Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/da1f23-3694-4f59-85cf-ca1e5f081950/1/nxUGRJEsBQM6si0KMTAkwnx0Yho.roa
File:                     nxUGRJEsBQM6si0KMTAkwnx0Yho.roa (raw, json)
Hash identifier:          o5Kt1a9HMkuu9Olr1iADigUs5vWXLd7Ifh6qf+/EI1Y=
Subject key identifier:   9F:15:06:44:91:2C:05:03:3A:B2:2D:0A:31:30:24:C2:7C:74:62:1A
Certificate issuer:       /CN=8323b9731b196b1acbc829f5b28b325fd9d3e3d4
Certificate serial:       018CC3B73C240F3AC690EA8DFF146C175031
Authority key identifier: 83:23:B9:73:1B:19:6B:1A:CB:C8:29:F5:B2:8B:32:5F:D9:D3:E3:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gyO5cxsZaxrLyCn1sosyX9nT49Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/da1f23-3694-4f59-85cf-ca1e5f081950/1/nxUGRJEsBQM6si0KMTAkwnx0Yho.roa
Signing time:             Mon 01 Jan 2024 06:30:14 +0000
ROA not before:           Mon 01 Jan 2024 06:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8468
IP address blocks:        185.146.44.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/da1f23-3694-4f59-85cf-ca1e5f081950/1/gyO5cxsZaxrLyCn1sosyX9nT49Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/da1f23-3694-4f59-85cf-ca1e5f081950/1/gyO5cxsZaxrLyCn1sosyX9nT49Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gyO5cxsZaxrLyCn1sosyX9nT49Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3c:24:0f:3a:c6:90:ea:8d:ff:14:6c:17:50:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8323b9731b196b1acbc829f5b28b325fd9d3e3d4
        Validity
            Not Before: Jan  1 06:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f150644912c05033ab22d0a313024c27c74621a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:af:29:55:d3:59:4a:04:8a:34:c1:6b:7a:88:
                    1c:5b:07:70:16:7c:d5:a7:64:ad:ae:f6:98:20:bc:
                    9d:d0:66:33:78:cb:7b:5f:6a:a9:6a:f3:ed:fe:bc:
                    24:17:d9:94:45:6f:54:ad:3c:ee:40:c9:93:78:d5:
                    74:3c:4f:91:3d:43:7c:e6:68:2a:d2:1a:c3:e8:c4:
                    ec:18:27:de:3f:ff:2e:34:62:50:50:5b:b8:5f:79:
                    c2:c0:ed:f2:e4:5f:93:1e:40:7d:e3:e5:99:e5:7e:
                    10:4c:a3:26:3e:9f:79:2a:21:21:08:30:0a:c8:c2:
                    2f:c1:1d:d8:cf:b0:82:35:58:bd:3e:25:0c:4f:e7:
                    5e:3a:cd:42:88:b2:16:17:c9:0b:09:3b:67:11:e3:
                    bd:19:8c:47:1b:a7:6c:a3:1f:cb:d0:4a:31:4b:f5:
                    fc:c1:6c:af:b2:8a:30:ef:cb:07:62:0a:b0:af:3a:
                    08:c9:61:e4:db:a6:dc:ee:d9:e8:2c:5a:21:bb:ab:
                    f2:90:bb:66:99:50:6b:98:db:68:57:75:3a:32:5b:
                    23:f4:0c:41:d0:18:22:64:20:21:5b:cb:1b:87:64:
                    ac:23:d9:18:96:65:06:4e:38:11:50:7c:78:92:f4:
                    28:f7:9e:6a:1f:dc:5c:0e:25:64:bb:06:37:da:87:
                    87:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:15:06:44:91:2C:05:03:3A:B2:2D:0A:31:30:24:C2:7C:74:62:1A
            X509v3 Authority Key Identifier:
