Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3NoyuRZuk6asfCLqYSlXSDGTFIs.roa
File:                     3NoyuRZuk6asfCLqYSlXSDGTFIs.roa (raw, json)
Hash identifier:          KG7MXR5H+OfYpC0EwKG+yuo8wLdqSzVmiSV7wPNTvO0=
Subject key identifier:   DC:DA:32:B9:16:6E:93:A6:AC:7C:22:EA:61:29:57:48:31:93:14:8B
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018E5D3828CA5280BB11AB3E71AFF376DA48
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3NoyuRZuk6asfCLqYSlXSDGTFIs.roa
Signing time:             Wed 20 Mar 2024 18:55:45 +0000
ROA not before:           Wed 20 Mar 2024 18:55:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207506
IP address blocks:        194.15.54.0/24 maxlen: 24
                          194.242.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5d:38:28:ca:52:80:bb:11:ab:3e:71:af:f3:76:da:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Mar 20 18:55:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcda32b9166e93a6ac7c22ea612957483193148b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:28:52:4b:b6:0b:1e:ba:0c:e3:07:ab:9a:fe:
                    95:f6:3b:29:75:bd:0f:71:94:89:67:cd:c4:81:40:
                    6e:14:1c:81:63:20:37:bc:cb:db:60:09:a5:ee:a0:
                    4a:72:a2:c9:05:f5:b5:c8:dc:6c:7b:86:f0:ab:23:
                    2b:06:55:77:3f:03:60:76:d9:bb:45:16:74:8d:57:
                    7e:35:59:93:90:b9:cb:52:77:90:31:35:4d:55:37:
                    f7:04:22:31:28:47:d4:a2:5a:53:77:f4:81:ac:59:
                    c3:c6:51:a3:d9:ad:49:83:44:16:10:ec:32:62:c6:
                    b0:1a:45:f9:f0:83:19:05:ed:ce:5d:dd:77:93:4d:
                    6c:8d:a4:80:73:cb:be:0f:0d:74:a9:96:34:04:53:
                    5f:d5:66:5f:86:8a:af:40:cc:32:20:cf:4d:1f:f9:
                    4f:0e:ef:24:8f:61:35:65:e4:9e:9a:a5:09:85:80:
                    38:a1:97:67:eb:4c:d0:4f:2a:b3:57:b0:0c:9b:66:
                    69:c9:e2:5d:bb:b1:3c:72:fd:24:72:bd:8e:e2:7a:
                    d9:d0:f7:03:9d:2c:3a:16:10:59:31:2a:ad:29:6e:
                    95:75:6b:a8:5c:91:52:c8:64:46:38:c2:fd:a9:e9:
                    d6:35:8e:b8:a3:20:bf:56:62:f0:49:53:11:1a:01:
                    f1:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:DA:32:B9:16:6E:93:A6:AC:7C:22:EA:61:29:57:48:31:93:14:8B
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3NoyuRZuk6asfCLqYSlXSDGTFIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.54.0/24
                  194.242.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:1c:1a:41:66:42:a3:4a:2c:b5:4e:8f:b4:58:54:72:b3:51:
         a5:bc:f3:e9:28:77:e0:b4:e1:dd:b5:b7:83:55:fd:2d:a9:18:
         4e:69:ce:03:0e:41:c6:4d:94:97:a5:bf:96:19:33:20:97:70:
         a2:d3:ac:2d:cc:a7:6d:25:1f:1f:d2:a5:2c:70:aa:9a:40:56:
         ee:1f:5e:3d:fd:06:66:62:d3:d9:d1:bf:25:fc:07:86:94:e5:
         e3:12:ca:52:7b:b6:3c:27:62:bb:e5:0f:0b:be:e6:1b:65:79:
         23:b5:a4:88:3a:2d:bd:88:ed:ed:b5:ba:2b:c2:64:89:88:ae:
         2f:87:7a:b7:e4:de:2a:3e:7b:79:14:fa:34:94:f2:ae:a7:e7:
         1b:93:88:78:b7:6a:5f:1d:45:57:0e:96:db:a4:93:df:33:00:
         29:0c:58:2a:3f:92:d6:39:70:56:fb:37:59:8a:2a:bc:2f:db:
         8a:39:24:53:53:40:d2:93:1d:20:8c:90:47:a0:d3:cf:09:9f:
         53:84:6d:b0:37:16:4e:a4:6f:9c:8c:1f:03:da:35:e4:30:28:
         74:59:9d:f0:77:7b:74:af:e6:c7:91:13:fa:dc:3d:ae:06:44:
         17:4e:8d:b1:20:43:fb:f6:13:06:f8:f5:e9:7f:ff:e8:bc:bf:
         38:df:4a:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5dOCjKUoC7Eas+ca/zdtpIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMzIwMTg1NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2RhMzJiOTE2NmU5M2E2YWM3YzIyZWE2MTI5NTc0ODMxOTMxNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyhSS7YLHroM4wermv6V9jspdb0P
cZSJZ83EgUBuFByBYyA3vMvbYAml7qBKcqLJBfW1yNxse4bwqyMrBlV3PwNgdtm7
RRZ0jVd+NVmTkLnLUneQMTVNVTf3BCIxKEfUolpTd/SBrFnDxlGj2a1Jg0QWEOwy
YsawGkX58IMZBe3OXd13k01sjaSAc8u+Dw10qZY0BFNf1WZfhoqvQMwyIM9NH/lP
Du8kj2E1ZeSemqUJhYA4oZdn60zQTyqzV7AMm2ZpyeJdu7E8cv0kcr2O4nrZ0PcD
nSw6FhBZMSqtKW6VdWuoXJFSyGRGOML9qenWNY64oyC/VmLwSVMRGgHx9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNzaMrkWbpOmrHwi6mEpV0gxkxSLMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvM05veXVSWnVrNmFzZkNMcVlTbFhTREdURklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwg82AwQA
wvJhMA0GCSqGSIb3DQEBCwUAA4IBAQBIHBpBZkKjSiy1To+0WFRys1GlvPPpKHfg
tOHdtbeDVf0tqRhOac4DDkHGTZSXpb+WGTMgl3Ci06wtzKdtJR8f0qUscKqaQFbu
H149/QZmYtPZ0b8l/AeGlOXjEspSe7Y8J2K75Q8LvuYbZXkjtaSIOi29iO3ttbor
wmSJiK4vh3q35N4qPnt5FPo0lPKup+cbk4h4t2pfHUVXDpbbpJPfMwApDFgqP5LW
OXBW+zdZiiq8L9uKOSRTU0DSkx0gjJBHoNPPCZ9ThG2wNxZOpG+cjB8D2jXkMCh0
WZ3wd3t0r+bHkRP63D2uBkQXTo2xIEP79hMG+PXpf//ovL8430oQ
-----END CERTIFICATE-----