Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/nusO91jlAuMoFkxCsT7ZoXLfqnU.roa
File:                     nusO91jlAuMoFkxCsT7ZoXLfqnU.roa (raw, json)
Hash identifier:          7mBMutlbV1dJdnx7YWAno9FRFV7wIzck3eLirxj0H0U=
Subject key identifier:   9E:EB:0E:F7:58:E5:02:E3:28:16:4C:42:B1:3E:D9:A1:72:DF:AA:75
Certificate issuer:       /CN=f651dc9875e35ec580c571fd0416f4d5f5d4158a
Certificate serial:       018CC6B77D265B8AD8AC90A2DC1EF2D86590
Authority key identifier: F6:51:DC:98:75:E3:5E:C5:80:C5:71:FD:04:16:F4:D5:F5:D4:15:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/nusO91jlAuMoFkxCsT7ZoXLfqnU.roa
Signing time:             Mon 01 Jan 2024 20:29:23 +0000
ROA not before:           Mon 01 Jan 2024 20:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        193.30.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7d:26:5b:8a:d8:ac:90:a2:dc:1e:f2:d8:65:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f651dc9875e35ec580c571fd0416f4d5f5d4158a
        Validity
            Not Before: Jan  1 20:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eeb0ef758e502e328164c42b13ed9a172dfaa75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2a:ad:1b:00:d7:ce:89:18:4d:7e:a3:6f:79:
                    b1:79:84:4e:a4:df:ae:59:6b:0c:a7:2f:a9:65:02:
                    e2:c8:35:73:7a:b8:1b:b8:18:c5:7d:13:f9:8c:de:
                    16:ee:d4:3c:98:2a:d0:fb:50:8a:c9:ad:53:15:6e:
                    a6:02:1a:f1:6f:38:e5:9a:0d:b1:a7:5b:88:59:66:
                    ee:d9:ff:73:f0:6f:6b:16:e6:f1:fe:47:9f:33:6c:
                    2b:eb:a6:7a:ad:64:01:d6:66:34:0a:50:ef:c7:0b:
                    02:8d:71:d4:db:9f:e1:4e:31:22:bd:a6:ff:78:c9:
                    38:2a:a2:8b:03:04:67:23:aa:fc:5f:c3:63:09:7d:
                    0a:3b:60:a8:37:cc:57:28:59:7e:2e:b1:3f:3e:ab:
                    86:08:70:70:7c:b6:32:11:26:18:ed:7c:f3:14:fa:
                    51:d1:e3:f5:72:a8:70:ef:f6:85:61:02:3c:4d:61:
                    14:b4:24:f9:e3:88:46:bb:df:f3:09:7d:15:18:e2:
                    e8:ac:e2:28:c5:db:6e:d0:e4:6c:71:2f:20:8e:32:
                    23:21:b6:bb:77:01:a8:49:5d:e5:30:bd:4d:f7:9c:
                    76:b2:e3:a5:8d:be:06:79:6b:0b:0c:78:6f:2a:83:
                    06:fe:37:80:b9:31:fb:cd:b2:fb:22:eb:cd:3f:3c:
                    4d:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EB:0E:F7:58:E5:02:E3:28:16:4C:42:B1:3E:D9:A1:72:DF:AA:75
            X509v3 Authority Key Identifier:
                keyid:F6:51:DC:98:75:E3:5E:C5:80:C5:71:FD:04:16:F4:D5:F5:D4:15:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9lHcmHXjXsWAxXH9BBb01fXUFYo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/nusO91jlAuMoFkxCsT7ZoXLfqnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b4d9d7-6703-4b06-b3ee-07510381420a/1/9lHcmHXjXsWAxXH9BBb01fXUFYo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.30.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:6d:20:1e:ec:3e:d4:ef:c8:8c:96:e3:05:2d:ef:9f:10:ef:
