Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/nbiagLn-a9y1x4zyQu5TPn_FYSM.roa
File:                     nbiagLn-a9y1x4zyQu5TPn_FYSM.roa (raw, json)
Hash identifier:          jOr+1aMP8vug9/ihSygsQYVz+FJPeGjEJnShzVdeH78=
Subject key identifier:   9D:B8:9A:80:B9:FE:6B:DC:B5:C7:8C:F2:42:EE:53:3E:7F:C5:61:23
Certificate issuer:       /CN=a2cbe9aba1ff7564d913ed78672e3371b7f35824
Certificate serial:       018CC2DAD598125125477038D8E20E5D3677
Authority key identifier: A2:CB:E9:AB:A1:FF:75:64:D9:13:ED:78:67:2E:33:71:B7:F3:58:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/osvpq6H_dWTZE-14Zy4zcbfzWCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/nbiagLn-a9y1x4zyQu5TPn_FYSM.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39741
IP address blocks:        31.25.240.0/21 maxlen: 24
                          185.234.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/osvpq6H_dWTZE-14Zy4zcbfzWCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/osvpq6H_dWTZE-14Zy4zcbfzWCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/osvpq6H_dWTZE-14Zy4zcbfzWCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d5:98:12:51:25:47:70:38:d8:e2:0e:5d:36:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2cbe9aba1ff7564d913ed78672e3371b7f35824
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9db89a80b9fe6bdcb5c78cf242ee533e7fc56123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:25:38:9b:64:7b:e3:0c:02:81:71:06:50:1a:
                    bc:55:91:88:ce:c5:08:56:6f:6e:d5:f3:a3:0d:e9:
                    b9:71:a5:d3:c1:a5:0a:14:02:5b:e7:55:64:df:b8:
                    97:a0:d1:e6:ec:b4:60:a9:e4:55:c6:b1:2c:f2:60:
                    cf:a9:b6:37:f1:2e:7a:29:7c:d4:54:3b:5f:ec:d2:
                    39:2d:26:7c:59:cc:f8:a9:6b:14:9d:b5:7c:bd:ff:
                    97:a2:bb:19:d1:6d:59:70:8d:eb:3c:3c:c4:4e:5d:
                    a0:de:2f:ba:68:78:06:96:d8:ae:3e:8b:30:3f:4d:
                    11:74:c8:42:05:32:b3:8a:0a:94:72:11:bd:4a:58:
                    f1:86:e1:b0:4c:49:0a:3f:27:30:70:0f:f1:df:dd:
                    02:7b:7b:86:49:04:a4:3a:f7:29:e1:81:e3:12:be:
                    9c:8e:82:7f:9d:b4:c5:80:da:66:e3:e3:81:6f:50:
                    68:94:44:76:c4:89:8b:e2:07:6a:62:cb:cc:fe:c9:
                    09:5a:e1:1a:79:2a:31:15:c1:7a:53:41:9f:63:06:
                    a6:4b:5d:63:ee:30:61:74:6a:ca:9d:33:5a:c0:04:
                    68:b8:53:86:4e:00:20:0d:6e:24:11:cc:2c:39:3f:
                    0b:fd:2f:8f:5d:54:94:34:66:9a:b7:82:14:c3:ee:
                    0f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:B8:9A:80:B9:FE:6B:DC:B5:C7:8C:F2:42:EE:53:3E:7F:C5:61:23
            X509v3 Authority Key Identifier:
