93:76:9d:af:85:56:98:22:74:f3:5a:4c:1a:
                    1f:1a:17:be:af:b2:91:42:7b:69:d7:7b:4d:d6:c9:
                    be:ea:3e:57:aa:88:57:27:10:69:1f:e5:af:36:04:
                    14:2a:84:9b:86:f8:b9:da:1d:d3:a5:b7:0c:08:37:
                    cf:9e:c1:a3:35:98:c3:96:f7:a6:a6:6f:6c:d2:bb:
                    3e:10:4c:93:e0:a4:3b:b1:17:51:6f:cb:b5:18:c6:
                    da:20:72:75:d4:98:88:f9:ce:17:e1:1b:19:29:3e:
                    55:12:b0:04:e6:48:98:b6:7b:8c:a1:54:a5:d7:d7:
                    1d:67:5a:14:64:7d:4d:1b:a3:de:c8:76:e4:a8:13:
                    99:07:de:60:8d:3f:d5:14:d9:f8:41:cf:49:d9:79:
                    bb:94:ac:83:c7:b4:5f:07:69:1a:60:39:fa:0a:09:
                    3d:06:22:8d:e2:0e:88:e9:70:51:15:86:c0:25:4d:
                    4a:7e:1c:7b:4a:b3:ef:3b:ad:12:9b:3f:4d:d4:86:
                    76:08:34:68:26:64:3e:bf:fa:86:97:c6:56:d9:bd:
                    ad:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:26:66:92:06:4F:2C:1D:27:31:9C:7C:71:61:19:A7:28:0F:F5:B9
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iCZmkgZPLB0nMZx8cWEZpygP9bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.241.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:93:7b:ac:b1:2b:1c:5b:7a:70:70:97:5f:ee:e2:c8:e9:27:
         3d:b0:20:4a:ac:81:8e:29:00:57:18:ce:d1:f2:77:9c:71:9f:
         87:38:45:1f:b0:b8:21:9c:31:d3:09:d1:22:91:a4:98:ef:bf:
         a1:9c:04:3d:76:f1:29:4c:e0:46:27:e7:85:77:06:d5:ef:6f:
         31:68:01:2e:7f:82:8f:71:7e:1a:59:a4:fc:ed:be:8a:b8:fd:
         17:af:c1:1c:e4:45:b7:11:bf:96:24:37:42:41:93:a9:2b:3f:
         d9:52:65:b7:1a:d8:02:5c:39:52:b9:7d:2b:10:01:30:43:b4:
         68:68:a5:34:e5:ae:0b:cb:c4:99:68:3e:08:f7:a9:79:c4:f9:
         12:8b:bf:f2:73:e0:9c:7a:c3:a1:bf:ac:a9:18:1a:2b:ca:6d:
         00:1d:03:53:91:23:58:be:08:f6:2e:9d:0e:85:96:49:54:85:
         7d:a9:d7:b5:e9:2e:32:6a:08:ba:c6:76:1b:be:c4:97:af:69:
         dd:a8:fb:20:d8:10:e1:00:81:b9:55:12:df:59:cd:58:4d:ac:
         28:0d:1d:9a:08:30:6a:b6:08:81:63:51:0c:13:21:4f:ee:3d:
         02:87:2b:dd:8b:43:e8:41:be:d3:b2:65:4b:24:ef:cf:20:89:
         fd:c5:a2:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL2686Oucha1Fyn2NtgIeX5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQxMTA0MTEyNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI2NjY5MjA2NGYyYzFkMjczMTljN2M3MTYxMTlhNzI4MGZmNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/iIH+cD/yMuaFo5585mpy/Y+rk0
6njOUFR/hiZkznfjUXW4rDXaUMUNRqM3dJN2na+FVpgidPNaTBofGhe+r7KRQntp
13tN1sm+6j5XqohXJxBpH+WvNgQUKoSbhvi52h3TpbcMCDfPnsGjNZjDlvempm9s
0rs+EEyT4KQ7sRdRb8u1GMbaIHJ11JiI+c4X4RsZKT5VErAE5kiYtnuMoVSl19cd
Z1oUZH1NG6PeyHbkqBOZB95gjT/VFNn4Qc9J2Xm7lKyDx7RfB2kaYDn6Cgk9BiKN
4g6I6XBRFYbAJU1Kfhx7SrPvO60Smz9N1IZ2CDRoJmQ+v/qGl8ZW2b2t+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgmZpIGTywdJzGcfHFhGacoD/W5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaUNabWtnWlBMQjBuTVp4OGNXRVpweWdQOWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvPHzMA0G
CSqGSIb3DQEBCwUAA4IBAQB2k3ussSscW3pwcJdf7uLI6Sc9sCBKrIGOKQBXGM7R
8neccZ+HOEUfsLghnDHTCdEikaSY77+hnAQ9dvEpTOBGJ+eFdwbV728xaAEuf4KP
cX4aWaT87b6KuP0Xr8Ec5EW3Eb+WJDdCQZOpKz/ZUmW3GtgCXDlSuX0rEAEwQ7Ro
aKU05a4Ly8SZaD4I96l5xPkSi7/yc+CcesOhv6ypGBorym0AHQNTkSNYvgj2Lp0O
hZZJVIV9qde16S4yagi6xnYbvsSXr2ndqPsg2BDhAIG5VRLfWc1YTawoDR2aCDBq
tgiBY1EMEyFP7j0Chyvdi0PoQb7TsmVLJO/PIIn9xaJ3
-----END CERTIFICATE-----