Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nNQ81E1m1h2xKnHi4HI_DVMFyyc.roa
File:                     nNQ81E1m1h2xKnHi4HI_DVMFyyc.roa (raw, json)
Hash identifier:          OyLM3UfwfTIEFOlkydaBjgtPC0SuxUPQJrk1P6JztQc=
Subject key identifier:   9C:D4:3C:D4:4D:66:D6:1D:B1:2A:71:E2:E0:72:3F:0D:53:05:CB:27
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019131D2338022502B87F5A660D75DC525E7
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nNQ81E1m1h2xKnHi4HI_DVMFyyc.roa
Signing time:             Thu 08 Aug 2024 11:49:04 +0000
ROA not before:           Thu 08 Aug 2024 11:49:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8492
IP address blocks:        5.8.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:31:d2:33:80:22:50:2b:87:f5:a6:60:d7:5d:c5:25:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Aug  8 11:49:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cd43cd44d66d61db12a71e2e0723f0d5305cb27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ca:e9:c3:ce:d6:3a:41:2f:f8:03:42:a7:3c:
                    92:b4:bd:78:57:c7:2c:f5:ec:1a:4c:b2:55:21:20:
                    48:4e:3b:16:63:65:4a:9b:a7:71:03:6e:1a:88:3f:
                    7b:55:98:d3:33:30:ad:97:0d:2c:62:4f:fb:28:a5:
                    bc:a3:56:3b:65:11:78:10:6f:98:d4:bf:16:0e:c4:
                    ae:5b:4f:3a:ec:08:b9:60:54:94:c2:20:78:94:ce:
                    c7:2e:45:ca:1a:8d:df:fd:60:15:a5:9b:87:72:f0:
                    88:52:77:00:11:28:8c:84:82:36:7d:7e:9a:ac:2f:
                    6a:13:c0:90:e6:20:fa:5b:e5:c0:7c:2e:68:dc:96:
                    65:3b:af:2d:a9:d8:69:20:90:40:aa:bf:85:48:82:
                    11:9a:a3:4b:be:f1:47:bb:a7:d3:b8:59:f8:30:14:
                    c8:21:aa:c5:21:d1:96:d2:13:64:81:a7:77:fd:8a:
                    c2:e2:7a:c9:1c:88:7f:34:78:6e:9a:81:d9:83:9b:
                    54:19:a5:b4:b9:fd:4e:70:65:ad:8c:4f:b6:94:43:
                    cc:0d:d7:84:ca:36:9b:b4:f6:60:7d:5d:08:c2:03:
                    2f:a4:53:10:e7:5c:71:14:12:49:ff:b5:c2:9b:0e:
                    c6:9f:e7:e2:d5:b6:e4:c1:85:fa:4a:bf:37:b8:f4:
                    fa:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D4:3C:D4:4D:66:D6:1D:B1:2A:71:E2:E0:72:3F:0D:53:05:CB:27
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/nNQ81E1m1h2xKnHi4HI_DVMFyyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:04:c2:0f:18:d1:3e:a7:5f:82:93:ea:86:76:02:74:9e:8e:
         cc:95:ea:fd:1f:17:e3:1a:df:8c:03:73:6a:fd:7b:b9:cc:7a:
         91:32:8f:82:4e:b7:3f:b1:f5:82:39:58:85:e4:67:33:08:c1:
         ec:08:94:4a:40:c0:e8:e4:37:57:32:a9:8b:0c:62:b4:fc:22:
         2f:22:9e:b4:95:32:56:e4:05:03:12:79:6a:f0:74:8d:85:4a:
         ca:c8:b9:d3:bb:5c:08:19:6e:ac:0f:cb:15:98:30:aa:50:91:
         89:09:9c:c4:8e:19:57:95:20:b2:70:63:44:6a:4f:fd:5d:d2:
         3e:44:0e:5d:47:67:fd:f8:8a:4b:ca:1d:14:2d:35:e7:5a:99:
         55:a3:88:fe:6e:1a:db:58:8f:01:1d:28:ae:f4:ae:53:a7:b5:
         39:04:8f:2b:3d:f3:72:61:e8:37:10:13:05:f6:5b:12:e5:33:
         f0:b2:9b:2f:10:60:72:a6:70:e0:2f:0b:c2:e7:1b:e3:ca:b6:
         a0:6f:61:d9:84:a0:42:7b:0d:09:1b:1d:e5:34:4a:5e:a3:a0:
         81:7b:8b:19:ae:cd:bb:70:39:b2:bc:d8:85:12:fa:f7:2d:1a:
         95:d4:66:10:ef:00:f0:e9:04:37:af:94:eb:8c:38:fb:30:93:
         84:21:f0:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEx0jOAIlArh/WmYNddxSXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwODA4MTE0OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Q0M2NkNDRkNjZkNjFkYjEyYTcxZTJlMDcyM2YwZDUzMDVjYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncrpw87WOkEv+ANCpzyStL14V8cs
9ewaTLJVISBITjsWY2VKm6dxA24aiD97VZjTMzCtlw0sYk/7KKW8o1Y7ZRF4EG+Y
1L8WDsSuW0867Ai5YFSUwiB4lM7HLkXKGo3f/WAVpZuHcvCIUncAESiMhII2fX6a
rC9qE8CQ5iD6W+XAfC5o3JZlO68tqdhpIJBAqr+FSIIRmqNLvvFHu6fTuFn4MBTI
IarFIdGW0hNkgad3/YrC4nrJHIh/NHhumoHZg5tUGaW0uf1OcGWtjE+2lEPMDdeE
yjabtPZgfV0IwgMvpFMQ51xxFBJJ/7XCmw7Gn+fi1bbkwYX6Sr83uPT6UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzUPNRNZtYdsSpx4uByPw1TBcsnMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvbk5RODFFMW0xaDJ4S25IaTRISV9EVk1GeXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQgRMA0G
CSqGSIb3DQEBCwUAA4IBAQC3BMIPGNE+p1+Ck+qGdgJ0no7Mler9HxfjGt+MA3Nq
/Xu5zHqRMo+CTrc/sfWCOViF5GczCMHsCJRKQMDo5DdXMqmLDGK0/CIvIp60lTJW
5AUDEnlq8HSNhUrKyLnTu1wIGW6sD8sVmDCqUJGJCZzEjhlXlSCycGNEak/9XdI+
RA5dR2f9+IpLyh0ULTXnWplVo4j+bhrbWI8BHSiu9K5Tp7U5BI8rPfNyYeg3EBMF
9lsS5TPwspsvEGBypnDgLwvC5xvjyragb2HZhKBCew0JGx3lNEpeo6CBe4sZrs27
cDmyvNiFEvr3LRqV1GYQ7wDw6QQ3r5TrjDj7MJOEIfAd
-----END CERTIFICATE-----