Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/c9c770-9e8f-4008-b7f7-c550fa211fb7/1/N0GH0GGA7o-u48K7SjXx2C5X93s.roa
File:                     N0GH0GGA7o-u48K7SjXx2C5X93s.roa (raw, json)
Hash identifier:          ujvN9KajRKRyg1jf7rUeOKtasD0izEz5m5HvsdfyVRI=
Subject key identifier:   37:41:87:D0:61:80:EE:8F:AE:E3:C2:BB:4A:35:F1:D8:2E:57:F7:7B
Certificate issuer:       /CN=425439b0ca7f14daa9b61b11bd17bdcc1ba7386c
Certificate serial:       018D5C48ED3AEBC99170638AD27C2DAB2F42
Authority key identifier: 42:54:39:B0:CA:7F:14:DA:A9:B6:1B:11:BD:17:BD:CC:1B:A7:38:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QlQ5sMp_FNqpthsRvRe9zBunOGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/c9c770-9e8f-4008-b7f7-c550fa211fb7/1/N0GH0GGA7o-u48K7SjXx2C5X93s.roa
Signing time:             Tue 30 Jan 2024 21:31:39 +0000
ROA not before:           Tue 30 Jan 2024 21:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211986
IP address blocks:        185.234.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/c9c770-9e8f-4008-b7f7-c550fa211fb7/1/QlQ5sMp_FNqpthsRvRe9zBunOGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/c9c770-9e8f-4008-b7f7-c550fa211fb7/1/QlQ5sMp_FNqpthsRvRe9zBunOGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QlQ5sMp_FNqpthsRvRe9zBunOGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5c:48:ed:3a:eb:c9:91:70:63:8a:d2:7c:2d:ab:2f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=425439b0ca7f14daa9b61b11bd17bdcc1ba7386c
        Validity
            Not Before: Jan 30 21:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=374187d06180ee8faee3c2bb4a35f1d82e57f77b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1b:2d:13:8f:01:f7:10:0e:e8:2b:7f:11:6e:
                    bc:5a:27:0a:34:5b:f3:31:f3:83:44:ce:91:e8:2f:
                    9d:37:40:7d:0a:73:d8:af:28:51:79:0f:c7:1b:09:
                    26:90:63:6a:ea:af:ec:ab:7c:7d:93:9e:7b:80:ba:
                    57:d2:25:39:a4:a9:3f:da:ee:e4:f0:17:d8:ea:0a:
                    f3:2f:db:e8:92:81:d8:f2:42:e5:7c:f5:42:a2:d3:
                    38:73:f0:e9:2f:f2:7c:56:11:b0:f3:cd:e7:52:25:
                    2b:07:39:68:7d:14:11:46:d6:23:1d:d0:67:cc:5a:
                    e8:7b:f2:c2:bc:82:63:57:71:f1:9f:af:11:75:7d:
                    93:18:b0:a1:58:aa:46:52:be:b8:cf:4e:5e:42:1e:
                    d1:7a:6e:a4:43:7f:5a:90:55:d4:42:f1:f3:d5:61:
                    7d:65:37:9c:d7:43:fd:26:d1:cc:b4:d1:56:a3:27:
                    7b:b6:7b:67:b2:5c:86:41:40:86:a6:f6:27:ab:16:
                    f9:32:49:e6:4a:5a:fa:b5:fe:53:18:6f:ac:15:0f:
                    3f:88:80:e1:16:89:12:14:e5:71:f7:e4:6b:02:de:
                    10:88:a6:a7:fc:28:12:e8:35:66:eb:c4:2f:96:4d:
                    c8:3b:5d:26:63:15:9e:ba:95:62:34:a5:71:2a:6e:
                    be:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:41:87:D0:61:80:EE:8F:AE:E3:C2:BB:4A:35:F1:D8:2E:57:F7:7B
            X509v3 Authority Key Identifier:
