Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/9d698d-d277-497f-833d-a2127c2aa1b3/1/NlqwFbmgUokdGn1Xok-bTVDta_A.roa
File:                     NlqwFbmgUokdGn1Xok-bTVDta_A.roa (raw, json)
Hash identifier:          admbtLfUF3Ch3fcPThhVgSCvG5hkaWcjqzr3mygcv98=
Subject key identifier:   36:5A:B0:15:B9:A0:52:89:1D:1A:7D:57:A2:4F:9B:4D:50:ED:6B:F0
Certificate issuer:       /CN=becb5526e841e770cb5564f304cc6696eab1e4bb
Certificate serial:       018E327531B373509E93823031202B0FC461
Authority key identifier: BE:CB:55:26:E8:41:E7:70:CB:55:64:F3:04:CC:66:96:EA:B1:E4:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vstVJuhB53DLVWTzBMxmluqx5Ls.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/9d698d-d277-497f-833d-a2127c2aa1b3/1/NlqwFbmgUokdGn1Xok-bTVDta_A.roa
Signing time:             Tue 12 Mar 2024 11:38:44 +0000
ROA not before:           Tue 12 Mar 2024 11:38:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9128
IP address blocks:        193.193.184.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/9d698d-d277-497f-833d-a2127c2aa1b3/1/vstVJuhB53DLVWTzBMxmluqx5Ls.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/9d698d-d277-497f-833d-a2127c2aa1b3/1/vstVJuhB53DLVWTzBMxmluqx5Ls.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vstVJuhB53DLVWTzBMxmluqx5Ls.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:75:31:b3:73:50:9e:93:82:30:31:20:2b:0f:c4:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=becb5526e841e770cb5564f304cc6696eab1e4bb
        Validity
            Not Before: Mar 12 11:38:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=365ab015b9a052891d1a7d57a24f9b4d50ed6bf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b0:bc:ba:64:20:93:8c:5e:08:09:c8:70:ad:
                    1f:e1:e1:fa:6d:16:04:14:0e:ee:2c:ee:b2:8d:80:
                    75:1e:32:3b:a0:b3:be:4f:44:94:e3:bd:72:3a:c5:
                    64:5a:aa:09:ac:f8:ae:cb:e6:d1:8e:7d:99:ac:4f:
                    0d:e4:2a:25:f1:2c:51:0e:23:b9:59:d9:5e:ad:96:
                    6c:cc:58:a6:ce:b8:55:9d:9c:1f:bb:d9:f4:8c:a0:
                    f5:c5:6f:80:56:7b:fe:a4:0f:c1:0e:da:10:62:e3:
                    f4:63:9b:be:2a:dc:04:e7:e0:26:5d:2c:74:c6:6f:
                    0d:89:29:16:fe:d6:da:6f:de:1c:42:8f:01:69:73:
                    e2:46:97:41:3b:a2:bd:fb:12:a4:66:83:2c:fb:f5:
                    a3:d4:b7:dc:74:5a:4f:c2:64:a8:2e:96:04:ca:0c:
                    52:f7:b9:c4:40:74:fb:ca:05:59:8c:e3:d9:54:15:
                    3b:7e:e9:63:d5:e6:70:92:96:ab:25:7c:6c:81:8a:
                    56:f5:95:63:dc:f4:5a:0a:30:cf:28:87:3d:aa:73:
                    a1:6a:1f:da:a0:da:aa:91:33:3f:52:4b:bf:38:2f:
                    b4:1c:cf:43:33:62:7c:8b:1a:81:11:78:71:4f:0a:
                    f9:65:97:9e:8e:80:b9:bb:02:6a:10:17:d0:72:01:
                    71:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:5A:B0:15:B9:A0:52:89:1D:1A:7D:57:A2:4F:9B:4D:50:ED:6B:F0
            X509v3 Authority Key Identifier:
