Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fc13a7-09a7-46c2-80f7-5124c67cdbac/1/nAoZQzKFf1HXlHI4vNttDtXAfPk.roa
File:                     nAoZQzKFf1HXlHI4vNttDtXAfPk.roa (raw, json)
Hash identifier:          EVKa6zrpCXHzAlcOYswv7cpoGT6odfl5wVQ/FV9jOKk=
Subject key identifier:   9C:0A:19:43:32:85:7F:51:D7:94:72:38:BC:DB:6D:0E:D5:C0:7C:F9
Certificate issuer:       /CN=ec15f13b7c6ef4639af0fe0fe17045943c34f2af
Certificate serial:       018CC5DBEE10360588E34482807FE57E24A4
Authority key identifier: EC:15:F1:3B:7C:6E:F4:63:9A:F0:FE:0F:E1:70:45:94:3C:34:F2:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7BXxO3xu9GOa8P4P4XBFlDw08q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fc13a7-09a7-46c2-80f7-5124c67cdbac/1/nAoZQzKFf1HXlHI4vNttDtXAfPk.roa
Signing time:             Mon 01 Jan 2024 16:29:34 +0000
ROA not before:           Mon 01 Jan 2024 16:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        193.150.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fc13a7-09a7-46c2-80f7-5124c67cdbac/1/7BXxO3xu9GOa8P4P4XBFlDw08q8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fc13a7-09a7-46c2-80f7-5124c67cdbac/1/7BXxO3xu9GOa8P4P4XBFlDw08q8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7BXxO3xu9GOa8P4P4XBFlDw08q8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ee:10:36:05:88:e3:44:82:80:7f:e5:7e:24:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec15f13b7c6ef4639af0fe0fe17045943c34f2af
        Validity
            Not Before: Jan  1 16:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c0a194332857f51d7947238bcdb6d0ed5c07cf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a5:83:5e:3e:04:e1:99:49:6d:b6:cd:ad:d3:
                    f7:10:46:a9:93:02:a9:ab:60:f9:99:d4:fa:c3:bd:
                    45:00:b8:ae:28:5f:0a:a0:b6:58:0b:60:cd:d6:5f:
                    32:c6:c5:b0:19:39:68:d9:79:44:36:f1:5c:b6:04:
                    8a:49:ff:60:75:05:7a:b8:04:d5:30:25:7c:e2:29:
                    57:c6:62:3f:73:a1:32:13:7c:fc:dc:c5:04:f5:25:
                    fe:46:5d:ae:df:43:34:5a:75:d9:e7:fc:78:b1:f1:
                    22:2c:b4:a5:44:04:07:43:a4:49:78:a7:1e:ee:e7:
                    09:07:52:ef:0a:7d:00:f0:9f:d3:c8:50:0f:d3:16:
                    e3:82:06:63:3e:a1:ca:27:16:f3:e9:cc:fc:3b:ef:
                    35:52:b8:5c:38:50:54:1e:77:b4:64:15:50:dd:77:
                    b6:7e:83:dd:57:bc:e7:36:de:7d:88:0d:82:63:d6:
                    cd:1e:87:35:c6:bf:35:e8:77:f9:de:68:07:0b:d0:
                    cc:cd:44:7a:4e:70:01:21:c3:1a:a4:1f:9c:10:20:
                    52:c0:44:f3:1f:ab:17:1b:9f:74:a8:6c:6b:fa:9c:
                    18:1f:d4:b5:55:48:0b:eb:44:c8:6a:14:a3:9d:0a:
                    64:64:c8:22:de:76:9d:fc:59:7b:9e:71:28:da:2f:
                    28:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:0A:19:43:32:85:7F:51:D7:94:72:38:BC:DB:6D:0E:D5:C0:7C:F9
            X509v3 Authority Key Identifier:
