Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/nQAJ5_gG2ZnxATScR019iU0nMAg.roa
File:                     nQAJ5_gG2ZnxATScR019iU0nMAg.roa (raw, json)
Hash identifier:          IU+QRAXwv0LsY36Gk1Kv4OdajUAJlJLnpSE2V1Px7+U=
Subject key identifier:   9D:00:09:E7:F8:06:D9:99:F1:01:34:9C:47:4D:7D:89:4D:27:30:08
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       018CC6B83544C0A7313D991960B7E9205F6C
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/nQAJ5_gG2ZnxATScR019iU0nMAg.roa
Signing time:             Mon 01 Jan 2024 20:30:10 +0000
ROA not before:           Mon 01 Jan 2024 20:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399641
IP address blocks:        193.160.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:35:44:c0:a7:31:3d:99:19:60:b7:e9:20:5f:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Jan  1 20:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d0009e7f806d999f101349c474d7d894d273008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:36:79:c0:1c:c7:ae:5b:b0:0b:61:1c:b8:e3:
                    6f:18:ab:07:2e:f0:71:c4:5d:90:cf:75:32:2b:8b:
                    5e:93:e6:55:1f:f6:79:9c:3c:c2:44:26:27:cc:a2:
                    b1:47:58:93:2b:e9:3d:e4:50:70:84:4a:ac:4b:24:
                    16:53:18:24:48:98:96:58:79:64:ae:14:cf:ea:dc:
                    c4:b5:49:da:05:f4:b4:40:40:bc:52:0a:e4:35:83:
                    9c:22:39:26:c4:79:fe:19:bf:c5:25:18:95:7c:97:
                    4b:2a:6a:1a:e4:d5:0d:b0:5a:c2:ac:6e:a4:c8:05:
                    c9:18:0e:22:d7:50:d9:6c:36:92:dd:40:64:f2:64:
                    b0:47:b1:42:88:88:53:ae:6b:b6:99:9a:e5:3f:00:
                    7f:9c:0c:10:02:75:b5:94:66:e7:28:72:24:de:bf:
                    d3:64:a8:af:93:90:28:1f:9d:b2:a4:e9:99:b9:dc:
                    46:32:af:8d:fb:b1:9f:fe:06:ea:1f:b9:49:51:57:
                    28:d6:84:c3:b6:86:89:4e:aa:c4:1d:97:8d:a1:74:
                    08:fa:b0:64:75:17:a6:48:ea:34:a2:c6:4a:74:9c:
                    ed:fc:d1:0f:ba:89:10:51:21:55:04:2e:d6:90:cc:
                    5f:2a:40:32:7d:e6:bb:77:ed:50:00:e3:ad:fd:72:
                    8c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:00:09:E7:F8:06:D9:99:F1:01:34:9C:47:4D:7D:89:4D:27:30:08
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/nQAJ5_gG2ZnxATScR019iU0nMAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:2b:c0:0c:cb:97:4f:77:94:97:a7:4b:b9:e2:88:49:9c:fc:
         5d:a8:fb:67:a3:da:4c:a8:67:44:fe:18:26:6b:18:ac:f8:6a:
         f8:ac:18:90:3f:c9:96:9e:ea:03:87:09:f4:bd:9a:4d:f4:d7:
         0c:10:0c:64:be:a3:7d:54:f7:fc:b1:9b:63:a5:4c:fe:1b:52:
         9f:e9:fc:d4:a8:5e:74:35:17:72:9d:fc:bd:65:04:6b:75:f4:
         49:90:30:9e:c7:a9:fc:23:fc:35:6f:08:37:9d:a9:f7:cb:6c:
         da:79:74:45:e1:f3:87:ad:9b:1c:00:11:fd:e2:85:38:50:b7:
         b1:07:4e:32:b6:66:75:c5:a2:e1:d5:63:da:da:9f:25:fe:9d:
         3a:80:12:29:85:92:aa:fc:bf:5a:6d:3a:d5:39:33:a3:32:5f:
         75:12:ba:d1:26:49:6d:a2:fa:97:0d:b1:a6:2c:aa:1d:58:95:
         78:6d:7e:94:db:4e:17:0b:d1:83:9f:7a:bc:ce:e4:40:94:9d:
         65:b6:9b:aa:75:47:40:5d:78:e8:43:e9:4a:ae:9f:d6:54:60:
         b0:0c:a4:47:b2:1d:c9:ca:72:34:1c:67:42:fd:00:31:14:6a:
         50:4b:4e:e1:80:1a:74:4a:eb:81:2d:c0:6c:74:7a:a4:a5:96:
         d1:a6:cf:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuDVEwKcxPZkZYLfpIF9sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjQwMTAxMjAzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDAwMDllN2Y4MDZkOTk5ZjEwMTM0OWM0NzRkN2Q4OTRkMjczMDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDZ5wBzHrluwC2EcuONvGKsHLvBx
xF2Qz3UyK4tek+ZVH/Z5nDzCRCYnzKKxR1iTK+k95FBwhEqsSyQWUxgkSJiWWHlk
rhTP6tzEtUnaBfS0QEC8UgrkNYOcIjkmxHn+Gb/FJRiVfJdLKmoa5NUNsFrCrG6k
yAXJGA4i11DZbDaS3UBk8mSwR7FCiIhTrmu2mZrlPwB/nAwQAnW1lGbnKHIk3r/T
ZKivk5AoH52ypOmZudxGMq+N+7Gf/gbqH7lJUVco1oTDtoaJTqrEHZeNoXQI+rBk
dRemSOo0osZKdJzt/NEPuokQUSFVBC7WkMxfKkAyfea7d+1QAOOt/XKMwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0ACef4BtmZ8QE0nEdNfYlNJzAIMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvblFBSjVfZ0cyWm54QVRTY1IwMTlpVTBuTUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAIMA0G
CSqGSIb3DQEBCwUAA4IBAQAOK8AMy5dPd5SXp0u54ohJnPxdqPtno9pMqGdE/hgm
axis+Gr4rBiQP8mWnuoDhwn0vZpN9NcMEAxkvqN9VPf8sZtjpUz+G1Kf6fzUqF50
NRdynfy9ZQRrdfRJkDCex6n8I/w1bwg3nan3y2zaeXRF4fOHrZscABH94oU4ULex
B04ytmZ1xaLh1WPa2p8l/p06gBIphZKq/L9abTrVOTOjMl91ErrRJkltovqXDbGm
LKodWJV4bX6U204XC9GDn3q8zuRAlJ1ltpuqdUdAXXjoQ+lKrp/WVGCwDKRHsh3J
ynI0HGdC/QAxFGpQS07hgBp0SuuBLcBsdHqkpZbRps8q
-----END CERTIFICATE-----