                keyid:42:54:39:B0:CA:7F:14:DA:A9:B6:1B:11:BD:17:BD:CC:1B:A7:38:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QlQ5sMp_FNqpthsRvRe9zBunOGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c9c770-9e8f-4008-b7f7-c550fa211fb7/1/N0GH0GGA7o-u48K7SjXx2C5X93s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/c9c770-9e8f-4008-b7f7-c550fa211fb7/1/QlQ5sMp_FNqpthsRvRe9zBunOGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.234.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:90:50:0b:80:18:b3:5f:5f:75:c0:42:eb:6f:35:1b:cc:36:
         11:06:79:85:9d:2b:1f:77:ab:d7:8b:15:f8:83:1b:b0:68:2c:
         6b:8a:39:a7:cf:92:b6:30:41:1d:65:be:8e:3a:a6:e6:16:c6:
         a4:30:24:50:dc:0a:1a:80:54:8b:b8:c9:4d:46:32:d4:db:68:
         31:0b:74:c0:ca:fe:a1:e2:58:bc:ae:89:ca:f4:5f:90:83:db:
         d4:05:80:fe:e0:f2:d7:70:44:c7:a2:ea:2c:d7:db:c5:9c:1f:
         07:0e:d7:4b:37:5f:c4:48:7b:8e:a7:29:2f:e0:0d:80:df:0f:
         f1:a0:df:15:4c:12:3d:bd:58:82:ad:65:66:af:b1:f2:96:b0:
         5b:39:39:65:10:bf:2a:d3:b2:50:8e:d7:32:d3:7e:7b:5b:e5:
         0d:9e:dc:db:e0:b8:9e:89:02:b5:44:59:19:f8:35:bc:96:f7:
         88:44:c6:1b:bc:e5:b0:88:7c:62:72:fd:f9:fe:5c:f9:b2:f2:
         69:bc:9a:92:db:d7:ab:10:90:12:54:9c:c8:7b:fb:35:61:29:
         ce:eb:a4:02:5c:6b:4f:1b:76:8e:24:35:b1:aa:1b:95:08:ed:
         9d:ae:a7:b5:ff:73:01:0b:b3:14:a2:1e:60:0b:1b:2c:d9:ed:
         01:bd:20:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1cSO0668mRcGOK0nwtqy9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNTQzOWIwY2E3ZjE0ZGFhOWI2MWIxMWJkMTdiZGNjMWJh
NzM4NmMwHhcNMjQwMTMwMjEzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQxODdkMDYxODBlZThmYWVlM2MyYmI0YTM1ZjFkODJlNTdmNzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBstE48B9xAO6Ct/EW68WicKNFvz
MfODRM6R6C+dN0B9CnPYryhReQ/HGwkmkGNq6q/sq3x9k557gLpX0iU5pKk/2u7k
8BfY6grzL9vokoHY8kLlfPVCotM4c/DpL/J8VhGw883nUiUrBzlofRQRRtYjHdBn
zFroe/LCvIJjV3Hxn68RdX2TGLChWKpGUr64z05eQh7Rem6kQ39akFXUQvHz1WF9
ZTec10P9JtHMtNFWoyd7tntnslyGQUCGpvYnqxb5MknmSlr6tf5TGG+sFQ8/iIDh
FokSFOVx9+RrAt4QiKan/CgS6DVm68Qvlk3IO10mYxWeupViNKVxKm6+VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDdBh9BhgO6PruPCu0o18dguV/d7MB8GA1UdIwQY
MBaAFEJUObDKfxTaqbYbEb0XvcwbpzhsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWxRNXNNcF9GTnFwdGhzUnZSZTl6QnVuT0d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9jOWM3NzAtOWU4Zi00MDA4LWI3Zjct
YzU1MGZhMjExZmI3LzEvTjBHSDBHR0E3by11NDhLN1NqWHgyQzVYOTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9jOWM3NzAtOWU4Zi00MDA4LWI3ZjctYzU1MGZhMjExZmI3
LzEvUWxRNXNNcF9GTnFwdGhzUnZSZTl6QnVuT0d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuepnMA0G
CSqGSIb3DQEBCwUAA4IBAQCukFALgBizX191wELrbzUbzDYRBnmFnSsfd6vXixX4
gxuwaCxrijmnz5K2MEEdZb6OOqbmFsakMCRQ3AoagFSLuMlNRjLU22gxC3TAyv6h
4li8ronK9F+Qg9vUBYD+4PLXcETHouos19vFnB8HDtdLN1/ESHuOpykv4A2A3w/x
oN8VTBI9vViCrWVmr7HylrBbOTllEL8q07JQjtcy0357W+UNntzb4LieiQK1RFkZ
+DW8lveIRMYbvOWwiHxicv35/lz5svJpvJqS29erEJASVJzIe/s1YSnO66QCXGtP
G3aOJDWxqhuVCO2drqe1/3MBC7MUoh5gCxss2e0BvSDj
-----END CERTIFICATE-----