Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/nJDBeZljnhP9pDx3Jrs8w9avvMM.roa
File:                     nJDBeZljnhP9pDx3Jrs8w9avvMM.roa (raw, json)
Hash identifier:          T7SelzsqA9yj/i2ABqnL2Dxwo4tWg0eVKoXNCJnHUnE=
Subject key identifier:   9C:90:C1:79:99:63:9E:13:FD:A4:3C:77:26:BB:3C:C3:D6:AF:BC:C3
Certificate issuer:       /CN=fc96311f207e30e04e5ed18960b31fb3ba67d9cc
Certificate serial:       018CC5DBF631872B483127967F93D0C73DFB
Authority key identifier: FC:96:31:1F:20:7E:30:E0:4E:5E:D1:89:60:B3:1F:B3:BA:67:D9:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/nJDBeZljnhP9pDx3Jrs8w9avvMM.roa
Signing time:             Mon 01 Jan 2024 16:29:36 +0000
ROA not before:           Mon 01 Jan 2024 16:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24931
IP address blocks:        185.187.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:f6:31:87:2b:48:31:27:96:7f:93:d0:c7:3d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc96311f207e30e04e5ed18960b31fb3ba67d9cc
        Validity
            Not Before: Jan  1 16:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c90c17999639e13fda43c7726bb3cc3d6afbcc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fa:7e:ce:df:c7:11:ad:c1:9a:18:56:90:57:
                    e6:96:9b:57:1b:79:13:ef:58:a5:a2:17:d4:55:6b:
                    a6:28:92:6e:0e:ff:eb:bd:85:d9:3d:54:6d:4a:3b:
                    29:8a:3c:65:0e:44:2a:70:30:16:ca:eb:15:37:a8:
                    91:ef:2b:8d:1e:c3:ad:a1:ab:03:71:c1:c0:cb:be:
                    75:93:61:ab:f8:ee:2c:ca:24:14:4e:2d:8f:fd:b8:
                    f1:71:4d:71:3d:97:1b:58:58:b4:92:34:6c:07:56:
                    22:b2:56:ad:dc:a9:21:a0:3d:20:ba:c9:71:5d:15:
                    38:d8:bd:12:7c:34:93:3c:b1:b7:2f:8a:07:4e:ad:
                    83:5b:2e:53:77:75:49:fc:b3:34:a4:d9:6b:fa:ba:
                    d5:1f:6d:3c:da:25:b9:75:3d:88:27:e6:a1:c2:6c:
                    fe:f3:cb:5c:32:7e:1d:47:d4:ef:5d:69:f1:9c:d2:
                    e8:68:3b:c5:82:56:fc:65:af:2d:a1:7c:94:5b:07:
                    e5:5c:90:7a:75:ba:a3:31:60:79:d7:b4:80:e0:25:
                    45:7b:e5:44:eb:ce:67:7e:c5:24:59:53:83:86:29:
                    df:51:80:d9:0c:a2:93:59:6d:9d:fb:e3:33:c3:e2:
                    6f:7f:13:0c:02:af:b3:e9:f8:4e:27:1d:0d:42:3c:
                    a8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:90:C1:79:99:63:9E:13:FD:A4:3C:77:26:BB:3C:C3:D6:AF:BC:C3
            X509v3 Authority Key Identifier:
                keyid:FC:96:31:1F:20:7E:30:E0:4E:5E:D1:89:60:B3:1F:B3:BA:67:D9:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_JYxHyB-MOBOXtGJYLMfs7pn2cw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/nJDBeZljnhP9pDx3Jrs8w9avvMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/bc48d2-28e8-405d-9f9a-03897f4cb35d/1/_JYxHyB-MOBOXtGJYLMfs7pn2cw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.187.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:67:c7:e2:60:a6:3d:c6:ba:bb:14:e7:86:f3:1d:2d:70:55:
