Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/471e89-d6a5-4933-a3e3-802630516f09/1/NMQYN8xlqO4wsOHvevRJjUb4Z_8.roa
File:                     NMQYN8xlqO4wsOHvevRJjUb4Z_8.roa (raw, json)
Hash identifier:          WqmDfy6Enj6bevQZz73XPg4bZyhoNcByWmGdFIMQnII=
Subject key identifier:   34:C4:18:37:CC:65:A8:EE:30:B0:E1:EF:7A:F4:49:8D:46:F8:67:FF
Certificate issuer:       /CN=9a37deff055a51d93e1ed2f7c73217d7607a8cf2
Certificate serial:       019137738AB7A77ED8564CC2BD9D41A3157B
Authority key identifier: 9A:37:DE:FF:05:5A:51:D9:3E:1E:D2:F7:C7:32:17:D7:60:7A:8C:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mjfe_wVaUdk-HtL3xzIX12B6jPI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/471e89-d6a5-4933-a3e3-802630516f09/1/NMQYN8xlqO4wsOHvevRJjUb4Z_8.roa
Signing time:             Fri 09 Aug 2024 14:03:24 +0000
ROA not before:           Fri 09 Aug 2024 14:03:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214396
IP address blocks:        193.42.32.0/23 maxlen: 23
                          2001:3600::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/471e89-d6a5-4933-a3e3-802630516f09/1/mjfe_wVaUdk-HtL3xzIX12B6jPI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/471e89-d6a5-4933-a3e3-802630516f09/1/mjfe_wVaUdk-HtL3xzIX12B6jPI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mjfe_wVaUdk-HtL3xzIX12B6jPI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:37:73:8a:b7:a7:7e:d8:56:4c:c2:bd:9d:41:a3:15:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a37deff055a51d93e1ed2f7c73217d7607a8cf2
        Validity
            Not Before: Aug  9 14:03:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34c41837cc65a8ee30b0e1ef7af4498d46f867ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7d:8d:13:fc:9f:b7:d7:4b:e2:64:54:42:d0:
                    af:8f:f4:b6:a7:e3:f1:62:48:77:e7:d0:89:d1:ff:
                    fd:29:97:13:d1:19:86:60:b7:61:a1:11:32:cf:27:
                    ed:a8:83:07:e4:ea:7c:83:25:5e:a4:52:ea:ef:aa:
                    30:ce:33:e3:30:34:26:5f:95:36:06:4b:4f:2c:e6:
                    56:74:70:53:6f:d0:fe:d2:6e:61:bc:19:07:b5:cb:
                    d2:b5:36:22:c4:94:e0:a4:d3:4f:a2:24:fa:f7:49:
                    7a:fe:a7:7b:1c:78:c6:8c:f6:da:8a:e8:a7:f5:f8:
                    60:0f:35:df:14:68:5d:1f:16:87:e0:9e:18:17:f0:
                    84:54:65:8a:e5:ab:83:68:62:7c:68:49:9e:55:8e:
                    de:77:1e:e4:28:5a:ff:d6:9c:e2:a5:19:e7:3a:f4:
                    5c:59:1d:fe:ef:12:50:b9:a3:55:ed:81:61:4b:43:
                    64:16:63:14:5c:2c:01:a2:c2:9f:b9:98:0d:06:32:
                    60:c4:a9:c7:7a:b6:e9:72:17:6e:1c:cb:cb:32:75:
                    59:0d:06:0c:56:a2:82:38:03:a4:5d:71:80:98:a5:
                    f5:de:55:61:65:8a:96:fa:1e:97:7b:47:9e:28:6c:
                    94:91:f2:5d:05:b5:3c:d9:08:95:0f:bf:d6:53:6a:
                    bb:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:C4:18:37:CC:65:A8:EE:30:B0:E1:EF:7A:F4:49:8D:46:F8:67:FF
            X509v3 Authority Key Identifier:
