Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/nrEZ70NKdba_Z739H3IX4760ZEo.roa
File:                     nrEZ70NKdba_Z739H3IX4760ZEo.roa (raw, json)
Hash identifier:          EfT5Xe+/Y9eYb4JRUxMcfn6g8ArS0r9u+1Pxe60KFHE=
Subject key identifier:   9E:B1:19:EF:43:4A:75:B6:BF:67:BD:FD:1F:72:17:E3:BE:B4:64:4A
Certificate issuer:       /CN=4268a4cfb6b1b6447da93833321dd315061193d4
Certificate serial:       018CC6B9345AB455E20C79B648295B87A7EA
Authority key identifier: 42:68:A4:CF:B6:B1:B6:44:7D:A9:38:33:32:1D:D3:15:06:11:93:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qmikz7axtkR9qTgzMh3TFQYRk9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/nrEZ70NKdba_Z739H3IX4760ZEo.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8648
IP address blocks:        185.105.253.0/24 maxlen: 24
                          185.105.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/Qmikz7axtkR9qTgzMh3TFQYRk9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/Qmikz7axtkR9qTgzMh3TFQYRk9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qmikz7axtkR9qTgzMh3TFQYRk9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:34:5a:b4:55:e2:0c:79:b6:48:29:5b:87:a7:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4268a4cfb6b1b6447da93833321dd315061193d4
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eb119ef434a75b6bf67bdfd1f7217e3beb4644a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b1:11:80:2c:ce:02:02:0b:2c:c2:54:20:2d:
                    fc:0a:90:59:73:df:5c:75:59:76:b2:49:8a:f6:b3:
                    62:94:72:a9:74:c1:6d:3a:7f:1a:76:60:2f:78:ee:
                    5b:cf:4d:fc:05:93:f9:58:37:5e:8a:54:3e:e5:3d:
                    ad:1d:33:5a:82:ea:fa:7f:6d:76:d7:4e:f8:c7:13:
                    be:cd:8a:69:0d:f5:90:8f:dc:d6:19:06:05:27:ac:
                    71:74:5d:d4:32:4a:fc:48:6b:35:15:cf:af:c0:e4:
                    40:e3:cf:61:bf:60:c8:4b:46:d0:76:c6:61:9e:31:
                    79:21:94:fd:eb:b7:ea:ee:64:ef:de:dc:ae:d3:60:
                    c7:43:44:2b:e1:c2:c1:a8:1b:74:38:04:f6:47:0d:
                    e2:e4:93:cc:2c:f5:60:4b:d4:0b:d0:3e:b2:dd:62:
                    75:f3:71:2a:f6:52:a4:65:bc:e5:be:11:81:1c:71:
                    6b:e6:36:3f:df:81:3a:fe:81:e3:52:2d:73:fa:84:
                    0e:51:0a:96:a2:f8:d7:f2:84:87:53:e2:d8:ba:f3:
                    85:fb:00:82:23:43:81:e1:42:77:eb:c1:0a:5f:23:
                    1c:19:c3:37:de:bd:29:00:da:df:de:7c:d6:5c:b0:
                    c8:d6:31:19:11:3a:e1:5c:13:ee:20:29:47:3f:fa:
                    03:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B1:19:EF:43:4A:75:B6:BF:67:BD:FD:1F:72:17:E3:BE:B4:64:4A
            X509v3 Authority Key Identifier:
