Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/sNsgwIL7_2NXkqyyoKgU48XsukY.roa
File:                     sNsgwIL7_2NXkqyyoKgU48XsukY.roa (raw, json)
Hash identifier:          TH+yIsyf6L/Ht/Eq+wZJ+CQWrNj55JIjGL9lon+7uoA=
Subject key identifier:   B0:DB:20:C0:82:FB:FF:63:57:92:AC:B2:A0:A8:14:E3:C5:EC:BA:46
Certificate issuer:       /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial:       018D16F29905DAD4EE316DF025FEA2137F1E
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/sNsgwIL7_2NXkqyyoKgU48XsukY.roa
Signing time:             Wed 17 Jan 2024 10:23:34 +0000
ROA not before:           Wed 17 Jan 2024 10:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204770
IP address blocks:        5.199.165.0/24 maxlen: 32
                          185.8.106.0/23 maxlen: 32
                          2a02:ae02::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:f2:99:05:da:d4:ee:31:6d:f0:25:fe:a2:13:7f:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
        Validity
            Not Before: Jan 17 10:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0db20c082fbff635792acb2a0a814e3c5ecba46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:84:5a:e5:5a:92:79:7f:e1:15:6a:35:43:24:
                    10:a2:5d:35:03:21:cc:e6:32:b4:45:04:ed:aa:60:
                    13:04:43:3a:95:7d:97:13:41:9d:ac:ea:e7:f9:9a:
                    cc:03:de:ab:41:ce:3f:b8:5a:47:59:6a:6e:80:e7:
                    7a:a1:44:cc:41:57:9e:f4:6e:4d:a3:0e:bc:ce:ac:
                    9b:13:ae:b4:fb:81:70:b7:70:04:98:70:f4:c9:a3:
                    3c:df:ac:64:2d:2d:fb:53:aa:aa:d5:c4:0e:8a:66:
                    a7:7f:1d:87:47:5d:04:10:e2:32:6b:6c:00:2c:da:
                    f6:c7:4e:4a:9d:68:03:5d:b4:5c:88:d1:6f:6c:23:
                    38:ea:39:e7:a6:9d:ab:e9:11:a7:93:70:34:d0:b5:
                    4a:25:7b:4c:43:95:80:de:7b:9c:13:36:77:6d:1b:
                    1e:be:9e:ec:fa:a0:f6:5d:f4:dc:e3:0e:09:7e:e1:
                    02:93:8f:72:8e:bf:ff:90:58:39:75:5b:90:11:d7:
                    42:dd:06:da:ef:79:4d:67:15:7c:b6:97:5a:9b:2a:
                    63:c4:11:95:ae:df:a9:d4:5d:d1:c7:9c:d3:20:9a:
                    29:72:a6:87:83:c2:0e:c0:1f:38:21:59:04:33:4c:
                    65:de:30:42:7a:01:2b:81:7e:14:6c:b7:34:00:55:
                    f3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:DB:20:C0:82:FB:FF:63:57:92:AC:B2:A0:A8:14:E3:C5:EC:BA:46
            X509v3 Authority Key Identifier:
                keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/sNsgwIL7_2NXkqyyoKgU48XsukY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.199.165.0/24
                  185.8.106.0/23
                IPv6:
                  2a02:ae02::/36

    Signature Algorithm: sha256WithRSAEncryption
         5e:8a:52:04:6c:3f:38:f0:b5:9b:e1:28:71:e1:75:99:7c:b5:
         aa:84:81:40:02:d3:79:b6:a0:54:3f:47:be:08:5a:a6:2d:12:
         c5:d4:5d:3d:23:a5:1a:c4:00:eb:82:70:c9:3c:12:ac:89:b7:
         8f:0d:b0:2b:78:ac:2d:a5:f1:ce:3c:0f:31:bd:8e:99:82:d8:
         ce:62:08:15:42:be:6f:ad:df:6c:30:11:8e:a8:21:27:bc:68:
         33:02:49:92:2f:45:e7:86:83:17:ef:b6:3a:a0:5b:56:b4:e0:
         68:5d:e9:b5:0c:f3:bc:ce:03:09:74:3e:82:70:f7:f0:a3:e7:
         ba:88:84:e1:a2:f0:ab:44:77:f7:c3:9d:43:fa:1f:b0:a0:cd:
         82:0f:7a:f1:6b:ad:45:90:72:89:95:77:64:a5:20:61:d4:8b:
         af:e8:2e:4b:c9:e7:39:7d:2c:b5:47:8d:65:99:5a:cd:98:a2:
         07:79:c1:68:a2:59:4e:f3:84:c1:0b:ad:1e:36:98:bc:1c:21:
         71:69:ab:a1:0b:13:e9:ca:cf:aa:f8:88:87:12:4e:4f:36:e9:
         7c:7c:9f:08:69:6a:48:6d:60:e9:6e:e6:fc:e9:49:fa:76:32:
         8e:94:04:1f:02:b2:9f:46:ae:90:b0:61:92:56:87:20:73:87:
         40:af:81:5b
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY0W8pkF2tTuMW3wJf6iE38eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjQwMTE3MTAyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGRiMjBjMDgyZmJmZjYzNTc5MmFjYjJhMGE4MTRlM2M1ZWNiYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4Ra5VqSeX/hFWo1QyQQol01AyHM
5jK0RQTtqmATBEM6lX2XE0GdrOrn+ZrMA96rQc4/uFpHWWpugOd6oUTMQVee9G5N
ow68zqybE660+4Fwt3AEmHD0yaM836xkLS37U6qq1cQOimanfx2HR10EEOIya2wA
LNr2x05KnWgDXbRciNFvbCM46jnnpp2r6RGnk3A00LVKJXtMQ5WA3nucEzZ3bRse
vp7s+qD2XfTc4w4JfuECk49yjr//kFg5dVuQEddC3Qba73lNZxV8tpdamypjxBGV
rt+p1F3Rx5zTIJopcqaHg8IOwB84IVkEM0xl3jBCegErgX4UbLc0AFXzSQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFLDbIMCC+/9jV5KssqCoFOPF7LpGMB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEvc05zZ3dJTDdfMk5Ya3F5eW9LZ1U0OFhzdWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQABcelAwQB
uQhqMA4EAgACMAgDBgQqAq4CADANBgkqhkiG9w0BAQsFAAOCAQEAXopSBGw/OPC1
m+EoceF1mXy1qoSBQALTebagVD9Hvghapi0SxdRdPSOlGsQA64JwyTwSrIm3jw2w
K3isLaXxzjwPMb2OmYLYzmIIFUK+b63fbDARjqghJ7xoMwJJki9F54aDF++2OqBb
VrTgaF3ptQzzvM4DCXQ+gnD38KPnuoiE4aLwq0R398OdQ/ofsKDNgg968WutRZBy
iZV3ZKUgYdSLr+guS8nnOX0stUeNZZlazZiiB3nBaKJZTvOEwQutHjaYvBwhcWmr
oQsT6crPqviIhxJOTzbpfHyfCGlqSG1g6W7m/OlJ+nYyjpQEHwKyn0aukLBhklaH
IHOHQK+BWw==
-----END CERTIFICATE-----