Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/yZAJYCyJVX4LJXnr5f4wQWJEMDk.roa
File:                     yZAJYCyJVX4LJXnr5f4wQWJEMDk.roa (raw, json)
Hash identifier:          2NnvpD9dd2xvt2bnTbyEd1TJY/EdPbvPL6f8p2OvbMg=
Subject key identifier:   C9:90:09:60:2C:89:55:7E:0B:25:79:EB:E5:FE:30:41:62:44:30:39
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501149400C937D9C92AD3388532D9FE
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/yZAJYCyJVX4LJXnr5f4wQWJEMDk.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49367
IP address blocks:        194.242.14.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:14:94:00:c9:37:d9:c9:2a:d3:38:85:32:d9:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c99009602c89557e0b2579ebe5fe304162443039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a3:b3:6c:f1:cd:d3:2d:e7:9a:68:90:76:fb:
                    21:fd:b3:ff:26:b6:63:66:e5:26:e5:41:e2:db:b8:
                    5c:75:74:b6:64:6a:3f:1e:60:0b:de:4c:e2:4b:19:
                    a1:69:fd:45:32:17:e0:20:5f:1f:ec:c2:f4:8c:dc:
                    cb:f3:5b:b5:b9:70:d7:a0:4d:9e:e0:e4:94:ba:6d:
                    87:66:9e:fe:a5:86:02:03:d3:89:54:30:a9:26:5f:
                    aa:12:eb:60:b2:e3:2b:a5:9c:8f:97:21:b2:27:d3:
                    da:7e:28:ca:cc:96:a1:5f:a7:bd:c2:59:2b:02:5d:
                    b9:f0:42:5a:94:51:e5:35:9a:cc:e1:e6:cb:89:04:
                    4f:dc:c1:13:49:7f:c1:b3:b1:c4:c9:a7:ae:9c:6f:
                    a8:f9:a1:a6:f8:0c:df:4b:6e:ba:50:51:1c:00:60:
                    93:97:a0:18:18:3f:db:07:40:28:30:9c:47:30:e9:
                    ef:6f:08:60:68:e0:4e:b8:4b:1f:00:fe:a5:e1:fd:
                    9a:51:57:0f:96:49:f0:25:4e:38:22:95:a9:be:82:
                    b9:8a:e7:23:de:19:8c:47:e1:5f:dd:7a:1d:e0:0b:
                    a9:c8:22:33:92:e7:fa:0f:b7:5e:37:8e:1a:96:24:
                    d3:cc:48:ee:d1:2c:42:1b:cf:02:ab:5e:7c:32:98:
                    0c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:90:09:60:2C:89:55:7E:0B:25:79:EB:E5:FE:30:41:62:44:30:39
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/yZAJYCyJVX4LJXnr5f4wQWJEMDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.242.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:39:87:c1:b7:08:d3:fd:c9:21:89:21:9e:6c:d1:8d:07:41:
         fa:ed:92:8c:b7:6a:93:e6:df:a4:27:c8:04:2f:09:47:f1:c6:
         c5:f6:78:93:1f:82:9f:75:b8:e1:94:bd:a8:90:5b:17:5f:7a:
         d3:4a:8d:2b:6e:7e:ad:15:cd:d1:34:dd:96:a2:22:ac:81:2b:
         de:fd:7c:93:2c:56:4c:e1:a1:f7:7e:87:29:8c:a9:a2:db:9d:
         34:1e:9c:5a:a2:2a:12:3d:b4:b1:0a:2f:34:70:7c:08:b0:09:
         14:a5:10:3b:72:8e:5e:93:f0:b4:78:50:bc:3f:f3:cd:84:cc:
         e2:48:dd:5d:df:06:62:be:21:59:62:97:dc:be:7a:92:b1:43:
         03:39:5a:1a:08:df:bf:c1:5a:f8:41:9b:56:07:1d:49:5f:4a:
         20:15:9b:52:38:d9:ec:4c:10:62:b4:94:f4:7f:9e:c3:10:1c:
         9a:8c:5a:c1:c4:06:4c:5d:d5:26:6b:fb:83:e3:31:6a:d8:11:
         5c:ef:f1:aa:4f:41:d8:eb:e7:25:dd:d8:5d:37:87:22:21:07:
         66:40:ef:d3:32:44:4c:c1:6e:92:8a:84:ef:bb:3c:ca:f7:95:
         f6:18:a6:8c:cd:65:67:ae:f9:02:0f:5a:4e:2a:41:a0:bb:9a:
         d3:27:00:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFARSUAMk32ckq0ziFMtn+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTkwMDk2MDJjODk1NTdlMGIyNTc5ZWJlNWZlMzA0MTYyNDQzMDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqOzbPHN0y3nmmiQdvsh/bP/JrZj
ZuUm5UHi27hcdXS2ZGo/HmAL3kziSxmhaf1FMhfgIF8f7ML0jNzL81u1uXDXoE2e
4OSUum2HZp7+pYYCA9OJVDCpJl+qEutgsuMrpZyPlyGyJ9PafijKzJahX6e9wlkr
Al258EJalFHlNZrM4ebLiQRP3METSX/Bs7HEyaeunG+o+aGm+AzfS266UFEcAGCT
l6AYGD/bB0AoMJxHMOnvbwhgaOBOuEsfAP6l4f2aUVcPlknwJU44IpWpvoK5iucj
3hmMR+Ff3Xod4AupyCIzkuf6D7deN44aliTTzEju0SxCG88Cq158MpgMOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMmQCWAsiVV+CyV56+X+MEFiRDA5MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEveVpBSllDeUpWWDRMSlhucjVmNHdRV0pFTURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwvIOMA0G
CSqGSIb3DQEBCwUAA4IBAQBnOYfBtwjT/ckhiSGebNGNB0H67ZKMt2qT5t+kJ8gE
LwlH8cbF9niTH4KfdbjhlL2okFsXX3rTSo0rbn6tFc3RNN2WoiKsgSve/XyTLFZM
4aH3focpjKmi2500HpxaoioSPbSxCi80cHwIsAkUpRA7co5ek/C0eFC8P/PNhMzi
SN1d3wZiviFZYpfcvnqSsUMDOVoaCN+/wVr4QZtWBx1JX0ogFZtSONnsTBBitJT0
f57DEByajFrBxAZMXdUma/uD4zFq2BFc7/GqT0HY6+cl3dhdN4ciIQdmQO/TMkRM
wW6SioTvuzzK95X2GKaMzWVnrvkCD1pOKkGgu5rTJwDA
-----END CERTIFICATE-----