Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nd3dbEjDLJ8ZnDynJw2haPQZi3s.roa
File:                     nd3dbEjDLJ8ZnDynJw2haPQZi3s.roa (raw, json)
Hash identifier:          xHzcX5L2a06fUF8BdeprDPfKKrNfCKAP52kWZY6lJRA=
Subject key identifier:   9D:DD:DD:6C:48:C3:2C:9F:19:9C:3C:A7:27:0D:A1:68:F4:19:8B:7B
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC79529D1628ABCF2760A297461465FF4
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nd3dbEjDLJ8ZnDynJw2haPQZi3s.roa
Signing time:             Tue 02 Jan 2024 00:31:30 +0000
ROA not before:           Tue 02 Jan 2024 00:31:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49954
IP address blocks:        193.233.159.0/24 maxlen: 24
                          193.233.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:29:d1:62:8a:bc:f2:76:0a:29:74:61:46:5f:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ddddd6c48c32c9f199c3ca7270da168f4198b7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:23:08:5b:d0:b7:1a:3a:7c:25:92:18:38:fb:
                    a6:d1:a9:5a:5a:24:50:bb:d5:cb:92:d2:ad:90:77:
                    2c:38:28:d8:07:5c:74:28:53:71:11:1c:5f:15:d5:
                    2d:98:37:71:15:83:b0:76:ee:53:2a:5c:38:39:e4:
                    03:e3:ed:df:08:de:b8:ef:3d:03:16:8f:91:12:ad:
                    67:a1:bb:28:69:28:d8:2a:38:81:7e:da:6e:dd:be:
                    c8:5c:5e:84:51:79:51:48:c2:0c:cd:4a:b6:8f:90:
                    a5:51:01:57:5c:ec:a6:eb:83:e1:7c:d0:76:2d:90:
                    d5:f5:fe:ab:86:70:b9:14:bf:31:8e:19:98:b7:90:
                    8e:48:07:5d:ff:fd:8e:16:48:21:29:af:0d:2e:e7:
                    93:90:8f:f1:8a:3c:44:ea:d6:1a:14:31:5f:ae:e0:
                    87:50:13:93:07:91:91:7c:66:a1:23:89:f7:60:1e:
                    4e:ab:67:33:ce:c2:cc:af:ed:cc:8d:78:b6:30:5f:
                    d5:e5:11:d5:d6:38:e4:ab:56:a5:e0:64:e1:1d:98:
                    8f:ce:8d:43:21:fd:b0:f5:38:b5:1b:54:1b:59:02:
                    39:54:ac:ac:ce:ba:14:4e:91:b3:6e:6c:ba:ad:c9:
                    9c:b1:7b:53:41:25:a4:e9:0f:1b:af:bc:29:48:86:
                    93:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:DD:DD:6C:48:C3:2C:9F:19:9C:3C:A7:27:0D:A1:68:F4:19:8B:7B
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/nd3dbEjDLJ8ZnDynJw2haPQZi3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.154.0/24
                  193.233.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:43:05:3e:35:d7:df:91:fa:a8:2a:5d:2f:35:4f:b1:5a:fe:
         f7:90:e1:d6:b7:db:25:b4:ba:c6:49:67:e3:aa:bf:bd:03:3c:
         50:a8:a6:2b:96:32:97:93:10:63:e3:33:5e:69:48:fb:64:e2:
         d9:35:bb:c2:79:43:22:32:65:8b:11:f3:a4:05:1c:bb:0d:1b:
         d0:ee:17:6f:e3:a0:74:18:78:1a:18:69:42:15:f7:ad:29:32:
         ef:8e:5f:19:10:52:aa:44:59:28:b4:71:2a:74:5f:5f:b3:fb:
         09:30:7b:e1:eb:4d:f6:db:e3:75:5f:f4:11:a7:4e:e8:8d:ce:
         3c:bb:04:ee:cb:d8:cd:26:09:4f:f5:47:6e:26:46:c4:2e:03:
         6c:ac:a5:33:20:82:e4:d0:6b:ba:98:c9:2c:44:76:92:f0:82:
         9e:f3:55:59:19:29:e9:cd:db:b2:dc:d1:50:93:77:68:49:22:
         d0:bd:9a:ab:19:48:8d:f5:c0:7b:ae:f7:9a:06:f5:6b:64:de:
         43:61:78:94:f3:f9:7d:f1:ed:16:ea:c8:f8:c1:48:88:21:9f:
         55:a7:b6:57:ff:03:69:e6:16:88:17:db:d5:ee:f1:a4:ff:42:
         31:ab:4a:c5:5f:2b:aa:e4:bc:9f:2b:0f:83:1f:10:58:da:5d:
         a0:9d:aa:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlSnRYoq88nYKKXRhRl/0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGRkZGQ2YzQ4YzMyYzlmMTk5YzNjYTcyNzBkYTE2OGY0MTk4YjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCMIW9C3Gjp8JZIYOPum0alaWiRQ
u9XLktKtkHcsOCjYB1x0KFNxERxfFdUtmDdxFYOwdu5TKlw4OeQD4+3fCN647z0D
Fo+REq1nobsoaSjYKjiBftpu3b7IXF6EUXlRSMIMzUq2j5ClUQFXXOym64PhfNB2
LZDV9f6rhnC5FL8xjhmYt5COSAdd//2OFkghKa8NLueTkI/xijxE6tYaFDFfruCH
UBOTB5GRfGahI4n3YB5Oq2czzsLMr+3MjXi2MF/V5RHV1jjkq1al4GThHZiPzo1D
If2w9Ti1G1QbWQI5VKyszroUTpGzbmy6rcmcsXtTQSWk6Q8br7wpSIaTZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ3d3WxIwyyfGZw8pycNoWj0GYt7MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbmQzZGJFakRMSjhabkR5bkp3MmhhUFFaaTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwemaAwQA
wemfMA0GCSqGSIb3DQEBCwUAA4IBAQAYQwU+NdffkfqoKl0vNU+xWv73kOHWt9sl
tLrGSWfjqr+9AzxQqKYrljKXkxBj4zNeaUj7ZOLZNbvCeUMiMmWLEfOkBRy7DRvQ
7hdv46B0GHgaGGlCFfetKTLvjl8ZEFKqRFkotHEqdF9fs/sJMHvh60322+N1X/QR
p07ojc48uwTuy9jNJglP9UduJkbELgNsrKUzIILk0Gu6mMksRHaS8IKe81VZGSnp
zduy3NFQk3doSSLQvZqrGUiN9cB7rveaBvVrZN5DYXiU8/l98e0W6sj4wUiIIZ9V
p7ZX/wNp5haIF9vV7vGk/0Ixq0rFXyuq5LyfKw+DHxBY2l2gnapp
-----END CERTIFICATE-----