Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zYviYAQAKY6zYBBK1-7Pi1epy-c.roa
File:                     zYviYAQAKY6zYBBK1-7Pi1epy-c.roa (raw, json)
Hash identifier:          yC64poCKBFm7r9sInBSvboff+OtOssgc+ls5UO7urLE=
Subject key identifier:   CD:8B:E2:60:04:00:29:8E:B3:60:10:4A:D7:EE:CF:8B:57:A9:CB:E7
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5011632F0D9AAEFFE15EAA4A57CA961
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zYviYAQAKY6zYBBK1-7Pi1epy-c.roa
Signing time:             Mon 01 Jan 2024 12:30:31 +0000
ROA not before:           Mon 01 Jan 2024 12:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56309
IP address blocks:        203.159.92.0/22 maxlen: 22
                          141.98.16.0/22 maxlen: 24
                          45.154.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:16:32:f0:d9:aa:ef:fe:15:ea:a4:a5:7c:a9:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd8be2600400298eb360104ad7eecf8b57a9cbe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:41:2e:11:75:9e:51:d9:19:28:bb:5c:0c:81:
                    6e:18:2a:0c:ae:9a:3d:eb:1e:db:ed:bb:11:d1:68:
                    6b:fe:d8:3c:a5:95:72:8b:49:54:92:f7:67:ba:61:
                    e7:41:a0:ed:fd:d7:89:42:bc:04:04:e4:da:ac:b9:
                    44:56:a2:af:eb:27:48:a3:ba:4b:0b:81:9a:6c:33:
                    2f:6f:14:82:3b:d3:0d:5f:ea:fa:2b:22:f7:ba:21:
                    a9:b0:65:bc:49:eb:03:7a:64:7a:20:ae:1b:c3:56:
                    ff:8a:d6:d3:71:50:6d:c6:6e:45:b8:a7:98:fb:be:
                    26:2f:15:fe:b3:dc:b4:62:02:4f:92:22:21:40:7b:
                    3c:88:fa:eb:d0:52:d9:a1:fd:ee:5d:14:18:66:6d:
                    9e:cf:c4:6d:01:f8:a5:ae:1d:5f:be:a7:da:34:d8:
                    f8:10:8a:75:37:e7:ad:f4:10:13:1f:13:de:e8:4c:
                    52:27:86:09:c0:f5:81:08:83:8c:76:a8:3d:bb:b2:
                    b0:95:3a:b5:2f:9c:69:81:65:11:0e:3d:fa:cb:39:
                    42:74:81:50:4a:89:fa:95:78:3f:9e:4a:60:27:ad:
                    0c:01:36:b3:7f:2b:3b:1d:e0:42:e8:01:45:e4:ac:
                    12:0d:16:38:c8:9e:e7:0b:01:e2:01:3c:3b:b8:4e:
                    a6:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:8B:E2:60:04:00:29:8E:B3:60:10:4A:D7:EE:CF:8B:57:A9:CB:E7
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/zYviYAQAKY6zYBBK1-7Pi1epy-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.24.0/22
                  141.98.16.0/22
                  203.159.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:17:0a:5b:6d:5a:5b:6e:b0:84:ab:f7:01:fb:e3:73:d5:37:
         8c:30:4e:64:29:f0:17:66:1a:b3:06:9f:e6:05:0d:ae:6d:9d:
         04:41:05:0c:6a:ac:45:8f:c5:b0:f3:88:8b:63:37:81:07:4a:
         0d:b3:5a:13:bb:b0:72:3f:fd:6f:8b:5e:93:a3:e1:2e:2e:cb:
         48:67:af:96:b9:cb:82:e5:a0:a1:7b:91:39:e4:7f:fe:01:43:
         c9:44:d5:51:5a:79:2c:2b:b2:24:26:c4:17:c8:c1:0b:15:cf:
         d7:17:ff:5f:a0:1e:6f:20:d1:7f:7d:44:cc:a3:ee:85:38:75:
         d8:1a:17:db:f6:a6:e2:57:d0:00:f8:5d:41:2f:a4:80:71:b8:
         cd:26:03:97:66:fc:2d:b6:c0:d5:ea:ca:85:14:10:bb:a1:04:
         d3:be:09:e3:74:4e:ce:b5:0e:ce:0e:f5:74:39:3d:e0:9f:32:
         9a:c6:18:48:15:e7:ac:96:ba:20:37:a3:1d:13:27:a9:a2:f4:
         c0:1c:0d:12:b4:4c:18:d3:b4:49:c2:b2:65:88:41:33:af:ff:
         90:29:55:0d:9f:97:eb:64:f4:2c:a6:66:d8:b0:cf:2e:eb:c9:
         46:6e:76:84:1f:4f:a1:5b:a6:04:54:f6:97:da:af:8d:c2:cf:
         45:3d:13:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzFARYy8Nmq7/4V6qSlfKlhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDhiZTI2MDA0MDAyOThlYjM2MDEwNGFkN2VlY2Y4YjU3YTljYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0EuEXWeUdkZKLtcDIFuGCoMrpo9
6x7b7bsR0Whr/tg8pZVyi0lUkvdnumHnQaDt/deJQrwEBOTarLlEVqKv6ydIo7pL
C4GabDMvbxSCO9MNX+r6KyL3uiGpsGW8SesDemR6IK4bw1b/itbTcVBtxm5FuKeY
+74mLxX+s9y0YgJPkiIhQHs8iPrr0FLZof3uXRQYZm2ez8RtAfilrh1fvqfaNNj4
EIp1N+et9BATHxPe6ExSJ4YJwPWBCIOMdqg9u7KwlTq1L5xpgWURDj36yzlCdIFQ
Son6lXg/nkpgJ60MATazfys7HeBC6AFF5KwSDRY4yJ7nCwHiATw7uE6moQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM2L4mAEACmOs2AQStfuz4tXqcvnMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvell2aVlBUUFLWTZ6WUJCSzEtN1BpMWVweS1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLZoYAwQC
jWIQAwQCy59cMA0GCSqGSIb3DQEBCwUAA4IBAQBSFwpbbVpbbrCEq/cB++Nz1TeM
ME5kKfAXZhqzBp/mBQ2ubZ0EQQUMaqxFj8Ww84iLYzeBB0oNs1oTu7ByP/1vi16T
o+EuLstIZ6+WucuC5aChe5E55H/+AUPJRNVRWnksK7IkJsQXyMELFc/XF/9foB5v
INF/fUTMo+6FOHXYGhfb9qbiV9AA+F1BL6SAcbjNJgOXZvwttsDV6sqFFBC7oQTT
vgnjdE7OtQ7ODvV0OT3gnzKaxhhIFeeslrogN6MdEyepovTAHA0StEwY07RJwrJl
iEEzr/+QKVUNn5frZPQspmbYsM8u68lGbnaEH0+hW6YEVPaX2q+Nws9FPRN9
-----END CERTIFICATE-----