Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/nZ4x3dD2p2Mzj3DNydHJimshhB0.roa
File:                     nZ4x3dD2p2Mzj3DNydHJimshhB0.roa (raw, json)
Hash identifier:          Ub4bKvy2OWfcPVv/F2Ps4LOgzaSjGt21gQDw/GQEwgU=
Subject key identifier:   9D:9E:31:DD:D0:F6:A7:63:33:8F:70:CD:C9:D1:C9:8A:6B:21:84:1D
Certificate issuer:       /CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Certificate serial:       018CC9BC503347A3CAE51D9535E5A025995F
Authority key identifier: 9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/nZ4x3dD2p2Mzj3DNydHJimshhB0.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35614
IP address blocks:        94.124.166.0/24 maxlen: 24
                          2a0c:29c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:50:33:47:a3:ca:e5:1d:95:35:e5:a0:25:99:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ff1503210fe06ed35490b0231dbdb5967e12987
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d9e31ddd0f6a763338f70cdc9d1c98a6b21841d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:03:c3:3a:7a:0d:b5:54:96:6a:b0:5d:33:8a:
                    aa:c8:cd:20:b8:d4:17:d8:7f:76:2b:e7:72:fd:f6:
                    9e:90:80:c4:09:22:0a:87:84:c3:3a:dd:73:84:4f:
                    bd:02:12:d3:99:0a:58:8b:1d:4e:c9:85:f2:b5:55:
                    49:0e:5e:0e:0c:31:38:13:a6:b0:f1:54:42:30:fb:
                    26:32:6e:22:a4:a5:9b:20:46:7a:32:4a:dd:c0:d6:
                    cd:89:d2:e7:26:b7:77:99:21:d2:2b:b6:3f:7e:5a:
                    79:38:2e:2b:5d:37:02:a2:7d:bb:f0:f1:9d:32:7a:
                    77:d6:bf:f2:66:3c:a6:61:07:d6:e2:71:6f:37:bc:
                    7c:2a:ca:15:fd:f3:2b:09:a5:f3:c9:87:4f:6a:4e:
                    9e:45:d9:8c:75:b9:eb:06:c6:3c:db:3b:17:00:4c:
                    d9:e5:e5:76:4e:e2:72:18:29:83:94:45:d2:e2:15:
                    cc:f9:c3:97:37:cb:07:1c:43:e9:dc:3c:5e:f2:44:
                    22:6d:9b:ca:0e:9a:36:61:be:2e:32:10:5b:aa:29:
                    46:df:1d:53:e0:2b:7a:f3:c7:ac:64:be:b8:ab:2c:
                    e2:c8:bb:e3:ff:9a:66:61:31:7d:b7:5b:65:fd:32:
                    c6:49:29:63:be:d9:97:dd:43:f8:82:5b:0a:8e:e3:
                    b9:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:9E:31:DD:D0:F6:A7:63:33:8F:70:CD:C9:D1:C9:8A:6B:21:84:1D
            X509v3 Authority Key Identifier:
                keyid:9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/nZ4x3dD2p2Mzj3DNydHJimshhB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.166.0/24
                IPv6:
                  2a0c:29c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:57:ac:61:44:ac:f1:3a:9d:76:52:8c:0b:31:1c:12:e9:63:
         b1:be:0c:3a:af:a0:73:36:6e:b3:6a:52:77:80:27:99:a9:0a:
         63:3d:bd:23:95:8b:a5:9b:d8:82:ad:8d:c0:d9:e5:d5:e1:ce:
         31:d0:37:74:07:ee:ce:19:43:60:b7:c0:2f:46:c3:40:26:d6:
         a7:99:11:bf:5f:be:e6:05:68:6e:25:25:e6:0f:27:93:42:ed:
         7b:03:4b:e5:b9:96:32:f5:19:2c:43:56:f4:e6:23:ce:7f:ed:
         42:04:66:e5:a4:89:49:48:c9:1f:c4:b2:b4:97:ee:8c:d1:07:
         36:24:4a:ba:7b:a5:88:f6:5b:c7:d8:86:10:f0:47:56:1a:a3:
         1a:4b:b2:60:33:0d:ad:01:d5:64:fb:39:c3:ac:5a:ff:8b:39:
         e0:0e:ec:a3:26:12:87:2c:b8:ea:30:60:01:12:de:f1:0e:dc:
         3d:99:ab:62:db:05:92:ee:50:dc:fb:1a:cc:78:71:69:f8:59:
         c3:d0:e2:17:56:a6:d2:a8:ce:38:49:00:14:c0:29:2a:bf:ce:
         c4:7e:b9:a5:ea:5b:db:ae:4f:98:15:26:9a:9c:bd:5c:51:44:
         de:9d:fe:e6:53:8c:27:51:dd:3e:f0:0a:a0:29:a1:d3:bf:4f:
         13:82:b7:52
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvFAzR6PK5R2VNeWgJZlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZjE1MDMyMTBmZTA2ZWQzNTQ5MGIwMjMxZGJkYjU5Njdl
MTI5ODcwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDllMzFkZGQwZjZhNzYzMzM4ZjcwY2RjOWQxYzk4YTZiMjE4NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAPDOnoNtVSWarBdM4qqyM0guNQX
2H92K+dy/faekIDECSIKh4TDOt1zhE+9AhLTmQpYix1OyYXytVVJDl4ODDE4E6aw
8VRCMPsmMm4ipKWbIEZ6MkrdwNbNidLnJrd3mSHSK7Y/flp5OC4rXTcCon278PGd
Mnp31r/yZjymYQfW4nFvN7x8KsoV/fMrCaXzyYdPak6eRdmMdbnrBsY82zsXAEzZ
5eV2TuJyGCmDlEXS4hXM+cOXN8sHHEPp3Dxe8kQibZvKDpo2Yb4uMhBbqilG3x1T
4Ct688esZL64qyziyLvj/5pmYTF9t1tl/TLGSSljvtmX3UP4glsKjuO5SQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ2eMd3Q9qdjM49wzcnRyYprIYQdMB8GA1UdIwQY
MBaAFJ/xUDIQ/gbtNUkLAjHb21ln4SmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAt
NDYzMjJlMDJmMDhkLzEvblo0eDNkRDJwMk16ajNETnlkSEppbXNoaEIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAtNDYzMjJlMDJmMDhk
LzEvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXnymMA0E
AgACMAcDBQAqDCnAMA0GCSqGSIb3DQEBCwUAA4IBAQBXV6xhRKzxOp12UowLMRwS
6WOxvgw6r6BzNm6zalJ3gCeZqQpjPb0jlYulm9iCrY3A2eXV4c4x0Dd0B+7OGUNg
t8AvRsNAJtanmRG/X77mBWhuJSXmDyeTQu17A0vluZYy9RksQ1b05iPOf+1CBGbl
pIlJSMkfxLK0l+6M0Qc2JEq6e6WI9lvH2IYQ8EdWGqMaS7JgMw2tAdVk+znDrFr/
izngDuyjJhKHLLjqMGABEt7xDtw9mati2wWS7lDc+xrMeHFp+FnD0OIXVqbSqM44
SQAUwCkqv87Efrml6lvbrk+YFSaanL1cUUTenf7mU4wnUd0+8AqgKaHTv08TgrdS
-----END CERTIFICATE-----