Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/03d0e2-a49e-4371-b21c-5015e1208119/1/nGYW83J_aS4yxhrYXp9VA0TeEIc.roa
File:                     nGYW83J_aS4yxhrYXp9VA0TeEIc.roa (raw, json)
Hash identifier:          /YC8iFgU09P1J1VWmXviu1DqVVHzbOorV1zBxowXSmE=
Subject key identifier:   9C:66:16:F3:72:7F:69:2E:32:C6:1A:D8:5E:9F:55:03:44:DE:10:87
Certificate issuer:       /CN=52a65c628483a756688bb158c28ab7c0d47de27c
Certificate serial:       0190EBBF5AA57969AF64FE4E2ABED01A0553
Authority key identifier: 52:A6:5C:62:84:83:A7:56:68:8B:B1:58:C2:8A:B7:C0:D4:7D:E2:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqZcYoSDp1Zoi7FYwoq3wNR94nw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/03d0e2-a49e-4371-b21c-5015e1208119/1/nGYW83J_aS4yxhrYXp9VA0TeEIc.roa
Signing time:             Thu 25 Jul 2024 21:15:04 +0000
ROA not before:           Thu 25 Jul 2024 21:15:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        31.43.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/03d0e2-a49e-4371-b21c-5015e1208119/1/UqZcYoSDp1Zoi7FYwoq3wNR94nw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/03d0e2-a49e-4371-b21c-5015e1208119/1/UqZcYoSDp1Zoi7FYwoq3wNR94nw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqZcYoSDp1Zoi7FYwoq3wNR94nw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:eb:bf:5a:a5:79:69:af:64:fe:4e:2a:be:d0:1a:05:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a65c628483a756688bb158c28ab7c0d47de27c
        Validity
            Not Before: Jul 25 21:15:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c6616f3727f692e32c61ad85e9f550344de1087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7f:39:bf:f6:28:fb:b1:21:54:e5:2d:c5:f6:
                    9b:fe:c2:6c:22:86:77:fd:d2:c5:34:f5:b8:e8:00:
                    03:ee:4c:ae:dc:3a:94:af:c3:44:fc:f7:d9:76:a5:
                    ac:49:c0:4c:61:da:d1:47:cc:d8:08:4e:bb:bb:e5:
                    eb:d3:7c:55:b8:89:67:39:a6:90:88:75:e7:68:2f:
                    8d:2e:a9:b1:80:70:aa:47:fd:63:5b:1c:6d:f8:ff:
                    4c:78:0c:d8:b0:ca:6b:02:9a:5d:2c:44:e3:ff:f3:
                    f2:fd:aa:31:83:20:b0:3c:83:9b:f0:27:68:4f:15:
                    e2:5b:7f:f2:35:4c:10:65:9b:ff:51:42:89:e2:85:
                    11:58:23:8e:94:36:ce:0b:0c:79:8e:a4:7e:37:14:
                    53:c2:cb:92:9c:07:b1:89:67:0c:2e:b5:16:c3:d0:
                    f4:c0:19:03:23:ee:50:ee:d2:d1:c1:b8:03:44:a6:
                    39:76:3c:c4:11:a1:ea:9c:79:b8:97:25:a9:18:4a:
                    9e:2e:62:10:67:ac:16:fa:0c:d6:9c:5e:66:89:11:
                    02:93:86:6e:dc:35:68:92:7f:5b:77:0e:50:2f:ca:
                    e0:2f:cd:82:9e:4d:61:25:f2:ee:08:ca:9c:e4:3e:
                    ce:a1:29:83:2c:90:a3:db:53:09:0c:a9:c0:e8:df:
                    fb:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:66:16:F3:72:7F:69:2E:32:C6:1A:D8:5E:9F:55:03:44:DE:10:87
            X509v3 Authority Key Identifier:
                keyid:52:A6:5C:62:84:83:A7:56:68:8B:B1:58:C2:8A:B7:C0:D4:7D:E2:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqZcYoSDp1Zoi7FYwoq3wNR94nw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/03d0e2-a49e-4371-b21c-5015e1208119/1/nGYW83J_aS4yxhrYXp9VA0TeEIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/03d0e2-a49e-4371-b21c-5015e1208119/1/UqZcYoSDp1Zoi7FYwoq3wNR94nw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.43.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:e8:a9:50:76:5f:b8:44:9b:1b:16:8a:7a:47:0c:3d:f9:dc:
         ff:eb:74:bb:16:a3:43:e7:73:dc:61:ae:69:d1:68:9d:5b:ce:
         fe:90:ac:06:a3:08:27:9b:04:eb:1e:c0:20:43:e9:0f:e0:2e:
         c5:39:78:3c:bc:e4:fd:89:f4:01:9b:55:3b:5f:9e:78:1a:45:
         fd:ef:ca:d4:42:66:66:d3:27:13:53:46:f4:55:97:9f:e4:ee:
         ad:e8:9f:91:e0:66:0e:1b:59:1b:3d:13:ec:76:5c:e6:21:86:
         e8:7e:ae:fb:54:5a:00:f5:3d:ba:6b:6f:86:47:b7:db:a9:b3:
         96:68:38:01:5d:43:01:43:8e:8a:4c:69:e5:d8:95:c6:d5:7f:
         bb:74:9e:03:21:e8:eb:ea:16:c9:3b:8b:74:41:13:6d:ae:f4:
         ab:97:58:22:cd:17:79:7c:04:df:a3:a1:02:8a:ea:cc:5c:5a:
         e3:1a:50:a9:7e:e1:ae:96:9b:2d:6b:2d:cb:92:cf:75:ae:18:
         e5:da:33:0a:89:8a:1d:d1:9a:a8:cc:dd:af:86:8c:46:ea:41:
         05:17:a3:ba:cf:06:2c:5f:93:4f:aa:19:9f:56:ae:ca:a5:c9:
         4e:db:75:7c:da:9b:79:74:62:f5:8f:5e:96:6e:e4:c7:d4:df:
         1b:32:aa:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDrv1qleWmvZP5OKr7QGgVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTY1YzYyODQ4M2E3NTY2ODhiYjE1OGMyOGFiN2MwZDQ3
ZGUyN2MwHhcNMjQwNzI1MjExNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY2MTZmMzcyN2Y2OTJlMzJjNjFhZDg1ZTlmNTUwMzQ0ZGUxMDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr385v/Yo+7EhVOUtxfab/sJsIoZ3
/dLFNPW46AAD7kyu3DqUr8NE/PfZdqWsScBMYdrRR8zYCE67u+Xr03xVuIlnOaaQ
iHXnaC+NLqmxgHCqR/1jWxxt+P9MeAzYsMprAppdLETj//Py/aoxgyCwPIOb8Cdo
TxXiW3/yNUwQZZv/UUKJ4oURWCOOlDbOCwx5jqR+NxRTwsuSnAexiWcMLrUWw9D0
wBkDI+5Q7tLRwbgDRKY5djzEEaHqnHm4lyWpGEqeLmIQZ6wW+gzWnF5miRECk4Zu
3DVokn9bdw5QL8rgL82Cnk1hJfLuCMqc5D7OoSmDLJCj21MJDKnA6N/7dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxmFvNyf2kuMsYa2F6fVQNE3hCHMB8GA1UdIwQY
MBaAFFKmXGKEg6dWaIuxWMKKt8DUfeJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFaY1lvU0RwMVpvaTdGWXdvcTN3TlI5NG53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8wM2QwZTItYTQ5ZS00MzcxLWIyMWMt
NTAxNWUxMjA4MTE5LzEvbkdZVzgzSl9hUzR5eGhyWVhwOVZBMFRlRUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8wM2QwZTItYTQ5ZS00MzcxLWIyMWMtNTAxNWUxMjA4MTE5
LzEvVXFaY1lvU0RwMVpvaTdGWXdvcTN3TlI5NG53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBHyugMA0G
CSqGSIb3DQEBCwUAA4IBAQBz6KlQdl+4RJsbFop6Rww9+dz/63S7FqND53PcYa5p
0WidW87+kKwGowgnmwTrHsAgQ+kP4C7FOXg8vOT9ifQBm1U7X554GkX978rUQmZm
0ycTU0b0VZef5O6t6J+R4GYOG1kbPRPsdlzmIYbofq77VFoA9T26a2+GR7fbqbOW
aDgBXUMBQ46KTGnl2JXG1X+7dJ4DIejr6hbJO4t0QRNtrvSrl1gizRd5fATfo6EC
iurMXFrjGlCpfuGulpstay3Lks91rhjl2jMKiYod0ZqozN2vhoxG6kEFF6O6zwYs
X5NPqhmfVq7KpclO23V82pt5dGL1j16WbuTH1N8bMqoJ
-----END CERTIFICATE-----