Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9NwP_dr0hugt83MSZ3uolV7CFyk.roa
File:                     9NwP_dr0hugt83MSZ3uolV7CFyk.roa (raw, json)
Hash identifier:          xgVNfXThnOGNymsgEuG6ysiwomnLdpjW8LFsdx+jygg=
Subject key identifier:   F4:DC:0F:FD:DA:F4:86:E8:2D:F3:73:12:67:7B:A8:95:5E:C2:17:29
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018CC6B94B0C16151A4250040C9E37081971
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9NwP_dr0hugt83MSZ3uolV7CFyk.roa
Signing time:             Mon 01 Jan 2024 20:31:21 +0000
ROA not before:           Mon 01 Jan 2024 20:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47692
IP address blocks:        151.236.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 05:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:4b:0c:16:15:1a:42:50:04:0c:9e:37:08:19:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 20:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4dc0ffddaf486e82df37312677ba8955ec21729
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:80:ce:aa:5d:9a:c9:1f:93:ac:d6:52:be:74:
                    55:61:0b:9a:4c:81:47:1a:8f:57:d5:03:df:84:1c:
                    82:6d:8a:28:c0:9d:06:6c:17:50:91:b5:80:64:2d:
                    10:45:75:5b:70:5e:17:bc:88:96:4a:d0:d6:a8:bb:
                    16:4d:96:6e:14:0c:26:84:61:52:97:c3:ab:8e:1c:
                    41:67:36:9a:55:b8:e8:ee:25:f9:7c:5d:20:1d:75:
                    db:60:d7:ee:5c:b1:46:51:d1:cb:95:28:3c:dd:4f:
                    9d:5b:54:5e:96:ce:0c:af:23:e1:3e:bd:59:28:e2:
                    d2:4d:98:8d:ad:42:b1:12:06:53:88:05:87:c7:b0:
                    ab:7d:25:26:25:26:af:55:90:b9:ea:b4:ed:3a:6a:
                    e7:f5:ae:ab:e9:8e:47:e2:c2:c7:93:e6:eb:46:ef:
                    8a:3c:99:d6:9d:1c:99:7e:aa:03:31:66:94:58:95:
                    b0:b6:66:e0:eb:38:0f:87:60:da:f9:fb:d8:6d:24:
                    97:ce:2a:de:64:db:78:fb:14:78:e6:5d:d9:74:c0:
                    9f:a2:74:89:51:84:bb:c5:51:80:dd:69:74:0d:b1:
                    ff:6b:44:17:f0:f8:e1:fd:9a:f4:db:3f:27:dc:f2:
                    78:b9:4c:24:eb:1e:55:e2:ed:e1:ba:b2:b7:c8:c0:
                    b0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DC:0F:FD:DA:F4:86:E8:2D:F3:73:12:67:7B:A8:95:5E:C2:17:29
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9NwP_dr0hugt83MSZ3uolV7CFyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.236.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:72:f2:b3:67:0c:ff:5a:dc:9f:26:b1:62:06:37:4c:38:40:
         a0:58:62:b9:1b:73:e4:cc:3f:61:7a:53:1b:bd:52:e0:83:54:
         12:bd:3c:ac:05:2d:46:9c:cd:47:5c:35:2a:8e:a9:81:dc:f7:
         2b:d8:a0:eb:25:f5:90:8b:7c:c8:72:73:73:cf:6d:1d:0b:cd:
         1f:e4:5a:0f:e2:45:47:4b:0c:cb:71:13:49:d6:7b:e4:67:68:
         19:9d:61:eb:f0:d5:58:e7:5e:53:bf:d7:b5:fc:a7:1d:e8:fe:
         6b:79:1e:64:dd:2f:39:81:99:70:e5:fd:52:c0:32:42:86:6c:
         5f:c6:9a:9d:6a:3d:2e:c1:f1:b5:03:ff:09:ec:b8:0d:e2:ab:
         36:96:fd:2e:35:29:69:61:22:50:07:53:ce:87:a9:23:d2:d8:
         1d:c2:71:3e:31:6d:0b:d5:19:5c:7c:78:56:71:4d:75:bb:f0:
         db:0f:eb:11:c3:07:52:96:37:f2:bc:54:f8:e2:07:a0:b3:b2:
         82:12:9a:c3:a7:57:8a:d1:8f:fb:a6:ff:8a:27:62:d9:4e:d4:
         3d:0c:5b:2d:6c:50:1a:d4:88:25:ca:24:fa:9b:ac:41:c1:65:
         d2:81:89:f5:06:e8:00:70:14:28:e1:0c:67:2d:be:25:cf:82:
         5b:75:a0:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuUsMFhUaQlAEDJ43CBlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGRjMGZmZGRhZjQ4NmU4MmRmMzczMTI2NzdiYTg5NTVlYzIxNzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgIDOql2ayR+TrNZSvnRVYQuaTIFH
Go9X1QPfhByCbYoowJ0GbBdQkbWAZC0QRXVbcF4XvIiWStDWqLsWTZZuFAwmhGFS
l8OrjhxBZzaaVbjo7iX5fF0gHXXbYNfuXLFGUdHLlSg83U+dW1Rels4MryPhPr1Z
KOLSTZiNrUKxEgZTiAWHx7CrfSUmJSavVZC56rTtOmrn9a6r6Y5H4sLHk+brRu+K
PJnWnRyZfqoDMWaUWJWwtmbg6zgPh2Da+fvYbSSXzireZNt4+xR45l3ZdMCfonSJ
UYS7xVGA3Wl0DbH/a0QX8Pjh/Zr02z8n3PJ4uUwk6x5V4u3hurK3yMCwDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTcD/3a9IboLfNzEmd7qJVewhcpMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvOU53UF9kcjBodWd0ODNNU1ozdW9sVjdDRnlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+wfMA0G
CSqGSIb3DQEBCwUAA4IBAQDAcvKzZwz/WtyfJrFiBjdMOECgWGK5G3PkzD9helMb
vVLgg1QSvTysBS1GnM1HXDUqjqmB3Pcr2KDrJfWQi3zIcnNzz20dC80f5FoP4kVH
SwzLcRNJ1nvkZ2gZnWHr8NVY515Tv9e1/Kcd6P5reR5k3S85gZlw5f1SwDJChmxf
xpqdaj0uwfG1A/8J7LgN4qs2lv0uNSlpYSJQB1POh6kj0tgdwnE+MW0L1RlcfHhW
cU11u/DbD+sRwwdSljfyvFT44gegs7KCEprDp1eK0Y/7pv+KJ2LZTtQ9DFstbFAa
1IglyiT6m6xBwWXSgYn1BugAcBQo4QxnLb4lz4JbdaB8
-----END CERTIFICATE-----