                keyid:9A:37:DE:FF:05:5A:51:D9:3E:1E:D2:F7:C7:32:17:D7:60:7A:8C:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjfe_wVaUdk-HtL3xzIX12B6jPI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/471e89-d6a5-4933-a3e3-802630516f09/1/NMQYN8xlqO4wsOHvevRJjUb4Z_8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/471e89-d6a5-4933-a3e3-802630516f09/1/mjfe_wVaUdk-HtL3xzIX12B6jPI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.42.32.0/23
                IPv6:
                  2001:3600::/32

    Signature Algorithm: sha256WithRSAEncryption
         af:e7:c5:fe:c7:fa:d4:49:aa:25:e1:77:cf:76:2f:56:31:17:
         02:5b:1f:c7:ab:30:ed:69:55:79:66:91:4b:b9:2e:d3:fa:b0:
         00:32:60:b6:df:f9:3f:8d:33:d4:66:02:42:20:f1:e7:8e:07:
         d2:c7:e3:76:1f:3c:03:ba:04:39:35:03:6b:f9:73:b5:06:85:
         7b:e1:e2:69:0c:3b:3f:31:6a:51:2f:ce:30:71:e0:cf:13:6a:
         2d:69:64:6d:cf:22:ec:6b:bb:c3:62:15:e6:94:28:de:9b:28:
         2c:09:0e:11:54:3e:ae:77:c0:f9:62:fc:ba:e2:53:28:6a:17:
         5c:74:7b:e8:59:b0:e4:3c:e2:31:86:8d:29:a8:b1:5a:0b:f9:
         5f:6c:aa:d1:52:8a:b3:42:2e:f8:7d:07:f8:d1:92:f2:1b:fb:
         3f:28:9b:e0:b9:08:aa:70:79:67:6b:18:0f:45:52:e3:55:8c:
         fe:79:5e:8f:66:60:fd:44:81:b6:c3:ec:f9:ed:b0:d0:cb:19:
         5a:28:ea:c4:40:e7:a3:39:42:e2:6f:84:c8:f6:b1:7d:2e:3a:
         d3:f7:c9:f5:46:32:f7:89:18:b2:4d:b5:6e:a9:26:cd:fe:6c:
         34:a1:ca:59:12:5a:54:78:67:6f:45:39:69:68:23:75:74:26:
         e4:65:71:e4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZE3c4q3p37YVkzCvZ1BoxV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMzdkZWZmMDU1YTUxZDkzZTFlZDJmN2M3MzIxN2Q3NjA3
YThjZjIwHhcNMjQwODA5MTQwMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGM0MTgzN2NjNjVhOGVlMzBiMGUxZWY3YWY0NDk4ZDQ2Zjg2N2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA332NE/yft9dL4mRUQtCvj/S2p+Px
Ykh359CJ0f/9KZcT0RmGYLdhoREyzyftqIMH5Op8gyVepFLq76owzjPjMDQmX5U2
BktPLOZWdHBTb9D+0m5hvBkHtcvStTYixJTgpNNPoiT690l6/qd7HHjGjPbaiuin
9fhgDzXfFGhdHxaH4J4YF/CEVGWK5auDaGJ8aEmeVY7edx7kKFr/1pzipRnnOvRc
WR3+7xJQuaNV7YFhS0NkFmMUXCwBosKfuZgNBjJgxKnHerbpchduHMvLMnVZDQYM
VqKCOAOkXXGAmKX13lVhZYqW+h6Xe0eeKGyUkfJdBbU82QiVD7/WU2q7HQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDTEGDfMZajuMLDh73r0SY1G+Gf/MB8GA1UdIwQY
MBaAFJo33v8FWlHZPh7S98cyF9dgeozyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWpmZV93VmFVZGstSHRMM3h6SVgxMkI2alBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS80NzFlODktZDZhNS00OTMzLWEzZTMt
ODAyNjMwNTE2ZjA5LzEvTk1RWU44eGxxTzR3c09IdmV2UkpqVWI0Wl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS80NzFlODktZDZhNS00OTMzLWEzZTMtODAyNjMwNTE2ZjA5
LzEvbWpmZV93VmFVZGstSHRMM3h6SVgxMkI2alBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBwSogMA0E
AgACMAcDBQAgATYAMA0GCSqGSIb3DQEBCwUAA4IBAQCv58X+x/rUSaol4XfPdi9W
MRcCWx/HqzDtaVV5ZpFLuS7T+rAAMmC23/k/jTPUZgJCIPHnjgfSx+N2HzwDugQ5
NQNr+XO1BoV74eJpDDs/MWpRL84wceDPE2otaWRtzyLsa7vDYhXmlCjemygsCQ4R
VD6ud8D5Yvy64lMoahdcdHvoWbDkPOIxho0pqLFaC/lfbKrRUoqzQi74fQf40ZLy
G/s/KJvguQiqcHlnaxgPRVLjVYz+eV6PZmD9RIG2w+z57bDQyxlaKOrEQOejOULi
b4TI9rF9LjrT98n1RjL3iRiyTbVuqSbN/mw0ocpZElpUeGdvRTlpaCN1dCbkZXHk
-----END CERTIFICATE-----