                keyid:EC:15:F1:3B:7C:6E:F4:63:9A:F0:FE:0F:E1:70:45:94:3C:34:F2:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7BXxO3xu9GOa8P4P4XBFlDw08q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fc13a7-09a7-46c2-80f7-5124c67cdbac/1/nAoZQzKFf1HXlHI4vNttDtXAfPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fc13a7-09a7-46c2-80f7-5124c67cdbac/1/7BXxO3xu9GOa8P4P4XBFlDw08q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:6f:00:69:5a:c3:3c:e2:15:dc:8d:47:08:21:3e:cf:0f:22:
         0b:38:0e:d6:97:d7:06:cb:a9:ff:50:ee:e7:3d:e4:e8:fc:ce:
         20:de:35:ba:26:a4:f3:1a:c1:25:54:ae:4e:4c:8d:ed:d5:67:
         59:e5:39:c3:b7:e0:e2:42:0e:5e:55:d5:2d:12:7f:88:55:92:
         ff:59:8d:1f:ee:5a:e4:e1:4b:fa:64:b5:27:a6:6d:f6:3c:d3:
         e3:a3:01:0f:79:1d:33:ab:a8:c6:ec:7b:9b:88:1f:60:f7:dd:
         08:eb:c4:79:3c:1e:00:2c:3a:eb:91:43:ff:bc:cb:89:df:aa:
         ff:a5:66:c3:b4:53:60:dd:31:f7:ab:91:39:01:85:73:3f:33:
         2d:72:2b:a0:01:71:02:a7:69:5b:12:15:29:8b:d6:85:a3:48:
         91:8e:0e:0e:c0:04:26:9a:e3:eb:c4:a8:3a:7b:43:77:a5:23:
         04:a7:b0:12:77:a2:3f:75:31:f9:9f:8e:62:99:62:2d:89:24:
         54:0d:0e:3b:31:02:b2:86:5f:c5:c8:76:e0:90:42:50:d8:19:
         3f:a8:54:b6:a5:35:bd:b6:bf:b4:01:9d:44:a1:0f:89:b6:40:
         62:7d:02:88:18:f6:76:1c:5b:01:69:59:74:a3:f2:3b:7b:e0:
         44:cc:19:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+4QNgWI40SCgH/lfiSkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMTVmMTNiN2M2ZWY0NjM5YWYwZmUwZmUxNzA0NTk0M2Mz
NGYyYWYwHhcNMjQwMTAxMTYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzBhMTk0MzMyODU3ZjUxZDc5NDcyMzhiY2RiNmQwZWQ1YzA3Y2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqWDXj4E4ZlJbbbNrdP3EEapkwKp
q2D5mdT6w71FALiuKF8KoLZYC2DN1l8yxsWwGTlo2XlENvFctgSKSf9gdQV6uATV
MCV84ilXxmI/c6EyE3z83MUE9SX+Rl2u30M0WnXZ5/x4sfEiLLSlRAQHQ6RJeKce
7ucJB1LvCn0A8J/TyFAP0xbjggZjPqHKJxbz6cz8O+81UrhcOFBUHne0ZBVQ3Xe2
foPdV7znNt59iA2CY9bNHoc1xr816Hf53mgHC9DMzUR6TnABIcMapB+cECBSwETz
H6sXG590qGxr+pwYH9S1VUgL60TIahSjnQpkZMgi3nad/Fl7nnEo2i8oTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJwKGUMyhX9R15RyOLzbbQ7VwHz5MB8GA1UdIwQY
MBaAFOwV8Tt8bvRjmvD+D+FwRZQ8NPKvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0JYeE8zeHU5R09hOFA0UDRYQkZsRHcwOHE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYzEzYTctMDlhNy00NmMyLTgwZjct
NTEyNGM2N2NkYmFjLzEvbkFvWlF6S0ZmMUhYbEhJNHZOdHREdFhBZlBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYzEzYTctMDlhNy00NmMyLTgwZjctNTEyNGM2N2NkYmFj
LzEvN0JYeE8zeHU5R09hOFA0UDRYQkZsRHcwOHE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZZoMA0G
CSqGSIb3DQEBCwUAA4IBAQCnbwBpWsM84hXcjUcIIT7PDyILOA7Wl9cGy6n/UO7n
PeTo/M4g3jW6JqTzGsElVK5OTI3t1WdZ5TnDt+DiQg5eVdUtEn+IVZL/WY0f7lrk
4Uv6ZLUnpm32PNPjowEPeR0zq6jG7HubiB9g990I68R5PB4ALDrrkUP/vMuJ36r/
pWbDtFNg3TH3q5E5AYVzPzMtciugAXECp2lbEhUpi9aFo0iRjg4OwAQmmuPrxKg6
e0N3pSMEp7ASd6I/dTH5n45imWItiSRUDQ47MQKyhl/FyHbgkEJQ2Bk/qFS2pTW9
tr+0AZ1EoQ+JtkBifQKIGPZ2HFsBaVl0o/I7e+BEzBnn
-----END CERTIFICATE-----