Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/Nvbyv1PpytUaMC6H5xpJ11kc-dg.roa
File:                     Nvbyv1PpytUaMC6H5xpJ11kc-dg.roa (raw, json)
Hash identifier:          SbERHfQI9Tu/9a/EQjXNeCBB9RcFRF7Qffhnwr+U0O8=
Subject key identifier:   36:F6:F2:BF:53:E9:CA:D5:1A:30:2E:87:E7:1A:49:D7:59:1C:F9:D8
Certificate issuer:       /CN=10768d39f932791007a097209b0983fe85560cb8
Certificate serial:       01941FFAACE86F4DBED4C5843BEC4B65D87E
Authority key identifier: 10:76:8D:39:F9:32:79:10:07:A0:97:20:9B:09:83:FE:85:56:0C:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHaNOfkyeRAHoJcgmwmD_oVWDLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/Nvbyv1PpytUaMC6H5xpJ11kc-dg.roa
Signing time:             Wed 01 Jan 2025 03:48:29 +0000
ROA not before:           Wed 01 Jan 2025 03:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31273
IP address blocks:        82.113.224.0/19 maxlen: 24
                          2a00:6f00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/EHaNOfkyeRAHoJcgmwmD_oVWDLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/EHaNOfkyeRAHoJcgmwmD_oVWDLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHaNOfkyeRAHoJcgmwmD_oVWDLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ac:e8:6f:4d:be:d4:c5:84:3b:ec:4b:65:d8:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10768d39f932791007a097209b0983fe85560cb8
        Validity
            Not Before: Jan  1 03:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36f6f2bf53e9cad51a302e87e71a49d7591cf9d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:46:89:1c:ac:9c:70:a1:9f:42:36:66:ab:c0:
                    e7:9d:29:37:d4:d7:5e:19:f9:54:9f:fa:9a:99:9c:
                    12:ba:5d:b0:3d:e3:bf:5d:a5:a0:19:5c:8c:58:10:
                    a1:00:1d:2b:0f:aa:60:03:34:85:18:df:3a:b3:3b:
                    8e:1c:5c:cb:74:2b:e2:fe:a1:37:e4:49:2b:6d:2b:
                    2c:9d:b9:87:7f:a6:a2:2f:d5:8d:33:a7:48:d3:b8:
                    05:91:93:aa:a2:c6:9a:d6:6b:1c:e4:b5:5d:4f:01:
                    ff:7a:7a:ee:41:07:04:89:7e:c2:00:ef:53:04:6f:
                    5e:53:9e:dd:74:07:8f:a2:73:ea:40:8f:23:9c:a3:
                    b5:57:23:7a:81:48:23:63:10:10:d1:9f:b7:7b:d5:
                    5c:41:eb:a6:69:75:6f:10:97:c8:70:45:c1:e6:ee:
                    82:2f:17:9c:d1:b5:cd:8d:e0:c4:2c:28:d4:89:dc:
                    71:58:ec:e4:c6:8f:b0:fc:81:df:25:e3:61:3a:86:
                    45:60:20:0a:6e:db:a1:bc:09:ae:74:8d:8d:09:9e:
                    3a:f2:e3:be:02:05:e5:9d:21:08:83:18:2d:ae:27:
                    46:5a:3b:b4:c0:c7:1f:04:2b:d6:b6:b3:cf:e2:ab:
                    e8:9d:6f:cd:6e:81:2b:00:ef:a7:ca:ea:da:ef:4e:
                    ea:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:F6:F2:BF:53:E9:CA:D5:1A:30:2E:87:E7:1A:49:D7:59:1C:F9:D8
            X509v3 Authority Key Identifier:
                keyid:10:76:8D:39:F9:32:79:10:07:A0:97:20:9B:09:83:FE:85:56:0C:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHaNOfkyeRAHoJcgmwmD_oVWDLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/Nvbyv1PpytUaMC6H5xpJ11kc-dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/93c17e-8490-4e91-9815-72c33daf3156/1/EHaNOfkyeRAHoJcgmwmD_oVWDLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.113.224.0/19
                IPv6:
                  2a00:6f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:5f:14:41:42:56:e4:a7:fd:54:3c:40:c1:c1:25:37:f8:4d:
         06:d0:2f:85:f8:8f:83:f5:c2:54:b5:ac:df:3f:3c:bf:fd:45:
         44:69:88:76:34:ac:1d:d9:2a:dc:05:73:ee:2b:93:94:49:03:
         8e:93:bf:80:90:18:9a:ee:5f:dc:2f:8c:76:a3:4d:63:93:db:
         b9:f2:be:0c:40:81:fa:60:02:69:87:db:12:d7:8a:12:b4:aa:
         c6:d4:be:fd:47:4f:f9:75:96:b9:76:6b:5e:ec:f1:51:f0:1e:
         37:0b:cb:a9:78:b5:50:26:14:7f:74:48:89:e0:3f:ca:5e:63:
         89:0b:f3:e4:c3:eb:99:ab:61:9c:3d:43:1a:61:de:f1:d1:2c:
         9c:5c:38:47:23:39:9d:dd:ea:f1:43:8e:94:fe:94:eb:bd:c0:
         fd:83:ab:cb:fe:f7:66:65:d6:e7:98:47:cb:36:13:b6:1c:b0:
         87:ed:e5:20:af:c2:42:11:75:c9:47:5d:11:3c:a0:56:37:65:
         f3:d5:b3:c5:17:64:92:51:18:b2:da:2d:2a:70:5c:12:33:b4:
         bd:67:5e:ac:88:fc:fb:bf:0b:5b:34:d1:f3:83:51:32:10:20:
         78:8c:c2:e7:be:a6:32:f0:d2:61:bb:1d:0a:5b:1d:eb:5b:c4:
         23:b7:66:50
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+qzob02+1MWEO+xLZdh+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzY4ZDM5ZjkzMjc5MTAwN2EwOTcyMDliMDk4M2ZlODU1
NjBjYjgwHhcNMjUwMTAxMDM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmY2ZjJiZjUzZTljYWQ1MWEzMDJlODdlNzFhNDlkNzU5MWNmOWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkaJHKyccKGfQjZmq8DnnSk31Nde
GflUn/qamZwSul2wPeO/XaWgGVyMWBChAB0rD6pgAzSFGN86szuOHFzLdCvi/qE3
5EkrbSssnbmHf6aiL9WNM6dI07gFkZOqosaa1msc5LVdTwH/enruQQcEiX7CAO9T
BG9eU57ddAePonPqQI8jnKO1VyN6gUgjYxAQ0Z+3e9VcQeumaXVvEJfIcEXB5u6C
Lxec0bXNjeDELCjUidxxWOzkxo+w/IHfJeNhOoZFYCAKbtuhvAmudI2NCZ468uO+
AgXlnSEIgxgtridGWju0wMcfBCvWtrPP4qvonW/NboErAO+nyura707qqQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDb28r9T6crVGjAuh+caSddZHPnYMB8GA1UdIwQY
MBaAFBB2jTn5MnkQB6CXIJsJg/6FVgy4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhhTk9ma3llUkFIb0pjZ213bURfb1ZXRExnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85M2MxN2UtODQ5MC00ZTkxLTk4MTUt
NzJjMzNkYWYzMTU2LzEvTnZieXYxUHB5dFVhTUM2SDV4cEoxMWtjLWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85M2MxN2UtODQ5MC00ZTkxLTk4MTUtNzJjMzNkYWYzMTU2
LzEvRUhhTk9ma3llUkFIb0pjZ213bURfb1ZXRExnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFUnHgMA0E
AgACMAcDBQAqAG8AMA0GCSqGSIb3DQEBCwUAA4IBAQB9XxRBQlbkp/1UPEDBwSU3
+E0G0C+F+I+D9cJUtazfPzy//UVEaYh2NKwd2SrcBXPuK5OUSQOOk7+AkBia7l/c
L4x2o01jk9u58r4MQIH6YAJph9sS14oStKrG1L79R0/5dZa5dmte7PFR8B43C8up
eLVQJhR/dEiJ4D/KXmOJC/Pkw+uZq2GcPUMaYd7x0SycXDhHIzmd3erxQ46U/pTr
vcD9g6vL/vdmZdbnmEfLNhO2HLCH7eUgr8JCEXXJR10RPKBWN2Xz1bPFF2SSURiy
2i0qcFwSM7S9Z16siPz7vwtbNNHzg1EyECB4jMLnvqYy8NJhux0KWx3rW8Qjt2ZQ
-----END CERTIFICATE-----