Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Nzeq8ZcL0NDb6XUuHTVOvYtM4q8.roa
File:                     Nzeq8ZcL0NDb6XUuHTVOvYtM4q8.roa (raw, json)
Hash identifier:          m8qeW1s+En/ty8TdFU9YHTsO7FBB7yvWwhd9CZXv+k0=
Subject key identifier:   37:37:AA:F1:97:0B:D0:D0:DB:E9:75:2E:1D:35:4E:BD:8B:4C:E2:AF
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       018CC348CFFF2112C09FF2EF74F3ECA405D1
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Nzeq8ZcL0NDb6XUuHTVOvYtM4q8.roa
Signing time:             Mon 01 Jan 2024 04:29:38 +0000
ROA not before:           Mon 01 Jan 2024 04:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12368
IP address blocks:        194.209.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cf:ff:21:12:c0:9f:f2:ef:74:f3:ec:a4:05:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 04:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3737aaf1970bd0d0dbe9752e1d354ebd8b4ce2af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f2:df:ef:16:cb:94:a4:ee:01:49:5e:23:53:
                    a9:3d:5e:be:07:14:9e:72:1a:97:7e:d2:f9:ba:75:
                    a1:3e:b5:6a:53:38:48:bf:e8:47:4b:ba:1d:8f:9b:
                    ff:28:bf:f5:ce:dd:9b:48:b4:20:73:81:09:e6:f1:
                    df:98:78:17:fe:92:dc:73:7c:45:61:e9:c1:38:77:
                    e5:bb:35:54:02:a2:7a:67:c7:53:19:a7:01:6e:5c:
                    78:8d:cf:0b:d3:8d:76:8c:9e:f6:bd:90:6a:83:78:
                    ea:e8:24:a3:9d:c4:82:15:9d:91:a6:97:00:6d:51:
                    5b:32:51:f7:0b:08:06:f6:e3:cb:77:21:45:17:e8:
                    bd:8e:f1:6f:70:96:2b:db:f1:7f:43:47:32:a9:2e:
                    a9:ea:87:fa:d2:2a:6d:00:ce:57:08:b1:ae:9c:85:
                    b8:57:1f:d2:36:8a:db:b9:de:ee:42:98:99:15:3c:
                    a8:5b:d8:3b:84:c5:2d:88:f6:48:a2:52:78:e2:65:
                    74:5c:e5:27:d3:a0:0b:c6:20:eb:02:67:0c:f3:0b:
                    3c:8f:60:72:41:78:4d:9b:ef:75:de:f3:c6:95:6b:
                    af:80:d0:24:7e:84:17:f6:8a:eb:3a:74:86:ec:12:
                    b1:1b:0f:73:3e:55:0a:ad:7c:f2:0e:07:7e:54:1f:
                    50:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:37:AA:F1:97:0B:D0:D0:DB:E9:75:2E:1D:35:4E:BD:8B:4C:E2:AF
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/Nzeq8ZcL0NDb6XUuHTVOvYtM4q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:12:98:9c:fc:45:f2:3d:a1:65:14:df:0a:34:66:6d:3c:e4:
         ec:62:33:20:44:5f:d7:b6:d8:26:fc:86:87:bb:b4:3d:b5:1b:
         8b:69:0d:9b:41:27:1b:f4:1d:f7:17:b3:78:14:4c:ed:fc:dc:
         18:7a:1b:16:29:b1:4f:38:1e:c1:2a:0d:57:35:a1:27:08:f6:
         fe:ec:14:36:eb:72:50:de:bd:1e:18:08:64:80:c1:53:f1:b1:
         e1:89:0a:a6:5c:9f:80:d7:26:bb:35:8f:da:76:3d:fb:9a:76:
         6b:62:2a:ac:f9:6f:2f:11:d1:97:82:a4:1a:12:ff:60:22:b2:
         53:e0:16:7a:3c:5a:96:96:08:f5:6a:5e:8a:ad:b8:a0:bd:ac:
         dc:69:54:74:28:2e:a6:ef:01:43:bd:6f:67:18:1f:05:d0:65:
         66:6e:e3:6b:55:a6:4d:b0:98:af:5f:68:4c:01:e2:26:5a:5d:
         a0:d1:0b:35:d1:22:48:64:7f:ef:0d:a9:c0:2b:3b:fd:4b:96:
         ea:e8:37:43:97:8a:f6:78:37:d1:fa:1d:23:93:12:af:11:61:
         da:db:aa:71:db:d8:60:ac:15:c1:e7:b0:2a:e9:09:55:75:f5:
         50:6b:d5:5e:af:bd:2c:2d:cf:ad:8b:87:f9:12:af:e1:50:4a:
         b0:8b:3a:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSM//IRLAn/LvdPPspAXRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjQwMTAxMDQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzM3YWFmMTk3MGJkMGQwZGJlOTc1MmUxZDM1NGViZDhiNGNlMmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvLf7xbLlKTuAUleI1OpPV6+BxSe
chqXftL5unWhPrVqUzhIv+hHS7odj5v/KL/1zt2bSLQgc4EJ5vHfmHgX/pLcc3xF
YenBOHfluzVUAqJ6Z8dTGacBblx4jc8L0412jJ72vZBqg3jq6CSjncSCFZ2RppcA
bVFbMlH3CwgG9uPLdyFFF+i9jvFvcJYr2/F/Q0cyqS6p6of60iptAM5XCLGunIW4
Vx/SNorbud7uQpiZFTyoW9g7hMUtiPZIolJ44mV0XOUn06ALxiDrAmcM8ws8j2By
QXhNm+913vPGlWuvgNAkfoQX9orrOnSG7BKxGw9zPlUKrXzyDgd+VB9QrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDc3qvGXC9DQ2+l1Lh01Tr2LTOKvMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvTnplcThaY0wwTkRiNlhVdUhUVk92WXRNNHE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtFTMA0G
CSqGSIb3DQEBCwUAA4IBAQAwEpic/EXyPaFlFN8KNGZtPOTsYjMgRF/Xttgm/IaH
u7Q9tRuLaQ2bQScb9B33F7N4FEzt/NwYehsWKbFPOB7BKg1XNaEnCPb+7BQ263JQ
3r0eGAhkgMFT8bHhiQqmXJ+A1ya7NY/adj37mnZrYiqs+W8vEdGXgqQaEv9gIrJT
4BZ6PFqWlgj1al6KrbigvazcaVR0KC6m7wFDvW9nGB8F0GVmbuNrVaZNsJivX2hM
AeImWl2g0Qs10SJIZH/vDanAKzv9S5bq6DdDl4r2eDfR+h0jkxKvEWHa26px29hg
rBXB57Aq6QlVdfVQa9Ver70sLc+ti4f5Eq/hUEqwizpx
-----END CERTIFICATE-----