Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t-NoKFY1HoeKaDAYjQr_YnrMw54.roa
File:                     t-NoKFY1HoeKaDAYjQr_YnrMw54.roa (raw, json)
Hash identifier:          YyzcHSbY/F7qMLSdDpPpd7NT5ymb2Uf03wRnvF2Cvbc=
Subject key identifier:   B7:E3:68:28:56:35:1E:87:8A:68:30:18:8D:0A:FF:62:7A:CC:C3:9E
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018DC502F6F0B93FD79FE2E07BCD3A173FD8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t-NoKFY1HoeKaDAYjQr_YnrMw54.roa
Signing time:             Tue 20 Feb 2024 05:35:22 +0000
ROA not before:           Tue 20 Feb 2024 05:35:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6762
IP address blocks:        62.197.136.0/21 maxlen: 24
                          93.114.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:02:f6:f0:b9:3f:d7:9f:e2:e0:7b:cd:3a:17:3f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 20 05:35:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7e3682856351e878a6830188d0aff627accc39e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:2b:7d:fd:9d:62:1f:e8:b4:90:86:6a:50:75:
                    bf:6c:d7:2b:96:fb:4b:91:94:4e:3b:3b:1b:4f:2b:
                    5c:f4:bc:c7:da:04:15:3a:42:dd:9f:94:5f:f2:3c:
                    8d:d9:40:a4:62:50:ad:02:d3:1d:96:64:4a:9e:0f:
                    ea:75:6b:90:a7:a6:a8:de:74:99:ce:78:1e:89:6b:
                    f4:be:fe:1f:b8:f7:13:20:33:6e:c2:40:c3:db:05:
                    32:8b:29:23:e4:65:cb:8b:5e:50:50:40:f3:0b:6e:
                    ef:a0:fa:27:16:fa:05:58:06:0b:27:1a:33:5c:06:
                    62:55:7e:2f:b4:4d:34:b2:92:1e:ab:a3:ae:ae:26:
                    c7:e9:a8:b9:d8:88:4f:64:80:aa:08:be:b2:2a:7b:
                    0f:b0:37:18:cd:11:a7:ef:c8:bd:66:6d:c9:63:f5:
                    32:ce:5e:bc:09:94:2c:0f:ce:d4:03:44:6b:a6:44:
                    1f:2c:2b:ec:03:60:75:1a:ad:1b:b8:8d:e6:40:85:
                    3f:9f:cd:c4:0b:5d:a8:cb:d3:4e:0c:0e:46:98:7e:
                    ca:31:19:f2:a3:7c:7d:6e:f7:38:db:ba:b6:41:73:
                    89:9d:21:f7:fd:97:0e:b5:c7:20:0d:b1:27:30:8c:
                    24:75:99:3f:22:18:86:fc:24:69:d3:b5:2e:5e:0b:
                    2d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E3:68:28:56:35:1E:87:8A:68:30:18:8D:0A:FF:62:7A:CC:C3:9E
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/t-NoKFY1HoeKaDAYjQr_YnrMw54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.197.136.0/21
                  93.114.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:8c:72:1c:80:22:69:4e:0a:7e:65:99:89:46:60:60:56:6e:
         97:97:99:40:ea:39:08:ef:7b:82:96:6b:e0:0b:09:13:e7:24:
         25:05:3d:ec:a6:62:77:bc:3e:5c:54:d6:73:24:a2:27:b6:97:
         f7:05:35:57:42:ed:c1:3a:fb:cc:50:9c:98:81:cb:6e:26:8c:
         f1:90:05:46:22:b1:a7:5e:ee:f2:df:be:cf:0e:51:f1:72:b4:
         be:e2:50:2a:ab:cf:65:c2:9d:24:77:87:c1:5c:01:bd:23:e6:
         39:1e:12:38:fa:0e:fe:14:ad:e3:e3:b7:8a:e6:27:c7:5f:08:
         5d:df:f3:49:ec:02:fa:26:8f:16:93:6d:a4:5f:55:ec:f7:26:
         74:12:74:14:9b:d9:93:bf:95:d7:ee:9c:b4:8d:35:42:ef:ef:
         2f:b9:72:6e:a2:44:da:52:ac:0c:21:43:53:7e:ec:6e:3d:5e:
         62:92:f2:44:ce:cf:b3:43:1f:74:4c:b1:09:3e:f0:f0:33:3a:
         f8:3a:3e:e6:69:68:5e:9a:70:0d:5a:3e:a4:17:51:53:69:02:
         64:d5:8e:c0:1b:ab:b1:16:be:cc:fa:75:56:5b:04:cd:01:01:
         84:fc:e9:88:7a:1a:eb:67:5f:3b:af:14:67:2c:be:16:35:82:
         8e:b0:53:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY3FAvbwuT/Xn+Lge806Fz/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMjIwMDUzNTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2UzNjgyODU2MzUxZTg3OGE2ODMwMTg4ZDBhZmY2MjdhY2NjMzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSt9/Z1iH+i0kIZqUHW/bNcrlvtL
kZROOzsbTytc9LzH2gQVOkLdn5Rf8jyN2UCkYlCtAtMdlmRKng/qdWuQp6ao3nSZ
zngeiWv0vv4fuPcTIDNuwkDD2wUyiykj5GXLi15QUEDzC27voPonFvoFWAYLJxoz
XAZiVX4vtE00spIeq6OuribH6ai52IhPZICqCL6yKnsPsDcYzRGn78i9Zm3JY/Uy
zl68CZQsD87UA0RrpkQfLCvsA2B1Gq0buI3mQIU/n83EC12oy9NODA5GmH7KMRny
o3x9bvc427q2QXOJnSH3/ZcOtccgDbEnMIwkdZk/IhiG/CRp07UuXgstdQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLfjaChWNR6HimgwGI0K/2J6zMOeMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdC1Ob0tGWTFIb2VLYURBWWpRcl9ZbnJNdzU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDPsWIAwQA
XXLDMA0GCSqGSIb3DQEBCwUAA4IBAQAAjHIcgCJpTgp+ZZmJRmBgVm6Xl5lA6jkI
73uClmvgCwkT5yQlBT3spmJ3vD5cVNZzJKIntpf3BTVXQu3BOvvMUJyYgctuJozx
kAVGIrGnXu7y377PDlHxcrS+4lAqq89lwp0kd4fBXAG9I+Y5HhI4+g7+FK3j47eK
5ifHXwhd3/NJ7AL6Jo8Wk22kX1Xs9yZ0EnQUm9mTv5XX7py0jTVC7+8vuXJuokTa
UqwMIUNTfuxuPV5ikvJEzs+zQx90TLEJPvDwMzr4Oj7maWhemnANWj6kF1FTaQJk
1Y7AG6uxFr7M+nVWWwTNAQGE/OmIehrrZ187rxRnLL4WNYKOsFM1
-----END CERTIFICATE-----