Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/nhqA16rNsrAECQKPilu2lYr_9-E.roa
File:                     nhqA16rNsrAECQKPilu2lYr_9-E.roa (raw, json)
Hash identifier:          f8soVif6MYpYaX2exRufgCB7kDD3Kxkfh/+z9HgMLeA=
Subject key identifier:   9E:1A:80:D7:AA:CD:B2:B0:04:09:02:8F:8A:5B:B6:95:8A:FF:F7:E1
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018CC5004F1AB37FDB61DEDC983DEA86BBED
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/nhqA16rNsrAECQKPilu2lYr_9-E.roa
Signing time:             Mon 01 Jan 2024 12:29:40 +0000
ROA not before:           Mon 01 Jan 2024 12:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216165
IP address blocks:        217.113.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:4f:1a:b3:7f:db:61:de:dc:98:3d:ea:86:bb:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 12:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e1a80d7aacdb2b00409028f8a5bb6958afff7e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:b7:a9:38:68:80:e2:e9:87:08:2a:12:19:f3:
                    01:03:a4:35:45:55:da:8b:e9:0b:04:38:f4:69:a2:
                    61:77:ff:92:20:53:98:24:7f:5d:56:9e:24:b9:45:
                    f6:8f:92:2c:47:3b:cf:fc:ad:b6:d9:d3:5e:cf:d6:
                    11:a8:58:3f:5c:7e:51:ba:0b:1f:a3:88:43:b0:13:
                    aa:6f:77:ab:62:42:09:97:52:5a:c9:cf:a7:bf:e6:
                    cb:9c:f2:94:e9:32:c0:c7:42:d2:6a:81:e5:23:ef:
                    dc:57:1e:70:5c:f2:8d:2f:d6:5a:e9:96:bc:21:52:
                    ac:26:a1:7b:fe:a4:e2:a2:ae:d1:63:f0:15:14:3e:
                    c1:fa:07:85:7f:38:a4:9f:d7:0d:06:0d:7b:59:75:
                    ec:b7:b6:ad:0d:f3:41:38:2b:0a:83:6a:62:a0:f2:
                    8a:1b:2d:7b:af:5d:0d:ec:a3:74:fa:cf:e2:ff:de:
                    fd:54:70:ff:87:13:7d:37:22:b5:d7:f9:9d:68:0f:
                    ea:c3:78:c6:69:5b:0a:b1:7f:7e:e8:ec:d9:63:bd:
                    59:ed:bd:4a:28:7e:f4:12:49:1f:05:d4:37:9d:ae:
                    89:25:56:77:ac:c4:59:98:fd:cd:ec:a6:50:0c:15:
                    13:0b:15:c0:77:dc:35:1c:69:71:7b:fd:38:91:e8:
                    63:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:1A:80:D7:AA:CD:B2:B0:04:09:02:8F:8A:5B:B6:95:8A:FF:F7:E1
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/nhqA16rNsrAECQKPilu2lYr_9-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.113.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:2e:b9:a8:4b:7e:d8:92:38:df:c8:11:b6:45:79:67:62:a6:
         3b:10:5e:11:94:b8:33:d1:d3:74:92:1a:98:ba:b0:b0:43:2f:
         c9:25:bc:e2:02:1c:5d:74:64:c2:2e:a0:9c:eb:a5:e7:5a:0c:
         f4:ac:19:fd:08:78:2d:99:83:76:10:24:67:4f:80:3d:91:84:
         43:80:80:89:21:b8:22:7c:45:7f:c3:4c:50:ad:da:b2:56:b4:
         db:bf:fd:68:67:08:3e:bd:27:65:49:8b:2d:ef:4f:d4:ee:29:
         96:49:5b:94:fc:a8:18:b1:32:6c:91:c0:92:b7:8d:d6:6c:13:
         ad:f1:59:a6:00:98:93:44:c8:40:02:19:37:cc:a9:aa:85:1b:
         1e:8c:d8:2c:d1:f2:a8:f2:78:dc:b0:8a:22:1c:bf:b5:90:e2:
         83:64:cb:c6:91:a2:94:f9:7d:3c:1c:a7:2a:83:e8:5c:01:93:
         ff:74:f9:6f:8a:52:af:d6:d9:86:a8:4c:6d:f0:1c:d3:92:db:
         3c:78:ff:91:3b:5a:a6:00:5a:92:8f:d1:fe:08:00:a3:69:82:
         f1:cb:d0:96:a0:a7:13:77:98:a0:6c:c0:91:a8:b6:c3:fe:72:
         bc:51:c5:9e:32:12:5c:a8:d2:d6:9a:fd:20:df:71:f2:51:e6:
         0c:2f:5c:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAE8as3/bYd7cmD3qhrvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMTAxMTIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTFhODBkN2FhY2RiMmIwMDQwOTAyOGY4YTViYjY5NThhZmZmN2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7epOGiA4umHCCoSGfMBA6Q1RVXa
i+kLBDj0aaJhd/+SIFOYJH9dVp4kuUX2j5IsRzvP/K222dNez9YRqFg/XH5Rugsf
o4hDsBOqb3erYkIJl1Jayc+nv+bLnPKU6TLAx0LSaoHlI+/cVx5wXPKNL9Za6Za8
IVKsJqF7/qTioq7RY/AVFD7B+geFfzikn9cNBg17WXXst7atDfNBOCsKg2pioPKK
Gy17r10N7KN0+s/i/979VHD/hxN9NyK11/mdaA/qw3jGaVsKsX9+6OzZY71Z7b1K
KH70EkkfBdQ3na6JJVZ3rMRZmP3N7KZQDBUTCxXAd9w1HGlxe/04kehjbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4agNeqzbKwBAkCj4pbtpWK//fhMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvbmhxQTE2ck5zckFFQ1FLUGlsdTJsWXJfOS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2XEQMA0G
CSqGSIb3DQEBCwUAA4IBAQBsLrmoS37YkjjfyBG2RXlnYqY7EF4RlLgz0dN0khqY
urCwQy/JJbziAhxddGTCLqCc66XnWgz0rBn9CHgtmYN2ECRnT4A9kYRDgICJIbgi
fEV/w0xQrdqyVrTbv/1oZwg+vSdlSYst70/U7imWSVuU/KgYsTJskcCSt43WbBOt
8VmmAJiTRMhAAhk3zKmqhRsejNgs0fKo8njcsIoiHL+1kOKDZMvGkaKU+X08HKcq
g+hcAZP/dPlvilKv1tmGqExt8BzTkts8eP+RO1qmAFqSj9H+CACjaYLxy9CWoKcT
d5igbMCRqLbD/nK8UcWeMhJcqNLWmv0g33HyUeYML1xI
-----END CERTIFICATE-----