Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/nYn0ML-JJowN7CP3kfUNA-nh1aI.roa
File:                     nYn0ML-JJowN7CP3kfUNA-nh1aI.roa (raw, json)
Hash identifier:          Emx80Gd5XjKnf7QBep44EtZV042aO6b+EbvNDEkSUCM=
Subject key identifier:   9D:89:F4:30:BF:89:26:8C:0D:EC:23:F7:91:F5:0D:03:E9:E1:D5:A2
Certificate issuer:       /CN=7b0af9738c9f799b56f4b9017bf821b4fca135b8
Certificate serial:       018CC56ED7E42F8317C4B236DD5030DA83EB
Authority key identifier: 7B:0A:F9:73:8C:9F:79:9B:56:F4:B9:01:7B:F8:21:B4:FC:A1:35:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ewr5c4yfeZtW9LkBe_ghtPyhNbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/nYn0ML-JJowN7CP3kfUNA-nh1aI.roa
Signing time:             Mon 01 Jan 2024 14:30:24 +0000
ROA not before:           Mon 01 Jan 2024 14:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62385
IP address blocks:        193.104.151.0/24 maxlen: 24
                          2a10:7c80::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/ewr5c4yfeZtW9LkBe_ghtPyhNbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/ewr5c4yfeZtW9LkBe_ghtPyhNbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ewr5c4yfeZtW9LkBe_ghtPyhNbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d7:e4:2f:83:17:c4:b2:36:dd:50:30:da:83:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b0af9738c9f799b56f4b9017bf821b4fca135b8
        Validity
            Not Before: Jan  1 14:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d89f430bf89268c0dec23f791f50d03e9e1d5a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:04:10:c3:46:72:c0:9b:e2:c7:37:f4:86:7d:
                    75:41:92:94:5f:61:2b:03:4a:90:e8:17:60:6b:fb:
                    4b:ee:c5:54:31:54:a7:29:a2:2a:05:68:10:3a:f3:
                    be:2c:fd:92:53:8a:1b:15:1a:4c:de:5c:f9:aa:a9:
                    8e:7a:87:da:83:26:17:88:79:d3:33:40:fd:ad:33:
                    e7:f5:a1:52:bf:e5:28:e7:2f:c8:6d:aa:32:f6:07:
                    4d:87:c5:f8:e3:2f:76:0e:fa:42:0d:7f:f6:1c:bd:
                    18:65:07:7f:d7:36:13:9a:82:2d:86:8a:a4:46:4b:
                    2e:7d:55:b0:7e:d3:a4:78:7d:c8:52:f9:23:11:87:
                    6f:42:d1:05:2d:f4:98:63:4d:60:84:9a:ae:db:f1:
                    a3:0e:1a:bb:c5:84:37:be:08:88:7a:6d:06:ac:a0:
                    cc:0e:37:3b:6f:0e:52:fc:38:cb:d0:d4:12:90:6a:
                    e9:5b:52:90:e2:a2:fb:dc:12:b8:4f:77:17:0b:b8:
                    2b:55:a9:33:7b:b0:7f:f3:23:4d:40:95:62:46:07:
                    b6:8e:5e:ed:61:11:a0:ed:1e:8c:a3:b0:9a:9b:93:
                    90:aa:7f:95:ef:f1:9a:20:b5:1a:e5:0b:96:f0:57:
                    0a:a7:ec:b2:f2:d2:f2:46:5a:4f:16:1f:84:68:39:
                    72:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:89:F4:30:BF:89:26:8C:0D:EC:23:F7:91:F5:0D:03:E9:E1:D5:A2
            X509v3 Authority Key Identifier:
