Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/0NC1N_A-fQvGxJ0y6M2HnKF7jRA.roa
File:                     0NC1N_A-fQvGxJ0y6M2HnKF7jRA.roa (raw, json)
Hash identifier:          ui4M3nog1Gu32ZWTG5lmnhIcOo/8j6eCO17Kb4EZuZM=
Subject key identifier:   D0:D0:B5:37:F0:3E:7D:0B:C6:C4:9D:32:E8:CD:87:9C:A1:7B:8D:10
Certificate issuer:       /CN=f879988e0f49971a326f419e5cfacbfddcc993e7
Certificate serial:       0194282329F35B8F8E2C536C13104CC003D1
Authority key identifier: F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/0NC1N_A-fQvGxJ0y6M2HnKF7jRA.roa
Signing time:             Thu 02 Jan 2025 17:49:40 +0000
ROA not before:           Thu 02 Jan 2025 17:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400897
IP address blocks:        83.136.208.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:29:f3:5b:8f:8e:2c:53:6c:13:10:4c:c0:03:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f879988e0f49971a326f419e5cfacbfddcc993e7
        Validity
            Not Before: Jan  2 17:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0d0b537f03e7d0bc6c49d32e8cd879ca17b8d10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:08:79:8c:cd:73:1a:c6:35:08:dd:15:16:6e:
                    ef:57:c9:34:61:52:74:dc:a7:f2:dd:59:56:82:8e:
                    60:84:39:ec:d7:c6:cf:e7:ff:ed:ad:a9:85:76:f1:
                    90:dc:c4:f8:9b:56:3c:a6:e8:ac:be:a4:08:40:dc:
                    cf:c3:a6:a5:4f:d8:7b:16:dc:c3:e7:66:15:c4:e3:
                    6d:9d:20:2b:77:33:13:77:03:f7:60:cd:66:be:bf:
                    54:ba:eb:26:76:71:28:f1:8e:55:13:0d:3b:5a:97:
                    54:a1:de:ed:7b:23:ef:fe:9b:70:03:db:f2:33:cb:
                    1c:b2:42:fa:38:91:29:7b:81:24:4e:5c:60:d4:f4:
                    34:15:39:fa:5e:9a:3c:7f:f9:de:25:06:29:75:30:
                    8b:bb:ba:c8:85:78:f7:1b:fa:84:cd:b1:83:99:24:
                    32:29:52:4c:f6:40:b6:6f:70:30:4f:60:c4:56:80:
                    ab:56:60:56:3d:86:f2:ec:35:fc:99:c6:0e:97:e5:
                    5b:1e:00:f6:3c:50:b6:cf:c7:b3:66:e3:95:c6:3f:
                    38:1d:94:d4:92:bb:6d:48:86:3a:14:0e:94:16:41:
                    3c:18:0c:a5:d9:69:06:28:25:95:eb:a9:8e:a4:26:
                    9a:73:8f:57:42:e8:e7:53:6e:aa:12:97:3c:2e:d9:
                    9c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:D0:B5:37:F0:3E:7D:0B:C6:C4:9D:32:E8:CD:87:9C:A1:7B:8D:10
            X509v3 Authority Key Identifier:
                keyid:F8:79:98:8E:0F:49:97:1A:32:6F:41:9E:5C:FA:CB:FD:DC:C9:93:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/0NC1N_A-fQvGxJ0y6M2HnKF7jRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/af3d81-0047-413c-91f4-0470b4bb30db/1/1-HmYjg9Jlxoyb0GeXPrL_dzJk-c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.136.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:1a:25:04:b9:2b:74:b1:a9:8a:8b:ce:ac:a7:c0:74:23:4a:
