Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/858ed8-731a-4761-82c0-6b0179ee1dd9/1/nfD4CHbsdQSSMHEkUqh35-afONk.roa
File:                     nfD4CHbsdQSSMHEkUqh35-afONk.roa (raw, json)
Hash identifier:          Gja2FusDFqIkZdfFBnSoYdYimR7YjidJpIOTlJImmzA=
Subject key identifier:   9D:F0:F8:08:76:EC:75:04:92:30:71:24:52:A8:77:E7:E6:9F:38:D9
Certificate issuer:       /CN=a0cef1caa3459b8b039c217813648dcabce8c2d3
Certificate serial:       018CC87127618B1E0E97F8E4829569CB810F
Authority key identifier: A0:CE:F1:CA:A3:45:9B:8B:03:9C:21:78:13:64:8D:CA:BC:E8:C2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oM7xyqNFm4sDnCF4E2SNyrzowtM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/858ed8-731a-4761-82c0-6b0179ee1dd9/1/nfD4CHbsdQSSMHEkUqh35-afONk.roa
Signing time:             Tue 02 Jan 2024 04:31:47 +0000
ROA not before:           Tue 02 Jan 2024 04:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59475
IP address blocks:        81.161.120.0/21 maxlen: 21
                          193.0.168.0/23 maxlen: 23
                          109.197.162.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/858ed8-731a-4761-82c0-6b0179ee1dd9/1/oM7xyqNFm4sDnCF4E2SNyrzowtM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/858ed8-731a-4761-82c0-6b0179ee1dd9/1/oM7xyqNFm4sDnCF4E2SNyrzowtM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oM7xyqNFm4sDnCF4E2SNyrzowtM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:27:61:8b:1e:0e:97:f8:e4:82:95:69:cb:81:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0cef1caa3459b8b039c217813648dcabce8c2d3
        Validity
            Not Before: Jan  2 04:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9df0f80876ec75049230712452a877e7e69f38d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a9:ab:91:6f:da:77:cd:fd:35:83:f4:4d:9b:
                    e0:49:df:47:a0:77:ea:2d:a0:56:ec:f2:88:46:a7:
                    e3:ae:2c:e3:97:4d:0b:57:04:ca:0a:b6:4c:e7:84:
                    f0:aa:ca:a1:04:92:1d:df:be:fc:29:5e:04:75:00:
                    cc:fc:1c:07:78:7d:ba:5f:98:41:72:f2:b6:ce:9d:
                    a7:93:e2:ae:05:23:67:cc:32:ba:62:94:55:5b:2c:
                    d4:b3:cb:2c:97:9a:b8:eb:eb:b9:e8:3e:80:30:8a:
                    86:d1:47:77:fb:80:a3:ab:4a:f8:36:2f:52:2c:3c:
                    3b:41:53:a5:75:14:d4:e2:54:92:d8:f9:bd:24:f2:
                    4d:df:8d:dd:73:eb:fa:f2:d4:f3:a3:76:75:96:29:
                    bf:46:95:51:34:42:1d:0b:6f:48:4d:7f:8b:cd:c5:
                    36:2f:50:5d:63:bd:d9:1d:e0:29:5e:82:69:01:64:
                    a3:5a:85:25:19:0a:a7:36:e2:db:d5:14:b7:f2:cf:
                    21:6f:17:f2:19:61:d8:48:68:1f:7e:af:66:e5:55:
                    ee:24:6a:c3:13:76:41:10:de:7f:24:20:06:b0:d7:
                    cd:3b:09:67:bf:59:e9:c2:ee:6e:83:3a:6e:ad:b6:
                    91:58:27:66:e5:73:ab:fb:6e:b9:26:ee:da:ce:45:
                    22:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:F0:F8:08:76:EC:75:04:92:30:71:24:52:A8:77:E7:E6:9F:38:D9
            X509v3 Authority Key Identifier:
