Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vLIxJ2mfv8Voz6_0VM7rdcbLllQ.roa
File:                     vLIxJ2mfv8Voz6_0VM7rdcbLllQ.roa (raw, json)
Hash identifier:          +aMMZvdssbwItsky8eBqtfX5oCvfhOvhtK5dxDd4LPk=
Subject key identifier:   BC:B2:31:27:69:9F:BF:C5:68:CF:AF:F4:54:CE:EB:75:C6:CB:96:54
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501297B07B5EB9CAFDFDA2FFDFADB2E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vLIxJ2mfv8Voz6_0VM7rdcbLllQ.roa
Signing time:             Mon 01 Jan 2024 12:30:36 +0000
ROA not before:           Mon 01 Jan 2024 12:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209043
IP address blocks:        89.44.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:29:7b:07:b5:eb:9c:af:df:da:2f:fd:fa:db:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcb23127699fbfc568cfaff454ceeb75c6cb9654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:fa:32:2b:8a:b5:18:3f:f3:b2:08:3b:9e:fc:
                    a7:d9:65:c7:1d:c3:19:9d:81:9f:67:25:99:a9:f5:
                    c1:f9:33:d2:66:4b:dc:2c:7a:4f:34:83:1c:e9:45:
                    51:3a:fb:1e:13:11:b3:2f:cd:4f:1e:4b:40:c3:2e:
                    7a:db:d6:61:98:7e:c4:63:78:fe:42:67:6d:8a:8a:
                    f1:86:f8:97:97:f1:a6:09:10:76:ce:f4:68:4d:0e:
                    34:4d:17:d7:bc:20:01:a6:93:2b:28:b7:61:c7:59:
                    b7:5f:b1:63:d8:01:01:36:e1:6e:df:0d:62:26:bb:
                    3a:0a:77:f0:31:d4:13:d6:28:7a:f0:d7:d0:cb:5b:
                    80:f4:1b:1d:72:c1:cc:41:6d:5a:5d:b8:6e:c4:a5:
                    9e:ab:a4:91:0b:52:f1:9d:59:4f:4e:2e:8b:50:d3:
                    0a:18:c9:e7:cd:c7:e2:26:9f:1f:3d:a9:a4:ce:cb:
                    55:fa:3b:ed:b7:50:3f:ae:6a:a2:53:22:2e:50:f1:
                    ae:10:af:c5:95:c6:8c:df:7c:19:85:85:5f:d5:51:
                    2d:9d:97:b6:28:67:e6:02:28:23:ee:aa:54:b5:48:
                    97:6c:e4:44:4d:d0:73:f3:d9:12:93:c1:b2:c1:da:
                    98:d1:10:7a:52:56:c9:5a:f3:5b:9a:84:7e:df:85:
                    68:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B2:31:27:69:9F:BF:C5:68:CF:AF:F4:54:CE:EB:75:C6:CB:96:54
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/vLIxJ2mfv8Voz6_0VM7rdcbLllQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.44.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:1d:2f:3b:d0:89:7d:28:c9:59:99:af:00:5f:fb:46:ac:e1:
         6b:8f:e6:e1:10:96:08:6c:a2:28:61:77:14:94:19:6f:33:e0:
         52:88:47:12:12:07:70:fa:c3:f9:c5:db:8f:32:b6:bb:71:f7:
         b1:7b:66:ec:15:6e:63:c0:df:f3:4a:07:a6:c2:3d:cc:7e:8c:
         df:36:37:7f:02:1a:52:ac:7e:75:5c:4e:72:73:1f:b7:73:26:
         f5:9a:83:04:e7:63:0d:b3:cd:e0:22:75:ce:c8:46:00:a4:97:
         ca:0a:7b:2b:78:68:cf:80:95:5b:a9:6a:05:33:5e:26:eb:4f:
         1d:29:e5:97:ee:5e:b0:b2:73:da:69:d6:54:17:97:99:9a:13:
         5b:6c:db:bd:d0:41:3e:41:4f:6e:81:86:58:b1:c5:2e:c3:c8:
         36:44:a9:63:b5:13:18:b1:d9:53:02:cd:e3:ba:15:d4:25:71:
         14:03:3d:21:dc:ba:bb:39:75:f5:e9:dc:49:92:2d:8f:23:ef:
         28:3e:e0:fd:a9:79:22:e4:ef:e6:8e:7a:be:76:7d:65:91:b2:
         e1:2f:9c:04:46:c1:04:04:fc:c4:a3:46:8c:7b:74:fd:12:39:
         19:df:f6:7f:d9:20:74:d2:39:03:de:76:42:b3:d3:24:e5:35:
         85:d2:24:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASl7B7XrnK/f2i/9+tsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2IyMzEyNzY5OWZiZmM1NjhjZmFmZjQ1NGNlZWI3NWM2Y2I5NjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl/oyK4q1GD/zsgg7nvyn2WXHHcMZ
nYGfZyWZqfXB+TPSZkvcLHpPNIMc6UVROvseExGzL81PHktAwy5629ZhmH7EY3j+
QmdtiorxhviXl/GmCRB2zvRoTQ40TRfXvCABppMrKLdhx1m3X7Fj2AEBNuFu3w1i
Jrs6CnfwMdQT1ih68NfQy1uA9BsdcsHMQW1aXbhuxKWeq6SRC1LxnVlPTi6LUNMK
GMnnzcfiJp8fPamkzstV+jvtt1A/rmqiUyIuUPGuEK/FlcaM33wZhYVf1VEtnZe2
KGfmAigj7qpUtUiXbORETdBz89kSk8GywdqY0RB6UlbJWvNbmoR+34VoywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLyyMSdpn7/FaM+v9FTO63XGy5ZUMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdkxJeEoybWZ2OFZvejZfMFZNN3JkY2JMbGxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSzPMA0G
CSqGSIb3DQEBCwUAA4IBAQAlHS870Il9KMlZma8AX/tGrOFrj+bhEJYIbKIoYXcU
lBlvM+BSiEcSEgdw+sP5xduPMra7cfexe2bsFW5jwN/zSgemwj3MfozfNjd/AhpS
rH51XE5ycx+3cyb1moME52MNs83gInXOyEYApJfKCnsreGjPgJVbqWoFM14m608d
KeWX7l6wsnPaadZUF5eZmhNbbNu90EE+QU9ugYZYscUuw8g2RKljtRMYsdlTAs3j
uhXUJXEUAz0h3Lq7OXX16dxJki2PI+8oPuD9qXki5O/mjnq+dn1lkbLhL5wERsEE
BPzEo0aMe3T9EjkZ3/Z/2SB00jkD3nZCs9Mk5TWF0iTf
-----END CERTIFICATE-----