Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cNJ0CYne8j3KUhWzMsSa9145MMU.roa
File:                     cNJ0CYne8j3KUhWzMsSa9145MMU.roa (raw, json)
Hash identifier:          NFQOqVnYZhHy5eAmayHKkBOtG3ARGZ8J2qdI3iTPJDY=
Subject key identifier:   70:D2:74:09:89:DE:F2:3D:CA:52:15:B3:32:C4:9A:F7:5E:39:30:C5
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBB98EBB9F23BE67C48E1FA6D479CD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cNJ0CYne8j3KUhWzMsSa9145MMU.roa
Signing time:             Wed 01 Jan 2025 17:48:29 +0000
ROA not before:           Wed 01 Jan 2025 17:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200063
IP address blocks:        194.15.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b9:8e:bb:9f:23:be:67:c4:8e:1f:a6:d4:79:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70d2740989def23dca5215b332c49af75e3930c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:4e:b7:ec:7b:ae:c7:30:07:31:b6:ec:43:c9:
                    bf:10:c3:13:96:18:b9:52:29:a6:e7:87:34:3e:16:
                    ac:a2:75:9c:08:83:c1:ef:b1:7c:0f:47:5d:7b:67:
                    c4:4f:a3:b5:61:a0:44:a9:83:58:dd:2a:d5:ac:92:
                    7b:b7:a6:e1:d6:15:50:2e:2e:e0:f1:bf:32:7f:04:
                    a5:8c:47:ee:28:2a:7f:7e:a8:6b:36:3b:1b:f1:21:
                    8c:b3:b6:60:4f:a2:80:22:26:be:05:35:9d:32:c8:
                    52:d2:9c:e4:6b:43:77:43:7c:8e:73:8a:86:cd:17:
                    e0:07:27:0a:cc:94:bb:5a:d9:41:ed:ef:e0:96:d6:
                    0a:5d:18:d4:55:83:f6:bf:3c:c7:fd:5e:a9:09:ee:
                    2c:be:8a:a6:34:f9:a4:58:71:59:e9:77:c7:86:d0:
                    d2:40:3a:c3:61:09:7a:2b:61:9c:84:de:ba:4e:34:
                    25:5e:e7:77:d9:56:a9:7c:43:35:a6:f7:bb:53:6b:
                    73:92:c6:13:a7:b0:4e:3c:79:86:e1:8a:24:c9:14:
                    c7:eb:0b:06:36:47:05:21:89:59:d9:a3:2a:ee:2a:
                    01:7a:01:c9:a5:cf:fe:ea:cc:b3:59:ee:d2:a0:4f:
                    7a:64:ed:d7:67:2d:ba:5f:dd:e4:7f:83:f7:d3:03:
                    a8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:D2:74:09:89:DE:F2:3D:CA:52:15:B3:32:C4:9A:F7:5E:39:30:C5
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/cNJ0CYne8j3KUhWzMsSa9145MMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:27:11:62:6a:19:e3:cf:66:25:66:a8:2c:27:80:fa:ec:d7:
         9b:54:6d:98:2b:29:4c:75:ac:6f:88:6b:80:fb:9a:d9:3e:7e:
         e8:21:b1:9c:ee:c1:e4:c7:f9:ed:eb:ff:60:bb:f4:c3:66:f7:
         a8:12:61:11:2b:f3:d1:62:e3:66:b3:c4:14:dd:07:b8:5e:bb:
         6d:56:5c:6d:17:ca:9b:2f:3b:4f:02:89:98:44:f9:6d:be:20:
         d7:e5:ff:ac:1f:da:8c:7e:88:ca:8d:1d:b1:fd:f6:b7:b0:27:
         4c:c3:7d:b4:17:4c:88:5a:6e:d2:07:be:31:6e:5c:2d:6d:bd:
         72:24:87:24:92:35:e6:ae:f2:75:8b:55:d7:79:8d:1e:3e:7d:
         a1:a7:9d:f8:43:7c:b5:86:4b:01:3e:e4:85:37:35:bc:1a:0d:
         09:39:53:cc:11:19:03:cf:cb:79:99:27:fa:e7:26:ff:ad:da:
         70:8d:e5:a8:fd:5d:42:5a:f2:2f:94:10:f1:ca:2f:df:22:72:
         b2:25:9c:7b:71:98:b5:00:73:55:db:22:e3:d3:fe:73:c4:93:
         57:81:ee:ef:3d:3f:88:e6:b3:3e:56:ff:e3:3e:13:8d:57:79:
         fd:c6:d0:5a:a9:ac:b3:70:f0:03:c6:a4:2e:54:c8:d5:f2:76:
         37:b5:b0:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+7mOu58jvmfEjh+m1HnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGQyNzQwOTg5ZGVmMjNkY2E1MjE1YjMzMmM0OWFmNzVlMzkzMGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwE637HuuxzAHMbbsQ8m/EMMTlhi5
Uimm54c0PhasonWcCIPB77F8D0dde2fET6O1YaBEqYNY3SrVrJJ7t6bh1hVQLi7g
8b8yfwSljEfuKCp/fqhrNjsb8SGMs7ZgT6KAIia+BTWdMshS0pzka0N3Q3yOc4qG
zRfgBycKzJS7WtlB7e/gltYKXRjUVYP2vzzH/V6pCe4svoqmNPmkWHFZ6XfHhtDS
QDrDYQl6K2GchN66TjQlXud32VapfEM1pve7U2tzksYTp7BOPHmG4YokyRTH6wsG
NkcFIYlZ2aMq7ioBegHJpc/+6syzWe7SoE96ZO3XZy26X93kf4P30wOozwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHDSdAmJ3vI9ylIVszLEmvdeOTDFMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvY05KMENZbmU4ajNLVWhXek1zU2E5MTQ1TU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg81MA0G
CSqGSIb3DQEBCwUAA4IBAQBKJxFiahnjz2YlZqgsJ4D67NebVG2YKylMdaxviGuA
+5rZPn7oIbGc7sHkx/nt6/9gu/TDZveoEmERK/PRYuNms8QU3Qe4XrttVlxtF8qb
LztPAomYRPltviDX5f+sH9qMfojKjR2x/fa3sCdMw320F0yIWm7SB74xblwtbb1y
JIckkjXmrvJ1i1XXeY0ePn2hp534Q3y1hksBPuSFNzW8Gg0JOVPMERkDz8t5mSf6
5yb/rdpwjeWo/V1CWvIvlBDxyi/fInKyJZx7cZi1AHNV2yLj0/5zxJNXge7vPT+I
5rM+Vv/jPhONV3n9xtBaqayzcPADxqQuVMjV8nY3tbA4
-----END CERTIFICATE-----