Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/n3XMckmiT5Q8JLpKX5NGulBFLuk.roa
File:                     n3XMckmiT5Q8JLpKX5NGulBFLuk.roa (raw, json)
Hash identifier:          Zv4BkPAZZekI+NlDwqCdGfzYlxolQHiX1d7LzjAndXM=
Subject key identifier:   9F:75:CC:72:49:A2:4F:94:3C:24:BA:4A:5F:93:46:BA:50:45:2E:E9
Certificate issuer:       /CN=93c64c668eff34740816eda85a459d0c422e063c
Certificate serial:       018CC2DB1AEE17AD6C3B5FDDBA7A1F2AB88F
Authority key identifier: 93:C6:4C:66:8E:FF:34:74:08:16:ED:A8:5A:45:9D:0C:42:2E:06:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/n3XMckmiT5Q8JLpKX5NGulBFLuk.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        192.150.194.0/23 maxlen: 23
                          192.150.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1a:ee:17:ad:6c:3b:5f:dd:ba:7a:1f:2a:b8:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93c64c668eff34740816eda85a459d0c422e063c
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f75cc7249a24f943c24ba4a5f9346ba50452ee9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:bb:6d:a0:ac:df:30:c4:b4:18:9b:bb:67:e2:
                    85:de:99:99:a7:dc:b0:a4:93:95:bb:dd:a5:03:13:
                    85:66:83:10:73:62:e9:c9:bc:09:75:4e:e2:83:51:
                    4c:1a:dd:52:4a:e6:ba:75:6c:2d:ed:45:16:fc:8b:
                    b2:8a:ef:82:a7:5a:3e:82:e8:9c:7e:f4:a0:cf:0d:
                    67:6f:e3:12:52:a3:ff:60:52:4f:b6:45:a6:e6:f8:
                    b7:b7:dc:47:17:6c:ce:c6:00:91:bd:4f:5d:79:2d:
                    7e:35:d2:3f:6b:9c:59:d8:7e:4c:13:3d:9d:3e:18:
                    a2:1c:e8:6e:86:b6:5e:9c:78:9a:4e:ae:d9:e5:e3:
                    51:cc:69:63:76:b1:e1:84:73:75:0f:12:d5:c6:87:
                    1c:ae:3f:66:4a:0e:9d:4f:6f:a5:5f:a3:9c:1e:08:
                    67:bb:79:70:0a:34:cf:dd:44:e9:10:92:1f:3f:ff:
                    1d:e7:79:03:96:08:38:01:45:13:70:eb:4f:c2:ce:
                    7c:e7:0e:9b:13:22:54:1c:8c:d2:77:6c:0a:cc:ec:
                    39:cf:25:29:f0:7c:b1:3d:37:51:df:48:f8:dd:cb:
                    bd:97:85:5c:f8:5f:65:cc:7d:fb:6a:26:96:43:3e:
                    74:ec:b8:34:5c:1f:f8:3c:a1:cc:77:5b:b2:d6:62:
                    fc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:75:CC:72:49:A2:4F:94:3C:24:BA:4A:5F:93:46:BA:50:45:2E:E9
            X509v3 Authority Key Identifier:
                keyid:93:C6:4C:66:8E:FF:34:74:08:16:ED:A8:5A:45:9D:0C:42:2E:06:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/n3XMckmiT5Q8JLpKX5NGulBFLuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/62d15b-7bd5-4b3b-be72-147ec96ea730/1/k8ZMZo7_NHQIFu2oWkWdDEIuBjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.150.194.0-192.150.196.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:4e:a1:56:74:cf:a1:a8:c5:6f:63:c9:2e:35:6b:9a:44:b8:
         c6:4a:02:70:0f:29:80:ad:07:92:94:8f:33:1a:ab:be:4e:b1:
         fd:09:96:cb:6f:26:1f:b8:cf:9b:f3:03:58:fa:2c:65:52:e9:
         c4:87:ed:89:8b:89:b9:8b:84:13:2f:dc:8b:db:8d:96:3b:7b:
         7e:e8:03:c2:74:a8:56:d3:f4:fa:82:7e:41:4a:1a:37:f5:fb:
         23:ff:b5:a7:1e:c5:ce:e8:ce:8e:63:73:88:3e:f1:96:f9:4e:
         98:09:a7:58:89:fa:90:9e:1c:42:36:e7:ee:5b:ae:a6:69:33:
         15:87:f8:9c:b6:7c:6c:de:39:dd:2d:34:af:a4:24:47:d1:95:
         42:12:4b:8c:fd:28:f9:be:3f:cb:a6:dc:83:12:4d:f8:d8:a3:
         72:13:d1:01:27:a5:90:0f:d1:18:39:c3:ca:e4:d6:2b:77:82:
         6e:08:d6:0d:a6:7e:a6:1a:63:16:c2:8a:dc:d9:f1:95:82:9b:
         a0:80:43:33:5e:99:b9:7f:8b:31:bc:8c:53:6a:f0:04:27:58:
         c8:a4:76:38:b2:4f:fb:f3:5a:67:d6:a0:15:bc:c0:39:9d:87:
         65:73:23:78:8e:6c:51:57:db:1e:76:31:f3:d2:01:3b:9e:6e:
         4d:5f:30:f9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzC2xruF61sO1/dunofKriPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYzY0YzY2OGVmZjM0NzQwODE2ZWRhODVhNDU5ZDBjNDIy
ZTA2M2MwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc1Y2M3MjQ5YTI0Zjk0M2MyNGJhNGE1ZjkzNDZiYTUwNDUyZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLttoKzfMMS0GJu7Z+KF3pmZp9yw
pJOVu92lAxOFZoMQc2LpybwJdU7ig1FMGt1SSua6dWwt7UUW/Iuyiu+Cp1o+guic
fvSgzw1nb+MSUqP/YFJPtkWm5vi3t9xHF2zOxgCRvU9deS1+NdI/a5xZ2H5MEz2d
PhiiHOhuhrZenHiaTq7Z5eNRzGljdrHhhHN1DxLVxoccrj9mSg6dT2+lX6OcHghn
u3lwCjTP3UTpEJIfP/8d53kDlgg4AUUTcOtPws585w6bEyJUHIzSd2wKzOw5zyUp
8HyxPTdR30j43cu9l4Vc+F9lzH37aiaWQz507Lg0XB/4PKHMd1uy1mL8RQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJ91zHJJok+UPCS6Sl+TRrpQRS7pMB8GA1UdIwQY
MBaAFJPGTGaO/zR0CBbtqFpFnQxCLgY8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazhaTVpvN19OSFFJRnUyb1drV2RERUl1Qmp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC82MmQxNWItN2JkNS00YjNiLWJlNzIt
MTQ3ZWM5NmVhNzMwLzEvbjNYTWNrbWlUNVE4SkxwS1g1Tkd1bEJGTHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC82MmQxNWItN2JkNS00YjNiLWJlNzItMTQ3ZWM5NmVhNzMw
LzEvazhaTVpvN19OSFFJRnUyb1drV2RERUl1Qmp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHAlsID
BADAlsQwDQYJKoZIhvcNAQELBQADggEBACxOoVZ0z6GoxW9jyS41a5pEuMZKAnAP
KYCtB5KUjzMaq75Osf0JlstvJh+4z5vzA1j6LGVS6cSH7YmLibmLhBMv3IvbjZY7
e37oA8J0qFbT9PqCfkFKGjf1+yP/tacexc7ozo5jc4g+8Zb5TpgJp1iJ+pCeHEI2
5+5brqZpMxWH+Jy2fGzeOd0tNK+kJEfRlUISS4z9KPm+P8um3IMSTfjYo3IT0QEn
pZAP0Rg5w8rk1it3gm4I1g2mfqYaYxbCitzZ8ZWCm6CAQzNembl/izG8jFNq8AQn
WMikdjiyT/vzWmfWoBW8wDmdh2VzI3iObFFX2x52MfPSATuebk1fMPk=
-----END CERTIFICATE-----