Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tXhIbE6m1xmcEmxBtrvcLIQozbs.roa
File:                     tXhIbE6m1xmcEmxBtrvcLIQozbs.roa (raw, json)
Hash identifier:          VSZgcJuaxHfbz4yPl2ejFs9st3Mh47XuOJXbZvGXWbk=
Subject key identifier:   B5:78:48:6C:4E:A6:D7:19:9C:12:6C:41:B6:BB:DC:2C:84:28:CD:BB
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5012523474FC213AA4513BB4A315117
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tXhIbE6m1xmcEmxBtrvcLIQozbs.roa
Signing time:             Mon 01 Jan 2024 12:30:35 +0000
ROA not before:           Mon 01 Jan 2024 12:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203639
IP address blocks:        188.240.68.0/24 maxlen: 24
                          188.213.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:25:23:47:4f:c2:13:aa:45:13:bb:4a:31:51:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b578486c4ea6d7199c126c41b6bbdc2c8428cdbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ae:fd:74:31:f1:8c:65:5e:7a:95:f2:15:af:
                    2f:3d:88:04:c7:09:5c:a5:38:7a:89:a1:10:a8:54:
                    93:3a:5b:03:34:b4:72:3d:49:18:d5:23:e6:82:8c:
                    17:87:5c:7a:4b:2a:b4:fa:ac:71:05:3f:9d:98:3a:
                    82:07:2f:61:eb:19:79:75:1e:9b:cc:a5:79:56:73:
                    5f:af:47:58:57:cd:14:c7:92:23:80:da:78:92:04:
                    a9:0f:81:ff:0a:aa:20:c6:4f:bd:d9:de:52:38:c6:
                    72:44:05:b3:53:a3:79:ac:cb:fa:eb:02:1e:e7:73:
                    9d:cc:08:2c:f4:41:94:4a:74:42:8c:37:2d:e1:8b:
                    fa:4c:a5:8b:24:61:f6:56:b2:f7:c5:ca:04:82:17:
                    37:7d:a1:27:bd:67:45:1c:2d:52:be:31:22:e0:1d:
                    ef:ff:53:3f:e3:42:80:45:03:7b:6f:87:aa:48:51:
                    8f:61:ca:67:d7:6c:45:1b:50:d9:36:fc:b7:5f:11:
                    32:c1:72:d7:1a:0d:33:9c:68:4f:5b:ca:43:21:8c:
                    47:66:3a:e7:56:0f:45:0d:50:35:2b:75:82:d4:b2:
                    ac:13:e3:3a:c3:76:c5:b7:63:e4:45:9e:eb:48:08:
                    67:61:a3:b7:7b:f2:21:cc:ca:7a:c9:22:62:9d:c0:
                    45:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:78:48:6C:4E:A6:D7:19:9C:12:6C:41:B6:BB:DC:2C:84:28:CD:BB
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tXhIbE6m1xmcEmxBtrvcLIQozbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.213.203.0/24
                  188.240.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:35:51:7d:83:10:1e:67:d0:32:ad:6f:e7:54:38:62:83:5a:
         ec:95:ef:fb:37:2a:a9:08:2e:00:89:82:a2:49:7b:b5:b4:a3:
         21:f4:1f:56:1b:13:de:d0:87:5c:7e:0e:94:ea:5f:c7:92:f1:
         23:f5:bc:d0:66:f3:dc:cb:24:17:d0:1c:b5:27:57:1a:96:cc:
         6f:5f:dd:b8:9b:53:59:1b:d4:36:1b:30:6e:77:a3:db:8b:c5:
         ba:02:7c:ac:63:69:ff:0a:87:f5:4b:62:e2:21:1d:c9:47:dc:
         40:4b:c9:1b:68:1f:cb:f5:50:b5:79:86:72:b2:b4:0a:31:59:
         13:cc:c7:23:da:6d:6e:98:65:23:69:20:72:e5:0a:c5:34:cf:
         18:d8:53:f8:00:b9:c9:80:d2:dc:1d:9c:3d:06:c0:17:14:d8:
         d2:fc:1d:60:ad:10:92:94:8c:6f:ad:10:72:fc:7e:50:80:d1:
         ec:ae:17:24:cd:f3:13:0b:6b:12:bf:4d:6b:49:85:43:6c:f0:
         df:7e:56:ba:c9:d6:06:e4:35:47:e6:fa:92:19:41:df:f1:2f:
         e0:b9:c7:36:d4:7f:8e:01:d1:28:cd:bb:6b:b4:80:41:b9:bb:
         61:7b:4b:62:78:a7:76:84:4e:63:e8:78:af:83:ad:a7:fc:67:
         15:a3:79:72
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFASUjR0/CE6pFE7tKMVEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTc4NDg2YzRlYTZkNzE5OWMxMjZjNDFiNmJiZGMyYzg0MjhjZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoq79dDHxjGVeepXyFa8vPYgExwlc
pTh6iaEQqFSTOlsDNLRyPUkY1SPmgowXh1x6Syq0+qxxBT+dmDqCBy9h6xl5dR6b
zKV5VnNfr0dYV80Ux5IjgNp4kgSpD4H/Cqogxk+92d5SOMZyRAWzU6N5rMv66wIe
53OdzAgs9EGUSnRCjDct4Yv6TKWLJGH2VrL3xcoEghc3faEnvWdFHC1SvjEi4B3v
/1M/40KARQN7b4eqSFGPYcpn12xFG1DZNvy3XxEywXLXGg0znGhPW8pDIYxHZjrn
Vg9FDVA1K3WC1LKsE+M6w3bFt2PkRZ7rSAhnYaO3e/IhzMp6ySJincBFeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLV4SGxOptcZnBJsQba73CyEKM27MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdFhoSWJFNm0xeG1jRW14QnRydmNMSVFvemJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvNXLAwQA
vPBEMA0GCSqGSIb3DQEBCwUAA4IBAQBINVF9gxAeZ9AyrW/nVDhig1rsle/7Nyqp
CC4AiYKiSXu1tKMh9B9WGxPe0Idcfg6U6l/HkvEj9bzQZvPcyyQX0By1J1calsxv
X924m1NZG9Q2GzBud6Pbi8W6AnysY2n/Cof1S2LiIR3JR9xAS8kbaB/L9VC1eYZy
srQKMVkTzMcj2m1umGUjaSBy5QrFNM8Y2FP4ALnJgNLcHZw9BsAXFNjS/B1grRCS
lIxvrRBy/H5QgNHsrhckzfMTC2sSv01rSYVDbPDffla6ydYG5DVH5vqSGUHf8S/g
ucc21H+OAdEozbtrtIBBubthe0tieKd2hE5j6Hivg62n/GcVo3ly
-----END CERTIFICATE-----