Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NuzaDZ4DdK-ImzBkqtysUEaTIsw.roa
File:                     NuzaDZ4DdK-ImzBkqtysUEaTIsw.roa (raw, json)
Hash identifier:          rcpgs4lXiaYehhhcGeRcV/Iblqog47cYHFFG9xLYO7c=
Subject key identifier:   36:EC:DA:0D:9E:03:74:AF:88:9B:30:64:AA:DC:AC:50:46:93:22:CC
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BDB7BAFBD6C7A689CBB72AF54B070
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NuzaDZ4DdK-ImzBkqtysUEaTIsw.roa
Signing time:             Thu 02 Jan 2025 09:49:50 +0000
ROA not before:           Thu 02 Jan 2025 09:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50408
IP address blocks:        93.159.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 06:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:db:7b:af:bd:6c:7a:68:9c:bb:72:af:54:b0:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36ecda0d9e0374af889b3064aadcac50469322cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:00:27:45:7a:3c:8e:78:c2:ae:5e:58:17:c2:
                    8e:88:a6:9b:b9:64:17:00:bd:66:4d:bb:ef:20:36:
                    82:e9:87:f2:db:be:3e:bd:2c:cc:9d:9b:7d:48:89:
                    64:07:8b:35:45:c1:ed:7b:c5:7f:0b:fd:61:bc:a1:
                    e2:e0:90:82:be:f3:04:a6:82:e5:0d:32:95:c2:f9:
                    9e:cd:5d:85:e4:e2:6a:06:93:9c:a2:fb:fb:d4:b7:
                    b5:b5:6e:7a:9a:57:a5:2c:58:5e:51:f4:38:0c:8f:
                    0c:46:37:d3:03:50:e2:6f:db:4a:80:c4:40:28:08:
                    54:81:43:87:15:7c:e8:44:eb:b8:71:bc:7f:d4:5b:
                    4c:48:ea:d5:e6:b2:d9:e1:fc:63:ec:84:8a:57:66:
                    ca:b7:f5:1c:5c:85:04:d6:22:e9:da:5c:98:0c:cc:
                    30:fe:4d:7e:a8:03:fb:be:ce:48:9f:d2:9c:a3:bf:
                    f4:77:00:e3:89:1c:27:64:66:04:42:0f:f1:d9:04:
                    71:83:5d:9c:65:7b:f7:0b:1d:f2:4b:7e:e1:27:58:
                    4f:da:1d:d0:9d:51:2c:44:ad:1f:9c:96:f7:c5:1f:
                    06:a0:b8:e2:a5:61:15:92:b8:64:b5:12:00:3b:76:
                    68:07:f3:85:19:4f:0a:eb:c3:26:65:76:a7:0d:03:
                    62:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EC:DA:0D:9E:03:74:AF:88:9B:30:64:AA:DC:AC:50:46:93:22:CC
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/NuzaDZ4DdK-ImzBkqtysUEaTIsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:87:97:e9:6f:a5:5e:d1:93:a6:2d:2d:b6:3c:f0:71:f6:6d:
         c9:d6:2d:db:f3:c8:ea:f1:38:fc:df:dc:82:14:42:f0:a6:bc:
         2e:74:db:13:ee:39:97:ba:97:24:27:ff:1f:8f:12:c5:3f:28:
         ee:4b:9c:16:ec:48:e4:1a:3e:ba:63:a0:c9:93:84:42:fd:59:
         67:28:b9:36:07:1f:ea:b0:46:ce:7a:0b:df:a1:6b:c8:ac:fd:
         76:8d:0d:b1:87:19:cb:9d:3d:fe:a4:9a:e3:67:9c:79:71:3d:
         94:6c:b2:9f:ad:17:be:c5:ce:73:5a:da:d3:68:83:cb:74:b3:
         a6:7f:b2:98:46:93:a9:8d:e9:c4:4c:88:8b:b7:dd:81:12:6b:
         79:0d:7d:14:b7:91:4c:59:7b:27:e7:48:69:d7:b2:9e:d7:7f:
         1d:d0:c1:37:3a:78:5d:43:f2:29:16:c2:a0:4d:89:d3:a4:b4:
         22:b9:7d:ae:89:92:16:3e:f3:c0:b2:1f:0d:ff:b4:65:ec:80:
         4f:15:c1:a5:35:c8:07:3d:ff:f2:cf:13:72:80:88:85:e1:d5:
         d1:ac:f2:ef:cd:9b:3c:29:73:a0:20:cf:c8:89:0c:17:56:97:
         ed:43:aa:7b:9a:eb:3e:0e:9a:23:43:36:7b:71:e8:7d:7d:9c:
         51:f1:ba:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9t7r71semicu3KvVLBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVjZGEwZDllMDM3NGFmODg5YjMwNjRhYWRjYWM1MDQ2OTMyMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgAnRXo8jnjCrl5YF8KOiKabuWQX
AL1mTbvvIDaC6Yfy274+vSzMnZt9SIlkB4s1RcHte8V/C/1hvKHi4JCCvvMEpoLl
DTKVwvmezV2F5OJqBpOcovv71Le1tW56mlelLFheUfQ4DI8MRjfTA1Dib9tKgMRA
KAhUgUOHFXzoROu4cbx/1FtMSOrV5rLZ4fxj7ISKV2bKt/UcXIUE1iLp2lyYDMww
/k1+qAP7vs5In9Kco7/0dwDjiRwnZGYEQg/x2QRxg12cZXv3Cx3yS37hJ1hP2h3Q
nVEsRK0fnJb3xR8GoLjipWEVkrhktRIAO3ZoB/OFGU8K68MmZXanDQNiZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbs2g2eA3SviJswZKrcrFBGkyLMMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvTnV6YURaNERkSy1JbXpCa3F0eXNVRWFUSXN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXZ88MA0G
CSqGSIb3DQEBCwUAA4IBAQCPh5fpb6Ve0ZOmLS22PPBx9m3J1i3b88jq8Tj839yC
FELwprwudNsT7jmXupckJ/8fjxLFPyjuS5wW7EjkGj66Y6DJk4RC/VlnKLk2Bx/q
sEbOegvfoWvIrP12jQ2xhxnLnT3+pJrjZ5x5cT2UbLKfrRe+xc5zWtrTaIPLdLOm
f7KYRpOpjenETIiLt92BEmt5DX0Ut5FMWXsn50hp17Ke138d0ME3OnhdQ/IpFsKg
TYnTpLQiuX2uiZIWPvPAsh8N/7Rl7IBPFcGlNcgHPf/yzxNygIiF4dXRrPLvzZs8
KXOgIM/IiQwXVpftQ6p7mus+DpojQzZ7ceh9fZxR8brR
-----END CERTIFICATE-----