                keyid:BE:CB:55:26:E8:41:E7:70:CB:55:64:F3:04:CC:66:96:EA:B1:E4:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vstVJuhB53DLVWTzBMxmluqx5Ls.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/9d698d-d277-497f-833d-a2127c2aa1b3/1/NlqwFbmgUokdGn1Xok-bTVDta_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/9d698d-d277-497f-833d-a2127c2aa1b3/1/vstVJuhB53DLVWTzBMxmluqx5Ls.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.193.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:32:84:6a:c6:d6:b0:96:9e:1e:c9:54:10:65:5d:33:ab:a4:
         68:16:be:28:3e:bc:52:48:cb:8b:2d:a0:3a:84:61:90:2b:06:
         00:1c:c0:ca:77:96:38:fb:0c:a7:ff:48:f6:3b:66:c2:72:2e:
         4c:eb:ee:e5:dc:3b:74:9c:3f:48:a4:7f:9a:44:bb:06:1d:b7:
         58:8d:25:3c:60:d6:f9:41:94:c1:66:c7:36:d7:d1:87:a9:a3:
         00:8a:fc:93:bd:ee:eb:e8:39:d4:0e:fa:9c:e1:1b:18:b9:a0:
         22:26:18:5d:00:be:4f:04:3a:33:b7:8a:b8:97:8b:cf:b6:0d:
         74:9b:30:28:5e:fb:28:17:9c:75:a9:68:18:6b:84:2c:cc:00:
         66:33:16:ff:d0:d4:a8:ad:2b:31:70:44:f6:48:5f:5e:18:88:
         5d:6e:34:34:92:f6:d5:be:16:30:e7:b6:3a:02:99:fc:2e:ef:
         4c:da:2a:d9:77:4e:11:67:65:9f:bd:cc:98:e7:c3:18:d1:a7:
         57:fd:f7:54:d7:8e:6d:d7:6b:d2:4d:1a:97:98:09:b3:9b:8d:
         8c:3a:ef:68:29:dc:39:9d:64:10:67:87:f2:8f:13:6c:5c:6c:
         f5:76:21:7e:a4:48:cb:8d:da:ab:48:11:b0:e6:8b:c1:2d:52:
         6f:c7:89:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4ydTGzc1Cek4IwMSArD8RhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlY2I1NTI2ZTg0MWU3NzBjYjU1NjRmMzA0Y2M2Njk2ZWFi
MWU0YmIwHhcNMjQwMzEyMTEzODQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjVhYjAxNWI5YTA1Mjg5MWQxYTdkNTdhMjRmOWI0ZDUwZWQ2YmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7C8umQgk4xeCAnIcK0f4eH6bRYE
FA7uLO6yjYB1HjI7oLO+T0SU471yOsVkWqoJrPiuy+bRjn2ZrE8N5Col8SxRDiO5
WdlerZZszFimzrhVnZwfu9n0jKD1xW+AVnv+pA/BDtoQYuP0Y5u+KtwE5+AmXSx0
xm8NiSkW/tbab94cQo8BaXPiRpdBO6K9+xKkZoMs+/Wj1LfcdFpPwmSoLpYEygxS
97nEQHT7ygVZjOPZVBU7fulj1eZwkparJXxsgYpW9ZVj3PRaCjDPKIc9qnOhah/a
oNqqkTM/Uku/OC+0HM9DM2J8ixqBEXhxTwr5ZZeejoC5uwJqEBfQcgFxcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZasBW5oFKJHRp9V6JPm01Q7WvwMB8GA1UdIwQY
MBaAFL7LVSboQedwy1Vk8wTMZpbqseS7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnN0Vkp1aEI1M0RMVldUekJNeG1sdXF4NUxzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi85ZDY5OGQtZDI3Ny00OTdmLTgzM2Qt
YTIxMjdjMmFhMWIzLzEvTmxxd0ZibWdVb2tkR24xWG9rLWJUVkR0YV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi85ZDY5OGQtZDI3Ny00OTdmLTgzM2QtYTIxMjdjMmFhMWIz
LzEvdnN0Vkp1aEI1M0RMVldUekJNeG1sdXF4NUxzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwcG4MA0G
CSqGSIb3DQEBCwUAA4IBAQB/MoRqxtawlp4eyVQQZV0zq6RoFr4oPrxSSMuLLaA6
hGGQKwYAHMDKd5Y4+wyn/0j2O2bCci5M6+7l3Dt0nD9IpH+aRLsGHbdYjSU8YNb5
QZTBZsc219GHqaMAivyTve7r6DnUDvqc4RsYuaAiJhhdAL5PBDozt4q4l4vPtg10
mzAoXvsoF5x1qWgYa4QszABmMxb/0NSorSsxcET2SF9eGIhdbjQ0kvbVvhYw57Y6
Apn8Lu9M2irZd04RZ2WfvcyY58MY0adX/fdU145t12vSTRqXmAmzm42MOu9oKdw5
nWQQZ4fyjxNsXGz1diF+pEjLjdqrSBGw5ovBLVJvx4k+
-----END CERTIFICATE-----