Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/nUxTi5H5Wi_nGNCH8VXylwgxdJ0.roa
File:                     nUxTi5H5Wi_nGNCH8VXylwgxdJ0.roa (raw, json)
Hash identifier:          xSWU06TWSLqiugEcuWmt4LzGgEiH/rhkdBHL5vVX0+0=
Subject key identifier:   9D:4C:53:8B:91:F9:5A:2F:E7:18:D0:87:F1:55:F2:97:08:31:74:9D
Certificate issuer:       /CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
Certificate serial:       0194214428D2D03B9C680411C310E1987CE4
Authority key identifier: F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/nUxTi5H5Wi_nGNCH8VXylwgxdJ0.roa
Signing time:             Wed 01 Jan 2025 09:48:22 +0000
ROA not before:           Wed 01 Jan 2025 09:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3360
IP address blocks:        195.66.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:28:d2:d0:3b:9c:68:04:11:c3:10:e1:98:7c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f19918ed219e7d3d922737ecdc731f0ca60a68b8
        Validity
            Not Before: Jan  1 09:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d4c538b91f95a2fe718d087f155f2970831749d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:65:1c:e8:bd:ca:ff:c8:a3:84:4e:79:61:db:
                    72:68:1a:a6:82:3f:0d:84:99:23:ae:55:b4:39:ef:
                    29:6c:cc:48:54:fe:b9:e8:d6:dd:64:85:e9:b6:98:
                    4a:77:7c:c5:5a:05:7e:22:de:81:af:86:43:ec:d1:
                    58:46:b0:66:ba:96:74:2a:14:b4:c1:ae:ff:99:fe:
                    ef:82:d3:15:2d:93:c8:4a:72:e3:8e:f8:8e:35:4e:
                    85:03:95:7b:4a:cf:04:f4:23:a1:22:eb:b4:cf:6e:
                    c0:e7:e6:5c:c4:e3:a1:50:cc:09:5d:b1:ce:4e:70:
                    19:7a:84:7a:c9:1c:7e:46:29:1a:bb:1b:2e:04:80:
                    34:44:33:2e:19:4f:80:ef:42:c9:2f:d4:00:92:4f:
                    75:35:da:72:96:7e:ba:11:65:f7:f0:89:a5:ed:27:
                    a9:d4:b3:d8:8f:96:6f:9d:9c:b2:31:67:e9:23:3d:
                    ad:b4:a7:67:ee:fc:52:ee:c8:d2:2b:c0:ac:37:93:
                    4c:8a:5f:60:2d:60:ff:df:31:e2:32:09:98:59:5e:
                    38:43:f9:5d:82:ff:26:5b:2b:c9:8a:44:aa:14:e6:
                    32:6f:ff:4f:93:4b:4c:80:97:fe:61:79:70:ee:1b:
                    7a:b0:9c:69:bc:0e:67:0c:b7:b0:15:88:55:a0:2b:
                    56:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:4C:53:8B:91:F9:5A:2F:E7:18:D0:87:F1:55:F2:97:08:31:74:9D
            X509v3 Authority Key Identifier:
