Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/ncIDCRgMQQMI8bFviNGRdJbwhDI.roa
File:                     ncIDCRgMQQMI8bFviNGRdJbwhDI.roa (raw, json)
Hash identifier:          45x0+AXM4S0d6zQOh92kMLDRksy+uV6WA7XDDVnyX88=
Subject key identifier:   9D:C2:03:09:18:0C:41:03:08:F1:B1:6F:88:D1:91:74:96:F0:84:32
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       0191FA4F55C8AE7EAF5CF87B707430083616
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/ncIDCRgMQQMI8bFviNGRdJbwhDI.roa
Signing time:             Mon 16 Sep 2024 10:09:48 +0000
ROA not before:           Mon 16 Sep 2024 10:09:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215224
IP address blocks:        185.224.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fa:4f:55:c8:ae:7e:af:5c:f8:7b:70:74:30:08:36:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Sep 16 10:09:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dc20309180c410308f1b16f88d1917496f08432
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ed:eb:76:0b:4d:ec:ef:14:52:29:39:4a:bf:
                    47:0a:39:3d:f0:4d:60:52:9e:84:10:5b:c3:85:a4:
                    b4:59:3f:3b:90:9b:5c:56:7c:c7:7c:b3:06:f5:d3:
                    e3:99:a1:59:92:04:bd:72:d5:fb:33:de:7d:b9:f5:
                    06:dd:e1:40:b0:91:e9:46:d6:c9:ee:1f:04:d8:f4:
                    bd:f0:c9:7e:ba:64:6e:37:5b:3e:a9:55:f0:76:04:
                    c3:96:8e:87:98:4f:48:60:90:e8:c3:15:89:f9:3c:
                    48:20:65:7d:7b:7f:b3:84:17:bd:4b:e0:d8:97:86:
                    cf:7e:9b:ab:36:36:36:be:3e:ac:74:3d:5c:f4:a5:
                    72:ad:9b:9e:16:09:79:d3:08:ff:f7:b9:81:5b:8a:
                    c7:f7:40:c3:bd:a4:8c:9c:90:72:84:6c:9d:d1:ea:
                    e6:5f:7e:42:c5:5e:e2:de:84:0c:78:3d:46:6a:5e:
                    22:ce:18:d0:85:92:e2:a6:bd:20:d7:82:8e:21:c1:
                    e2:eb:09:13:28:6d:11:16:eb:0b:be:7c:a9:17:9c:
                    76:87:e6:9e:dc:c2:7b:e0:56:4b:7c:4f:45:9f:dd:
                    d1:b2:a5:15:66:79:ac:7b:e8:52:72:44:fa:d0:30:
                    94:0f:f2:2a:be:14:5e:14:7d:48:7b:34:2f:0e:00:
                    25:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C2:03:09:18:0C:41:03:08:F1:B1:6F:88:D1:91:74:96:F0:84:32
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/ncIDCRgMQQMI8bFviNGRdJbwhDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:64:e1:df:0e:bd:a4:01:e2:c3:de:65:8b:fd:28:10:9e:53:
         9d:fe:0c:60:0a:4b:2b:a7:1a:7e:72:56:de:bc:1d:d5:a6:ac:
         6c:12:fc:b4:39:ec:27:e3:f5:a5:eb:54:1d:ec:46:83:93:bf:
         01:d1:35:af:11:45:d0:c2:d1:cb:f1:54:44:d1:81:3b:7e:46:
         5f:b9:04:74:5e:4e:d4:b1:2c:b3:bd:aa:e4:1a:b6:d8:c1:bc:
         ee:d8:14:e4:18:6c:26:55:f4:28:3a:0e:de:9b:68:1d:f9:1a:
         a0:67:cd:03:22:4b:0a:83:48:b6:97:fb:80:85:da:d8:cb:1c:
         da:3f:0b:0d:7b:1f:ed:fb:f3:32:16:2a:44:c4:c7:2a:e1:54:
         b2:c5:ad:7e:f7:fe:38:ff:6b:01:57:84:15:56:ed:74:fa:39:
         58:9b:bf:b0:c8:4b:97:e7:e8:ca:c5:69:8b:d7:57:fe:4f:40:
         d3:de:69:9c:e0:08:fd:6f:71:96:5f:80:08:6d:53:b0:3c:d5:
         ce:a2:f8:78:f1:aa:88:65:e2:3c:d5:81:03:50:59:93:00:41:
         c7:5b:51:23:1e:b4:ea:cc:a2:4b:7b:a7:b6:b2:08:8f:93:6b:
         c4:b1:a1:0f:46:c7:95:68:8b:a5:da:07:09:b4:4f:bf:54:d2:
         bf:0d:95:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZH6T1XIrn6vXPh7cHQwCDYWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjQwOTE2MTAwOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGMyMDMwOTE4MGM0MTAzMDhmMWIxNmY4OGQxOTE3NDk2ZjA4NDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuu3rdgtN7O8UUik5Sr9HCjk98E1g
Up6EEFvDhaS0WT87kJtcVnzHfLMG9dPjmaFZkgS9ctX7M959ufUG3eFAsJHpRtbJ
7h8E2PS98Ml+umRuN1s+qVXwdgTDlo6HmE9IYJDowxWJ+TxIIGV9e3+zhBe9S+DY
l4bPfpurNjY2vj6sdD1c9KVyrZueFgl50wj/97mBW4rH90DDvaSMnJByhGyd0erm
X35CxV7i3oQMeD1Gal4izhjQhZLipr0g14KOIcHi6wkTKG0RFusLvnypF5x2h+ae
3MJ74FZLfE9Fn93RsqUVZnmse+hSckT60DCUD/IqvhReFH1IezQvDgAljQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3CAwkYDEEDCPGxb4jRkXSW8IQyMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvbmNJRENSZ01RUU1JOGJGdmlOR1JkSmJ3aERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueDZMA0G
CSqGSIb3DQEBCwUAA4IBAQCkZOHfDr2kAeLD3mWL/SgQnlOd/gxgCksrpxp+clbe
vB3VpqxsEvy0Oewn4/Wl61Qd7EaDk78B0TWvEUXQwtHL8VRE0YE7fkZfuQR0Xk7U
sSyzvarkGrbYwbzu2BTkGGwmVfQoOg7em2gd+RqgZ80DIksKg0i2l/uAhdrYyxza
PwsNex/t+/MyFipExMcq4VSyxa1+9/44/2sBV4QVVu10+jlYm7+wyEuX5+jKxWmL
11f+T0DT3mmc4Aj9b3GWX4AIbVOwPNXOovh48aqIZeI81YEDUFmTAEHHW1EjHrTq
zKJLe6e2sgiPk2vEsaEPRseVaIul2gcJtE+/VNK/DZVY
-----END CERTIFICATE-----