Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/nrLMNgG_itrkSyVv29y_J5ZzfCA.roa
File:                     nrLMNgG_itrkSyVv29y_J5ZzfCA.roa (raw, json)
Hash identifier:          SY0upA+r5lYi1hpNNTEp7Td4mpe78GczRq6Jc21aJ9Q=
Subject key identifier:   9E:B2:CC:36:01:BF:8A:DA:E4:4B:25:6F:DB:DC:BF:27:96:73:7C:20
Certificate issuer:       /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial:       01902680D154ED3FAA6418FDCDEE43353E0E
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/nrLMNgG_itrkSyVv29y_J5ZzfCA.roa
Signing time:             Mon 17 Jun 2024 14:01:34 +0000
ROA not before:           Mon 17 Jun 2024 14:01:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214694
IP address blocks:        109.207.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:26:80:d1:54:ed:3f:aa:64:18:fd:cd:ee:43:35:3e:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
        Validity
            Not Before: Jun 17 14:01:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eb2cc3601bf8adae44b256fdbdcbf2796737c20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c7:e1:f3:48:0f:a4:b9:ca:f6:04:51:1c:1f:
                    c1:b8:3d:83:f5:71:da:93:2a:05:b2:bb:b3:ad:64:
                    d4:7f:f5:15:08:75:b3:82:5a:96:76:be:30:d4:3a:
                    53:51:e8:e5:61:02:03:26:e2:f3:b1:4b:0c:2b:a0:
                    38:e9:60:99:d4:33:4f:fa:f1:5c:b4:d0:22:21:db:
                    83:36:03:bc:e9:0d:05:4a:fd:94:88:cc:97:70:41:
                    28:b1:fb:86:21:77:ca:0a:6a:cf:5b:3e:8d:df:51:
                    e7:f4:b1:a0:f6:6b:58:c5:19:69:19:39:c8:95:1c:
                    6f:52:f4:27:12:aa:43:bf:1d:a6:7e:c7:91:bc:b2:
                    60:20:8d:42:59:3d:01:e4:bf:87:76:2c:c7:5a:d1:
                    c1:91:79:38:77:02:ed:4c:55:67:11:0b:dd:8e:c0:
                    0b:eb:c9:70:20:59:81:19:bf:26:43:02:02:f8:64:
                    3e:92:05:a9:6a:b0:e5:d3:a4:a5:72:3b:c1:d9:f6:
                    0e:63:0a:0a:7d:51:2b:9c:57:ba:e6:69:74:09:cb:
                    8b:57:35:e2:10:b5:a2:52:c6:16:45:75:b1:ff:39:
                    8a:bc:d2:5f:62:e1:cc:6f:67:20:13:7f:55:3a:20:
                    d9:6c:16:d5:0b:4e:bf:48:91:e0:a8:8a:fc:ea:4d:
                    76:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B2:CC:36:01:BF:8A:DA:E4:4B:25:6F:DB:DC:BF:27:96:73:7C:20
            X509v3 Authority Key Identifier:
                keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/nrLMNgG_itrkSyVv29y_J5ZzfCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.207.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:94:93:ee:f2:1d:c4:00:b3:ed:bd:d4:98:e2:db:6e:6b:83:
         57:17:27:1c:05:e3:42:ba:a5:8a:cc:da:12:d2:d8:a7:b7:46:
         e1:ad:8f:95:f6:74:c6:19:b8:52:1a:67:4a:83:4f:c4:5c:db:
         3c:01:9b:72:37:bf:93:c6:8f:05:12:0a:c1:a6:72:b2:af:19:
         f6:35:da:a7:8e:77:11:96:66:91:09:2d:f2:8b:55:37:ef:65:
         7f:be:d1:f5:d2:43:34:ab:70:cc:71:73:b7:70:f6:ad:fd:5e:
         79:f3:b7:88:90:67:c0:31:a6:b0:f9:11:e5:a3:fd:45:32:d4:
         68:40:1d:d8:9c:0d:40:41:8c:ec:63:0b:fb:c4:4b:f1:2d:11:
         c9:76:8c:cd:83:91:53:d4:15:43:48:19:0e:45:cb:1d:db:69:
         77:10:c6:26:81:e3:07:12:21:95:5a:a9:69:a9:43:69:a7:54:
         25:45:46:3d:12:8f:50:ed:2f:84:5b:95:f5:35:35:a1:5c:d9:
         5b:36:0e:27:ff:d8:e9:f9:dc:dd:7b:b8:67:32:f4:82:39:d6:
         3e:6b:a5:c4:d8:05:ac:de:35:04:3a:36:e7:86:04:b7:27:a2:
         b8:f3:36:4c:ed:62:43:8e:b7:19:4b:2b:70:b2:e2:e1:6f:37:
         96:47:2f:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAmgNFU7T+qZBj9ze5DNT4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjRhOGI5M2FmOWVhOWNmMThhYWNhNGU3M2YxMTZlYzI2
ZWIzNTcwHhcNMjQwNjE3MTQwMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWIyY2MzNjAxYmY4YWRhZTQ0YjI1NmZkYmRjYmYyNzk2NzM3YzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcfh80gPpLnK9gRRHB/BuD2D9XHa
kyoFsruzrWTUf/UVCHWzglqWdr4w1DpTUejlYQIDJuLzsUsMK6A46WCZ1DNP+vFc
tNAiIduDNgO86Q0FSv2UiMyXcEEosfuGIXfKCmrPWz6N31Hn9LGg9mtYxRlpGTnI
lRxvUvQnEqpDvx2mfseRvLJgII1CWT0B5L+HdizHWtHBkXk4dwLtTFVnEQvdjsAL
68lwIFmBGb8mQwIC+GQ+kgWparDl06SlcjvB2fYOYwoKfVErnFe65ml0CcuLVzXi
ELWiUsYWRXWx/zmKvNJfYuHMb2cgE39VOiDZbBbVC06/SJHgqIr86k120wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6yzDYBv4ra5Eslb9vcvyeWc3wgMB8GA1UdIwQY
MBaAFJ+0qLk6+eqc8YqspOc/EW7CbrNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYt
OGQ2OGViMjBmYmRkLzEvbnJMTU5nR19pdHJrU3lWdjI5eV9KNVp6ZkNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYtOGQ2OGViMjBmYmRk
LzEvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbc/zMA0G
CSqGSIb3DQEBCwUAA4IBAQDNlJPu8h3EALPtvdSY4ttua4NXFyccBeNCuqWKzNoS
0tint0bhrY+V9nTGGbhSGmdKg0/EXNs8AZtyN7+Txo8FEgrBpnKyrxn2NdqnjncR
lmaRCS3yi1U372V/vtH10kM0q3DMcXO3cPat/V5587eIkGfAMaaw+RHlo/1FMtRo
QB3YnA1AQYzsYwv7xEvxLRHJdozNg5FT1BVDSBkORcsd22l3EMYmgeMHEiGVWqlp
qUNpp1QlRUY9Eo9Q7S+EW5X1NTWhXNlbNg4n/9jp+dzde7hnMvSCOdY+a6XE2AWs
3jUEOjbnhgS3J6K48zZM7WJDjrcZSytwsuLhbzeWRy9T
-----END CERTIFICATE-----