Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nBp_v8T5wszkemUAArOT71RrclM.roa
File:                     nBp_v8T5wszkemUAArOT71RrclM.roa (raw, json)
Hash identifier:          /fXk2ISk9rtrwllExaI5SICYsMMs5Lm+kXTmbeGqoGk=
Subject key identifier:   9C:1A:7F:BF:C4:F9:C2:CC:E4:7A:65:00:02:B3:93:EF:54:6B:72:53
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E99679142E935B03C910C1E696115E902
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nBp_v8T5wszkemUAArOT71RrclM.roa
Signing time:             Mon 01 Apr 2024 11:24:45 +0000
ROA not before:           Mon 01 Apr 2024 11:24:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197715
IP address blocks:        81.161.236.0/24 maxlen: 24
                          92.119.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:99:67:91:42:e9:35:b0:3c:91:0c:1e:69:61:15:e9:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr  1 11:24:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c1a7fbfc4f9c2cce47a650002b393ef546b7253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:d4:1b:83:ac:da:08:c7:8b:35:d1:ba:5a:5e:
                    9a:05:b1:0a:fb:8e:69:36:22:43:fd:05:ed:82:db:
                    05:15:d1:e5:64:64:e5:ce:36:43:08:ce:26:74:d1:
                    69:6e:3b:c1:36:05:6d:63:3a:c7:84:16:21:8e:11:
                    ce:b5:8d:bf:71:64:34:3b:89:a1:41:73:5f:a7:22:
                    87:d8:ee:35:74:d2:41:ce:43:03:6f:b2:03:b5:1a:
                    9c:b7:84:42:5e:fc:75:8e:02:4f:6f:41:4c:8a:f0:
                    9d:27:30:cc:bb:d2:cb:a9:2e:fd:fc:16:a7:84:d5:
                    b9:50:04:49:ff:28:20:32:0a:0a:8b:29:55:c6:c2:
                    6a:08:be:57:ed:9b:66:da:0a:0d:4a:ec:f9:d8:1a:
                    1d:9e:33:e6:ff:a3:f0:af:90:d2:ba:8b:fe:57:09:
                    55:7b:3d:cd:91:8c:7d:c1:17:f4:2f:52:51:1d:88:
                    75:f1:f0:f0:4d:4f:a7:6d:67:37:37:f9:dd:1b:bd:
                    32:33:66:a3:11:30:65:10:79:1d:8f:19:87:3c:08:
                    ff:c4:67:3b:97:95:9e:f1:82:e0:2f:bc:d6:dd:3c:
                    84:3f:3f:f0:8c:32:b0:4a:7a:fc:8b:0a:15:bc:e6:
                    74:d0:95:e2:21:6a:ef:94:b2:2f:c5:76:34:34:38:
                    b2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:1A:7F:BF:C4:F9:C2:CC:E4:7A:65:00:02:B3:93:EF:54:6B:72:53
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nBp_v8T5wszkemUAArOT71RrclM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.236.0/24
                  92.119.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:eb:b7:de:06:54:9b:db:40:c0:b3:63:33:14:d2:28:34:09:
         3a:a5:a5:1e:04:ba:dd:7d:96:a2:5c:1b:e7:d9:55:b8:b9:09:
         c9:94:03:a4:40:d9:f1:e8:52:de:dd:2f:95:e8:96:ca:1e:24:
         82:0f:85:35:98:76:74:93:1a:1c:b9:9c:75:bc:93:2d:81:de:
         e4:2c:ad:2f:43:74:99:1c:b5:4d:c2:76:ae:93:ab:52:9d:a5:
         f2:93:e2:4e:cb:b4:e0:79:e9:0e:63:9f:0b:f7:2c:31:4a:d3:
         55:84:d9:83:d1:e7:56:2d:b2:f9:00:5b:4e:50:db:86:97:9f:
         b2:73:97:cf:1c:14:cb:bc:b5:8c:e1:05:ec:3b:33:83:97:71:
         57:6f:2a:2f:69:e3:c7:b6:69:12:69:69:d1:97:a9:29:8b:ff:
         09:f6:9f:23:10:3f:6a:2b:48:f8:dd:cc:36:2e:21:a5:c2:2c:
         84:88:f0:8f:df:ca:14:98:a2:0a:46:6d:92:cb:62:85:b1:77:
         bf:1a:53:9a:81:6f:25:46:7f:85:91:ee:73:5c:77:b7:6d:8d:
         b1:82:8a:73:7f:bb:94:a4:39:5f:31:15:bb:5f:03:b7:45:3c:
         7b:22:e3:cd:41:b9:af:8f:20:23:bf:66:e1:1d:27:83:aa:eb:
         1d:1e:90:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6ZZ5FC6TWwPJEMHmlhFekCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDAxMTEyNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzFhN2ZiZmM0ZjljMmNjZTQ3YTY1MDAwMmIzOTNlZjU0NmI3MjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9Qbg6zaCMeLNdG6Wl6aBbEK+45p
NiJD/QXtgtsFFdHlZGTlzjZDCM4mdNFpbjvBNgVtYzrHhBYhjhHOtY2/cWQ0O4mh
QXNfpyKH2O41dNJBzkMDb7IDtRqct4RCXvx1jgJPb0FMivCdJzDMu9LLqS79/Ban
hNW5UARJ/yggMgoKiylVxsJqCL5X7Ztm2goNSuz52BodnjPm/6Pwr5DSuov+VwlV
ez3NkYx9wRf0L1JRHYh18fDwTU+nbWc3N/ndG70yM2ajETBlEHkdjxmHPAj/xGc7
l5We8YLgL7zW3TyEPz/wjDKwSnr8iwoVvOZ00JXiIWrvlLIvxXY0NDiyFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJwaf7/E+cLM5HplAAKzk+9Ua3JTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbkJwX3Y4VDV3c3prZW1VQUFyT1Q3MVJyY2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUaHsAwQA
XHfHMA0GCSqGSIb3DQEBCwUAA4IBAQB+67feBlSb20DAs2MzFNIoNAk6paUeBLrd
fZaiXBvn2VW4uQnJlAOkQNnx6FLe3S+V6JbKHiSCD4U1mHZ0kxocuZx1vJMtgd7k
LK0vQ3SZHLVNwnauk6tSnaXyk+JOy7TgeekOY58L9ywxStNVhNmD0edWLbL5AFtO
UNuGl5+yc5fPHBTLvLWM4QXsOzODl3FXbyovaePHtmkSaWnRl6kpi/8J9p8jED9q
K0j43cw2LiGlwiyEiPCP38oUmKIKRm2Sy2KFsXe/GlOagW8lRn+Fke5zXHe3bY2x
gopzf7uUpDlfMRW7XwO3RTx7IuPNQbmvjyAjv2bhHSeDqusdHpAE
-----END CERTIFICATE-----