                keyid:A2:CB:E9:AB:A1:FF:75:64:D9:13:ED:78:67:2E:33:71:B7:F3:58:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/osvpq6H_dWTZE-14Zy4zcbfzWCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/nbiagLn-a9y1x4zyQu5TPn_FYSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/408e83-530d-4462-b1c9-df324c4c6eed/1/osvpq6H_dWTZE-14Zy4zcbfzWCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.25.240.0/21
                  185.234.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:99:8a:a8:10:d0:b8:a7:b0:5d:37:e8:54:40:40:8a:fc:a8:
         b1:29:17:42:2d:5a:6d:91:a2:72:bc:90:23:b6:73:c7:3e:7f:
         3e:3f:eb:f8:3e:2d:9b:f4:c9:3e:cd:21:2f:7f:49:50:54:4d:
         52:38:70:5e:a1:94:45:de:07:e4:22:bf:29:94:b6:0c:aa:30:
         5a:90:dc:7e:b7:c2:40:e5:bc:51:92:7e:c6:87:f1:42:e1:3e:
         40:f4:da:68:31:50:8f:de:a0:38:ec:e2:96:de:b0:db:02:f2:
         f7:a1:83:1e:bd:b8:eb:56:51:1c:62:59:61:e2:58:bc:19:88:
         dd:c9:32:83:b5:9a:8b:f8:ee:d8:da:86:1a:04:03:67:75:ed:
         73:d1:68:57:c6:b1:f4:27:f4:40:42:30:97:45:a3:04:9a:cb:
         ad:35:55:e8:80:99:0b:91:f1:88:96:c7:9c:c1:67:93:bb:b0:
         82:07:74:d1:65:f2:0d:26:25:da:48:68:8a:b4:bb:3e:07:4b:
         2a:a6:9d:90:ec:11:84:ac:35:0b:2c:89:8c:e7:b3:3d:9c:44:
         3b:a6:92:c8:7a:f9:10:7d:ff:5c:96:2d:dd:37:fe:08:b3:65:
         d5:0d:5b:4d:60:69:21:1c:95:be:e9:58:9e:26:0f:ab:85:08:
         63:f8:a8:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2tWYElElR3A42OIOXTZ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyY2JlOWFiYTFmZjc1NjRkOTEzZWQ3ODY3MmUzMzcxYjdm
MzU4MjQwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGI4OWE4MGI5ZmU2YmRjYjVjNzhjZjI0MmVlNTMzZTdmYzU2MTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyU4m2R74wwCgXEGUBq8VZGIzsUI
Vm9u1fOjDem5caXTwaUKFAJb51Vk37iXoNHm7LRgqeRVxrEs8mDPqbY38S56KXzU
VDtf7NI5LSZ8Wcz4qWsUnbV8vf+XorsZ0W1ZcI3rPDzETl2g3i+6aHgGltiuPosw
P00RdMhCBTKzigqUchG9SljxhuGwTEkKPycwcA/x390Ce3uGSQSkOvcp4YHjEr6c
joJ/nbTFgNpm4+OBb1BolER2xImL4gdqYsvM/skJWuEaeSoxFcF6U0GfYwamS11j
7jBhdGrKnTNawARouFOGTgAgDW4kEcwsOT8L/S+PXVSUNGaat4IUw+4PaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ24moC5/mvctceM8kLuUz5/xWEjMB8GA1UdIwQY
MBaAFKLL6auh/3Vk2RPteGcuM3G381gkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3N2cHE2SF9kV1RaRS0xNFp5NHpjYmZ6V0NRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS80MDhlODMtNTMwZC00NDYyLWIxYzkt
ZGYzMjRjNGM2ZWVkLzEvbmJpYWdMbi1hOXkxeDR6eVF1NVRQbl9GWVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS80MDhlODMtNTMwZC00NDYyLWIxYzktZGYzMjRjNGM2ZWVk
LzEvb3N2cHE2SF9kV1RaRS0xNFp5NHpjYmZ6V0NRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDHxnwAwQA
uep0MA0GCSqGSIb3DQEBCwUAA4IBAQA7mYqoENC4p7BdN+hUQECK/KixKRdCLVpt
kaJyvJAjtnPHPn8+P+v4Pi2b9Mk+zSEvf0lQVE1SOHBeoZRF3gfkIr8plLYMqjBa
kNx+t8JA5bxRkn7Gh/FC4T5A9NpoMVCP3qA47OKW3rDbAvL3oYMevbjrVlEcYllh
4li8GYjdyTKDtZqL+O7Y2oYaBANnde1z0WhXxrH0J/RAQjCXRaMEmsutNVXogJkL
kfGIlsecwWeTu7CCB3TRZfINJiXaSGiKtLs+B0sqpp2Q7BGErDULLImM57M9nEQ7
ppLIevkQff9cli3dN/4Is2XVDVtNYGkhHJW+6VieJg+rhQhj+KhK
-----END CERTIFICATE-----