                keyid:83:23:B9:73:1B:19:6B:1A:CB:C8:29:F5:B2:8B:32:5F:D9:D3:E3:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gyO5cxsZaxrLyCn1sosyX9nT49Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/da1f23-3694-4f59-85cf-ca1e5f081950/1/nxUGRJEsBQM6si0KMTAkwnx0Yho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/da1f23-3694-4f59-85cf-ca1e5f081950/1/gyO5cxsZaxrLyCn1sosyX9nT49Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.146.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:a7:85:ba:ac:77:b8:1d:12:e1:1b:77:bf:88:a4:a0:24:3a:
         b7:18:1e:ed:7a:6d:60:36:22:ed:3e:1d:12:31:ff:d0:9c:9c:
         b5:0d:04:a9:df:8c:60:59:f8:c8:aa:ea:be:62:b5:b4:55:b0:
         46:b4:8c:d9:97:4b:12:7d:49:85:19:7c:21:5a:02:b4:95:b4:
         45:0f:62:d5:5b:27:79:42:f2:f7:de:8a:66:08:69:2a:07:84:
         0e:37:ad:35:75:f8:5a:08:a8:8c:20:11:cd:8f:35:4b:52:80:
         62:a4:db:f4:01:3c:5d:00:d4:12:ff:33:0e:68:3b:77:45:33:
         99:e2:34:83:33:f0:93:76:60:af:c5:fe:c7:47:00:55:17:d9:
         55:9a:b0:bc:78:4e:1d:cb:d0:da:48:94:9c:5b:d5:01:c0:fc:
         be:f8:6d:bf:ea:bf:a1:dc:7f:3c:4c:51:bf:c4:ce:63:fe:55:
         83:41:49:67:44:cd:b2:a1:1d:1b:df:3d:e4:30:9f:93:f4:58:
         e6:ff:64:f8:b3:f0:5e:09:4f:71:d0:bd:21:82:95:87:41:ae:
         89:32:71:33:8f:af:71:a8:db:b4:8e:c1:22:d6:ff:44:59:e3:
         93:56:85:e8:38:45:04:8f:c0:99:7b:ad:12:ce:6b:c5:c4:f6:
         bc:a3:cc:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtzwkDzrGkOqN/xRsF1AxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzMjNiOTczMWIxOTZiMWFjYmM4MjlmNWIyOGIzMjVmZDlk
M2UzZDQwHhcNMjQwMTAxMDYzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjE1MDY0NDkxMmMwNTAzM2FiMjJkMGEzMTMwMjRjMjdjNzQ2MjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlq8pVdNZSgSKNMFreogcWwdwFnzV
p2StrvaYILyd0GYzeMt7X2qpavPt/rwkF9mURW9UrTzuQMmTeNV0PE+RPUN85mgq
0hrD6MTsGCfeP/8uNGJQUFu4X3nCwO3y5F+THkB94+WZ5X4QTKMmPp95KiEhCDAK
yMIvwR3Yz7CCNVi9PiUMT+deOs1CiLIWF8kLCTtnEeO9GYxHG6dsox/L0EoxS/X8
wWyvsoow78sHYgqwrzoIyWHk26bc7tnoLFohu6vykLtmmVBrmNtoV3U6Mlsj9AxB
0BgiZCAhW8sbh2SsI9kYlmUGTjgRUHx4kvQo955qH9xcDiVkuwY32oeHEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8VBkSRLAUDOrItCjEwJMJ8dGIaMB8GA1UdIwQY
MBaAFIMjuXMbGWsay8gp9bKLMl/Z0+PUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3lPNWN4c1pheHJMeUNuMXNvc3lYOW5UNDlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9kYTFmMjMtMzY5NC00ZjU5LTg1Y2Yt
Y2ExZTVmMDgxOTUwLzEvbnhVR1JKRXNCUU02c2kwS01UQWt3bngwWWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9kYTFmMjMtMzY5NC00ZjU5LTg1Y2YtY2ExZTVmMDgxOTUw
LzEvZ3lPNWN4c1pheHJMeUNuMXNvc3lYOW5UNDlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZIsMA0G
CSqGSIb3DQEBCwUAA4IBAQCQp4W6rHe4HRLhG3e/iKSgJDq3GB7tem1gNiLtPh0S
Mf/QnJy1DQSp34xgWfjIquq+YrW0VbBGtIzZl0sSfUmFGXwhWgK0lbRFD2LVWyd5
QvL33opmCGkqB4QON601dfhaCKiMIBHNjzVLUoBipNv0ATxdANQS/zMOaDt3RTOZ
4jSDM/CTdmCvxf7HRwBVF9lVmrC8eE4dy9DaSJScW9UBwPy++G2/6r+h3H88TFG/
xM5j/lWDQUlnRM2yoR0b3z3kMJ+T9Fjm/2T4s/BeCU9x0L0hgpWHQa6JMnEzj69x
qNu0jsEi1v9EWeOTVoXoOEUEj8CZe60SzmvFxPa8o8yc
-----END CERTIFICATE-----