Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/d0a3dc-7d9a-4375-b2fd-c7542f88e797/1/8diW_viZ8DhFMdAZwzGQKTrlBMo.roa
File:                     8diW_viZ8DhFMdAZwzGQKTrlBMo.roa (raw, json)
Hash identifier:          qNxxLl2Ah7HsBL2Y/MRp81EUlRzFhdE8EsgFNlVQQMU=
Subject key identifier:   F1:D8:96:FE:F8:99:F0:38:45:31:D0:19:C3:31:90:29:3A:E5:04:CA
Certificate issuer:       /CN=2b04d555763fbaa094dca7a93daaa78fd4008554
Certificate serial:       018F0EC502A6E15E8DDDEFD0ED9645EA886F
Authority key identifier: 2B:04:D5:55:76:3F:BA:A0:94:DC:A7:A9:3D:AA:A7:8F:D4:00:85:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KwTVVXY_uqCU3KepPaqnj9QAhVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/d0a3dc-7d9a-4375-b2fd-c7542f88e797/1/8diW_viZ8DhFMdAZwzGQKTrlBMo.roa
Signing time:             Wed 24 Apr 2024 06:22:23 +0000
ROA not before:           Wed 24 Apr 2024 06:22:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198656
IP address blocks:        194.36.20.0/24 maxlen: 24
                          2001:67c:734::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/d0a3dc-7d9a-4375-b2fd-c7542f88e797/1/KwTVVXY_uqCU3KepPaqnj9QAhVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/d0a3dc-7d9a-4375-b2fd-c7542f88e797/1/KwTVVXY_uqCU3KepPaqnj9QAhVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KwTVVXY_uqCU3KepPaqnj9QAhVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0e:c5:02:a6:e1:5e:8d:dd:ef:d0:ed:96:45:ea:88:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b04d555763fbaa094dca7a93daaa78fd4008554
        Validity
            Not Before: Apr 24 06:22:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1d896fef899f0384531d019c33190293ae504ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:67:8a:88:2f:38:05:ac:6d:20:71:f0:97:ff:
                    a6:fa:68:1a:e5:7a:c3:19:57:a8:e5:16:b0:8c:44:
                    0b:2b:c9:20:75:2f:4a:8f:88:8a:ea:16:08:6d:e4:
                    f6:a5:c9:0b:37:08:ab:39:07:1e:69:bc:95:9e:8c:
                    86:23:d9:f1:42:42:e4:fb:0f:e7:38:0d:ae:41:c6:
                    14:85:77:89:c6:a9:26:8b:34:e4:34:bc:0f:45:53:
                    34:02:23:f0:16:bb:62:1e:25:4b:85:19:a8:99:a6:
                    55:89:40:64:a6:16:74:b3:a6:54:53:8b:34:d1:7f:
                    88:fa:72:ae:89:e9:d6:38:05:3a:4c:0e:2e:bf:be:
                    08:5c:cd:49:52:ed:6b:13:6e:bc:7c:9d:d3:38:ca:
                    5b:c4:59:38:c5:7a:83:33:3b:61:ae:ab:6c:40:97:
                    fa:3d:72:92:17:3a:5c:96:a0:ce:1f:cc:51:d7:9c:
                    14:db:e2:db:a4:45:34:5c:5b:ad:75:12:70:75:0c:
                    49:a8:93:42:54:7d:d4:b3:27:2d:61:28:5e:cd:70:
                    da:4e:04:71:02:fe:9d:b8:fe:a5:91:ff:09:75:df:
                    b5:5f:b3:47:bb:e0:6d:f9:ef:e9:ad:4e:90:fc:2e:
                    9f:cb:cf:0f:8f:03:9d:0a:db:4e:aa:e2:6d:88:e3:
                    99:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D8:96:FE:F8:99:F0:38:45:31:D0:19:C3:31:90:29:3A:E5:04:CA
            X509v3 Authority Key Identifier:
