Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lEUnHCVpQ8c3Sk_8HsUw0GBicng.roa
File:                     lEUnHCVpQ8c3Sk_8HsUw0GBicng.roa (raw, json)
Hash identifier:          Q1vlBfUMp32MnF6B4uhccuCTwBy+8U3JYfqHCNS9fvE=
Subject key identifier:   94:45:27:1C:25:69:43:C7:37:4A:4F:FC:1E:C5:30:D0:60:62:72:78
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5010C27A969C6B1441AAED3D75D5DCD
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lEUnHCVpQ8c3Sk_8HsUw0GBicng.roa
Signing time:             Mon 01 Jan 2024 12:30:29 +0000
ROA not before:           Mon 01 Jan 2024 12:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29066
IP address blocks:        185.217.119.0/24 maxlen: 24
                          103.212.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:0c:27:a9:69:c6:b1:44:1a:ae:d3:d7:5d:5d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9445271c256943c7374a4ffc1ec530d060627278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8f:4e:63:07:5b:48:71:d7:73:b4:79:23:74:
                    1a:d6:32:e1:f6:d8:8a:75:48:68:24:d5:53:5e:6c:
                    37:fd:56:a5:4f:75:91:93:8a:a9:33:93:f6:fb:fe:
                    88:97:c0:c7:77:9c:15:40:c4:87:4d:ed:3a:71:1e:
                    29:7c:65:14:e4:7b:50:82:b6:4d:ce:b5:68:94:38:
                    ee:16:5e:3d:d0:a8:75:0a:3e:5a:45:86:ce:2c:d1:
                    68:ce:11:74:1a:ea:3b:9d:a5:0e:b7:0c:3b:1b:96:
                    51:a2:e5:ff:71:87:a7:14:5f:ae:a8:a1:7f:44:bc:
                    ed:e6:03:97:46:f3:b1:76:a4:eb:88:33:73:31:63:
                    20:c4:e7:64:1a:09:95:e5:33:38:7b:0c:6b:bf:e3:
                    d3:97:09:58:07:e5:c2:64:fd:42:92:0f:d0:11:f8:
                    f4:01:c0:68:18:40:19:f6:a3:f7:57:c1:34:d5:de:
                    ec:90:65:30:58:00:d2:d2:ec:a3:34:ab:4b:1a:e0:
                    5d:4b:e0:de:d7:5f:27:16:2a:d8:f5:ea:b6:71:77:
                    9a:9c:24:1d:e0:44:6f:0b:1b:4d:71:5d:55:83:c7:
                    e8:f0:96:b3:63:7b:4e:86:05:b8:40:e7:50:78:26:
                    3a:c7:ef:c0:d1:91:40:69:61:74:a4:f1:0f:57:69:
                    9c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:45:27:1C:25:69:43:C7:37:4A:4F:FC:1E:C5:30:D0:60:62:72:78
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/lEUnHCVpQ8c3Sk_8HsUw0GBicng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.212.80.0/24
                  185.217.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:42:87:a2:fb:b2:e1:1b:c8:26:be:db:1c:e9:69:40:f3:09:
         81:51:a1:73:b5:d8:c3:10:76:b7:37:1e:d3:42:dc:2c:3f:70:
         cb:fa:c6:88:35:02:d2:9c:77:94:6f:23:76:ee:87:4d:e2:cd:
         63:f2:55:94:d5:cd:c3:7c:43:a9:89:5c:76:bf:8a:2f:2c:a3:
         ad:e3:5c:87:44:2f:81:16:58:a9:aa:e0:72:ac:65:13:33:1f:
         b4:f8:d7:f6:a9:40:e0:f2:f0:15:e4:5a:20:2b:f7:1e:b1:36:
         90:c0:7c:f2:73:59:7a:bc:3a:ca:ee:00:9a:60:9d:c7:d6:42:
         04:72:0e:dd:90:c9:39:37:b5:8d:a1:77:e9:4a:95:fc:f6:ea:
         d7:da:1c:29:af:b0:65:e2:b8:1b:6f:f7:dc:e5:40:03:5e:35:
         e2:09:90:2e:18:79:7f:6c:f0:73:16:5f:37:3b:0a:d4:a0:1a:
         b8:b1:60:74:f7:3c:10:ea:55:4d:04:4a:98:15:f6:9d:a7:2c:
         9b:f8:73:ff:82:2a:db:69:63:36:07:f5:66:4b:d4:15:d1:63:
         7f:20:a7:8b:1e:b6:28:c8:a9:b7:cc:c6:e8:71:77:08:6b:ff:
         58:4c:68:43:9e:f5:9a:1d:dd:d2:e5:f7:5e:70:5b:61:31:9a:
         5e:84:24:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAQwnqWnGsUQartPXXV3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDQ1MjcxYzI1Njk0M2M3Mzc0YTRmZmMxZWM1MzBkMDYwNjI3Mjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlo9OYwdbSHHXc7R5I3Qa1jLh9tiK
dUhoJNVTXmw3/ValT3WRk4qpM5P2+/6Il8DHd5wVQMSHTe06cR4pfGUU5HtQgrZN
zrVolDjuFl490Kh1Cj5aRYbOLNFozhF0Guo7naUOtww7G5ZRouX/cYenFF+uqKF/
RLzt5gOXRvOxdqTriDNzMWMgxOdkGgmV5TM4ewxrv+PTlwlYB+XCZP1Ckg/QEfj0
AcBoGEAZ9qP3V8E01d7skGUwWADS0uyjNKtLGuBdS+De118nFirY9eq2cXeanCQd
4ERvCxtNcV1Vg8fo8JazY3tOhgW4QOdQeCY6x+/A0ZFAaWF0pPEPV2mcJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJRFJxwlaUPHN0pP/B7FMNBgYnJ4MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbEVVbkhDVnBROGMzU2tfOEhzVXcwR0JpY25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAZ9RQAwQA
udl3MA0GCSqGSIb3DQEBCwUAA4IBAQB6Qoei+7LhG8gmvtsc6WlA8wmBUaFztdjD
EHa3Nx7TQtwsP3DL+saINQLSnHeUbyN27odN4s1j8lWU1c3DfEOpiVx2v4ovLKOt
41yHRC+BFlipquByrGUTMx+0+Nf2qUDg8vAV5FogK/cesTaQwHzyc1l6vDrK7gCa
YJ3H1kIEcg7dkMk5N7WNoXfpSpX89urX2hwpr7Bl4rgbb/fc5UADXjXiCZAuGHl/
bPBzFl83OwrUoBq4sWB09zwQ6lVNBEqYFfadpyyb+HP/girbaWM2B/VmS9QV0WN/
IKeLHrYoyKm3zMbocXcIa/9YTGhDnvWaHd3S5fdecFthMZpehCQe
-----END CERTIFICATE-----