Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/nMNbMUZVHEfjnE5ciDdN4OkkcrA.roa
File:                     nMNbMUZVHEfjnE5ciDdN4OkkcrA.roa (raw, json)
Hash identifier:          xrLKBdLRRuifbUmnV3KBS9mGNRSzcX1yucWLFpyJ+Ms=
Subject key identifier:   9C:C3:5B:31:46:55:1C:47:E3:9C:4E:5C:88:37:4D:E0:E9:24:72:B0
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       018CC86EFBF68923EB1C4DBE4121678409AA
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/nMNbMUZVHEfjnE5ciDdN4OkkcrA.roa
Signing time:             Tue 02 Jan 2024 04:29:25 +0000
ROA not before:           Tue 02 Jan 2024 04:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        194.76.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fb:f6:89:23:eb:1c:4d:be:41:21:67:84:09:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cc35b3146551c47e39c4e5c88374de0e92472b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f4:84:ee:79:38:cf:85:2a:24:3a:12:1c:b8:
                    de:a9:a5:57:e9:da:10:26:f2:85:d1:e4:d4:02:39:
                    a1:26:66:90:11:65:66:26:f5:81:65:99:34:c6:0b:
                    f2:41:79:75:c0:ee:47:16:f1:4f:d4:7e:ba:28:d0:
                    8b:74:dd:c9:be:9a:73:f2:68:83:9c:f1:c7:bd:4e:
                    79:b3:62:2c:42:5a:60:f8:bf:49:1a:d3:c6:a3:68:
                    85:14:7b:4b:9a:e0:e8:10:b8:a8:7f:2b:ef:33:fe:
                    a0:96:75:19:24:1a:ff:61:83:8b:d6:1e:da:e0:c8:
                    5a:93:4d:33:23:5d:34:0c:86:cd:19:c0:bb:9a:53:
                    bf:30:b3:61:b7:3c:7d:05:db:20:93:81:fd:57:1a:
                    d1:f4:f5:15:73:58:a1:95:33:96:b6:12:1e:92:5e:
                    26:e4:0d:24:0b:43:70:58:a6:4e:fa:ce:83:08:a2:
                    b6:36:00:7e:83:a6:1f:17:e3:ed:cf:61:ff:38:0c:
                    c1:41:c9:1e:ea:0e:b4:e3:55:e2:2a:1a:06:3b:a0:
                    7c:40:5e:71:24:f0:fc:d0:8a:6b:b8:f9:84:af:41:
                    12:08:15:9b:47:59:17:2a:83:1e:9f:b9:96:60:7f:
                    ff:af:03:90:8e:0d:52:5c:70:3f:03:f7:96:92:e8:
                    78:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C3:5B:31:46:55:1C:47:E3:9C:4E:5C:88:37:4D:E0:E9:24:72:B0
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/nMNbMUZVHEfjnE5ciDdN4OkkcrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.76.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:72:38:dd:2a:64:96:b4:57:9f:0d:0f:a7:6a:ff:bf:a2:35:
         b9:ce:b6:e7:36:a3:9e:19:41:71:24:87:2d:b0:c9:62:29:12:
         38:df:17:4b:2e:32:f7:5d:b9:3b:d9:a8:20:83:62:2e:9e:bb:
         a8:a5:23:fa:39:c7:0e:82:e0:e1:ab:88:87:35:61:74:5d:3a:
         a4:52:8e:c5:3e:21:94:da:4b:1b:08:c7:5e:41:9e:ec:33:b4:
         15:df:32:53:80:f8:b0:45:2f:6a:70:ea:b6:8b:37:f3:1c:1c:
         45:98:59:75:13:39:07:68:8a:61:14:05:4b:51:7e:a3:92:f1:
         99:16:00:77:f0:ba:98:a0:9d:c1:d5:6e:02:39:c8:46:92:d3:
         0f:e8:4b:7d:f3:65:9e:cc:0d:44:f3:27:ad:35:5d:10:c9:04:
         3d:e5:fc:da:f8:e8:39:74:85:bc:5f:fe:d1:cf:5b:29:b2:0c:
         0c:8b:e8:b1:a5:72:69:19:96:69:21:10:ad:19:97:59:8c:d2:
         b8:ee:4b:7f:a0:99:b9:4a:ea:c4:d9:e1:86:49:7e:12:49:de:
         9a:94:1f:c6:aa:bc:52:ba:ac:72:a9:65:16:5d:ab:0d:78:43:
         54:ef:1c:83:48:15:f3:f7:5e:dd:68:10:f9:4a:aa:73:cc:4a:
         12:a6:22:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbvv2iSPrHE2+QSFnhAmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2MzNWIzMTQ2NTUxYzQ3ZTM5YzRlNWM4ODM3NGRlMGU5MjQ3MmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvSE7nk4z4UqJDoSHLjeqaVX6doQ
JvKF0eTUAjmhJmaQEWVmJvWBZZk0xgvyQXl1wO5HFvFP1H66KNCLdN3Jvppz8miD
nPHHvU55s2IsQlpg+L9JGtPGo2iFFHtLmuDoELiofyvvM/6glnUZJBr/YYOL1h7a
4Mhak00zI100DIbNGcC7mlO/MLNhtzx9Bdsgk4H9VxrR9PUVc1ihlTOWthIekl4m
5A0kC0NwWKZO+s6DCKK2NgB+g6YfF+Ptz2H/OAzBQcke6g6041XiKhoGO6B8QF5x
JPD80IpruPmEr0ESCBWbR1kXKoMen7mWYH//rwOQjg1SXHA/A/eWkuh4TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzDWzFGVRxH45xOXIg3TeDpJHKwMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvbk1OYk1VWlZIRWZqbkU1Y2lEZE40T2trY3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkxxMA0G
CSqGSIb3DQEBCwUAA4IBAQAYcjjdKmSWtFefDQ+nav+/ojW5zrbnNqOeGUFxJIct
sMliKRI43xdLLjL3Xbk72aggg2IunruopSP6OccOguDhq4iHNWF0XTqkUo7FPiGU
2ksbCMdeQZ7sM7QV3zJTgPiwRS9qcOq2izfzHBxFmFl1EzkHaIphFAVLUX6jkvGZ
FgB38LqYoJ3B1W4COchGktMP6Et982WezA1E8yetNV0QyQQ95fza+Og5dIW8X/7R
z1spsgwMi+ixpXJpGZZpIRCtGZdZjNK47kt/oJm5SurE2eGGSX4SSd6alB/GqrxS
uqxyqWUWXasNeENU7xyDSBXz917daBD5SqpzzEoSpiLL
-----END CERTIFICATE-----