         c0:84:2e:11:3a:f8:b3:4b:64:6a:e0:22:d6:e3:fe:4e:89:02:
         c6:4d:7f:26:15:f9:92:98:23:9f:9c:2e:79:27:1f:c1:6f:5e:
         6b:46:97:30:60:2b:ad:28:9d:3b:4c:75:4e:8b:e0:89:b8:88:
         56:bd:83:da:76:72:94:5b:c5:07:55:ae:b0:86:96:9f:fa:62:
         9c:f5:e5:9d:84:e7:38:6e:7c:bd:e7:de:1b:99:66:46:39:45:
         ae:e4:5c:41:19:d8:27:06:50:22:08:96:d8:0c:59:76:5e:47:
         2a:7f:ed:32:2d:95:27:5a:1a:c2:92:2c:a7:13:fb:af:c2:b6:
         59:ef:f1:d6:f4:b3:e0:d2:f0:d9:49:9f:0d:82:6f:a6:d2:c8:
         33:d3:08:1b:f5:f8:66:5a:a5:1a:b5:f3:78:2e:36:be:1c:9b:
         47:20:60:1d:a6:6e:1c:4c:33:23:c1:d8:ce:22:05:eb:cf:36:
         0a:85:d1:5c:5e:f8:de:a7:aa:fa:02:e9:ba:89:69:0a:e5:6b:
         0c:72:78:00:eb:c1:e7:c1:cf:9a:44:84:57:e9:ca:1e:29:c3:
         9d:76:d3:11:92:93:14:b8:c7:e1:7e:c9:45:93:5a:0c:c2:6e:
         af:bd:43:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt30mW4rYrJCi3B7y2GWQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NTFkYzk4NzVlMzVlYzU4MGM1NzFmZDA0MTZmNGQ1ZjVk
NDE1OGEwHhcNMjQwMTAxMjAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWViMGVmNzU4ZTUwMmUzMjgxNjRjNDJiMTNlZDlhMTcyZGZhYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyqtGwDXzokYTX6jb3mxeYROpN+u
WWsMpy+pZQLiyDVzergbuBjFfRP5jN4W7tQ8mCrQ+1CKya1TFW6mAhrxbzjlmg2x
p1uIWWbu2f9z8G9rFubx/kefM2wr66Z6rWQB1mY0ClDvxwsCjXHU25/hTjEivab/
eMk4KqKLAwRnI6r8X8NjCX0KO2CoN8xXKFl+LrE/PquGCHBwfLYyESYY7XzzFPpR
0eP1cqhw7/aFYQI8TWEUtCT544hGu9/zCX0VGOLorOIoxdtu0ORscS8gjjIjIba7
dwGoSV3lML1N95x2suOljb4GeWsLDHhvKoMG/jeAuTH7zbL7IuvNPzxNxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7rDvdY5QLjKBZMQrE+2aFy36p1MB8GA1UdIwQY
MBaAFPZR3Jh1417FgMVx/QQW9NX11BWKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWxIY21IWGpYc1dBeFhIOUJCYjAxZlhVRllvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iNGQ5ZDctNjcwMy00YjA2LWIzZWUt
MDc1MTAzODE0MjBhLzEvbnVzTzkxamxBdU1vRmt4Q3NUN1pvWExmcW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iNGQ5ZDctNjcwMy00YjA2LWIzZWUtMDc1MTAzODE0MjBh
LzEvOWxIY21IWGpYc1dBeFhIOUJCYjAxZlhVRllvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwR5mMA0G
CSqGSIb3DQEBCwUAA4IBAQCdbSAe7D7U78iMluMFLe+fEO/AhC4ROvizS2Rq4CLW
4/5OiQLGTX8mFfmSmCOfnC55Jx/Bb15rRpcwYCutKJ07THVOi+CJuIhWvYPadnKU
W8UHVa6whpaf+mKc9eWdhOc4bny9594bmWZGOUWu5FxBGdgnBlAiCJbYDFl2Xkcq
f+0yLZUnWhrCkiynE/uvwrZZ7/HW9LPg0vDZSZ8Ngm+m0sgz0wgb9fhmWqUatfN4
Lja+HJtHIGAdpm4cTDMjwdjOIgXrzzYKhdFcXvjep6r6Aum6iWkK5WsMcngA68Hn
wc+aRIRX6coeKcOddtMRkpMUuMfhfslFk1oMwm6vvUNT
-----END CERTIFICATE-----