Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/_NrysiG2vqYFNTk2uNtGp_ozbXU.roa
File:                     _NrysiG2vqYFNTk2uNtGp_ozbXU.roa (raw, json)
Hash identifier:          JCMjrZrgPSbaH7YejY4u32w8Q3b9GdTuw8PWbAbgzCw=
Subject key identifier:   FC:DA:F2:B2:21:B6:BE:A6:05:35:39:36:B8:DB:46:A7:FA:33:6D:75
Certificate issuer:       /CN=c946c4befe0fbbe3624bd748296b5fe2e7ec2d68
Certificate serial:       0193504DB46B80BEB4F345B64572ACC1F1FC
Authority key identifier: C9:46:C4:BE:FE:0F:BB:E3:62:4B:D7:48:29:6B:5F:E2:E7:EC:2D:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/_NrysiG2vqYFNTk2uNtGp_ozbXU.roa
Signing time:             Thu 21 Nov 2024 19:58:09 +0000
ROA not before:           Thu 21 Nov 2024 19:58:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        82.117.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:50:4d:b4:6b:80:be:b4:f3:45:b6:45:72:ac:c1:f1:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c946c4befe0fbbe3624bd748296b5fe2e7ec2d68
        Validity
            Not Before: Nov 21 19:58:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcdaf2b221b6bea605353936b8db46a7fa336d75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:29:00:00:a6:d4:14:5d:59:9c:e3:59:24:1c:
                    d1:b3:6e:a1:fa:fa:ae:ed:9b:75:b9:c2:b5:78:2b:
                    b7:64:85:16:03:52:c0:ba:38:f4:1c:9f:5c:f2:e2:
                    61:c2:5c:f9:d7:59:26:40:b6:52:a9:13:db:2b:f0:
                    b6:f3:a6:45:90:20:93:a2:ae:fb:f5:53:22:8b:36:
                    f0:7a:05:35:ed:e6:12:be:91:dc:4e:b8:9e:8e:d8:
                    e2:b2:5c:a1:f3:47:e1:83:38:17:da:3a:fe:a5:39:
                    da:76:0d:ed:3a:5a:7a:36:55:32:21:30:0a:50:13:
                    cb:53:aa:b3:bb:01:a2:91:28:bb:8d:9f:49:16:02:
                    4e:bc:5b:7b:96:be:47:df:1f:ca:b7:65:e2:9e:23:
                    10:1b:d7:7d:74:89:15:ad:39:7f:ca:51:e8:49:75:
                    aa:86:f2:d5:95:32:02:be:32:f4:b9:40:63:49:bb:
                    e6:d7:c6:3f:87:d6:6d:dc:e2:cf:a4:ae:7d:69:82:
                    2e:d9:16:a2:28:10:7d:23:ec:98:79:9e:9d:a5:ef:
                    48:be:07:bd:ab:22:ee:60:7e:6b:b6:03:72:75:2a:
                    38:08:33:a6:4a:14:72:8b:e9:7e:e4:37:0f:bd:49:
                    96:aa:e7:a4:af:84:f8:78:a1:c6:c1:26:e5:dc:c2:
                    6e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DA:F2:B2:21:B6:BE:A6:05:35:39:36:B8:DB:46:A7:FA:33:6D:75
            X509v3 Authority Key Identifier:
                keyid:C9:46:C4:BE:FE:0F:BB:E3:62:4B:D7:48:29:6B:5F:E2:E7:EC:2D:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/_NrysiG2vqYFNTk2uNtGp_ozbXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.117.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:94:05:04:05:ff:5c:56:38:d7:5d:a2:09:c4:a8:b2:2f:bb:
         98:95:09:4b:9a:64:e7:6a:29:90:03:d3:56:91:f5:2b:d9:c7:
         af:1c:ca:20:80:ec:37:be:d0:e9:b2:da:5f:f8:38:40:ce:0b:
         42:27:d0:48:18:17:48:b8:b6:f3:1d:24:ec:0a:62:68:32:75:
         cd:6b:95:ed:fa:03:90:d5:6d:b6:1e:b0:fc:23:e2:0f:7a:d6:
         db:22:85:d7:25:7d:0f:cc:4c:72:9a:49:e0:37:6a:64:36:51:
         4f:77:3a:3a:4c:32:f2:00:b7:71:5c:eb:19:17:8f:fe:f5:77:
         89:25:85:3c:e6:3c:c5:a9:56:59:83:0b:57:c2:84:44:c6:12:
         34:9f:b9:9a:19:b9:e0:a7:25:1f:8f:c7:9a:62:f8:14:19:dd:
         35:00:3e:cf:de:a3:c5:aa:96:02:13:5b:12:03:dc:ca:4e:01:
         b8:9a:a6:fc:bc:4b:e6:e9:6e:c6:0f:52:ca:a5:4c:c5:e4:f8:
         e7:70:94:79:bd:23:80:83:08:d6:91:d4:4a:1b:b3:9a:cb:7f:
         80:9a:0b:51:db:68:6c:10:59:f5:5b:5f:05:15:8b:bc:ea:ff:
         28:c1:ba:83:6b:a3:6c:f1:d0:7c:5e:ba:91:44:89:07:70:78:
         70:9c:ee:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNQTbRrgL6080W2RXKswfH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NDZjNGJlZmUwZmJiZTM2MjRiZDc0ODI5NmI1ZmUyZTdl
YzJkNjgwHhcNMjQxMTIxMTk1ODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RhZjJiMjIxYjZiZWE2MDUzNTM5MzZiOGRiNDZhN2ZhMzM2ZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCkAAKbUFF1ZnONZJBzRs26h+vqu
7Zt1ucK1eCu3ZIUWA1LAujj0HJ9c8uJhwlz511kmQLZSqRPbK/C286ZFkCCToq77
9VMiizbwegU17eYSvpHcTriejtjislyh80fhgzgX2jr+pTnadg3tOlp6NlUyITAK
UBPLU6qzuwGikSi7jZ9JFgJOvFt7lr5H3x/Kt2XiniMQG9d9dIkVrTl/ylHoSXWq
hvLVlTICvjL0uUBjSbvm18Y/h9Zt3OLPpK59aYIu2RaiKBB9I+yYeZ6dpe9Ivge9
qyLuYH5rtgNydSo4CDOmShRyi+l+5DcPvUmWquekr4T4eKHGwSbl3MJuWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPza8rIhtr6mBTU5NrjbRqf6M211MB8GA1UdIwQY
MBaAFMlGxL7+D7vjYkvXSClrX+Ln7C1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVViRXZ2NFB1LU5pUzlkSUtXdGY0dWZzTFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9mMmQ5ZTktZWVmZi00NjMzLWExODkt
NmJiYjI3MDgxZGUyLzEvX05yeXNpRzJ2cVlGTlRrMnVOdEdwX296YlhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9mMmQ5ZTktZWVmZi00NjMzLWExODktNmJiYjI3MDgxZGUy
LzEveVViRXZ2NFB1LU5pUzlkSUtXdGY0dWZzTFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnX1MA0G
CSqGSIb3DQEBCwUAA4IBAQAolAUEBf9cVjjXXaIJxKiyL7uYlQlLmmTnaimQA9NW
kfUr2cevHMoggOw3vtDpstpf+DhAzgtCJ9BIGBdIuLbzHSTsCmJoMnXNa5Xt+gOQ
1W22HrD8I+IPetbbIoXXJX0PzExymkngN2pkNlFPdzo6TDLyALdxXOsZF4/+9XeJ
JYU85jzFqVZZgwtXwoRExhI0n7maGbngpyUfj8eaYvgUGd01AD7P3qPFqpYCE1sS
A9zKTgG4mqb8vEvm6W7GD1LKpUzF5PjncJR5vSOAgwjWkdRKG7Oay3+AmgtR22hs
EFn1W18FFYu86v8owbqDa6Ns8dB8XrqRRIkHcHhwnO4K
-----END CERTIFICATE-----