Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mEFvUQksnL2h9oK7DASLJqhA5UM.roa
File:                     mEFvUQksnL2h9oK7DASLJqhA5UM.roa (raw, json)
Hash identifier:          358i64yA28lSOLu0llqKJ8kVC2fvKbBCDHQpcA+d1kw=
Subject key identifier:   98:41:6F:51:09:2C:9C:BD:A1:F6:82:BB:0C:04:8B:26:A8:40:E5:43
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018E0DB57B9A06AE735C01B4923AAD06A626
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mEFvUQksnL2h9oK7DASLJqhA5UM.roa
Signing time:             Tue 05 Mar 2024 08:23:01 +0000
ROA not before:           Tue 05 Mar 2024 08:23:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200023
IP address blocks:        45.130.196.0/22 maxlen: 24
                          188.214.208.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0d:b5:7b:9a:06:ae:73:5c:01:b4:92:3a:ad:06:a6:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Mar  5 08:23:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98416f51092c9cbda1f682bb0c048b26a840e543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a2:33:ab:bd:67:38:57:54:2f:e9:96:c1:1b:
                    11:91:15:f2:9a:11:53:26:60:be:1a:7d:41:eb:97:
                    b9:96:df:ae:97:b6:02:fa:68:3f:2a:0b:42:aa:59:
                    49:db:4c:81:ca:ff:6f:f4:ca:14:20:f5:26:5a:1e:
                    93:e3:94:74:b5:fd:31:03:1f:2f:65:29:4f:f6:b6:
                    23:3f:d8:4b:82:32:29:f6:44:d2:e8:b7:8d:02:c5:
                    16:d9:71:94:df:b1:d9:0b:4b:35:ed:15:ac:9a:8f:
                    f1:3b:ea:fd:6a:7f:4c:58:c5:20:ab:b1:70:7c:4d:
                    82:de:e2:c3:e5:98:1e:08:83:d2:98:b7:e4:9e:74:
                    7e:64:2f:58:75:a0:42:58:b2:7d:51:72:1a:da:54:
                    1f:13:72:ef:a1:b5:db:eb:8f:37:22:bd:00:92:41:
                    00:e3:1e:e9:8e:ce:01:ac:d2:7c:d7:d7:35:f7:75:
                    2b:0a:2c:22:d8:57:e5:d7:46:b9:1d:bb:b8:bd:69:
                    46:b2:71:1a:42:10:65:16:de:23:0e:ae:c9:43:13:
                    c0:9c:c6:a8:55:bc:db:f1:96:90:36:c4:51:94:29:
                    5a:24:e0:2b:68:18:09:3b:5a:2a:a7:bc:05:a1:21:
                    ff:9e:d7:ab:53:34:bd:bd:ee:2e:73:dc:68:ca:b8:
                    83:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:41:6F:51:09:2C:9C:BD:A1:F6:82:BB:0C:04:8B:26:A8:40:E5:43
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/mEFvUQksnL2h9oK7DASLJqhA5UM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.196.0/22
                  188.214.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:a2:4d:7e:f1:b0:9a:b7:59:49:34:7c:79:c4:f4:9a:f2:9e:
         06:c8:c4:80:7a:69:a9:8a:d2:d0:05:9e:5e:9d:50:98:d3:d7:
         9a:52:d6:1e:31:f3:f4:dd:51:75:c6:cb:8f:f6:a6:c6:2f:82:
         e0:7c:49:9d:0e:38:02:58:a4:66:db:2e:61:18:77:bd:30:93:
         1d:37:98:95:9b:b7:48:bd:f3:40:27:c7:08:92:d3:94:58:4b:
         61:7c:ad:13:1d:f5:4f:0e:bb:c2:64:42:66:c8:62:d8:08:2e:
         8f:96:89:93:77:13:be:e5:52:22:22:49:7a:2e:90:94:64:e9:
         f0:db:9c:ef:46:57:92:4a:40:66:90:19:53:00:1d:06:83:5d:
         62:ef:b5:97:b1:a4:57:94:5f:44:4a:90:92:62:2f:09:65:06:
         91:13:15:dd:c5:73:a0:7b:ff:56:8a:49:1e:33:a6:bf:61:d8:
         93:15:ab:8e:6a:47:47:0e:ab:f1:c3:4f:b2:0d:3b:73:25:53:
         b7:ba:45:7e:ed:d8:26:6d:b2:d4:6f:f5:1f:ba:ca:9a:55:c5:
         92:32:1c:5c:08:1d:89:b9:2d:8b:a8:a7:40:55:59:f7:24:33:
         94:85:fc:04:cb:92:34:70:b5:a3:b4:a1:e6:64:2c:4c:7b:57:
         32:29:c4:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4NtXuaBq5zXAG0kjqtBqYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMzA1MDgyMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODQxNmY1MTA5MmM5Y2JkYTFmNjgyYmIwYzA0OGIyNmE4NDBlNTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqIzq71nOFdUL+mWwRsRkRXymhFT
JmC+Gn1B65e5lt+ul7YC+mg/KgtCqllJ20yByv9v9MoUIPUmWh6T45R0tf0xAx8v
ZSlP9rYjP9hLgjIp9kTS6LeNAsUW2XGU37HZC0s17RWsmo/xO+r9an9MWMUgq7Fw
fE2C3uLD5ZgeCIPSmLfknnR+ZC9YdaBCWLJ9UXIa2lQfE3LvobXb6483Ir0AkkEA
4x7pjs4BrNJ819c193UrCiwi2Ffl10a5Hbu4vWlGsnEaQhBlFt4jDq7JQxPAnMao
Vbzb8ZaQNsRRlClaJOAraBgJO1oqp7wFoSH/nterUzS9ve4uc9xoyriDWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhBb1EJLJy9ofaCuwwEiyaoQOVDMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbUVGdlVRa3NuTDJoOW9LN0RBU0xKcWhBNVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYLEAwQB
vNbQMA0GCSqGSIb3DQEBCwUAA4IBAQCVok1+8bCat1lJNHx5xPSa8p4GyMSAemmp
itLQBZ5enVCY09eaUtYeMfP03VF1xsuP9qbGL4LgfEmdDjgCWKRm2y5hGHe9MJMd
N5iVm7dIvfNAJ8cIktOUWEthfK0THfVPDrvCZEJmyGLYCC6PlomTdxO+5VIiIkl6
LpCUZOnw25zvRleSSkBmkBlTAB0Gg11i77WXsaRXlF9ESpCSYi8JZQaRExXdxXOg
e/9WikkeM6a/YdiTFauOakdHDqvxw0+yDTtzJVO3ukV+7dgmbbLUb/UfusqaVcWS
MhxcCB2JuS2LqKdAVVn3JDOUhfwEy5I0cLWjtKHmZCxMe1cyKcTi
-----END CERTIFICATE-----