                keyid:7B:0A:F9:73:8C:9F:79:9B:56:F4:B9:01:7B:F8:21:B4:FC:A1:35:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ewr5c4yfeZtW9LkBe_ghtPyhNbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/nYn0ML-JJowN7CP3kfUNA-nh1aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/721e70-f442-4252-aea0-ca12f53d7b34/1/ewr5c4yfeZtW9LkBe_ghtPyhNbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.151.0/24
                IPv6:
                  2a10:7c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         54:d0:03:2c:ff:f2:47:57:81:b9:95:b9:a4:e8:a4:83:81:17:
         44:72:2c:86:45:fa:85:ac:bc:48:e6:50:ba:53:90:1a:d4:50:
         13:09:ff:66:46:e1:42:4f:a5:e6:ec:da:8f:2a:f1:8e:a0:d4:
         0c:4c:b9:69:a7:21:33:d7:b0:69:59:d3:10:6e:ce:8d:c7:95:
         f5:7c:ed:05:5e:03:8d:db:0b:ad:be:9a:a5:f6:0f:44:f1:86:
         3b:21:36:58:14:ec:97:47:08:8a:cc:58:23:5c:15:26:3d:4e:
         1b:fd:b0:6c:47:4c:71:08:9e:ba:d5:82:7b:5c:32:02:d5:f0:
         9f:5e:72:bc:9e:96:b1:b0:0e:b7:da:43:56:24:d2:fc:33:13:
         8d:bd:02:7e:89:81:f6:f7:71:a3:2c:85:db:d7:b5:bc:ed:39:
         dc:f4:42:7e:28:0c:b9:1a:cb:8d:42:28:e5:15:48:d5:6f:2b:
         64:7a:9d:a7:9a:c4:14:f9:13:98:33:16:19:0c:ad:63:bc:31:
         d8:3d:e7:ea:1a:db:e6:91:20:af:3c:62:2b:e9:7d:2c:cb:bf:
         ab:11:ff:f5:1a:40:76:5d:4f:33:f5:99:5c:c7:8b:0f:2d:e6:
         16:84:81:d8:58:cc:d0:bf:bc:f1:50:cd:ac:f6:b5:24:e5:ea:
         46:80:f2:57
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbtfkL4MXxLI23VAw2oPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMGFmOTczOGM5Zjc5OWI1NmY0YjkwMTdiZjgyMWI0ZmNh
MTM1YjgwHhcNMjQwMTAxMTQzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDg5ZjQzMGJmODkyNjhjMGRlYzIzZjc5MWY1MGQwM2U5ZTFkNWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAQQw0ZywJvixzf0hn11QZKUX2Er
A0qQ6Bdga/tL7sVUMVSnKaIqBWgQOvO+LP2SU4obFRpM3lz5qqmOeofagyYXiHnT
M0D9rTPn9aFSv+Uo5y/Ibaoy9gdNh8X44y92DvpCDX/2HL0YZQd/1zYTmoIthoqk
RksufVWwftOkeH3IUvkjEYdvQtEFLfSYY01ghJqu2/GjDhq7xYQ3vgiIem0GrKDM
Djc7bw5S/DjL0NQSkGrpW1KQ4qL73BK4T3cXC7grVakze7B/8yNNQJViRge2jl7t
YRGg7R6Mo7Cam5OQqn+V7/GaILUa5QuW8FcKp+yy8tLyRlpPFh+EaDlyaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ2J9DC/iSaMDewj95H1DQPp4dWiMB8GA1UdIwQY
MBaAFHsK+XOMn3mbVvS5AXv4IbT8oTW4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXdyNWM0eWZlWnRXOUxrQmVfZ2h0UHloTmJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MjFlNzAtZjQ0Mi00MjUyLWFlYTAt
Y2ExMmY1M2Q3YjM0LzEvblluME1MLUpKb3dON0NQM2tmVU5BLW5oMWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MjFlNzAtZjQ0Mi00MjUyLWFlYTAtY2ExMmY1M2Q3YjM0
LzEvZXdyNWM0eWZlWnRXOUxrQmVfZ2h0UHloTmJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwWiXMA0E
AgACMAcDBQMqEHyAMA0GCSqGSIb3DQEBCwUAA4IBAQBU0AMs//JHV4G5lbmk6KSD
gRdEciyGRfqFrLxI5lC6U5Aa1FATCf9mRuFCT6Xm7NqPKvGOoNQMTLlppyEz17Bp
WdMQbs6Nx5X1fO0FXgON2wutvpql9g9E8YY7ITZYFOyXRwiKzFgjXBUmPU4b/bBs
R0xxCJ661YJ7XDIC1fCfXnK8npaxsA632kNWJNL8MxONvQJ+iYH293GjLIXb17W8
7Tnc9EJ+KAy5GsuNQijlFUjVbytkep2nmsQU+ROYMxYZDK1jvDHYPefqGtvmkSCv
PGIr6X0sy7+rEf/1GkB2XU8z9Zlcx4sPLeYWhIHYWMzQv7zxUM2s9rUk5epGgPJX
-----END CERTIFICATE-----