Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/nvSvDpedRDgxTUOidi4SnCUtJXA.roa
File:                     nvSvDpedRDgxTUOidi4SnCUtJXA.roa (raw, json)
Hash identifier:          DaBwrFoz2/+zK0UK7xsjxdIlBHzNdUeLNSN1u1NH61c=
Subject key identifier:   9E:F4:AF:0E:97:9D:44:38:31:4D:43:A2:76:2E:12:9C:25:2D:25:70
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       018CC9BC91001A4E165B6C83E8BC7D35C5F6
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/nvSvDpedRDgxTUOidi4SnCUtJXA.roa
Signing time:             Tue 02 Jan 2024 10:33:47 +0000
ROA not before:           Tue 02 Jan 2024 10:33:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46746
IP address blocks:        82.112.107.0/28 maxlen: 28

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:91:00:1a:4e:16:5b:6c:83:e8:bc:7d:35:c5:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 10:33:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ef4af0e979d4438314d43a2762e129c252d2570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:02:27:bb:18:a7:8a:d0:2a:b0:34:bc:c9:78:
                    e6:d9:cf:3c:b2:11:eb:ad:f5:4e:da:be:f5:59:03:
                    1d:8d:e6:b3:1a:10:b1:be:b0:70:e4:15:c2:8a:6a:
                    66:ff:3f:b0:0f:8b:07:21:8b:1a:e7:22:c0:62:72:
                    12:44:4f:cd:7f:47:b0:0e:ca:e6:04:c2:6a:61:fa:
                    21:2a:bf:a5:5c:47:b9:a2:03:07:86:f1:80:00:55:
                    64:8a:38:cf:4b:8e:86:e8:93:fd:6d:9e:dc:89:4d:
                    7f:52:11:0a:30:79:c0:c8:68:9c:a5:72:b9:ee:4e:
                    25:93:97:35:d9:5a:3a:54:37:8e:b8:35:02:7c:97:
                    79:59:0c:b3:b9:11:e0:14:95:d2:04:f7:23:bf:65:
                    10:cb:60:bb:f0:df:d5:ab:06:ff:9a:bb:f6:1f:2b:
                    fa:76:c8:09:00:b7:ae:4f:38:a0:4f:d8:0e:08:ab:
                    93:55:89:01:01:ea:80:46:01:3b:3d:3c:e0:b6:51:
                    0e:43:a2:0b:db:c4:9c:3e:95:88:b4:75:9c:4d:a7:
                    70:5f:01:fc:6f:a8:f3:c8:3f:cc:b1:0c:8c:80:c0:
                    d5:5d:81:a7:27:d7:ff:1f:c8:48:1b:60:f1:a1:b2:
                    c4:74:82:79:37:a5:d5:96:fd:47:b4:b6:51:44:36:
                    47:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F4:AF:0E:97:9D:44:38:31:4D:43:A2:76:2E:12:9C:25:2D:25:70
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/nvSvDpedRDgxTUOidi4SnCUtJXA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.112.107.0/28

    Signature Algorithm: sha256WithRSAEncryption
         9f:1a:2b:41:be:ae:bf:03:33:67:5e:2e:d9:5f:91:ea:0e:e9:
         d5:6a:7c:68:0e:fe:5d:5a:87:f3:6f:04:14:26:00:b8:2d:ec:
         25:3c:73:32:16:30:d7:48:24:8f:df:61:1a:31:db:15:7a:b3:
         2c:21:a2:96:8d:33:fb:4e:b1:b8:05:ff:89:44:ec:cd:aa:21:
         d2:45:cd:a8:05:26:65:2e:21:de:f2:44:79:cd:0e:fc:b3:85:
         3a:da:98:3a:17:28:77:53:81:5d:fc:b0:4b:01:85:62:27:e4:
         6a:f9:fb:bc:65:b1:b8:6a:b2:f8:20:c7:69:c4:ce:56:9a:49:
         96:c5:60:dd:47:27:09:0a:95:38:49:74:80:60:e5:d6:df:d9:
         c3:f4:ea:32:00:12:3d:3b:f4:35:8d:01:23:81:00:c8:a4:b6:
         97:d6:0b:5b:97:32:ae:7a:af:a1:9d:87:a8:e2:da:5c:fc:db:
         6f:94:6e:89:49:7c:35:e9:14:5d:33:ac:95:d7:5b:4a:3a:86:
         f5:55:78:ac:f7:f5:59:68:bb:76:26:5b:89:62:ba:2c:2a:00:
         71:12:eb:2d:d4:f5:61:1f:ee:70:f0:ce:2b:9f:b4:d9:77:6d:
         ec:81:2e:6a:17:fe:5a:4f:d6:81:29:6d:07:a5:b5:70:a5:62:
         e4:21:bf:6a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvJEAGk4WW2yD6Lx9NcX2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjQwMTAyMTAzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY0YWYwZTk3OWQ0NDM4MzE0ZDQzYTI3NjJlMTI5YzI1MmQyNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAInuxinitAqsDS8yXjm2c88shHr
rfVO2r71WQMdjeazGhCxvrBw5BXCimpm/z+wD4sHIYsa5yLAYnISRE/Nf0ewDsrm
BMJqYfohKr+lXEe5ogMHhvGAAFVkijjPS46G6JP9bZ7ciU1/UhEKMHnAyGicpXK5
7k4lk5c12Vo6VDeOuDUCfJd5WQyzuRHgFJXSBPcjv2UQy2C78N/Vqwb/mrv2Hyv6
dsgJALeuTzigT9gOCKuTVYkBAeqARgE7PTzgtlEOQ6IL28ScPpWItHWcTadwXwH8
b6jzyD/MsQyMgMDVXYGnJ9f/H8hIG2DxobLEdIJ5N6XVlv1HtLZRRDZHAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ70rw6XnUQ4MU1DonYuEpwlLSVwMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvbnZTdkRwZWRSRGd4VFVPaWRpNFNuQ1V0SlhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUEUnBrADAN
BgkqhkiG9w0BAQsFAAOCAQEAnxorQb6uvwMzZ14u2V+R6g7p1Wp8aA7+XVqH828E
FCYAuC3sJTxzMhYw10gkj99hGjHbFXqzLCGilo0z+06xuAX/iUTszaoh0kXNqAUm
ZS4h3vJEec0O/LOFOtqYOhcod1OBXfywSwGFYifkavn7vGWxuGqy+CDHacTOVppJ
lsVg3UcnCQqVOEl0gGDl1t/Zw/TqMgASPTv0NY0BI4EAyKS2l9YLW5cyrnqvoZ2H
qOLaXPzbb5RuiUl8NekUXTOslddbSjqG9VV4rPf1WWi7diZbiWK6LCoAcRLrLdT1
YR/ucPDOK5+02Xdt7IEuahf+Wk/WgSltB6W1cKVi5CG/ag==
-----END CERTIFICATE-----