Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/npZk_DsmLHG4lKguA5kZdCZ2iAg.roa
File:                     npZk_DsmLHG4lKguA5kZdCZ2iAg.roa (raw, json)
Hash identifier:          voZZjwP91UbnQk5UTSLktPRGQBsjJTeT9M0gsM16tVk=
Subject key identifier:   9E:96:64:FC:3B:26:2C:71:B8:94:A8:2E:03:99:19:74:26:76:88:08
Certificate issuer:       /CN=be37c70f1c67eca1775a709c9235d6a2f55516b8
Certificate serial:       018CC4255E8F7E3893CD8866E4406D1806D6
Authority key identifier: BE:37:C7:0F:1C:67:EC:A1:77:5A:70:9C:92:35:D6:A2:F5:55:16:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/npZk_DsmLHG4lKguA5kZdCZ2iAg.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15685
IP address blocks:        185.95.117.0/24 maxlen: 24
                          185.95.118.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5e:8f:7e:38:93:cd:88:66:e4:40:6d:18:06:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be37c70f1c67eca1775a709c9235d6a2f55516b8
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e9664fc3b262c71b894a82e0399197426768808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:81:eb:ea:46:4a:53:bf:d5:d0:e6:de:f8:30:
                    20:ad:0b:bb:da:9d:f2:a2:e2:36:9a:6c:d4:41:c8:
                    79:99:da:fb:48:0d:2a:ed:2f:77:da:a0:14:73:c1:
                    5e:ac:69:dc:4e:5d:d7:ac:b6:05:57:3a:4c:8a:aa:
                    35:d7:e6:b9:58:c7:2a:ac:77:1c:5b:2b:c8:53:a8:
                    9e:bf:42:a3:65:7b:e8:b4:27:47:d4:53:38:3b:43:
                    6a:d9:8f:f9:56:bd:71:71:fc:16:eb:f6:f9:e9:29:
                    c9:fe:48:de:1f:b3:40:63:a0:98:bf:6f:ad:a7:d2:
                    56:53:b8:fb:d3:cb:c9:63:12:9b:14:d8:b9:f5:ef:
                    cc:c4:5f:ff:ea:cf:1c:f8:13:c1:c0:44:3d:f5:23:
                    8e:ac:82:ae:b2:ca:1a:2d:b2:9d:ad:c4:a7:84:1a:
                    2f:82:59:a0:33:10:bb:77:07:7b:a1:b9:36:05:e3:
                    64:b2:55:2e:3d:be:28:b3:02:37:d6:81:1d:5e:e2:
                    82:8e:47:eb:f0:c2:a1:3b:8d:60:cc:1d:0e:95:c7:
                    fe:61:ee:2e:16:9f:43:cf:77:01:20:59:20:7a:82:
                    30:de:d9:94:66:ac:23:24:93:dd:f7:f2:94:b4:22:
                    6e:7c:ce:dc:6d:13:e8:ab:ab:f8:a0:23:89:b4:0d:
                    a0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:96:64:FC:3B:26:2C:71:B8:94:A8:2E:03:99:19:74:26:76:88:08
            X509v3 Authority Key Identifier:
                keyid:BE:37:C7:0F:1C:67:EC:A1:77:5A:70:9C:92:35:D6:A2:F5:55:16:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vjfHDxxn7KF3WnCckjXWovVVFrg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/npZk_DsmLHG4lKguA5kZdCZ2iAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/973431-5ae4-4521-9454-c8eb08ce9089/1/vjfHDxxn7KF3WnCckjXWovVVFrg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.117.0-185.95.119.255