                keyid:F1:99:18:ED:21:9E:7D:3D:92:27:37:EC:DC:73:1F:0C:A6:0A:68:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8ZkY7SGefT2SJzfs3HMfDKYKaLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/nUxTi5H5Wi_nGNCH8VXylwgxdJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/62b098-568d-4872-a032-313efeb0b19d/1/8ZkY7SGefT2SJzfs3HMfDKYKaLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:d2:73:ad:2b:e7:2d:f1:58:5b:25:1e:84:aa:b2:de:82:84:
         5c:c6:40:1e:5c:be:fc:f9:8d:ca:34:7e:df:26:42:c8:db:8b:
         16:89:31:43:07:db:8a:c8:a5:dd:fc:86:50:4c:bd:f8:e8:d8:
         47:f9:4e:00:dc:6d:73:35:3f:b1:e2:d8:ff:46:71:3f:38:a7:
         48:7a:d2:42:fc:29:f2:b6:f9:a2:5f:15:ff:b1:3b:f9:5c:91:
         f8:02:12:6e:92:ba:aa:06:72:38:da:ab:7f:f9:a8:58:c0:70:
         b0:c5:d3:31:2d:bd:89:86:bc:4c:df:dc:b9:60:f4:11:d5:e7:
         39:f8:29:5b:62:3e:f0:d0:71:84:6e:16:7f:6c:4b:06:80:a9:
         42:a1:34:13:31:70:d0:4b:93:5c:be:0a:95:53:f4:54:93:2c:
         ff:12:1d:ff:69:68:ec:a1:fc:d8:7b:3c:24:61:66:a6:50:cb:
         81:ef:97:5f:7f:79:27:25:e9:18:83:dd:af:9d:cd:70:79:53:
         f2:b5:d4:a3:f4:20:c1:30:e8:5e:14:0d:48:1d:ad:98:ce:1f:
         4c:be:93:36:ac:a6:36:5e:da:88:63:a9:57:3c:fc:41:80:7f:
         3a:69:c3:31:c1:85:79:77:9b:a0:0f:c9:3a:5e:3d:33:6b:f4:
         1d:b4:2c:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRCjS0DucaAQRwxDhmHzkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxOTkxOGVkMjE5ZTdkM2Q5MjI3MzdlY2RjNzMxZjBjYTYw
YTY4YjgwHhcNMjUwMTAxMDk0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDRjNTM4YjkxZjk1YTJmZTcxOGQwODdmMTU1ZjI5NzA4MzE3NDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mUc6L3K/8ijhE55YdtyaBqmgj8N
hJkjrlW0Oe8pbMxIVP656NbdZIXptphKd3zFWgV+It6Br4ZD7NFYRrBmupZ0KhS0
wa7/mf7vgtMVLZPISnLjjviONU6FA5V7Ss8E9COhIuu0z27A5+ZcxOOhUMwJXbHO
TnAZeoR6yRx+RikauxsuBIA0RDMuGU+A70LJL9QAkk91Ndpyln66EWX38Iml7Sep
1LPYj5ZvnZyyMWfpIz2ttKdn7vxS7sjSK8CsN5NMil9gLWD/3zHiMgmYWV44Q/ld
gv8mWyvJikSqFOYyb/9Pk0tMgJf+YXlw7ht6sJxpvA5nDLewFYhVoCtW+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1MU4uR+Vov5xjQh/FV8pcIMXSdMB8GA1UdIwQY
MBaAFPGZGO0hnn09kic37NxzHwymCmi4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzIt
MzEzZWZlYjBiMTlkLzEvblV4VGk1SDVXaV9uR05DSDhWWHlsd2d4ZEowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS82MmIwOTgtNTY4ZC00ODcyLWEwMzItMzEzZWZlYjBiMTlk
LzEvOFprWTdTR2VmVDJTSnpmczNITWZES1lLYUxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0JrMA0G
CSqGSIb3DQEBCwUAA4IBAQCa0nOtK+ct8VhbJR6EqrLegoRcxkAeXL78+Y3KNH7f
JkLI24sWiTFDB9uKyKXd/IZQTL346NhH+U4A3G1zNT+x4tj/RnE/OKdIetJC/Cny
tvmiXxX/sTv5XJH4AhJukrqqBnI42qt/+ahYwHCwxdMxLb2JhrxM39y5YPQR1ec5
+ClbYj7w0HGEbhZ/bEsGgKlCoTQTMXDQS5NcvgqVU/RUkyz/Eh3/aWjsofzYezwk
YWamUMuB75dff3knJekYg92vnc1weVPytdSj9CDBMOheFA1IHa2Yzh9MvpM2rKY2
XtqIY6lXPPxBgH86acMxwYV5d5ugD8k6Xj0za/QdtCyD
-----END CERTIFICATE-----