                keyid:A0:CE:F1:CA:A3:45:9B:8B:03:9C:21:78:13:64:8D:CA:BC:E8:C2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oM7xyqNFm4sDnCF4E2SNyrzowtM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/858ed8-731a-4761-82c0-6b0179ee1dd9/1/nfD4CHbsdQSSMHEkUqh35-afONk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/858ed8-731a-4761-82c0-6b0179ee1dd9/1/oM7xyqNFm4sDnCF4E2SNyrzowtM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.161.120.0/21
                  109.197.162.0/23
                  193.0.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:f8:66:d4:22:45:4c:ce:1b:6d:6f:5f:6c:93:e1:3d:b2:72:
         5c:d1:6d:7f:d2:19:ad:ed:a7:8c:33:39:50:18:67:09:91:ed:
         0d:27:b6:83:79:a4:ae:53:32:32:e7:72:4f:13:a3:f3:54:30:
         d4:b7:51:48:dc:81:f7:b9:4b:2f:ab:6e:06:c6:01:22:a9:76:
         74:dc:2f:ca:58:d9:0e:97:10:60:9f:5c:1a:63:1d:e9:16:81:
         66:c0:a0:f5:5e:f4:b8:4f:0d:06:93:e9:5d:bd:9e:50:4b:22:
         6c:cb:2e:8a:49:d0:14:3a:d4:ef:d0:2b:19:f4:40:3e:a1:03:
         35:ca:90:fd:0e:99:6d:0e:dc:f4:3e:ba:be:19:b8:61:dc:1a:
         a4:2d:ba:9a:60:d2:33:e7:5b:db:ec:61:2c:a5:60:0a:26:a1:
         08:7f:ce:a0:bb:df:ec:3f:8d:1a:33:f7:c1:c6:c4:02:b5:bc:
         bf:d0:0e:28:0f:64:66:92:84:d7:39:de:62:84:72:01:3b:50:
         12:ca:cd:e6:9c:34:12:88:21:d9:4a:09:0b:e2:3c:bd:00:2d:
         81:23:56:60:61:e8:f9:31:40:8f:d9:4f:85:fe:db:95:b1:2f:
         8f:05:1b:9d:2f:e3:d7:9f:c4:df:de:df:f4:9f:e2:06:01:61:
         00:be:93:0b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIcSdhix4Ol/jkgpVpy4EPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwY2VmMWNhYTM0NTliOGIwMzljMjE3ODEzNjQ4ZGNhYmNl
OGMyZDMwHhcNMjQwMTAyMDQzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGYwZjgwODc2ZWM3NTA0OTIzMDcxMjQ1MmE4NzdlN2U2OWYzOGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6mrkW/ad839NYP0TZvgSd9HoHfq
LaBW7PKIRqfjrizjl00LVwTKCrZM54TwqsqhBJId3778KV4EdQDM/BwHeH26X5hB
cvK2zp2nk+KuBSNnzDK6YpRVWyzUs8ssl5q46+u56D6AMIqG0Ud3+4Cjq0r4Ni9S
LDw7QVOldRTU4lSS2Pm9JPJN343dc+v68tTzo3Z1lim/RpVRNEIdC29ITX+LzcU2
L1BdY73ZHeApXoJpAWSjWoUlGQqnNuLb1RS38s8hbxfyGWHYSGgffq9m5VXuJGrD
E3ZBEN5/JCAGsNfNOwlnv1npwu5ugzpurbaRWCdm5XOr+265Ju7azkUiuwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ3w+Ah27HUEkjBxJFKod+fmnzjZMB8GA1UdIwQY
MBaAFKDO8cqjRZuLA5wheBNkjcq86MLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb003eHlxTkZtNHNEbkNGNEUyU055cnpvd3RNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84NThlZDgtNzMxYS00NzYxLTgyYzAt
NmIwMTc5ZWUxZGQ5LzEvbmZENENIYnNkUVNTTUhFa1VxaDM1LWFmT05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84NThlZDgtNzMxYS00NzYxLTgyYzAtNmIwMTc5ZWUxZGQ5
LzEvb003eHlxTkZtNHNEbkNGNEUyU055cnpvd3RNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDUaF4AwQB
bcWiAwQBwQCoMA0GCSqGSIb3DQEBCwUAA4IBAQA5+GbUIkVMzhttb19sk+E9snJc
0W1/0hmt7aeMMzlQGGcJke0NJ7aDeaSuUzIy53JPE6PzVDDUt1FI3IH3uUsvq24G
xgEiqXZ03C/KWNkOlxBgn1waYx3pFoFmwKD1XvS4Tw0Gk+ldvZ5QSyJsyy6KSdAU
OtTv0CsZ9EA+oQM1ypD9DpltDtz0Prq+Gbhh3BqkLbqaYNIz51vb7GEspWAKJqEI
f86gu9/sP40aM/fBxsQCtby/0A4oD2RmkoTXOd5ihHIBO1ASys3mnDQSiCHZSgkL
4jy9AC2BI1ZgYej5MUCP2U+F/tuVsS+PBRudL+PXn8Tf3t/0n+IGAWEAvpML
-----END CERTIFICATE-----