         3b:1e:84:03:25:73:ff:16:25:e3:46:6b:23:23:ec:62:36:41:
         84:85:47:bb:d1:37:7e:4d:77:77:d3:ee:45:72:b8:b3:78:e2:
         bf:45:60:a3:5d:ac:84:a6:f5:c9:46:ee:4a:3f:e5:30:86:26:
         0c:8a:db:c8:09:da:25:f0:fc:d3:a1:9e:cc:37:a5:2c:79:9e:
         c9:cf:25:5c:26:eb:48:30:2b:15:69:c3:f6:f3:f1:0d:b0:c3:
         bb:6c:6b:ff:db:36:0f:f8:b1:9f:a5:58:8f:12:ba:87:00:56:
         f6:34:b6:98:97:5e:a7:26:cd:92:b3:1d:9b:78:ab:39:d1:1c:
         01:0b:0f:9d:cf:f7:81:09:f3:84:36:22:d7:c5:69:1b:9a:06:
         e0:f0:96:77:44:5d:e4:21:0e:c4:66:6f:42:6b:85:6a:38:00:
         f8:89:06:6d:15:f1:51:bb:33:6d:31:68:45:95:be:1a:9b:40:
         ef:d1:13:07:40:f2:f8:0b:c1:41:b7:03:f8:47:d7:19:aa:37:
         0a:5f:e9:11:1d:26:0b:4d:34:13:5e:fe:22:d9:d6:40:9b:a7:
         bb:9c:69:0b:b7:65:5c:ae:d4:fc:a1:b5:91:e3:ed:da:d5:40:
         8b:33:c0:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2/YxhytIMSeWf5PQxz37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjOTYzMTFmMjA3ZTMwZTA0ZTVlZDE4OTYwYjMxZmIzYmE2
N2Q5Y2MwHhcNMjQwMTAxMTYyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzkwYzE3OTk5NjM5ZTEzZmRhNDNjNzcyNmJiM2NjM2Q2YWZiY2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifp+zt/HEa3BmhhWkFfmlptXG3kT
71ilohfUVWumKJJuDv/rvYXZPVRtSjspijxlDkQqcDAWyusVN6iR7yuNHsOtoasD
ccHAy751k2Gr+O4syiQUTi2P/bjxcU1xPZcbWFi0kjRsB1Yislat3KkhoD0guslx
XRU42L0SfDSTPLG3L4oHTq2DWy5Td3VJ/LM0pNlr+rrVH2082iW5dT2IJ+ahwmz+
88tcMn4dR9TvXWnxnNLoaDvFglb8Za8toXyUWwflXJB6dbqjMWB517SA4CVFe+VE
685nfsUkWVODhinfUYDZDKKTWW2d++Mzw+JvfxMMAq+z6fhOJx0NQjyowQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyQwXmZY54T/aQ8dya7PMPWr7zDMB8GA1UdIwQY
MBaAFPyWMR8gfjDgTl7RiWCzH7O6Z9nMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0pZeEh5Qi1NT0JPWHRHSllMTWZzN3BuMmN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9iYzQ4ZDItMjhlOC00MDVkLTlmOWEt
MDM4OTdmNGNiMzVkLzEvbkpEQmVabGpuaFA5cER4M0pyczh3OWF2dk1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9iYzQ4ZDItMjhlOC00MDVkLTlmOWEtMDM4OTdmNGNiMzVk
LzEvX0pZeEh5Qi1NT0JPWHRHSllMTWZzN3BuMmN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubt0MA0G
CSqGSIb3DQEBCwUAA4IBAQCuZ8fiYKY9xrq7FOeG8x0tcFU7HoQDJXP/FiXjRmsj
I+xiNkGEhUe70Td+TXd30+5FcrizeOK/RWCjXayEpvXJRu5KP+UwhiYMitvICdol
8PzToZ7MN6UseZ7JzyVcJutIMCsVacP28/ENsMO7bGv/2zYP+LGfpViPErqHAFb2
NLaYl16nJs2Ssx2beKs50RwBCw+dz/eBCfOENiLXxWkbmgbg8JZ3RF3kIQ7EZm9C
a4VqOAD4iQZtFfFRuzNtMWhFlb4am0Dv0RMHQPL4C8FBtwP4R9cZqjcKX+kRHSYL
TTQTXv4i2dZAm6e7nGkLt2VcrtT8obWR4+3a1UCLM8Dg
-----END CERTIFICATE-----