Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/N9HKQNA017sVdiGuCdx7KkmxgmM.roa
File:                     N9HKQNA017sVdiGuCdx7KkmxgmM.roa (raw, json)
Hash identifier:          vZPxkrk1cxKJHzgFN9fL2+o7fw6RMlfxfZHQe/EJS4I=
Subject key identifier:   37:D1:CA:40:D0:34:D7:BB:15:76:21:AE:09:DC:7B:2A:49:B1:82:63
Certificate issuer:       /CN=defc2686c29abef18f40b30e7e9513247a66ef13
Certificate serial:       018CC64B55125CD74149B0830846DCBFDCD5
Authority key identifier: DE:FC:26:86:C2:9A:BE:F1:8F:40:B3:0E:7E:95:13:24:7A:66:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/N9HKQNA017sVdiGuCdx7KkmxgmM.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207782
IP address blocks:        212.6.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 10:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:55:12:5c:d7:41:49:b0:83:08:46:dc:bf:dc:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=defc2686c29abef18f40b30e7e9513247a66ef13
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37d1ca40d034d7bb157621ae09dc7b2a49b18263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:92:e8:cf:93:d5:4f:e5:08:6c:85:66:e5:ba:
                    72:7e:eb:18:15:f1:69:ce:80:23:8d:2c:f9:1b:1d:
                    61:c1:b6:88:4b:a9:6f:c7:54:db:4c:9d:7a:7c:cf:
                    2d:e9:d8:4b:94:cb:35:89:78:ed:2d:eb:5e:25:4f:
                    17:70:01:a3:ad:81:24:64:38:15:4e:87:ef:82:22:
                    1a:d7:6a:af:12:f3:40:76:ba:f2:79:a1:92:97:54:
                    23:33:36:a3:90:21:df:28:99:a4:ca:17:2b:fe:66:
                    6c:a6:3a:6c:0b:32:fd:b9:07:4d:c0:f5:cc:e3:0d:
                    2c:57:9c:92:1d:4b:4f:29:52:93:35:0d:80:c6:58:
                    3d:9f:4d:73:1d:ee:1e:66:69:34:36:14:2d:af:4f:
                    66:29:b2:e8:be:54:81:0f:c8:b9:35:c2:11:ea:3e:
                    2f:b0:5c:47:0c:f2:6c:9f:df:06:2a:d4:1d:9a:94:
                    8a:0f:f5:bf:de:0a:23:18:9f:e3:29:f3:43:08:18:
                    70:e8:2d:7d:a0:aa:9d:12:d2:24:33:4c:05:59:43:
                    da:6a:6d:46:10:24:a2:98:48:23:3f:ab:ef:ad:52:
                    96:84:17:8b:0e:b0:79:41:60:52:c8:e7:45:36:4d:
                    a2:e1:13:8b:60:55:25:1c:88:95:33:c4:39:a7:f2:
                    bc:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:D1:CA:40:D0:34:D7:BB:15:76:21:AE:09:DC:7B:2A:49:B1:82:63
            X509v3 Authority Key Identifier:
                keyid:DE:FC:26:86:C2:9A:BE:F1:8F:40:B3:0E:7E:95:13:24:7A:66:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3vwmhsKavvGPQLMOfpUTJHpm7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/N9HKQNA017sVdiGuCdx7KkmxgmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/b4515e-8641-45b0-b75f-096921c91c41/1/3vwmhsKavvGPQLMOfpUTJHpm7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.6.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:ff:3a:ae:a0:bf:55:80:68:cc:5e:03:aa:3e:ea:d3:0f:ff:
         fb:86:26:9a:49:1e:ad:76:a8:59:6b:78:a6:3c:d9:2f:7a:ba:
         3b:e2:fb:11:e0:e0:e5:96:fb:d6:a3:e6:c4:9a:ba:e3:f3:ce:
         81:25:41:04:f6:43:e1:3e:76:11:c0:47:0e:a1:a5:c7:85:4d:
         65:62:01:f1:7e:04:af:2d:18:df:15:d4:21:b8:1f:fa:10:ab:
         8f:14:f8:aa:fa:99:3e:5c:16:a7:15:12:2c:48:fa:dd:01:36:
         f1:c2:0a:5d:e9:d8:d7:34:c2:6f:3c:ba:e0:ba:28:ca:c2:ca:
         67:aa:be:5f:a0:84:d0:63:37:70:5a:22:fc:01:12:c9:a5:89:
         f7:7d:69:82:a0:46:8d:db:77:f8:f4:ab:72:9e:dc:2f:17:7b:
         13:1e:c1:2e:1b:d9:d1:a8:21:b3:90:e6:30:ec:95:c4:35:7c:
         61:99:dd:15:8d:4e:b1:33:65:e1:16:03:e5:fa:42:d9:a9:c7:
         b5:de:f9:91:41:71:f6:d1:b0:af:5f:ef:71:3f:69:20:cb:e8:
         a7:7e:3a:5f:8d:a0:79:c3:e2:d4:6c:16:63:ec:1c:1c:80:b9:
         1e:8f:72:33:3c:8e:69:64:91:70:62:e8:a0:e8:7b:d2:0f:12:
         f5:a3:5e:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1USXNdBSbCDCEbcv9zVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZmMyNjg2YzI5YWJlZjE4ZjQwYjMwZTdlOTUxMzI0N2E2
NmVmMTMwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2QxY2E0MGQwMzRkN2JiMTU3NjIxYWUwOWRjN2IyYTQ5YjE4MjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJLoz5PVT+UIbIVm5bpyfusYFfFp
zoAjjSz5Gx1hwbaIS6lvx1TbTJ16fM8t6dhLlMs1iXjtLeteJU8XcAGjrYEkZDgV
TofvgiIa12qvEvNAdrryeaGSl1QjMzajkCHfKJmkyhcr/mZspjpsCzL9uQdNwPXM
4w0sV5ySHUtPKVKTNQ2Axlg9n01zHe4eZmk0NhQtr09mKbLovlSBD8i5NcIR6j4v
sFxHDPJsn98GKtQdmpSKD/W/3gojGJ/jKfNDCBhw6C19oKqdEtIkM0wFWUPaam1G
ECSimEgjP6vvrVKWhBeLDrB5QWBSyOdFNk2i4ROLYFUlHIiVM8Q5p/K8HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfRykDQNNe7FXYhrgnceypJsYJjMB8GA1UdIwQY
MBaAFN78JobCmr7xj0CzDn6VEyR6Zu8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Z3bWhzS2F2dkdQUUxNT2ZwVVRKSHBtN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9iNDUxNWUtODY0MS00NWIwLWI3NWYt
MDk2OTIxYzkxYzQxLzEvTjlIS1FOQTAxN3NWZGlHdUNkeDdLa214Z21NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9iNDUxNWUtODY0MS00NWIwLWI3NWYtMDk2OTIxYzkxYzQx
LzEvM3Z3bWhzS2F2dkdQUUxNT2ZwVVRKSHBtN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AYhMA0G
CSqGSIb3DQEBCwUAA4IBAQAb/zquoL9VgGjMXgOqPurTD//7hiaaSR6tdqhZa3im
PNkvero74vsR4ODllvvWo+bEmrrj886BJUEE9kPhPnYRwEcOoaXHhU1lYgHxfgSv
LRjfFdQhuB/6EKuPFPiq+pk+XBanFRIsSPrdATbxwgpd6djXNMJvPLrguijKwspn
qr5foITQYzdwWiL8ARLJpYn3fWmCoEaN23f49KtyntwvF3sTHsEuG9nRqCGzkOYw
7JXENXxhmd0VjU6xM2XhFgPl+kLZqce13vmRQXH20bCvX+9xP2kgy+infjpfjaB5
w+LUbBZj7BwcgLkej3IzPI5pZJFwYuig6HvSDxL1o14g
-----END CERTIFICATE-----