Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k6OVxYdXbsxS0UqyzzgyBYb4xxU.roa
File:                     k6OVxYdXbsxS0UqyzzgyBYb4xxU.roa (raw, json)
Hash identifier:          WxXPnyG0dMPg+Bvre+cD+yxWF9+lvP/6wLE/uOopHyY=
Subject key identifier:   93:A3:95:C5:87:57:6E:CC:52:D1:4A:B2:CF:38:32:05:86:F8:C7:15
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5010870329B93B6ACC054F725137AE5
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k6OVxYdXbsxS0UqyzzgyBYb4xxU.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        203.159.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:08:70:32:9b:93:b6:ac:c0:54:f7:25:13:7a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93a395c587576ecc52d14ab2cf38320586f8c715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:78:43:99:2d:cf:15:2a:66:7d:93:1f:22:9d:
                    ea:4b:bd:de:5b:9a:01:22:98:da:b4:02:82:fb:9a:
                    92:61:2c:7e:cc:31:f6:9b:05:9e:f5:86:2d:02:4a:
                    0d:f7:bb:32:b3:5b:7f:7a:ac:0a:34:a6:fd:11:63:
                    4b:07:2c:c2:36:76:d7:e6:26:a3:23:bd:01:0d:b8:
                    47:a0:96:aa:38:7c:f9:ea:28:b2:11:8d:57:d9:4b:
                    c6:85:9e:9f:d0:b2:ca:d8:82:7a:e8:e0:dd:7b:9d:
                    ae:2d:e0:3a:e6:11:11:78:47:f4:5e:82:a1:fa:23:
                    de:6e:e0:67:71:18:2e:0d:ce:82:06:ea:11:ca:9a:
                    0b:51:2f:50:d2:4c:dd:3e:a2:4f:7e:25:ff:d0:3e:
                    34:08:13:87:c5:11:7c:8e:74:6a:cd:c6:c6:ae:0e:
                    d5:20:de:3e:4c:d5:fc:74:25:af:b4:e4:6b:ae:89:
                    ca:da:36:36:11:e9:32:f9:d7:7a:9b:a3:ab:69:db:
                    ae:8d:69:87:ff:90:18:ef:d9:64:5f:27:e4:47:7c:
                    93:1c:9c:8a:0a:d4:92:c2:64:b3:a1:14:6a:60:12:
                    1a:72:95:a7:0d:71:6b:7c:dc:98:1c:16:29:3b:a7:
                    b2:76:01:bb:8d:62:99:e6:99:9a:0a:d4:ad:f7:82:
                    87:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A3:95:C5:87:57:6E:CC:52:D1:4A:B2:CF:38:32:05:86:F8:C7:15
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/k6OVxYdXbsxS0UqyzzgyBYb4xxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.159.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:3d:48:dc:a5:81:70:02:1d:75:61:84:44:da:f0:71:04:1c:
         02:8c:e2:9b:4f:02:06:df:18:63:60:19:68:47:fd:c5:21:55:
         a0:96:13:84:25:46:b8:57:a8:05:65:56:38:77:0f:40:79:4b:
         30:31:48:41:32:bc:3e:e3:64:ed:c2:b1:38:9b:1f:5b:a9:d0:
         79:92:2a:16:52:cb:db:ef:d0:c3:ea:a5:d4:12:51:05:d8:68:
         f0:a0:18:62:25:81:bc:9e:77:ea:22:72:19:ee:31:17:49:e6:
         1d:47:4b:f8:4c:bd:db:a3:8d:a2:9c:f1:7d:8e:55:6e:f1:b4:
         26:4f:94:38:a2:14:0f:9b:46:aa:39:33:24:5f:48:f8:d6:8a:
         fc:45:89:50:99:02:e1:6e:60:ef:e8:a2:26:4e:89:e1:0f:79:
         e7:a0:df:ca:9b:37:66:8f:17:1a:51:a9:1a:ea:ba:6f:c6:44:
         02:2f:a0:99:fb:94:86:44:93:51:c4:e0:e2:29:b7:07:cc:e0:
         fa:4a:87:09:a7:68:72:5a:74:1a:f5:af:b5:30:97:4b:41:24:
         d3:2e:23:7f:54:d4:46:ce:19:ff:ea:95:8f:54:bb:7f:dd:78:
         9c:35:6d:f9:d1:8a:a9:9a:f5:7c:8f:f3:e7:73:4f:ea:22:26:
         1d:17:4d:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAQhwMpuTtqzAVPclE3rlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2EzOTVjNTg3NTc2ZWNjNTJkMTRhYjJjZjM4MzIwNTg2ZjhjNzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHhDmS3PFSpmfZMfIp3qS73eW5oB
IpjatAKC+5qSYSx+zDH2mwWe9YYtAkoN97sys1t/eqwKNKb9EWNLByzCNnbX5iaj
I70BDbhHoJaqOHz56iiyEY1X2UvGhZ6f0LLK2IJ66ODde52uLeA65hEReEf0XoKh
+iPebuBncRguDc6CBuoRypoLUS9Q0kzdPqJPfiX/0D40CBOHxRF8jnRqzcbGrg7V
IN4+TNX8dCWvtORrronK2jY2Eeky+dd6m6OraduujWmH/5AY79lkXyfkR3yTHJyK
CtSSwmSzoRRqYBIacpWnDXFrfNyYHBYpO6eydgG7jWKZ5pmaCtSt94KHxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOjlcWHV27MUtFKss84MgWG+McVMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvazZPVnhZZFhic3hTMFVxeXp6Z3lCWWI0eHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAy59QMA0G
CSqGSIb3DQEBCwUAA4IBAQA8PUjcpYFwAh11YYRE2vBxBBwCjOKbTwIG3xhjYBlo
R/3FIVWglhOEJUa4V6gFZVY4dw9AeUswMUhBMrw+42TtwrE4mx9bqdB5kioWUsvb
79DD6qXUElEF2GjwoBhiJYG8nnfqInIZ7jEXSeYdR0v4TL3bo42inPF9jlVu8bQm
T5Q4ohQPm0aqOTMkX0j41or8RYlQmQLhbmDv6KImTonhD3nnoN/KmzdmjxcaUaka
6rpvxkQCL6CZ+5SGRJNRxODiKbcHzOD6SocJp2hyWnQa9a+1MJdLQSTTLiN/VNRG
zhn/6pWPVLt/3XicNW350YqpmvV8j/Pnc0/qIiYdF039
-----END CERTIFICATE-----