Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6bf232-1a28-4aa4-8ebd-bf7fa94d2a4e/1/Nu_Jcb81Y6M4mcfLhD-8oBKIqsw.roa
File:                     Nu_Jcb81Y6M4mcfLhD-8oBKIqsw.roa (raw, json)
Hash identifier:          12vWhQIrcWiEFTyNTZ+vZ7OR5a8WcB0u64ZNCPfG5qw=
Subject key identifier:   36:EF:C9:71:BF:35:63:A3:38:99:C7:CB:84:3F:BC:A0:12:88:AA:CC
Certificate issuer:       /CN=9bc7381b82f975abf19d7d501a8d90bcdc439f06
Certificate serial:       018CC5008105D8CFC1F9702A4D8BF38DEEF9
Authority key identifier: 9B:C7:38:1B:82:F9:75:AB:F1:9D:7D:50:1A:8D:90:BC:DC:43:9F:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m8c4G4L5davxnX1QGo2QvNxDnwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/6bf232-1a28-4aa4-8ebd-bf7fa94d2a4e/1/Nu_Jcb81Y6M4mcfLhD-8oBKIqsw.roa
Signing time:             Mon 01 Jan 2024 12:29:53 +0000
ROA not before:           Mon 01 Jan 2024 12:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199634
IP address blocks:        176.57.72.0/21 maxlen: 21
                          185.8.124.0/22 maxlen: 22
                          2a02:d840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/6bf232-1a28-4aa4-8ebd-bf7fa94d2a4e/1/m8c4G4L5davxnX1QGo2QvNxDnwY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/6bf232-1a28-4aa4-8ebd-bf7fa94d2a4e/1/m8c4G4L5davxnX1QGo2QvNxDnwY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m8c4G4L5davxnX1QGo2QvNxDnwY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:81:05:d8:cf:c1:f9:70:2a:4d:8b:f3:8d:ee:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bc7381b82f975abf19d7d501a8d90bcdc439f06
        Validity
            Not Before: Jan  1 12:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36efc971bf3563a33899c7cb843fbca01288aacc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:37:75:14:7b:23:a5:fb:a7:1a:63:4c:fc:b5:
                    09:13:68:35:00:ee:e5:30:bf:65:96:d9:c7:88:db:
                    41:4f:f1:ba:74:e7:45:6c:3b:06:e9:db:10:d4:b1:
                    09:c0:3f:e8:52:41:48:6e:6b:d2:41:50:2a:ac:ce:
                    34:bf:c8:89:ee:b5:cb:47:67:3e:7f:a6:89:fb:ae:
                    94:60:98:a6:4a:67:f0:f2:6a:07:51:1f:7f:c2:3e:
                    27:f9:c7:1d:5d:05:c1:37:4e:40:b4:eb:b9:84:15:
                    dd:4d:32:bb:39:ce:a3:cc:4a:68:9f:ab:9c:82:f7:
                    ec:26:37:90:a7:4f:3e:00:43:be:9e:42:cb:34:9f:
                    71:f3:b6:48:eb:90:88:fc:5c:9c:1e:ce:65:47:8d:
                    8d:12:66:fc:bd:5c:fa:5f:f4:1a:46:c5:7f:87:00:
                    be:e7:4b:96:51:6f:3f:12:42:24:98:9b:ad:c0:c1:
                    65:47:b1:d1:f5:3e:e6:39:d4:d0:fe:94:1d:7f:7d:
                    4b:9e:59:2f:5a:10:45:32:65:70:a7:57:d5:2b:09:
                    c6:e7:6e:df:1f:e6:39:d6:d2:b8:ab:bb:d8:4e:01:
                    8c:00:73:a5:85:b9:52:ba:b7:8c:f0:e4:0e:50:58:
                    d9:f4:c9:c3:23:68:5c:ae:db:e5:37:d5:df:23:ba:
                    b0:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EF:C9:71:BF:35:63:A3:38:99:C7:CB:84:3F:BC:A0:12:88:AA:CC
            X509v3 Authority Key Identifier:
