Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/NykCS1shaiE0okp3jzZZ6SonIvM.roa
File:                     NykCS1shaiE0okp3jzZZ6SonIvM.roa (raw, json)
Hash identifier:          61zf2q9tilEfa957l42gPXC7Lujocwo0eiYO1iYbewQ=
Subject key identifier:   37:29:02:4B:5B:21:6A:21:34:A2:4A:77:8F:36:59:E9:2A:27:22:F3
Certificate issuer:       /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial:       018CCA2A250BA81DA3F4CDDE7A0AE46A9B3C
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/NykCS1shaiE0okp3jzZZ6SonIvM.roa
Signing time:             Tue 02 Jan 2024 12:33:28 +0000
ROA not before:           Tue 02 Jan 2024 12:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55933
IP address blocks:        116.206.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 18:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:25:0b:a8:1d:a3:f4:cd:de:7a:0a:e4:6a:9b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
        Validity
            Not Before: Jan  2 12:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3729024b5b216a2134a24a778f3659e92a2722f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:11:bb:1c:3a:7d:c3:d5:3d:67:3d:29:82:67:
                    2e:e0:39:75:e6:6f:64:b5:ac:5d:ab:06:12:28:64:
                    55:a8:c6:2a:fb:56:69:21:46:a3:15:68:d0:c5:dd:
                    aa:0e:e0:37:e2:1e:b1:fa:42:1c:8f:78:c1:a7:23:
                    70:6e:9d:ab:e2:94:ba:e3:eb:2c:16:e0:58:e0:ef:
                    ce:80:63:5e:e0:3b:25:2b:c5:4d:b6:b1:02:aa:c2:
                    a5:ac:52:37:4c:91:3f:ea:8e:7e:68:d8:cb:3c:94:
                    7e:6f:0a:18:df:a7:89:99:db:64:0d:e6:ef:dd:72:
                    47:f7:81:6e:17:ba:c7:8a:3a:74:ba:6a:83:ce:e2:
                    75:1a:cf:2d:f8:0f:85:56:6a:3e:40:25:9d:be:b0:
                    92:a9:4d:c7:6c:87:93:98:f7:b8:d8:17:0f:69:7e:
                    07:c4:f7:95:68:01:e2:fd:2c:52:57:c7:4e:99:04:
                    49:82:d7:a9:8b:a1:3a:2f:fe:75:a5:51:37:8d:9b:
                    c1:5f:01:d4:0d:59:5b:57:f4:62:29:eb:be:f4:67:
                    ce:19:74:c9:56:9c:a9:01:35:37:73:2f:d9:f0:21:
                    1a:b6:c5:f0:33:01:1a:64:e3:52:ef:09:17:b3:9b:
                    3d:fd:2a:26:46:aa:73:e7:89:19:68:6d:8b:d7:16:
                    c2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:29:02:4B:5B:21:6A:21:34:A2:4A:77:8F:36:59:E9:2A:27:22:F3
            X509v3 Authority Key Identifier:
                keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/NykCS1shaiE0okp3jzZZ6SonIvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.206.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:5c:a1:ce:91:1b:67:a5:59:09:ca:e0:85:ab:87:8b:36:f1:
         a4:db:b5:cd:bf:18:f0:8d:3d:05:2e:8e:a9:a7:7a:40:f7:ed:
         53:16:4c:d6:2b:2e:7c:6a:f1:17:ef:b1:9e:df:f2:77:ce:9b:
         4d:67:1c:23:e1:e2:b4:49:59:7a:cf:3a:e9:08:8a:fa:ce:96:
         15:d1:f8:dd:c8:0f:57:fe:bf:48:20:92:ac:b9:89:e0:e5:29:
         2d:e9:8b:50:d6:a1:79:2f:16:cc:8a:57:19:7c:33:2b:e5:98:
         11:d9:35:af:b6:66:b6:d9:0a:2f:47:c7:04:21:03:28:9f:44:
         a2:73:6b:b8:48:1a:15:c1:56:ed:e1:16:de:bb:a9:66:49:28:
         62:54:e8:57:e0:e2:10:10:3f:76:be:5b:82:d4:b1:df:30:65:
         b6:a0:1a:02:f3:9e:06:0b:be:8e:44:52:47:39:bc:89:50:b1:
         2e:78:a2:44:9c:86:d2:6b:8f:4a:70:02:53:4e:70:bc:4d:87:
         6b:0d:90:f9:ed:ff:93:53:66:1e:d6:ed:bd:85:25:53:f0:b3:
         38:df:07:f5:ec:06:fd:e7:b5:ed:b4:d3:f2:97:2b:48:f4:b0:
         19:e8:19:62:d4:ee:f4:84:79:49:ab:30:40:d7:05:ee:a8:62:
         c5:d6:9c:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKiULqB2j9M3eegrkaps8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjQwMTAyMTIzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzI5MDI0YjViMjE2YTIxMzRhMjRhNzc4ZjM2NTllOTJhMjcyMmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBG7HDp9w9U9Zz0pgmcu4Dl15m9k
taxdqwYSKGRVqMYq+1ZpIUajFWjQxd2qDuA34h6x+kIcj3jBpyNwbp2r4pS64+ss
FuBY4O/OgGNe4DslK8VNtrECqsKlrFI3TJE/6o5+aNjLPJR+bwoY36eJmdtkDebv
3XJH94FuF7rHijp0umqDzuJ1Gs8t+A+FVmo+QCWdvrCSqU3HbIeTmPe42BcPaX4H
xPeVaAHi/SxSV8dOmQRJgtepi6E6L/51pVE3jZvBXwHUDVlbV/RiKeu+9GfOGXTJ
VpypATU3cy/Z8CEatsXwMwEaZONS7wkXs5s9/SomRqpz54kZaG2L1xbCAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcpAktbIWohNKJKd482WekqJyLzMB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvTnlrQ1Mxc2hhaUUwb2twM2p6Wlo2U29uSXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQtYmQ1ZDNmMDBmYmIy
LzEvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAdM5fMA0G
CSqGSIb3DQEBCwUAA4IBAQCMXKHOkRtnpVkJyuCFq4eLNvGk27XNvxjwjT0FLo6p
p3pA9+1TFkzWKy58avEX77Ge3/J3zptNZxwj4eK0SVl6zzrpCIr6zpYV0fjdyA9X
/r9IIJKsuYng5Skt6YtQ1qF5LxbMilcZfDMr5ZgR2TWvtma22QovR8cEIQMon0Si
c2u4SBoVwVbt4Rbeu6lmSShiVOhX4OIQED92vluC1LHfMGW2oBoC854GC76ORFJH
ObyJULEueKJEnIbSa49KcAJTTnC8TYdrDZD57f+TU2Ye1u29hSVT8LM43wf17Ab9
57XttNPylytI9LAZ6Bli1O70hHlJqzBA1wXuqGLF1pwk
-----END CERTIFICATE-----