                keyid:42:68:A4:CF:B6:B1:B6:44:7D:A9:38:33:32:1D:D3:15:06:11:93:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qmikz7axtkR9qTgzMh3TFQYRk9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/nrEZ70NKdba_Z739H3IX4760ZEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/7d43bb-a1c6-4055-8c53-2fee8b6309cb/1/Qmikz7axtkR9qTgzMh3TFQYRk9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:f2:8e:ed:84:d1:44:ff:a1:05:31:01:59:dd:6c:1f:d2:6a:
         8d:21:1d:eb:37:49:0b:ea:ea:7a:9e:c1:b9:f9:08:75:91:94:
         cf:67:68:19:8d:b4:a1:c7:91:cc:df:1d:24:89:7a:44:24:c5:
         f8:64:0d:66:18:e3:7f:68:b3:5d:5b:b9:fc:bf:bc:cf:f2:f8:
         8d:38:40:83:de:f0:c7:ed:01:b2:bb:3d:c9:4b:fa:57:bf:b2:
         88:2b:a5:a2:fd:d7:b4:7d:d4:8c:9b:79:ee:76:0b:36:36:0e:
         f2:37:b5:c2:bb:ab:28:86:ca:a4:f8:2c:d0:83:dd:5b:bc:9e:
         c3:44:2d:58:7b:20:10:49:43:f6:74:31:57:61:1c:f2:4e:7a:
         88:c2:99:c4:16:a4:30:1b:16:cb:6c:66:f6:37:4a:b0:ce:5c:
         a2:21:c4:48:84:f6:55:53:fc:9e:8e:f3:87:52:24:bd:85:8a:
         43:a7:fd:37:33:61:b8:1d:3d:6c:bf:4e:0f:c1:4a:6f:a8:11:
         89:69:49:bd:6a:74:f3:1f:c7:72:96:6b:6f:c2:6a:b6:76:aa:
         cf:27:45:9e:50:0e:92:5d:5a:cb:ae:0d:2a:46:d9:8e:ae:eb:
         24:c7:1b:08:4e:dd:d3:7e:77:d2:60:ad:91:e6:ca:4f:59:92:
         39:8e:69:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTRatFXiDHm2SClbh6fqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNjhhNGNmYjZiMWI2NDQ3ZGE5MzgzMzMyMWRkMzE1MDYx
MTkzZDQwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWIxMTllZjQzNGE3NWI2YmY2N2JkZmQxZjcyMTdlM2JlYjQ2NDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbERgCzOAgILLMJUIC38CpBZc99c
dVl2skmK9rNilHKpdMFtOn8admAveO5bz038BZP5WDdeilQ+5T2tHTNagur6f212
1074xxO+zYppDfWQj9zWGQYFJ6xxdF3UMkr8SGs1Fc+vwORA489hv2DIS0bQdsZh
njF5IZT967fq7mTv3tyu02DHQ0Qr4cLBqBt0OAT2Rw3i5JPMLPVgS9QL0D6y3WJ1
83Eq9lKkZbzlvhGBHHFr5jY/34E6/oHjUi1z+oQOUQqWovjX8oSHU+LYuvOF+wCC
I0OB4UJ368EKXyMcGcM33r0pANrf3nzWXLDI1jEZETrhXBPuIClHP/oDzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6xGe9DSnW2v2e9/R9yF+O+tGRKMB8GA1UdIwQY
MBaAFEJopM+2sbZEfak4MzId0xUGEZPUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW1pa3o3YXh0a1I5cVRnek1oM1RGUVlSazlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS83ZDQzYmItYTFjNi00MDU1LThjNTMt
MmZlZThiNjMwOWNiLzEvbnJFWjcwTktkYmFfWjczOUgzSVg0NzYwWkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS83ZDQzYmItYTFjNi00MDU1LThjNTMtMmZlZThiNjMwOWNi
LzEvUW1pa3o3YXh0a1I5cVRnek1oM1RGUVlSazlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuWn8MA0G
CSqGSIb3DQEBCwUAA4IBAQBC8o7thNFE/6EFMQFZ3Wwf0mqNIR3rN0kL6up6nsG5
+Qh1kZTPZ2gZjbShx5HM3x0kiXpEJMX4ZA1mGON/aLNdW7n8v7zP8viNOECD3vDH
7QGyuz3JS/pXv7KIK6Wi/de0fdSMm3nudgs2Ng7yN7XCu6sohsqk+CzQg91bvJ7D
RC1YeyAQSUP2dDFXYRzyTnqIwpnEFqQwGxbLbGb2N0qwzlyiIcRIhPZVU/yejvOH
UiS9hYpDp/03M2G4HT1sv04PwUpvqBGJaUm9anTzH8dylmtvwmq2dqrPJ0WeUA6S
XVrLrg0qRtmOruskxxsITt3TfnfSYK2R5spPWZI5jml2
-----END CERTIFICATE-----