Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/ncs9X-Zk4JZHNYtt8t2uBnQX9oY.roa
File:                     ncs9X-Zk4JZHNYtt8t2uBnQX9oY.roa (raw, json)
Hash identifier:          5guFCGGvbqU6swNIKFCNo5soWWJ6rvnCUmstTheCrgU=
Subject key identifier:   9D:CB:3D:5F:E6:64:E0:96:47:35:8B:6D:F2:DD:AE:06:74:17:F6:86
Certificate issuer:       /CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
Certificate serial:       018CC50017DB3A29CDD8CA5616D644D5CD4E
Authority key identifier: 20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/ncs9X-Zk4JZHNYtt8t2uBnQX9oY.roa
Signing time:             Mon 01 Jan 2024 12:29:26 +0000
ROA not before:           Mon 01 Jan 2024 12:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206632
IP address blocks:        156.17.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:17:db:3a:29:cd:d8:ca:56:16:d6:44:d5:cd:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=202f4c1a37e9313cdd2eea7750ae028d18cd5aae
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dcb3d5fe664e09647358b6df2ddae067417f686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cc:c4:f2:85:68:18:e2:9e:37:84:92:aa:bb:
                    b5:a5:29:72:e9:cc:2f:6b:17:b2:1d:87:d6:fd:95:
                    94:8c:f6:d5:8a:e7:06:0a:b5:43:78:80:96:d2:81:
                    3c:a6:78:98:94:f3:b2:32:fd:c5:18:61:94:b0:6c:
                    73:a0:00:7a:03:32:5c:d2:f7:13:b1:8b:63:51:ba:
                    cc:8e:bc:d2:f7:73:f8:13:ce:f7:79:84:90:f3:c9:
                    ac:e8:c9:64:cf:ea:67:06:b3:ec:b6:fb:b7:9c:4b:
                    f7:69:b6:73:c3:56:63:2b:1f:86:6a:54:41:e0:1b:
                    1a:da:72:3f:3a:c5:ef:e9:5a:93:26:ad:39:ca:48:
                    2f:91:0b:6e:29:ee:5b:f7:c4:f8:72:24:61:98:24:
                    a4:85:d2:6a:68:0c:20:7c:ea:41:03:4f:0f:ac:b9:
                    da:2e:8a:d2:2f:8d:4f:80:b9:23:84:89:c8:fb:28:
                    74:10:18:5a:1f:e3:df:f4:aa:7c:d4:e3:d4:a7:c4:
                    12:48:09:33:d6:a6:be:54:ae:be:3d:05:ab:9e:84:
                    c2:07:cd:cd:e0:c8:fe:16:90:a3:3c:ef:b1:50:10:
                    5e:8a:de:42:1e:ea:09:47:75:21:37:db:35:5b:5c:
                    06:d9:da:df:a0:ab:f4:1c:fd:82:e4:b8:7a:c7:4c:
                    0c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:CB:3D:5F:E6:64:E0:96:47:35:8B:6D:F2:DD:AE:06:74:17:F6:86
            X509v3 Authority Key Identifier:
                keyid:20:2F:4C:1A:37:E9:31:3C:DD:2E:EA:77:50:AE:02:8D:18:CD:5A:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IC9MGjfpMTzdLup3UK4CjRjNWq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/ncs9X-Zk4JZHNYtt8t2uBnQX9oY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/edb8cd-003d-483a-906a-f6b78e2b17a1/1/IC9MGjfpMTzdLup3UK4CjRjNWq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.17.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:04:fa:22:d6:5c:93:be:0a:89:c5:27:f8:17:c1:57:6f:93:
         df:38:04:dc:a6:6b:06:2f:ce:b7:43:ff:90:40:5e:0c:8c:5e:
         38:c6:2a:7f:ae:3e:1b:2c:a4:b9:5c:7a:f5:71:18:d1:05:5a:
         b9:e3:f2:1e:e4:8a:85:9a:e0:5b:6b:f5:94:a0:63:9a:b8:7b:
         65:fc:d1:3f:ec:cb:8b:fc:ae:c4:f2:c8:15:d8:22:9f:a1:aa:
         80:8b:e9:f3:6e:7b:d0:fc:35:7a:f8:dc:cf:79:d4:3a:b8:d6:
         a1:2c:d2:c5:01:ff:86:89:75:a3:b0:af:ea:d2:b7:47:33:74:
         4e:f1:b2:ac:7e:57:a9:76:fb:c9:d0:84:94:89:3b:24:57:4e:
         36:51:1c:f0:d5:0a:05:c1:69:fe:55:d5:31:1e:ec:76:b5:3d:
         15:e8:9d:0c:23:b0:47:1e:9e:9b:cd:2d:db:99:c6:8a:03:66:
         8f:6a:77:7b:4e:60:33:54:fd:48:06:08:05:87:23:12:5f:8c:
         5c:6e:62:81:54:6c:b2:3c:4d:60:d6:7c:7a:05:08:f1:0e:ac:
         a4:d2:3f:3a:5c:42:ac:c4:91:66:de:1b:f7:57:c4:52:db:0b:
         68:f4:86:52:28:f1:20:9f:a8:b7:2d:a6:b7:36:89:ae:87:18:
         ba:39:f1:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABfbOinN2MpWFtZE1c1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMmY0YzFhMzdlOTMxM2NkZDJlZWE3NzUwYWUwMjhkMThj
ZDVhYWUwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGNiM2Q1ZmU2NjRlMDk2NDczNThiNmRmMmRkYWUwNjc0MTdmNjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvszE8oVoGOKeN4SSqru1pSly6cwv
axeyHYfW/ZWUjPbViucGCrVDeICW0oE8pniYlPOyMv3FGGGUsGxzoAB6AzJc0vcT
sYtjUbrMjrzS93P4E873eYSQ88ms6Mlkz+pnBrPstvu3nEv3abZzw1ZjKx+GalRB
4Bsa2nI/OsXv6VqTJq05ykgvkQtuKe5b98T4ciRhmCSkhdJqaAwgfOpBA08PrLna
LorSL41PgLkjhInI+yh0EBhaH+Pf9Kp81OPUp8QSSAkz1qa+VK6+PQWrnoTCB83N
4Mj+FpCjPO+xUBBeit5CHuoJR3UhN9s1W1wG2drfoKv0HP2C5Lh6x0wMNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3LPV/mZOCWRzWLbfLdrgZ0F/aGMB8GA1UdIwQY
MBaAFCAvTBo36TE83S7qd1CuAo0YzVquMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEt
ZjZiNzhlMmIxN2ExLzEvbmNzOVgtWms0SlpITll0dDh0MnVCblFYOW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZGI4Y2QtMDAzZC00ODNhLTkwNmEtZjZiNzhlMmIxN2Ex
LzEvSUM5TUdqZnBNVHpkTHVwM1VLNENqUmpOV3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnBHJMA0G
CSqGSIb3DQEBCwUAA4IBAQB5BPoi1lyTvgqJxSf4F8FXb5PfOATcpmsGL863Q/+Q
QF4MjF44xip/rj4bLKS5XHr1cRjRBVq54/Ie5IqFmuBba/WUoGOauHtl/NE/7MuL
/K7E8sgV2CKfoaqAi+nzbnvQ/DV6+NzPedQ6uNahLNLFAf+GiXWjsK/q0rdHM3RO
8bKsflepdvvJ0ISUiTskV042URzw1QoFwWn+VdUxHux2tT0V6J0MI7BHHp6bzS3b
mcaKA2aPand7TmAzVP1IBggFhyMSX4xcbmKBVGyyPE1g1nx6BQjxDqyk0j86XEKs
xJFm3hv3V8RS2wto9IZSKPEgn6i3Laa3Nomuhxi6OfGr
-----END CERTIFICATE-----