Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/NNM1OoWdDckG6I9Nycysye0Kxwk.roa
File:                     NNM1OoWdDckG6I9Nycysye0Kxwk.roa (raw, json)
Hash identifier:          D81LqgFd2YKBtVmXRrTSFTbh7+atUAzQlW4BQa5RkKU=
Subject key identifier:   34:D3:35:3A:85:9D:0D:C9:06:E8:8F:4D:C9:CC:AC:C9:ED:0A:C7:09
Certificate issuer:       /CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
Certificate serial:       0192E2B4530E79EC6D33947E8DAC28105B39
Authority key identifier: 08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/NNM1OoWdDckG6I9Nycysye0Kxwk.roa
Signing time:             Thu 31 Oct 2024 13:12:01 +0000
ROA not before:           Thu 31 Oct 2024 13:12:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207239
IP address blocks:        195.64.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e2:b4:53:0e:79:ec:6d:33:94:7e:8d:ac:28:10:5b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0802b95ce6239d526c35ae7a8e2ceb48aeb82b5f
        Validity
            Not Before: Oct 31 13:12:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34d3353a859d0dc906e88f4dc9ccacc9ed0ac709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ea:f1:70:27:64:a1:0c:a9:0c:56:d5:ac:d6:
                    d7:50:45:81:99:39:d0:e8:89:6e:73:49:bf:93:1f:
                    34:7e:4a:81:8a:78:17:c7:7e:cc:32:3b:74:d3:a5:
                    88:7f:91:0f:4d:f3:b7:a1:31:4d:08:35:94:ad:e2:
                    9d:a9:25:14:3f:f8:01:80:93:42:02:86:bb:94:a9:
                    3d:2a:61:71:94:ae:9e:14:65:d3:8c:5e:b3:39:d5:
                    40:a9:95:47:ae:3c:c5:9c:f3:46:17:49:4d:c8:2c:
                    3c:15:9d:65:67:4c:1a:05:00:eb:2f:dc:f3:4a:ab:
                    11:90:40:b1:dc:d9:a3:13:90:6c:30:ca:c4:bc:d8:
                    c4:97:3c:41:00:15:6c:e8:2f:61:fb:60:af:fa:21:
                    26:e3:68:9f:9a:5d:88:51:24:55:65:6e:ef:00:24:
                    cc:2a:ed:60:0b:a0:77:2c:b5:dd:c1:ce:94:23:d3:
                    5f:49:ba:d0:25:98:dd:c4:92:f8:6e:6d:2c:4b:b4:
                    b1:75:af:06:97:41:ed:8c:49:da:29:a6:0f:12:f8:
                    10:52:63:8f:92:44:37:6b:ab:ad:3e:2b:22:f0:34:
                    e4:ed:5d:20:93:e0:e9:b8:71:d3:b4:2b:b5:3d:ce:
                    27:4b:0a:d8:80:74:f6:09:cd:c7:62:64:83:68:1d:
                    64:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D3:35:3A:85:9D:0D:C9:06:E8:8F:4D:C9:CC:AC:C9:ED:0A:C7:09
            X509v3 Authority Key Identifier:
                keyid:08:02:B9:5C:E6:23:9D:52:6C:35:AE:7A:8E:2C:EB:48:AE:B8:2B:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CAK5XOYjnVJsNa56jizrSK64K18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/NNM1OoWdDckG6I9Nycysye0Kxwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/10e965-7409-44d8-9502-cf0aa3ecad28/1/CAK5XOYjnVJsNa56jizrSK64K18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:d2:a0:04:de:5b:a0:ec:3b:f3:34:f1:e1:e0:c0:f6:f9:8b:
         ce:fe:7b:c8:81:e4:4d:19:ad:1e:77:b0:a2:3f:6d:b2:dd:ef:
         f6:3a:88:25:f5:e5:09:f4:9f:8d:49:dc:4b:d9:eb:23:9c:77:
         9b:04:91:19:4a:e3:d4:3d:4e:2c:b5:21:2c:12:d0:f8:51:78:
         38:47:a1:c7:bd:9e:1c:40:e2:c2:79:57:92:c4:94:86:a1:ba:
         c2:b6:04:0f:a8:85:41:27:a5:b8:a9:ca:35:9c:f9:f4:3b:e6:
         e1:76:90:6f:b3:ac:93:2f:28:ee:7d:b0:9c:cf:24:fd:e8:c2:
         d7:5f:76:72:f7:dd:b5:85:4d:76:94:b7:20:3a:3f:b7:39:d6:
         14:b5:03:d2:2b:f5:91:ed:1e:b4:43:61:96:47:d4:a7:42:4e:
         aa:c2:00:ce:b5:38:55:99:6b:76:44:b5:ae:d4:b4:26:ba:df:
         c5:92:62:7f:b1:f4:43:cd:1f:1a:8e:8f:da:c6:c2:39:71:5e:
         e1:70:85:f4:02:d3:86:b1:59:c7:68:95:cc:c0:4e:25:2d:9a:
         db:8e:40:46:57:75:ea:ce:da:4b:4a:8f:ec:76:32:28:f5:89:
         9f:b5:8d:da:4e:77:23:07:fd:46:dc:f8:23:36:49:e4:0d:4c:
         8b:8c:84:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLitFMOeextM5R+jawoEFs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MDJiOTVjZTYyMzlkNTI2YzM1YWU3YThlMmNlYjQ4YWVi
ODJiNWYwHhcNMjQxMDMxMTMxMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQzMzUzYTg1OWQwZGM5MDZlODhmNGRjOWNjYWNjOWVkMGFjNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAperxcCdkoQypDFbVrNbXUEWBmTnQ
6Iluc0m/kx80fkqBingXx37MMjt006WIf5EPTfO3oTFNCDWUreKdqSUUP/gBgJNC
Aoa7lKk9KmFxlK6eFGXTjF6zOdVAqZVHrjzFnPNGF0lNyCw8FZ1lZ0waBQDrL9zz
SqsRkECx3NmjE5BsMMrEvNjElzxBABVs6C9h+2Cv+iEm42ifml2IUSRVZW7vACTM
Ku1gC6B3LLXdwc6UI9NfSbrQJZjdxJL4bm0sS7Sxda8Gl0HtjEnaKaYPEvgQUmOP
kkQ3a6utPisi8DTk7V0gk+DpuHHTtCu1Pc4nSwrYgHT2Cc3HYmSDaB1kGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTTNTqFnQ3JBuiPTcnMrMntCscJMB8GA1UdIwQY
MBaAFAgCuVzmI51SbDWueo4s60iuuCtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDIt
Y2YwYWEzZWNhZDI4LzEvTk5NMU9vV2REY2tHNkk5TnljeXN5ZTBLeHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMGU5NjUtNzQwOS00NGQ4LTk1MDItY2YwYWEzZWNhZDI4
LzEvQ0FLNVhPWWpuVkpzTmE1NmppenJTSzY0SzE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0CMMA0G
CSqGSIb3DQEBCwUAA4IBAQA50qAE3lug7DvzNPHh4MD2+YvO/nvIgeRNGa0ed7Ci
P22y3e/2Oogl9eUJ9J+NSdxL2esjnHebBJEZSuPUPU4stSEsEtD4UXg4R6HHvZ4c
QOLCeVeSxJSGobrCtgQPqIVBJ6W4qco1nPn0O+bhdpBvs6yTLyjufbCczyT96MLX
X3Zy9921hU12lLcgOj+3OdYUtQPSK/WR7R60Q2GWR9SnQk6qwgDOtThVmWt2RLWu
1LQmut/FkmJ/sfRDzR8ajo/axsI5cV7hcIX0AtOGsVnHaJXMwE4lLZrbjkBGV3Xq
ztpLSo/sdjIo9YmftY3aTncjB/1G3PgjNknkDUyLjISK
-----END CERTIFICATE-----