Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/nJ5lNXXYSFNJBqmqvH1AqlGtEwM.roa
File:                     nJ5lNXXYSFNJBqmqvH1AqlGtEwM.roa (raw, json)
Hash identifier:          qVUEocAU9e+5BCua9i2QgMHz8LpTNFPskCNKmo1vi0A=
Subject key identifier:   9C:9E:65:35:75:D8:48:53:49:06:A9:AA:BC:7D:40:AA:51:AD:13:03
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018EC8A9AD4563EC781432FF33DFA4C80B39
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/nJ5lNXXYSFNJBqmqvH1AqlGtEwM.roa
Signing time:             Wed 10 Apr 2024 15:39:06 +0000
ROA not before:           Wed 10 Apr 2024 15:39:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62390
IP address blocks:        194.15.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 05:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c8:a9:ad:45:63:ec:78:14:32:ff:33:df:a4:c8:0b:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Apr 10 15:39:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c9e653575d848534906a9aabc7d40aa51ad1303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e7:52:7b:38:43:d6:05:75:c6:42:64:f8:17:
                    41:50:d0:d0:38:e7:d2:17:b7:fb:64:53:a5:1f:5d:
                    33:93:7e:31:1a:fc:d4:0e:2f:23:c8:43:db:3b:3e:
                    a1:31:e4:30:dd:c5:2e:76:6f:3d:eb:47:c5:38:53:
                    ef:81:79:87:e7:23:e0:ad:8e:78:05:7b:a6:c5:2e:
                    4b:26:8f:70:e5:4a:b3:b2:23:ef:fa:3f:3d:42:ed:
                    31:f9:0e:56:58:26:c4:b4:c5:1a:af:1f:f8:f1:15:
                    20:fe:08:bf:fa:1c:be:1f:b6:bf:41:98:88:be:e9:
                    27:2a:c3:78:75:a6:9b:13:0f:a8:91:99:b2:8e:62:
                    7c:a7:71:5b:b5:fb:2c:97:78:38:cf:64:05:0e:cd:
                    6c:6d:cc:82:eb:6a:ea:8a:17:8a:9d:34:41:58:11:
                    f5:dc:22:f7:71:bb:3e:d3:43:63:a3:9b:39:0a:21:
                    01:a6:13:cf:09:fc:43:74:79:a3:a1:5b:c4:b1:fd:
                    33:56:33:ce:b8:92:d0:6a:66:3b:92:07:04:40:7e:
                    59:a7:78:48:2f:bc:6e:11:c7:49:09:8d:6d:59:f6:
                    71:ce:c0:a0:98:cd:d0:a2:f9:88:44:eb:41:a3:0d:
                    5d:b6:b0:81:be:8a:bf:32:06:6c:62:54:f6:ca:f7:
                    dc:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:9E:65:35:75:D8:48:53:49:06:A9:AA:BC:7D:40:AA:51:AD:13:03
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/nJ5lNXXYSFNJBqmqvH1AqlGtEwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:c6:a5:a6:2e:6b:44:b5:98:44:8e:eb:e8:e4:15:a3:68:ea:
         e5:05:86:1d:66:7a:96:5a:13:9a:f5:87:da:bb:68:65:da:cb:
         19:06:88:1c:c7:47:0c:52:03:2e:95:57:f1:24:f0:b8:c9:d5:
         cd:fb:3f:da:88:d9:f6:e4:e3:86:48:f6:e1:25:16:1e:f9:77:
         e4:20:ac:af:58:0b:61:1c:2f:dc:34:1f:b9:e1:10:18:c6:a0:
         8b:bb:15:44:62:40:b0:c0:7f:2b:65:9e:86:2c:90:07:9d:f1:
         ef:e3:28:b8:8a:3e:2e:0a:b4:93:4f:0a:0d:95:09:f1:3b:2e:
         70:b3:dd:08:b3:ee:f6:4f:85:91:0c:fa:5d:53:34:63:66:4d:
         58:b4:cf:cc:8c:2c:39:c4:15:a5:87:6f:b5:25:17:79:2d:fc:
         a7:b3:34:70:8e:70:4f:d4:6b:43:ad:ce:22:78:2e:6c:0c:d7:
         bd:18:fc:c3:fc:ba:d1:2b:4a:3d:07:83:08:78:47:ee:b8:d0:
         40:8c:34:87:b0:b4:fe:f2:49:51:0d:b1:c5:54:17:2a:4c:82:
         9b:9d:fb:d6:bf:7b:a5:f8:22:20:4b:1b:f2:83:38:b9:e6:34:
         8b:67:ff:1e:55:e2:cf:79:ba:51:6f:85:32:2c:e6:b5:c5:02:
         a2:f0:a1:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Iqa1FY+x4FDL/M9+kyAs5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwNDEwMTUzOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzllNjUzNTc1ZDg0ODUzNDkwNmE5YWFiYzdkNDBhYTUxYWQxMzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApedSezhD1gV1xkJk+BdBUNDQOOfS
F7f7ZFOlH10zk34xGvzUDi8jyEPbOz6hMeQw3cUudm8960fFOFPvgXmH5yPgrY54
BXumxS5LJo9w5UqzsiPv+j89Qu0x+Q5WWCbEtMUarx/48RUg/gi/+hy+H7a/QZiI
vuknKsN4daabEw+okZmyjmJ8p3Fbtfssl3g4z2QFDs1sbcyC62rqiheKnTRBWBH1
3CL3cbs+00Njo5s5CiEBphPPCfxDdHmjoVvEsf0zVjPOuJLQamY7kgcEQH5Zp3hI
L7xuEcdJCY1tWfZxzsCgmM3QovmIROtBow1dtrCBvoq/MgZsYlT2yvfcCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJyeZTV12EhTSQapqrx9QKpRrRMDMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvbko1bE5YWFlTRk5KQnFtcXZIMUFxbEd0RXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg9iMA0G
CSqGSIb3DQEBCwUAA4IBAQBjxqWmLmtEtZhEjuvo5BWjaOrlBYYdZnqWWhOa9Yfa
u2hl2ssZBogcx0cMUgMulVfxJPC4ydXN+z/aiNn25OOGSPbhJRYe+XfkIKyvWAth
HC/cNB+54RAYxqCLuxVEYkCwwH8rZZ6GLJAHnfHv4yi4ij4uCrSTTwoNlQnxOy5w
s90Is+72T4WRDPpdUzRjZk1YtM/MjCw5xBWlh2+1JRd5LfynszRwjnBP1GtDrc4i
eC5sDNe9GPzD/LrRK0o9B4MIeEfuuNBAjDSHsLT+8klRDbHFVBcqTIKbnfvWv3ul
+CIgSxvygzi55jSLZ/8eVeLPebpRb4UyLOa1xQKi8KFS
-----END CERTIFICATE-----