Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ncrQKRqBcfIYENGBR6rI4Ng5MEc.roa
File:                     ncrQKRqBcfIYENGBR6rI4Ng5MEc.roa (raw, json)
Hash identifier:          oBQ+NL0WLszs+ORJkzS7jjLrp23qeHU/d22HZ3uRBBs=
Subject key identifier:   9D:CA:D0:29:1A:81:71:F2:18:10:D1:81:47:AA:C8:E0:D8:39:30:47
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       01942067D9AF550FF29BC8040CB73B5674AD
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ncrQKRqBcfIYENGBR6rI4Ng5MEc.roa
Signing time:             Wed 01 Jan 2025 05:47:44 +0000
ROA not before:           Wed 01 Jan 2025 05:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206794
IP address blocks:        195.65.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d9:af:55:0f:f2:9b:c8:04:0c:b7:3b:56:74:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jan  1 05:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dcad0291a8171f21810d18147aac8e0d8393047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:fd:b0:54:5c:18:df:b5:8e:81:5d:c5:30:b2:
                    9e:06:e2:a8:42:40:a9:dd:ad:a1:c2:73:59:ca:82:
                    b8:1e:03:3e:25:f0:9e:45:85:bd:31:14:a0:db:22:
                    d9:6d:62:db:71:4c:a0:04:fc:04:0a:78:33:b4:a8:
                    53:b9:cb:f1:4a:c7:b6:10:74:d7:79:e1:bb:66:3e:
                    1f:e3:cb:05:66:44:78:bc:0c:1a:f2:a1:54:64:fb:
                    1d:c5:9f:2a:44:db:b1:98:9d:05:a4:36:f0:62:5e:
                    5d:88:d0:32:99:d5:05:4b:95:ee:10:9d:57:48:cb:
                    e0:dc:03:2a:62:56:9c:55:4a:c8:6c:fa:9c:60:4c:
                    9e:9e:ee:e3:6b:b5:af:16:e9:ee:8f:6d:3c:2f:75:
                    3b:c4:0d:6f:63:f2:09:57:7a:cf:d6:ea:cb:84:9b:
                    e8:ef:3b:5c:ec:3c:8e:80:f9:e2:17:fd:00:5c:c0:
                    63:f7:79:f2:8d:04:4f:45:50:af:7b:b9:80:be:bb:
                    90:a9:7b:4f:ac:ce:fd:8e:ea:12:04:3e:9a:0e:49:
                    11:a6:80:00:10:c6:5b:dc:3a:0c:c3:18:7b:fc:b8:
                    2b:56:8d:e7:4b:a1:7a:59:24:95:36:32:70:e3:3d:
                    a9:a5:66:62:07:cb:2b:c2:65:93:a5:94:64:64:81:
                    d7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:CA:D0:29:1A:81:71:F2:18:10:D1:81:47:AA:C8:E0:D8:39:30:47
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/ncrQKRqBcfIYENGBR6rI4Ng5MEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.65.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:80:b2:a6:ab:09:cd:fb:96:7f:ff:40:a9:44:26:a1:1b:93:
         3c:a1:87:25:52:c9:f3:0c:b9:9d:f1:f5:03:d3:04:11:80:ce:
         25:54:2d:c5:9c:19:f7:71:0d:9e:72:ad:59:d3:20:93:3a:7b:
         be:bf:5c:eb:02:c1:ef:04:07:51:0a:a4:e8:c3:43:b5:97:d6:
         ec:3c:35:a1:47:a7:dd:b9:71:3b:ae:fe:c6:25:00:64:59:b5:
         92:89:af:f7:dd:27:31:0e:8c:5d:a1:5f:1e:ff:7c:15:0e:8d:
         e7:e1:ee:c9:a9:ae:f6:75:b6:84:2c:37:fb:9c:87:e4:b3:29:
         01:b4:21:e9:a2:2b:bd:2a:8c:8a:05:66:35:3d:df:36:93:e6:
         17:0a:7a:75:a0:cd:74:f3:fa:8a:13:7c:ec:48:ff:f6:c3:44:
         f7:c3:82:dd:54:a1:8e:83:46:42:df:df:b5:19:41:da:30:c7:
         29:e2:5e:04:e7:c8:8d:af:e9:2f:d3:25:c5:0c:96:e5:c9:6d:
         e5:16:16:00:4d:51:69:b5:54:37:d8:0d:f1:2e:7c:67:69:25:
         cb:4e:ab:36:77:20:86:dc:86:12:4c:e9:57:e3:54:de:49:56:
         22:94:e9:50:0f:c6:a0:eb:dc:2d:56:f5:40:1d:d9:99:6a:02:
         58:9e:52:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ9mvVQ/ym8gEDLc7VnStMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwMTAxMDU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGNhZDAyOTFhODE3MWYyMTgxMGQxODE0N2FhYzhlMGQ4MzkzMDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/2wVFwY37WOgV3FMLKeBuKoQkCp
3a2hwnNZyoK4HgM+JfCeRYW9MRSg2yLZbWLbcUygBPwECngztKhTucvxSse2EHTX
eeG7Zj4f48sFZkR4vAwa8qFUZPsdxZ8qRNuxmJ0FpDbwYl5diNAymdUFS5XuEJ1X
SMvg3AMqYlacVUrIbPqcYEyenu7ja7WvFunuj208L3U7xA1vY/IJV3rP1urLhJvo
7ztc7DyOgPniF/0AXMBj93nyjQRPRVCve7mAvruQqXtPrM79juoSBD6aDkkRpoAA
EMZb3DoMwxh7/LgrVo3nS6F6WSSVNjJw4z2ppWZiB8srwmWTpZRkZIHXkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3K0CkagXHyGBDRgUeqyODYOTBHMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvbmNyUUtScUJjZklZRU5HQlI2ckk0Tmc1TUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0FWMA0G
CSqGSIb3DQEBCwUAA4IBAQAdgLKmqwnN+5Z//0CpRCahG5M8oYclUsnzDLmd8fUD
0wQRgM4lVC3FnBn3cQ2ecq1Z0yCTOnu+v1zrAsHvBAdRCqTow0O1l9bsPDWhR6fd
uXE7rv7GJQBkWbWSia/33ScxDoxdoV8e/3wVDo3n4e7Jqa72dbaELDf7nIfksykB
tCHpoiu9KoyKBWY1Pd82k+YXCnp1oM108/qKE3zsSP/2w0T3w4LdVKGOg0ZC39+1
GUHaMMcp4l4E58iNr+kv0yXFDJblyW3lFhYATVFptVQ32A3xLnxnaSXLTqs2dyCG
3IYSTOlX41TeSVYilOlQD8ag69wtVvVAHdmZagJYnlIN
-----END CERTIFICATE-----