         e2:06:72:32:a4:7c:34:4f:77:01:0e:2c:c8:ef:d8:c0:33:ae:
         68:18:b7:bd:09:07:fd:35:a3:49:23:7b:bb:e6:45:be:db:41:
         73:82:1a:c0:4c:83:3c:02:9d:9d:ea:2f:4b:d7:78:f1:51:3d:
         d1:42:e3:5b:72:e0:ad:7d:53:0b:4a:df:50:09:f1:99:81:a4:
         cb:52:98:d3:bb:96:bf:3f:86:28:d2:6d:aa:f6:53:7c:ea:e6:
         a3:cb:04:2f:b1:4b:83:50:f2:bd:d3:11:5d:5f:45:ca:c2:eb:
         3e:69:64:5c:0a:71:d9:38:ea:35:38:9d:07:22:ea:5b:6b:4a:
         75:f5:e3:65:0e:3d:18:54:7f:59:e7:8c:dd:8f:bc:1c:c5:46:
         ae:90:dc:76:ac:76:93:dc:c9:66:fe:10:1e:26:24:99:d0:49:
         57:a9:bf:b9:74:66:19:e9:24:ac:be:db:71:f9:e6:f3:ac:22:
         c0:9e:3f:9e:94:e9:32:f4:a7:5d:c0:e5:e4:13:1d:c7:14:65:
         86:15:88:58:5b:61:3c:f2:8c:a7:79:73:c6:a8:0a:46:84:f1:
         07:60:15:00:91:eb:2e:7e:5c:ad:24:1e:3e:fa:68:45:cb:ec:
         c2:98:b5:78
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQoIynzW4+OLFNsExBMwAPRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Nzk5ODhlMGY0OTk3MWEzMjZmNDE5ZTVjZmFjYmZkZGNj
OTkzZTcwHhcNMjUwMTAyMTc0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQwYjUzN2YwM2U3ZDBiYzZjNDlkMzJlOGNkODc5Y2ExN2I4ZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAh5jM1zGsY1CN0VFm7vV8k0YVJ0
3Kfy3VlWgo5ghDns18bP5//tramFdvGQ3MT4m1Y8puisvqQIQNzPw6alT9h7FtzD
52YVxONtnSArdzMTdwP3YM1mvr9UuusmdnEo8Y5VEw07WpdUod7teyPv/ptwA9vy
M8scskL6OJEpe4EkTlxg1PQ0FTn6Xpo8f/neJQYpdTCLu7rIhXj3G/qEzbGDmSQy
KVJM9kC2b3AwT2DEVoCrVmBWPYby7DX8mcYOl+VbHgD2PFC2z8ezZuOVxj84HZTU
krttSIY6FA6UFkE8GAyl2WkGKCWV66mOpCaac49XQujnU26qEpc8LtmcmwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNDQtTfwPn0LxsSdMujNh5yhe40QMB8GA1UdIwQY
MBaAFPh5mI4PSZcaMm9Bnlz6y/3cyZPnMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1IbVlqZzlKbHhveWIwR2VYUHJMX2R6SmstYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0
LTA0NzBiNGJiMzBkYi8xLzBOQzFOX0EtZlF2R3hKMHk2TTJIbktGN2pSQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDUvYWYzZDgxLTAwNDctNDEzYy05MWY0LTA0NzBiNGJiMzBk
Yi8xLzEtSG1Zamc5Smx4b3liMEdlWFByTF9kekprLWMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAJTiNAw
DQYJKoZIhvcNAQELBQADggEBAJoaJQS5K3SxqYqLzqynwHQjSuIGcjKkfDRPdwEO
LMjv2MAzrmgYt70JB/01o0kje7vmRb7bQXOCGsBMgzwCnZ3qL0vXePFRPdFC41ty
4K19UwtK31AJ8ZmBpMtSmNO7lr8/hijSbar2U3zq5qPLBC+xS4NQ8r3TEV1fRcrC
6z5pZFwKcdk46jU4nQci6ltrSnX142UOPRhUf1nnjN2PvBzFRq6Q3HasdpPcyWb+
EB4mJJnQSVepv7l0ZhnpJKy+23H55vOsIsCeP56U6TL0p13A5eQTHccUZYYViFhb
YTzyjKd5c8aoCkaE8QdgFQCR6y5+XK0kHj76aEXL7MKYtXg=
-----END CERTIFICATE-----