Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/910bd4-7fda-4934-a403-b136fe40df4d/1/n0l6gnkOPVFlKC8aPanr7gHPKS4.roa
File:                     n0l6gnkOPVFlKC8aPanr7gHPKS4.roa (raw, json)
Hash identifier:          d8QSo2un/B6dCI/8ljJZsAbr3g0mm+cAcQNd1YdcAXU=
Subject key identifier:   9F:49:7A:82:79:0E:3D:51:65:28:2F:1A:3D:A9:EB:EE:01:CF:29:2E
Certificate issuer:       /CN=7698c999e7f0493ee36634e892b37c9f3bf9407d
Certificate serial:       018CC79504ABE299D69F0F2BC791E27BF08C
Authority key identifier: 76:98:C9:99:E7:F0:49:3E:E3:66:34:E8:92:B3:7C:9F:3B:F9:40:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dpjJmefwST7jZjTokrN8nzv5QH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/910bd4-7fda-4934-a403-b136fe40df4d/1/n0l6gnkOPVFlKC8aPanr7gHPKS4.roa
Signing time:             Tue 02 Jan 2024 00:31:21 +0000
ROA not before:           Tue 02 Jan 2024 00:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35627
IP address blocks:        195.160.166.0/24 maxlen: 24
                          195.160.166.0/23 maxlen: 24
                          2001:67c:5c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/910bd4-7fda-4934-a403-b136fe40df4d/1/dpjJmefwST7jZjTokrN8nzv5QH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/910bd4-7fda-4934-a403-b136fe40df4d/1/dpjJmefwST7jZjTokrN8nzv5QH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dpjJmefwST7jZjTokrN8nzv5QH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:04:ab:e2:99:d6:9f:0f:2b:c7:91:e2:7b:f0:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7698c999e7f0493ee36634e892b37c9f3bf9407d
        Validity
            Not Before: Jan  2 00:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f497a82790e3d5165282f1a3da9ebee01cf292e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:89:2f:62:18:bd:a2:17:83:bc:e1:68:5f:61:
                    d0:47:1e:bf:fa:bb:d8:6e:b1:f0:5f:dc:e2:68:b2:
                    71:e2:00:3b:a3:b3:1c:ff:b6:fc:6b:aa:d2:ee:e0:
                    fc:e6:e4:70:94:9e:96:5a:e8:29:ca:08:86:d4:f1:
                    76:0c:5f:d6:4a:20:0e:40:c4:79:c5:69:af:4b:32:
                    16:e0:e4:fd:f2:e7:49:19:30:6a:61:40:2f:63:bf:
                    43:24:35:3e:33:da:77:6f:16:33:10:01:6c:a9:12:
                    1e:24:ef:6a:18:a9:ba:ab:e9:60:7e:52:31:9f:09:
                    4a:24:16:99:22:37:63:04:71:ad:c7:bd:4b:07:19:
                    76:e5:93:6d:be:e0:04:a1:36:59:b1:13:74:52:37:
                    c4:3a:bc:6e:33:e9:dc:1f:6d:11:69:36:ba:43:3a:
                    a4:9d:a2:15:6c:a8:8d:47:e2:53:d1:55:3c:28:50:
                    5d:b0:d2:a6:24:44:00:6f:62:e8:25:18:b1:79:d2:
                    aa:27:46:8d:4b:be:1a:13:22:79:32:58:54:8b:94:
                    28:7d:dd:9d:73:5d:a8:31:f9:60:29:03:54:c5:27:
                    07:17:80:93:6c:11:89:e9:6a:7d:48:72:bc:e3:c1:
                    8d:29:e3:ef:22:7d:43:db:d4:66:d9:3c:e7:dc:f8:
                    34:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:49:7A:82:79:0E:3D:51:65:28:2F:1A:3D:A9:EB:EE:01:CF:29:2E
            X509v3 Authority Key Identifier:
                keyid:76:98:C9:99:E7:F0:49:3E:E3:66:34:E8:92:B3:7C:9F:3B:F9:40:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dpjJmefwST7jZjTokrN8nzv5QH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/910bd4-7fda-4934-a403-b136fe40df4d/1/n0l6gnkOPVFlKC8aPanr7gHPKS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/910bd4-7fda-4934-a403-b136fe40df4d/1/dpjJmefwST7jZjTokrN8nzv5QH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.166.0/23
                IPv6:
                  2001:67c:5c::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:40:cf:64:4e:1e:e5:73:1b:51:60:d7:e8:e7:b5:e1:70:d9:
         cf:db:e1:d8:1a:b9:8d:ea:74:f5:14:c9:ae:fc:61:ac:c9:2b:
         d7:52:2b:de:93:84:2a:ce:5f:b0:06:eb:5e:81:df:a7:82:a9:
         70:74:51:d8:50:49:fe:2d:49:ea:19:6b:0f:aa:cd:93:a9:da:
         72:93:45:5b:fe:a9:be:fc:79:f5:2e:9d:85:ef:1f:cb:de:3c:
         3c:e8:e1:ec:15:82:e3:3e:9e:82:54:d6:51:fb:e6:41:69:94:
         42:d2:b8:d4:8f:0e:e7:3d:51:68:b1:82:1d:a5:05:57:ac:ae:
         2f:20:9e:39:1f:3f:09:ee:5a:08:c8:7a:05:4a:3e:a3:c5:3c:
         7d:c8:fa:e2:e0:1d:f1:54:b2:a3:20:34:fd:b2:9a:a4:cb:21:
         03:0d:eb:d4:f4:0b:22:2b:7b:25:d1:a9:8d:66:6b:0c:70:2c:
         cf:24:b8:dc:a9:38:ed:d0:f5:ca:43:11:4a:33:af:41:22:17:
         79:2c:1b:ed:2f:75:bc:e5:5b:0e:1e:62:b2:ec:49:ee:20:ff:
         18:77:25:b8:ed:e3:25:f4:26:94:e6:dc:96:0a:4f:47:74:c1:
         f5:41:02:b0:19:7d:d2:4d:ee:d1:42:3e:c1:56:0b:3a:9a:9c:
         d9:73:3e:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzHlQSr4pnWnw8rx5Hie/CMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2OThjOTk5ZTdmMDQ5M2VlMzY2MzRlODkyYjM3YzlmM2Jm
OTQwN2QwHhcNMjQwMTAyMDAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQ5N2E4Mjc5MGUzZDUxNjUyODJmMWEzZGE5ZWJlZTAxY2YyOTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApokvYhi9oheDvOFoX2HQRx6/+rvY
brHwX9ziaLJx4gA7o7Mc/7b8a6rS7uD85uRwlJ6WWugpygiG1PF2DF/WSiAOQMR5
xWmvSzIW4OT98udJGTBqYUAvY79DJDU+M9p3bxYzEAFsqRIeJO9qGKm6q+lgflIx
nwlKJBaZIjdjBHGtx71LBxl25ZNtvuAEoTZZsRN0UjfEOrxuM+ncH20RaTa6Qzqk
naIVbKiNR+JT0VU8KFBdsNKmJEQAb2LoJRixedKqJ0aNS74aEyJ5MlhUi5Qofd2d
c12oMflgKQNUxScHF4CTbBGJ6Wp9SHK848GNKePvIn1D29Rm2Tzn3Pg02QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ9JeoJ5Dj1RZSgvGj2p6+4BzykuMB8GA1UdIwQY
MBaAFHaYyZnn8Ek+42Y06JKzfJ87+UB9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHBqSm1lZndTVDdqWmpUb2tyTjhuenY1UUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC85MTBiZDQtN2ZkYS00OTM0LWE0MDMt
YjEzNmZlNDBkZjRkLzEvbjBsNmdua09QVkZsS0M4YVBhbnI3Z0hQS1M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC85MTBiZDQtN2ZkYS00OTM0LWE0MDMtYjEzNmZlNDBkZjRk
LzEvZHBqSm1lZndTVDdqWmpUb2tyTjhuenY1UUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBw6CmMA8E
AgACMAkDBwAgAQZ8AFwwDQYJKoZIhvcNAQELBQADggEBABNAz2ROHuVzG1Fg1+jn
teFw2c/b4dgauY3qdPUUya78YazJK9dSK96ThCrOX7AG616B36eCqXB0UdhQSf4t
SeoZaw+qzZOp2nKTRVv+qb78efUunYXvH8vePDzo4ewVguM+noJU1lH75kFplELS
uNSPDuc9UWixgh2lBVesri8gnjkfPwnuWgjIegVKPqPFPH3I+uLgHfFUsqMgNP2y
mqTLIQMN69T0CyIreyXRqY1mawxwLM8kuNypOO3Q9cpDEUozr0EiF3ksG+0vdbzl
Ww4eYrLsSe4g/xh3Jbjt4yX0JpTm3JYKT0d0wfVBArAZfdJN7tFCPsFWCzqanNlz
PhA=
-----END CERTIFICATE-----