                keyid:9B:C7:38:1B:82:F9:75:AB:F1:9D:7D:50:1A:8D:90:BC:DC:43:9F:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m8c4G4L5davxnX1QGo2QvNxDnwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6bf232-1a28-4aa4-8ebd-bf7fa94d2a4e/1/Nu_Jcb81Y6M4mcfLhD-8oBKIqsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6bf232-1a28-4aa4-8ebd-bf7fa94d2a4e/1/m8c4G4L5davxnX1QGo2QvNxDnwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.72.0/21
                  185.8.124.0/22
                IPv6:
                  2a02:d840::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:f5:4c:c8:dd:bf:de:8f:2e:92:5a:82:af:9b:86:ee:66:03:
         1b:4d:32:32:3f:e4:9d:0b:c4:05:69:7f:24:62:02:39:44:08:
         e1:05:49:fa:c5:29:37:bc:90:59:c5:ef:ef:e5:45:b6:3f:07:
         33:19:54:b6:5b:65:28:71:93:a1:c1:2a:bf:a5:4a:57:fe:56:
         c5:08:b8:08:c4:e0:ad:37:0a:4b:58:91:bd:d6:1b:5b:12:a7:
         06:24:b9:33:31:6c:c1:8e:d0:91:bc:9f:4e:44:c0:18:2f:69:
         5c:d0:7a:ea:18:fb:a6:40:b8:0f:1a:77:89:14:e8:d5:17:36:
         3f:5d:49:f8:7a:0f:65:30:87:bc:23:85:16:e3:b4:02:37:63:
         8b:c5:1a:be:96:58:21:cb:01:b9:84:3f:9c:3c:35:5e:e9:e7:
         be:da:52:55:31:20:b0:a2:50:17:4b:eb:05:83:57:12:e6:04:
         46:bc:f5:21:f1:99:61:80:5d:20:f2:6b:72:01:1c:24:2f:7d:
         40:a9:83:b6:17:b6:9f:28:07:be:ed:55:34:96:cf:74:ae:ee:
         45:32:cb:59:5f:bf:ba:e1:a0:0e:85:52:c1:d6:cd:78:47:af:
         b5:94:45:1a:52:dd:fb:e9:b1:e2:09:c6:6b:9a:46:0e:74:c5:
         b6:68:4e:89
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFAIEF2M/B+XAqTYvzje75MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYzczODFiODJmOTc1YWJmMTlkN2Q1MDFhOGQ5MGJjZGM0
MzlmMDYwHhcNMjQwMTAxMTIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVmYzk3MWJmMzU2M2EzMzg5OWM3Y2I4NDNmYmNhMDEyODhhYWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjd1FHsjpfunGmNM/LUJE2g1AO7l
ML9lltnHiNtBT/G6dOdFbDsG6dsQ1LEJwD/oUkFIbmvSQVAqrM40v8iJ7rXLR2c+
f6aJ+66UYJimSmfw8moHUR9/wj4n+ccdXQXBN05AtOu5hBXdTTK7Oc6jzEpon6uc
gvfsJjeQp08+AEO+nkLLNJ9x87ZI65CI/FycHs5lR42NEmb8vVz6X/QaRsV/hwC+
50uWUW8/EkIkmJutwMFlR7HR9T7mOdTQ/pQdf31LnlkvWhBFMmVwp1fVKwnG527f
H+Y51tK4q7vYTgGMAHOlhblSureM8OQOUFjZ9MnDI2hcrtvlN9XfI7qwKwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDbvyXG/NWOjOJnHy4Q/vKASiKrMMB8GA1UdIwQY
MBaAFJvHOBuC+XWr8Z19UBqNkLzcQ58GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbThjNEc0TDVkYXZ4blgxUUdvMlF2TnhEbndZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82YmYyMzItMWEyOC00YWE0LThlYmQt
YmY3ZmE5NGQyYTRlLzEvTnVfSmNiODFZNk00bWNmTGhELThvQktJcXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82YmYyMzItMWEyOC00YWE0LThlYmQtYmY3ZmE5NGQyYTRl
LzEvbThjNEc0TDVkYXZ4blgxUUdvMlF2TnhEbndZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDsDlIAwQC
uQh8MA0EAgACMAcDBQMqAthAMA0GCSqGSIb3DQEBCwUAA4IBAQC39UzI3b/ejy6S
WoKvm4buZgMbTTIyP+SdC8QFaX8kYgI5RAjhBUn6xSk3vJBZxe/v5UW2PwczGVS2
W2UocZOhwSq/pUpX/lbFCLgIxOCtNwpLWJG91htbEqcGJLkzMWzBjtCRvJ9ORMAY
L2lc0HrqGPumQLgPGneJFOjVFzY/XUn4eg9lMIe8I4UW47QCN2OLxRq+llghywG5
hD+cPDVe6ee+2lJVMSCwolAXS+sFg1cS5gRGvPUh8ZlhgF0g8mtyARwkL31AqYO2
F7afKAe+7VU0ls90ru5FMstZX7+64aAOhVLB1s14R6+1lEUaUt376bHiCcZrmkYO
dMW2aE6J
-----END CERTIFICATE-----