                keyid:2B:04:D5:55:76:3F:BA:A0:94:DC:A7:A9:3D:AA:A7:8F:D4:00:85:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KwTVVXY_uqCU3KepPaqnj9QAhVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d0a3dc-7d9a-4375-b2fd-c7542f88e797/1/8diW_viZ8DhFMdAZwzGQKTrlBMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/d0a3dc-7d9a-4375-b2fd-c7542f88e797/1/KwTVVXY_uqCU3KepPaqnj9QAhVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.36.20.0/24
                IPv6:
                  2001:67c:734::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:7b:8f:60:4a:6d:94:5b:d6:89:02:08:d5:47:1a:3d:8d:54:
         b3:ea:98:9d:e8:8b:3d:21:5f:86:86:df:47:c3:61:d3:a0:f0:
         4d:4b:a6:c2:a8:50:30:6a:a1:b8:2c:41:1c:96:ba:61:82:cd:
         07:ec:25:a3:5f:04:2e:b4:8c:1b:63:a9:a2:c2:d2:47:53:ae:
         29:b6:e9:19:52:81:09:cf:ee:67:56:cf:5b:26:42:6a:f9:34:
         0f:ad:78:63:c0:d5:13:9e:40:77:21:e4:0f:9e:2b:b6:b2:66:
         90:aa:41:aa:06:c5:39:b6:33:ee:5b:c2:cf:65:5b:3f:ec:b7:
         32:43:ad:50:68:f8:73:2b:d9:32:bf:08:e5:f1:c6:72:db:ff:
         42:8b:82:7b:0f:66:d0:12:be:51:c7:2e:54:73:c4:b5:bb:51:
         26:ee:26:09:bc:ae:a3:81:16:e0:4a:08:da:fb:5e:07:26:96:
         73:93:cb:92:66:6e:23:ae:50:c9:b0:3d:b1:7d:29:68:3b:47:
         7c:94:d9:9e:cb:d2:34:86:cf:39:1f:0a:ff:3d:5d:6e:63:fa:
         2f:b1:9d:a0:0b:11:2a:fc:fc:cc:84:d7:7b:55:48:c8:22:f7:
         5b:c0:8a:03:81:fb:86:93:96:57:a1:bb:8a:45:69:97:a3:b9:
         4b:a4:41:76
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY8OxQKm4V6N3e/Q7ZZF6ohvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMDRkNTU1NzYzZmJhYTA5NGRjYTdhOTNkYWFhNzhmZDQw
MDg1NTQwHhcNMjQwNDI0MDYyMjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ4OTZmZWY4OTlmMDM4NDUzMWQwMTljMzMxOTAyOTNhZTUwNGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgmeKiC84BaxtIHHwl/+m+mga5XrD
GVeo5RawjEQLK8kgdS9Kj4iK6hYIbeT2pckLNwirOQceabyVnoyGI9nxQkLk+w/n
OA2uQcYUhXeJxqkmizTkNLwPRVM0AiPwFrtiHiVLhRmomaZViUBkphZ0s6ZUU4s0
0X+I+nKuienWOAU6TA4uv74IXM1JUu1rE268fJ3TOMpbxFk4xXqDMzthrqtsQJf6
PXKSFzpclqDOH8xR15wU2+LbpEU0XFutdRJwdQxJqJNCVH3UsyctYShezXDaTgRx
Av6duP6lkf8Jdd+1X7NHu+Bt+e/prU6Q/C6fy88PjwOdCttOquJtiOOZkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPHYlv74mfA4RTHQGcMxkCk65QTKMB8GA1UdIwQY
MBaAFCsE1VV2P7qglNynqT2qp4/UAIVUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3dUVlZYWV91cUNVM0tlcFBhcW5qOVFBaFZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kMGEzZGMtN2Q5YS00Mzc1LWIyZmQt
Yzc1NDJmODhlNzk3LzEvOGRpV192aVo4RGhGTWRBWnd6R1FLVHJsQk1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kMGEzZGMtN2Q5YS00Mzc1LWIyZmQtYzc1NDJmODhlNzk3
LzEvS3dUVlZYWV91cUNVM0tlcFBhcW5qOVFBaFZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwiQUMA8E
AgACMAkDBwAgAQZ8BzQwDQYJKoZIhvcNAQELBQADggEBABF7j2BKbZRb1okCCNVH
Gj2NVLPqmJ3oiz0hX4aG30fDYdOg8E1LpsKoUDBqobgsQRyWumGCzQfsJaNfBC60
jBtjqaLC0kdTrim26RlSgQnP7mdWz1smQmr5NA+teGPA1ROeQHch5A+eK7ayZpCq
QaoGxTm2M+5bws9lWz/stzJDrVBo+HMr2TK/COXxxnLb/0KLgnsPZtASvlHHLlRz
xLW7USbuJgm8rqOBFuBKCNr7XgcmlnOTy5JmbiOuUMmwPbF9KWg7R3yU2Z7L0jSG
zzkfCv89XW5j+i+xnaALESr8/MyE13tVSMgi91vAigOB+4aTllehu4pFaZejuUuk
QXY=
-----END CERTIFICATE-----