    Signature Algorithm: sha256WithRSAEncryption
         1d:c4:19:9b:31:15:9b:c0:e2:e6:bf:13:d9:ae:47:f2:37:22:
         ef:95:68:44:a0:29:13:f2:af:49:96:42:a5:c9:5c:52:e4:d8:
         b3:0b:a3:02:4c:26:55:76:c3:2a:01:d6:d7:63:36:3e:0c:cd:
         83:95:dc:06:e1:17:99:96:3e:49:f2:8d:68:7e:a5:5a:56:a3:
         bd:d9:db:9f:3f:8b:9c:6b:4e:72:ad:68:45:7e:52:78:1d:d7:
         7f:79:d6:91:d3:99:c5:97:a7:ba:48:be:29:4d:e3:1a:d1:94:
         56:ae:c0:92:e2:83:26:21:1a:a8:a9:96:2d:7d:02:ec:d7:e3:
         55:dd:ea:a8:06:44:31:a0:dd:f5:09:f3:b2:00:96:93:b8:59:
         1c:94:80:bc:ba:ca:30:48:e3:5e:54:9b:8b:27:9c:bb:4d:d4:
         12:e1:2c:16:08:3f:2c:3b:83:96:d1:8e:df:33:ac:5f:f8:5d:
         cd:76:65:fc:0c:c5:95:7c:06:56:63:2b:fb:97:8c:ee:b9:da:
         65:bf:5b:4c:f0:93:66:07:e8:1b:97:90:f3:f3:a3:cc:9e:2d:
         7c:1c:5a:2a:19:23:e7:d0:f4:41:53:3d:90:d3:86:d5:82:a4:
         05:3e:20:36:2a:10:b8:28:90:2b:8e:ee:71:00:c4:90:eb:5d:
         ad:d1:ec:b7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEJV6PfjiTzYhm5EBtGAbWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMzdjNzBmMWM2N2VjYTE3NzVhNzA5YzkyMzVkNmEyZjU1
NTE2YjgwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTk2NjRmYzNiMjYyYzcxYjg5NGE4MmUwMzk5MTk3NDI2NzY4ODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh4Hr6kZKU7/V0Obe+DAgrQu72p3y
ouI2mmzUQch5mdr7SA0q7S932qAUc8FerGncTl3XrLYFVzpMiqo11+a5WMcqrHcc
WyvIU6iev0KjZXvotCdH1FM4O0Nq2Y/5Vr1xcfwW6/b56SnJ/kjeH7NAY6CYv2+t
p9JWU7j708vJYxKbFNi59e/MxF//6s8c+BPBwEQ99SOOrIKussoaLbKdrcSnhBov
glmgMxC7dwd7obk2BeNkslUuPb4oswI31oEdXuKCjkfr8MKhO41gzB0Olcf+Ye4u
Fp9Dz3cBIFkgeoIw3tmUZqwjJJPd9/KUtCJufM7cbRPoq6v4oCOJtA2gowIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJ6WZPw7JixxuJSoLgOZGXQmdogIMB8GA1UdIwQY
MBaAFL43xw8cZ+yhd1pwnJI11qL1VRa4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmpmSER4eG43S0YzV25DY2tqWFdvdlZWRnJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS85NzM0MzEtNWFlNC00NTIxLTk0NTQt
YzhlYjA4Y2U5MDg5LzEvbnBaa19Ec21MSEc0bEtndUE1a1pkQ1oyaUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS85NzM0MzEtNWFlNC00NTIxLTk0NTQtYzhlYjA4Y2U5MDg5
LzEvdmpmSER4eG43S0YzV25DY2tqWFdvdlZWRnJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5X3UD
BAO5X3AwDQYJKoZIhvcNAQELBQADggEBAB3EGZsxFZvA4ua/E9muR/I3Iu+VaESg
KRPyr0mWQqXJXFLk2LMLowJMJlV2wyoB1tdjNj4MzYOV3AbhF5mWPknyjWh+pVpW
o73Z258/i5xrTnKtaEV+Ungd13951pHTmcWXp7pIvilN4xrRlFauwJLigyYhGqip
li19AuzX41Xd6qgGRDGg3fUJ87IAlpO4WRyUgLy6yjBI415Um4snnLtN1BLhLBYI
Pyw7g5bRjt8zrF/4Xc12ZfwMxZV8BlZjK/uXjO652mW/W0zwk2YH6BuXkPPzo8ye
LXwcWioZI+fQ9EFTPZDThtWCpAU+IDYqELgokCuO7nEAxJDrXa3R7Lc=
-----END CERTIFICATE-----