Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ng9AnJo5kyQLrlvhn3AQ6nUONuA.roa
File:                     ng9AnJo5kyQLrlvhn3AQ6nUONuA.roa (raw, json)
Hash identifier:          Qh8BrvE1LZl1UUDLbih7OaNSA+IihFOc1qkoHGIJC2c=
Subject key identifier:   9E:0F:40:9C:9A:39:93:24:0B:AE:5B:E1:9F:70:10:EA:75:0E:36:E0
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018CC64AEAF7139B3A808A688FEA046D4771
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ng9AnJo5kyQLrlvhn3AQ6nUONuA.roa
Signing time:             Mon 01 Jan 2024 18:30:47 +0000
ROA not before:           Mon 01 Jan 2024 18:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48571
IP address blocks:        81.181.168.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:ea:f7:13:9b:3a:80:8a:68:8f:ea:04:6d:47:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 18:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e0f409c9a3993240bae5be19f7010ea750e36e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:6d:54:e4:d5:5e:a5:9a:79:c0:26:88:35:54:
                    81:2d:c4:f8:4b:9b:42:81:4d:0b:a1:9e:a0:c1:26:
                    17:e0:34:bf:69:06:0c:f7:49:70:40:bc:b9:da:3e:
                    e4:39:d9:22:46:12:21:1a:af:a1:64:19:15:8e:82:
                    60:e2:cc:ad:94:fc:bd:bf:34:4f:0c:50:9f:de:8e:
                    66:9b:4e:b3:46:3e:35:0e:42:fa:0c:73:27:ba:38:
                    51:c5:fa:c7:8d:5b:5c:f0:e4:fa:1c:e7:c8:0a:65:
                    95:00:fc:51:7e:5c:2f:0c:5f:24:7d:e9:4d:1b:20:
                    b4:dc:d0:35:a7:0e:c1:5e:4d:49:4a:7a:ca:8d:6a:
                    a4:ae:77:ea:2b:07:85:fb:33:5b:8f:84:b5:8f:5a:
                    89:40:5d:bc:38:b7:47:d8:8a:7e:60:5f:f0:e8:a0:
                    e5:35:24:0a:86:d0:39:bd:15:f6:64:44:b2:05:f7:
                    c8:2b:e7:62:80:de:dd:45:13:8d:33:a0:b9:0a:49:
                    fb:58:b3:73:b2:72:84:6f:19:60:0a:37:fb:84:81:
                    86:9f:c2:a9:5d:96:4f:00:0f:0e:20:73:08:b0:81:
                    e2:56:c6:98:54:72:ed:0c:f8:c3:68:45:25:61:99:
                    98:74:86:36:a8:0f:86:9e:9e:97:8c:70:e1:87:7d:
                    4c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:0F:40:9C:9A:39:93:24:0B:AE:5B:E1:9F:70:10:EA:75:0E:36:E0
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/ng9AnJo5kyQLrlvhn3AQ6nUONuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.181.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2e:e4:0c:4b:fa:df:8f:7f:3a:39:91:39:41:aa:3c:f0:12:a5:
         d1:0d:61:03:8e:42:d3:85:71:ee:e4:76:7f:ab:46:25:bd:fb:
         fe:57:d9:5c:31:fa:b0:2c:0a:92:4b:ab:a7:a4:4f:31:ba:3c:
         56:a1:98:9a:38:ad:6f:5e:a2:37:9f:37:fc:2f:0f:e4:62:67:
         f6:1a:be:bf:6b:3b:eb:8d:19:f7:fa:c8:a3:61:f1:73:a0:c1:
         c2:13:a9:ac:d1:81:05:28:00:95:ab:b3:49:6d:1b:fe:ba:e2:
         cb:20:9d:60:ea:ef:ae:ef:a8:4c:11:7f:6a:66:e0:04:6b:ae:
         b0:6a:18:c7:51:dd:4b:db:d1:10:9c:e5:da:8d:90:23:0e:92:
         7c:f5:32:f9:5f:67:d1:ae:79:2b:9f:44:51:d1:3c:bd:70:11:
         43:2b:0a:ff:aa:82:77:a6:c8:1a:56:08:1e:42:7a:61:65:06:
         f1:eb:bf:8e:e6:fb:2f:e5:53:be:3a:56:c8:22:4e:c7:2d:9f:
         27:dc:be:ee:dc:80:87:b4:19:db:6e:18:f8:0c:c2:23:14:9e:
         29:85:5d:4c:0e:04:0c:7e:cc:1d:b6:16:fb:ea:d0:86:37:29:
         c8:f0:18:1b:b7:f0:03:12:10:1f:cf:bc:46:e3:ec:05:88:3f:
         e7:3f:81:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSur3E5s6gIpoj+oEbUdxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMTAxMTgzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTBmNDA5YzlhMzk5MzI0MGJhZTViZTE5ZjcwMTBlYTc1MGUzNmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg21U5NVepZp5wCaINVSBLcT4S5tC
gU0LoZ6gwSYX4DS/aQYM90lwQLy52j7kOdkiRhIhGq+hZBkVjoJg4sytlPy9vzRP
DFCf3o5mm06zRj41DkL6DHMnujhRxfrHjVtc8OT6HOfICmWVAPxRflwvDF8kfelN
GyC03NA1pw7BXk1JSnrKjWqkrnfqKweF+zNbj4S1j1qJQF28OLdH2Ip+YF/w6KDl
NSQKhtA5vRX2ZESyBffIK+digN7dRRONM6C5Ckn7WLNzsnKEbxlgCjf7hIGGn8Kp
XZZPAA8OIHMIsIHiVsaYVHLtDPjDaEUlYZmYdIY2qA+Gnp6XjHDhh31MbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4PQJyaOZMkC65b4Z9wEOp1DjbgMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvbmc5QW5KbzVreVFMcmx2aG4zQVE2blVPTnVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUbWoMA0G
CSqGSIb3DQEBCwUAA4IBAQAu5AxL+t+Pfzo5kTlBqjzwEqXRDWEDjkLThXHu5HZ/
q0Ylvfv+V9lcMfqwLAqSS6unpE8xujxWoZiaOK1vXqI3nzf8Lw/kYmf2Gr6/azvr
jRn3+sijYfFzoMHCE6ms0YEFKACVq7NJbRv+uuLLIJ1g6u+u76hMEX9qZuAEa66w
ahjHUd1L29EQnOXajZAjDpJ89TL5X2fRrnkrn0RR0Ty9cBFDKwr/qoJ3psgaVgge
QnphZQbx67+O5vsv5VO+OlbIIk7HLZ8n3L7u3ICHtBnbbhj4DMIjFJ4phV1MDgQM
fswdthb76tCGNynI8Bgbt/ADEhAfz7xG4+wFiD/nP4Ee
-----END CERTIFICATE-----