Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/nLnz1-LVxdBpajgr-FEswahocTE.roa
File:                     nLnz1-LVxdBpajgr-FEswahocTE.roa (raw, json)
Hash identifier:          J7JrtrCmUnTMymniojzxrFGL0IFUfOlR144vMGIjPjo=
Subject key identifier:   9C:B9:F3:D7:E2:D5:C5:D0:69:6A:38:2B:F8:51:2C:C1:A8:68:71:31
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       019111D5B874D65572DC973FE00AB4286251
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/nLnz1-LVxdBpajgr-FEswahocTE.roa
Signing time:             Fri 02 Aug 2024 06:45:04 +0000
ROA not before:           Fri 02 Aug 2024 06:45:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     152586
IP address blocks:        185.121.26.0/23 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:11:d5:b8:74:d6:55:72:dc:97:3f:e0:0a:b4:28:62:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Aug  2 06:45:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cb9f3d7e2d5c5d0696a382bf8512cc1a8687131
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6d:b7:83:d9:5f:96:af:cf:26:7a:8a:91:3c:
                    8a:a1:7d:49:6a:92:3f:3d:56:d7:1e:87:16:cd:7b:
                    5b:fd:e6:70:58:af:8f:c1:b1:0e:6b:6c:84:a7:55:
                    dd:64:91:b1:1d:20:44:f4:c3:b2:98:b4:9e:5e:3b:
                    93:07:b2:3d:af:cd:eb:d2:1d:29:cb:de:78:ef:a0:
                    de:36:22:8b:1f:be:be:63:70:64:b9:1c:a1:85:e9:
                    ce:12:bc:4e:2b:19:f9:c6:73:19:3d:1b:6e:31:cc:
                    e6:17:08:1f:f4:79:ea:e1:b3:d0:3e:50:e9:ac:2f:
                    a6:8e:e2:b6:85:bd:e4:d2:4e:f4:9b:ac:e9:bd:45:
                    35:9c:cc:a2:f2:fb:81:cd:e8:98:52:d5:10:c2:d7:
                    10:9b:71:a0:76:50:51:7a:b8:5e:59:16:c7:36:03:
                    40:fc:7d:6a:e8:74:82:fa:37:c0:6b:fd:3e:a7:6f:
                    a6:90:42:f0:24:4e:39:7e:a5:40:48:a5:01:1c:72:
                    05:19:9a:af:01:dc:77:b6:b1:8e:52:d1:22:d8:5b:
                    14:55:56:70:a2:7a:1e:e3:37:9c:7a:4e:db:72:6c:
                    c2:57:af:f3:94:cb:4b:e3:26:94:a5:f4:de:14:31:
                    89:db:14:60:1d:5e:b4:34:83:77:a7:1c:c7:04:8e:
                    5c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:B9:F3:D7:E2:D5:C5:D0:69:6A:38:2B:F8:51:2C:C1:A8:68:71:31
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/nLnz1-LVxdBpajgr-FEswahocTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:c5:92:57:a4:b6:83:fb:51:6a:77:06:b7:89:35:26:04:e7:
         31:68:47:75:c8:f8:8a:1e:86:29:f7:ff:3f:34:39:bf:aa:66:
         b9:55:cc:21:99:47:91:8c:e9:19:62:63:d1:84:5c:85:64:90:
         a4:8f:21:58:b8:6e:6c:13:47:92:5c:37:48:4b:e8:ed:a9:4d:
         58:ee:0f:0f:84:6d:a6:a2:38:df:89:5b:ce:24:9d:d5:1e:d7:
         eb:45:50:41:85:ae:8c:49:1f:b4:77:26:31:f3:1e:71:e4:24:
         5b:d0:15:d0:d3:c3:e2:68:1c:b5:7c:5a:95:84:cc:eb:14:4c:
         f8:2e:34:41:3e:4d:08:ba:ce:63:14:83:48:c8:37:70:be:f9:
         28:06:b6:01:e8:ad:26:dc:87:64:d5:a6:06:1c:ad:c2:88:70:
         d6:8e:af:b0:45:e8:9f:8e:d3:3e:31:0e:41:81:7d:5c:55:4f:
         81:c9:45:76:03:15:98:73:5e:a8:61:f1:af:c2:a4:5b:14:86:
         a7:38:2d:16:89:50:5e:5c:4d:6a:2a:43:51:78:fb:0b:c5:4d:
         8f:32:00:3f:6b:ce:ea:16:aa:7c:39:ac:34:55:28:16:d4:49:
         0b:a5:20:a4:1a:1d:85:95:fb:38:4e:0d:92:66:d1:78:98:21:
         82:30:34:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZER1bh01lVy3Jc/4Aq0KGJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwODAyMDY0NTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2I5ZjNkN2UyZDVjNWQwNjk2YTM4MmJmODUxMmNjMWE4Njg3MTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr223g9lflq/PJnqKkTyKoX1JapI/
PVbXHocWzXtb/eZwWK+PwbEOa2yEp1XdZJGxHSBE9MOymLSeXjuTB7I9r83r0h0p
y95476DeNiKLH76+Y3BkuRyhhenOErxOKxn5xnMZPRtuMczmFwgf9Hnq4bPQPlDp
rC+mjuK2hb3k0k70m6zpvUU1nMyi8vuBzeiYUtUQwtcQm3GgdlBRerheWRbHNgNA
/H1q6HSC+jfAa/0+p2+mkELwJE45fqVASKUBHHIFGZqvAdx3trGOUtEi2FsUVVZw
onoe4zecek7bcmzCV6/zlMtL4yaUpfTeFDGJ2xRgHV60NIN3pxzHBI5cFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJy589fi1cXQaWo4K/hRLMGoaHExMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvbkxuejEtTFZ4ZEJwYWpnci1GRXN3YWhvY1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXkaMA0G
CSqGSIb3DQEBCwUAA4IBAQARxZJXpLaD+1Fqdwa3iTUmBOcxaEd1yPiKHoYp9/8/
NDm/qma5VcwhmUeRjOkZYmPRhFyFZJCkjyFYuG5sE0eSXDdIS+jtqU1Y7g8PhG2m
ojjfiVvOJJ3VHtfrRVBBha6MSR+0dyYx8x5x5CRb0BXQ08PiaBy1fFqVhMzrFEz4
LjRBPk0Ius5jFINIyDdwvvkoBrYB6K0m3Idk1aYGHK3CiHDWjq+wReifjtM+MQ5B
gX1cVU+ByUV2AxWYc16oYfGvwqRbFIanOC0WiVBeXE1qKkNRePsLxU2PMgA/a87q
Fqp8Oaw0VSgW1EkLpSCkGh2Flfs4Tg2SZtF4mCGCMDT7
-----END CERTIFICATE-----