Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/na2UKX-2KF2tT3Dok75MvGu6p88.roa
File:                     na2UKX-2KF2tT3Dok75MvGu6p88.roa (raw, json)
Hash identifier:          cr+OHRY/pQBSdVbL/EfYjIR/w/9wYIEwjnicVMEWgOE=
Subject key identifier:   9D:AD:94:29:7F:B6:28:5D:AD:4F:70:E8:93:BE:4C:BC:6B:BA:A7:CF
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       018CC7273EB26AC4A64161F9B86F5AACFB20
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/na2UKX-2KF2tT3Dok75MvGu6p88.roa
Signing time:             Mon 01 Jan 2024 22:31:27 +0000
ROA not before:           Mon 01 Jan 2024 22:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199431
IP address blocks:        94.247.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3e:b2:6a:c4:a6:41:61:f9:b8:6f:5a:ac:fb:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Jan  1 22:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dad94297fb6285dad4f70e893be4cbc6bbaa7cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:49:80:60:bc:d6:37:68:2e:93:85:20:27:9a:
                    28:ee:fd:99:99:f4:c8:30:c5:e2:92:fa:0f:3b:e0:
                    d8:f1:2a:2c:99:5d:4f:88:ff:e6:70:cb:f6:03:bb:
                    2f:ff:b0:cc:77:89:28:04:29:2d:31:f4:27:33:47:
                    dd:53:d9:8c:ff:64:93:44:8b:3b:cc:13:46:04:4d:
                    d9:1c:5f:58:db:22:ea:cb:71:13:b9:5a:5f:5d:94:
                    5a:c3:be:6d:06:9f:e5:a7:27:ba:41:72:5e:84:ea:
                    53:d9:51:9e:ce:ab:d3:84:b1:7e:3d:1c:e0:61:88:
                    c4:9a:63:25:56:60:2e:04:a0:82:84:3e:3d:07:c7:
                    03:b2:bb:62:67:9d:66:18:32:4a:cf:bb:89:01:f9:
                    f3:48:89:02:3c:65:68:57:7a:31:3f:92:32:46:ff:
                    97:cf:14:23:04:e1:74:9b:fd:4a:a9:a7:81:ed:79:
                    2c:47:f3:2c:0a:61:9c:e5:05:be:84:b7:a7:17:90:
                    1e:67:bd:c0:36:ed:86:2e:88:0c:70:19:f1:df:5f:
                    a3:c4:1b:84:5e:06:70:b8:2b:dd:6a:50:29:57:52:
                    8e:ad:be:e1:23:9a:37:27:3c:18:53:ad:8c:a6:ff:
                    a9:9d:da:7a:87:5a:9e:73:2b:a8:11:33:4d:71:74:
                    b7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:AD:94:29:7F:B6:28:5D:AD:4F:70:E8:93:BE:4C:BC:6B:BA:A7:CF
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/na2UKX-2KF2tT3Dok75MvGu6p88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:b1:04:2c:4f:3e:be:7e:79:d6:cb:ec:51:94:ed:63:a2:3d:
         c1:f1:46:ec:06:2a:65:d2:f0:12:58:67:88:cc:fd:0b:85:40:
         54:cd:a3:6f:1a:a0:ca:1b:c9:2d:c3:f7:df:da:d1:63:65:9e:
         45:5f:18:f0:76:8c:b0:87:1f:e8:1b:61:49:d9:96:0f:31:61:
         5b:03:77:fc:6a:dc:32:05:b0:60:7b:70:0a:46:20:02:d3:f0:
         5c:31:cc:47:74:73:93:48:c2:8c:49:e1:a1:4c:32:f0:41:02:
         73:37:5d:4c:9f:1f:c9:5c:dc:9c:e3:54:d4:45:f3:6f:3c:58:
         e5:f2:65:0c:ac:10:53:51:0f:96:62:1e:be:f8:f7:ec:86:b4:
         50:94:0b:fc:52:6f:6e:64:58:fc:08:4d:23:ca:73:c1:41:94:
         70:a2:30:8f:db:bd:49:57:0c:8f:70:17:ec:25:a8:68:40:29:
         41:a6:72:0c:50:76:6b:55:2f:63:82:62:95:d5:11:db:ac:f5:
         97:9f:ff:48:a1:76:eb:ed:44:ca:59:f7:41:cc:9a:40:fe:16:
         7e:18:12:14:3b:d2:9f:82:a7:66:e3:f0:81:c1:d3:d6:79:5c:
         f1:ce:5c:c4:35:3e:f1:93:39:1a:dd:fc:e0:d9:18:c2:6d:83:
         c6:9d:39:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJz6yasSmQWH5uG9arPsgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjQwMTAxMjIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGFkOTQyOTdmYjYyODVkYWQ0ZjcwZTg5M2JlNGNiYzZiYmFhN2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0mAYLzWN2guk4UgJ5oo7v2ZmfTI
MMXikvoPO+DY8SosmV1PiP/mcMv2A7sv/7DMd4koBCktMfQnM0fdU9mM/2STRIs7
zBNGBE3ZHF9Y2yLqy3ETuVpfXZRaw75tBp/lpye6QXJehOpT2VGezqvThLF+PRzg
YYjEmmMlVmAuBKCChD49B8cDsrtiZ51mGDJKz7uJAfnzSIkCPGVoV3oxP5IyRv+X
zxQjBOF0m/1KqaeB7XksR/MsCmGc5QW+hLenF5AeZ73ANu2GLogMcBnx31+jxBuE
XgZwuCvdalApV1KOrb7hI5o3JzwYU62Mpv+pndp6h1qecyuoETNNcXS3CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2tlCl/tihdrU9w6JO+TLxruqfPMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvbmEyVUtYLTJLRjJ0VDNEb2s3NU12R3U2cDg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXvflMA0G
CSqGSIb3DQEBCwUAA4IBAQAVsQQsTz6+fnnWy+xRlO1joj3B8UbsBipl0vASWGeI
zP0LhUBUzaNvGqDKG8ktw/ff2tFjZZ5FXxjwdoywhx/oG2FJ2ZYPMWFbA3f8atwy
BbBge3AKRiAC0/BcMcxHdHOTSMKMSeGhTDLwQQJzN11Mnx/JXNyc41TURfNvPFjl
8mUMrBBTUQ+WYh6++PfshrRQlAv8Um9uZFj8CE0jynPBQZRwojCP271JVwyPcBfs
JahoQClBpnIMUHZrVS9jgmKV1RHbrPWXn/9IoXbr7UTKWfdBzJpA/hZ+GBIUO9Kf
gqdm4/CBwdPWeVzxzlzENT7xkzka3fzg2RjCbYPGnTkz
-----END CERTIFICATE-----