Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/nxQNVL8HFDSK_-kzlx3hiJO09xw.roa
File:                     nxQNVL8HFDSK_-kzlx3hiJO09xw.roa (raw, json)
Hash identifier:          x2vVZBurVMaIC/UD00kd0kcr5m82nCIlkBIcBII0zLI=
Subject key identifier:   9F:14:0D:54:BF:07:14:34:8A:FF:E9:33:97:1D:E1:88:93:B4:F7:1C
Certificate issuer:       /CN=8f9ed2188da9ecada1149145aefa49726fe01e96
Certificate serial:       019049CDFB60C4F5915399DD5FCF8376FBAD
Authority key identifier: 8F:9E:D2:18:8D:A9:EC:AD:A1:14:91:45:AE:FA:49:72:6F:E0:1E:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j57SGI2p7K2hFJFFrvpJcm_gHpY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/nxQNVL8HFDSK_-kzlx3hiJO09xw.roa
Signing time:             Mon 24 Jun 2024 10:32:34 +0000
ROA not before:           Mon 24 Jun 2024 10:32:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202883
IP address blocks:        185.151.216.0/24 maxlen: 24
                          185.151.217.0/24 maxlen: 24
                          185.151.218.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/j57SGI2p7K2hFJFFrvpJcm_gHpY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/j57SGI2p7K2hFJFFrvpJcm_gHpY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j57SGI2p7K2hFJFFrvpJcm_gHpY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 22:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:49:cd:fb:60:c4:f5:91:53:99:dd:5f:cf:83:76:fb:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f9ed2188da9ecada1149145aefa49726fe01e96
        Validity
            Not Before: Jun 24 10:32:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f140d54bf0714348affe933971de18893b4f71c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:6d:e3:cc:24:a1:f7:ef:8d:46:98:d5:35:4f:
                    5e:f2:04:ed:83:8f:b1:42:1b:d1:53:cc:39:0c:4e:
                    71:80:7a:e4:e3:e7:75:6a:8f:10:a9:ec:8d:27:4e:
                    b5:39:7a:49:ae:2b:69:d3:2e:92:04:12:eb:2c:aa:
                    d2:a5:8b:78:1d:1e:d5:8f:b6:79:5c:80:fe:34:ca:
                    dc:13:25:d8:b3:3e:21:b4:c6:a7:89:2b:e9:7d:14:
                    11:b1:51:34:08:5c:84:c6:3b:ea:5f:10:89:30:48:
                    f2:f7:4e:63:a4:77:e3:3e:bd:3a:d1:1e:b7:73:9f:
                    f3:25:bb:d3:b0:1c:e2:cf:4c:12:c2:aa:1b:c1:b9:
                    36:f4:9e:d6:4b:f0:7e:e9:21:a5:9b:9f:7d:a5:54:
                    69:6f:7a:e4:25:fe:40:b5:6c:5a:38:0c:12:75:a5:
                    c4:4a:81:95:6f:13:c0:51:df:48:0f:9c:17:aa:63:
                    11:b1:b0:c3:d5:27:0d:aa:3e:ff:46:c9:a5:b2:c2:
                    f6:67:56:3d:df:2d:0e:f0:6f:03:ff:f2:b5:2b:95:
                    aa:73:4f:db:9c:08:16:97:3b:54:c3:8f:71:96:f7:
                    9f:69:58:e9:67:f8:31:d5:dc:7a:3a:0b:02:97:0c:
                    35:85:a2:a9:0a:50:89:d2:3b:63:85:48:79:c7:91:
                    92:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:14:0D:54:BF:07:14:34:8A:FF:E9:33:97:1D:E1:88:93:B4:F7:1C
            X509v3 Authority Key Identifier:
                keyid:8F:9E:D2:18:8D:A9:EC:AD:A1:14:91:45:AE:FA:49:72:6F:E0:1E:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j57SGI2p7K2hFJFFrvpJcm_gHpY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/nxQNVL8HFDSK_-kzlx3hiJO09xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e4c7c7-57ed-45e6-9fcf-e7241049745a/1/j57SGI2p7K2hFJFFrvpJcm_gHpY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.216.0-185.151.218.255

    Signature Algorithm: sha256WithRSAEncryption
         67:fc:f1:8f:45:da:22:12:29:8c:ce:eb:ab:c0:99:ed:bf:e5:
         24:05:24:3e:4e:da:5d:ab:b5:b3:3a:af:76:59:b8:f0:55:f4:
         9a:6f:46:24:89:26:47:50:5b:29:9c:97:aa:fd:5e:3d:14:97:
         18:f5:28:7c:6d:ab:d2:e9:76:b3:4f:44:79:81:3c:9b:dd:ec:
         2b:ce:c3:a5:05:8f:b6:3b:e3:b5:d5:37:bc:80:be:30:88:9d:
         49:33:bd:a5:7e:f5:30:49:e4:00:05:c0:c4:07:15:cc:dc:30:
         dc:5f:3b:e6:ce:00:f4:1d:ec:8f:07:31:d1:bc:86:6b:7a:48:
         84:1a:64:de:ae:6b:b7:af:7b:48:87:ad:ff:47:20:63:d4:81:
         c1:52:d4:5c:53:69:58:0d:b2:34:0c:f6:94:05:17:ae:71:82:
         e6:5d:ff:f5:bd:c4:68:f6:06:64:c5:3a:2e:ca:8b:61:ec:a2:
         f1:8c:7e:35:ae:4d:7b:fb:23:b9:32:56:df:40:2b:81:64:f8:
         52:22:cd:9b:9a:ec:f6:df:2b:9c:56:f0:fc:0c:f0:44:15:bd:
         f9:d3:a4:11:4f:47:45:46:d8:9e:e7:e9:c9:8c:31:e1:66:b5:
         3e:47:0b:31:a0:18:47:68:72:25:cc:ae:22:ec:82:54:1a:b6:
         b8:07:79:9f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZBJzftgxPWRU5ndX8+DdvutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmOWVkMjE4OGRhOWVjYWRhMTE0OTE0NWFlZmE0OTcyNmZl
MDFlOTYwHhcNMjQwNjI0MTAzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjE0MGQ1NGJmMDcxNDM0OGFmZmU5MzM5NzFkZTE4ODkzYjRmNzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5W3jzCSh9++NRpjVNU9e8gTtg4+x
QhvRU8w5DE5xgHrk4+d1ao8QqeyNJ061OXpJritp0y6SBBLrLKrSpYt4HR7Vj7Z5
XID+NMrcEyXYsz4htManiSvpfRQRsVE0CFyExjvqXxCJMEjy905jpHfjPr060R63
c5/zJbvTsBziz0wSwqobwbk29J7WS/B+6SGlm599pVRpb3rkJf5AtWxaOAwSdaXE
SoGVbxPAUd9ID5wXqmMRsbDD1ScNqj7/RsmlssL2Z1Y93y0O8G8D//K1K5Wqc0/b
nAgWlztUw49xlvefaVjpZ/gx1dx6OgsClww1haKpClCJ0jtjhUh5x5GS3QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJ8UDVS/BxQ0iv/pM5cd4YiTtPccMB8GA1UdIwQY
MBaAFI+e0hiNqeytoRSRRa76SXJv4B6WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajU3U0dJMnA3SzJoRkpGRnJ2cEpjbV9nSHBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lNGM3YzctNTdlZC00NWU2LTlmY2Yt
ZTcyNDEwNDk3NDVhLzEvbnhRTlZMOEhGRFNLXy1remx4M2hpSk8wOXh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lNGM3YzctNTdlZC00NWU2LTlmY2YtZTcyNDEwNDk3NDVh
LzEvajU3U0dJMnA3SzJoRkpGRnJ2cEpjbV9nSHBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5l9gD
BAC5l9owDQYJKoZIhvcNAQELBQADggEBAGf88Y9F2iISKYzO66vAme2/5SQFJD5O
2l2rtbM6r3ZZuPBV9JpvRiSJJkdQWymcl6r9Xj0Ulxj1KHxtq9LpdrNPRHmBPJvd
7CvOw6UFj7Y747XVN7yAvjCInUkzvaV+9TBJ5AAFwMQHFczcMNxfO+bOAPQd7I8H
MdG8hmt6SIQaZN6ua7eve0iHrf9HIGPUgcFS1FxTaVgNsjQM9pQFF65xguZd//W9
xGj2BmTFOi7Ki2HsovGMfjWuTXv7I7kyVt9AK4Fk+FIizZua7PbfK5xW8PwM8EQV
vfnTpBFPR0VG2J7n6cmMMeFmtT5HCzGgGEdociXMriLsglQatrgHeZ8=
-----END CERTIFICATE-----