Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/o3Io2dxUTOapCrSDKcdtq9-uuis.roa
File:                     o3Io2dxUTOapCrSDKcdtq9-uuis.roa (raw, json)
Hash identifier:          UjAr2NLGZHHw9nUvWWxY5Q6zeExn9evJjMRs9lCshfE=
Subject key identifier:   A3:72:28:D9:DC:54:4C:E6:A9:0A:B4:83:29:C7:6D:AB:DF:AE:BA:2B
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50105274B5FC10BE0206B14F38ABBCC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/o3Io2dxUTOapCrSDKcdtq9-uuis.roa
Signing time:             Mon 01 Jan 2024 12:30:27 +0000
ROA not before:           Mon 01 Jan 2024 12:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4785
IP address blocks:        194.242.2.0/24 maxlen: 24
                          193.19.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:05:27:4b:5f:c1:0b:e0:20:6b:14:f3:8a:bb:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a37228d9dc544ce6a90ab48329c76dabdfaeba2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:29:16:cd:f1:20:ae:23:e6:c1:b5:d1:4b:88:
                    09:b3:6f:77:83:ef:3d:3a:a6:a9:f3:08:ce:c7:77:
                    14:7b:94:db:1e:99:d1:0a:d6:4a:97:81:3a:29:ce:
                    20:a9:71:52:8a:6b:4e:9b:ba:f4:23:6f:13:b5:c6:
                    6b:29:f6:2a:81:15:5a:1f:d0:d6:8d:2e:0a:45:2e:
                    8f:d2:2e:9f:48:33:97:54:de:f2:b6:ba:6a:d8:eb:
                    23:ac:6b:5a:f6:08:43:f9:0d:4c:39:4e:4b:49:f7:
                    b6:bf:e5:76:67:8c:32:0c:38:17:db:de:ec:77:75:
                    e1:fe:27:1f:f0:8d:70:99:c6:68:ad:4c:a3:b6:b3:
                    cb:ad:e3:12:6b:d2:28:ef:5f:9b:d5:88:64:69:1e:
                    80:55:da:e1:34:cf:a9:0f:29:f1:8b:c0:ea:6c:72:
                    0f:42:d6:5b:27:16:36:41:87:ec:44:f9:4d:5d:6c:
                    27:27:da:96:08:b4:92:f1:fe:23:c1:b5:2a:7d:70:
                    4e:15:4f:7a:1d:09:3d:29:77:92:5a:ef:06:d8:0f:
                    7a:f6:eb:8f:cd:b7:0d:4e:b6:0c:42:3e:c4:18:45:
                    c7:98:e5:84:97:c0:5f:3e:cd:c3:c5:e3:f6:ba:61:
                    74:62:dc:d0:c5:b5:33:52:82:ac:5e:9f:b0:08:31:
                    58:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:72:28:D9:DC:54:4C:E6:A9:0A:B4:83:29:C7:6D:AB:DF:AE:BA:2B
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/o3Io2dxUTOapCrSDKcdtq9-uuis.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.19.108.0/24
                  194.242.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:aa:5d:7e:d9:1b:b1:da:5e:a6:63:4f:74:13:df:2e:3b:e1:
         b3:f0:21:1e:ae:7a:d1:92:62:11:b3:97:de:e4:42:31:f5:9f:
         88:d8:1c:84:ba:79:47:4c:ab:3c:ce:35:a9:0f:34:1f:78:d6:
         3c:6d:03:04:af:49:37:7d:76:46:ab:2d:57:ef:48:69:28:fc:
         65:69:94:68:02:6e:73:c9:d9:ca:45:2e:61:8a:ec:7c:06:3f:
         f1:22:43:8a:56:c3:79:6a:c8:a6:15:4c:aa:33:e7:84:02:11:
         4a:77:a9:03:5c:9e:d5:66:1f:ad:da:02:52:e8:09:23:b8:66:
         f5:4a:15:e3:63:23:8d:10:42:8a:1a:f0:29:2b:32:82:f9:e0:
         c2:8a:ae:56:37:b7:ba:60:2a:3a:db:04:50:0f:87:02:ea:b8:
         24:c0:1d:98:47:51:56:18:9e:70:7c:d5:45:0b:d8:f5:65:48:
         a7:3f:b5:3f:de:f2:f4:bc:8b:08:75:7c:94:3a:6c:97:68:1b:
         cc:1d:4c:74:0e:d5:68:c5:9f:f0:c6:62:ca:6c:d9:4a:07:14:
         41:10:4b:4d:31:58:80:01:63:7e:38:01:3b:13:f6:b8:65:0e:
         08:ac:e1:01:99:7d:f6:7c:ca:b9:7f:56:37:e9:18:a9:28:97:
         56:a1:96:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAQUnS1/BC+AgaxTzirvMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzcyMjhkOWRjNTQ0Y2U2YTkwYWI0ODMyOWM3NmRhYmRmYWViYTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiikWzfEgriPmwbXRS4gJs293g+89
Oqap8wjOx3cUe5TbHpnRCtZKl4E6Kc4gqXFSimtOm7r0I28TtcZrKfYqgRVaH9DW
jS4KRS6P0i6fSDOXVN7ytrpq2OsjrGta9ghD+Q1MOU5LSfe2v+V2Z4wyDDgX297s
d3Xh/icf8I1wmcZorUyjtrPLreMSa9Io71+b1YhkaR6AVdrhNM+pDynxi8DqbHIP
QtZbJxY2QYfsRPlNXWwnJ9qWCLSS8f4jwbUqfXBOFU96HQk9KXeSWu8G2A969uuP
zbcNTrYMQj7EGEXHmOWEl8BfPs3DxeP2umF0YtzQxbUzUoKsXp+wCDFYYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKNyKNncVEzmqQq0gynHbavfrrorMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbzNJbzJkeFVUT2FwQ3JTREtjZHRxOS11dWlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwRNsAwQA
wvICMA0GCSqGSIb3DQEBCwUAA4IBAQAAql1+2Rux2l6mY090E98uO+Gz8CEernrR
kmIRs5fe5EIx9Z+I2ByEunlHTKs8zjWpDzQfeNY8bQMEr0k3fXZGqy1X70hpKPxl
aZRoAm5zydnKRS5hiux8Bj/xIkOKVsN5asimFUyqM+eEAhFKd6kDXJ7VZh+t2gJS
6AkjuGb1ShXjYyONEEKKGvApKzKC+eDCiq5WN7e6YCo62wRQD4cC6rgkwB2YR1FW
GJ5wfNVFC9j1ZUinP7U/3vL0vIsIdXyUOmyXaBvMHUx0DtVoxZ/wxmLKbNlKBxRB
EEtNMViAAWN+OAE7E/a4ZQ4IrOEBmX32fMq5f1Y36RipKJdWoZbl
-----END CERTIFICATE-----