Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/nW97WtEWs5sE4QugX8D4qB-YBrQ.roa
File:                     nW97WtEWs5sE4QugX8D4qB-YBrQ.roa (raw, json)
Hash identifier:          UtwDUhA6t1sLFGoT4yL2vvySKhD1G1fN96KTk3OAzCU=
Subject key identifier:   9D:6F:7B:5A:D1:16:B3:9B:04:E1:0B:A0:5F:C0:F8:A8:1F:98:06:B4
Certificate issuer:       /CN=6f9e9696dccf6c1a432090408514aecdc3f60739
Certificate serial:       018CC72763DEDB6B469A0F9CC1F7F7C0F437
Authority key identifier: 6F:9E:96:96:DC:CF:6C:1A:43:20:90:40:85:14:AE:CD:C3:F6:07:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/nW97WtEWs5sE4QugX8D4qB-YBrQ.roa
Signing time:             Mon 01 Jan 2024 22:31:36 +0000
ROA not before:           Mon 01 Jan 2024 22:31:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211797
IP address blocks:        185.193.160.0/24 maxlen: 24
                          185.193.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 01 Nov 2024 13:28:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:63:de:db:6b:46:9a:0f:9c:c1:f7:f7:c0:f4:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f9e9696dccf6c1a432090408514aecdc3f60739
        Validity
            Not Before: Jan  1 22:31:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d6f7b5ad116b39b04e10ba05fc0f8a81f9806b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f7:ad:12:91:83:63:bf:40:02:6b:a5:49:dc:
                    ca:45:19:ef:37:cb:bd:8c:28:f0:12:ed:e1:4a:4d:
                    ee:14:5f:9b:2b:02:f5:93:9a:01:c8:f5:62:9f:5d:
                    ae:10:98:c5:38:07:e6:00:07:e0:0c:e6:a9:8d:d4:
                    c5:c7:f2:88:4d:08:ab:64:85:a9:a3:88:b8:65:2e:
                    3d:1d:5a:04:c5:77:27:a0:bc:b1:af:bf:95:1f:6b:
                    c0:d3:5c:f3:03:71:5b:04:39:40:19:42:7a:f4:88:
                    60:43:fe:d9:6a:e0:47:31:00:f9:3c:56:b4:b2:39:
                    67:94:06:32:68:a3:5c:89:90:4d:14:d7:a8:70:fa:
                    13:10:dd:cf:f9:df:98:8f:fb:ec:b6:34:5a:c4:79:
                    0a:3c:70:a6:a7:90:23:b0:71:eb:ed:54:78:1c:8d:
                    bd:a0:71:9b:06:4d:37:6a:7e:67:eb:ce:93:02:35:
                    98:ce:a8:00:a0:39:93:8a:6a:52:0f:d7:02:e8:6c:
                    b1:f6:d7:bf:56:42:17:a4:13:77:9a:52:a4:fe:64:
                    3a:e6:1c:b0:52:d9:de:2e:ee:51:11:77:7b:d3:79:
                    c7:82:cb:c0:ec:99:cf:87:5a:53:04:7b:da:41:b1:
                    d0:d7:8b:64:61:d4:04:66:c5:c2:06:1f:0e:e3:97:
                    4a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:6F:7B:5A:D1:16:B3:9B:04:E1:0B:A0:5F:C0:F8:A8:1F:98:06:B4
            X509v3 Authority Key Identifier:
                keyid:6F:9E:96:96:DC:CF:6C:1A:43:20:90:40:85:14:AE:CD:C3:F6:07:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b56WltzPbBpDIJBAhRSuzcP2Bzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/nW97WtEWs5sE4QugX8D4qB-YBrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/57cd72-33e4-42dd-9f22-baf4e0b4a69e/1/b56WltzPbBpDIJBAhRSuzcP2Bzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:ad:de:a1:5e:8b:95:d8:e1:e2:ef:53:c3:c5:b7:30:17:29:
         aa:3e:b3:ab:56:de:76:74:e9:6a:f5:67:76:32:6d:02:9b:d2:
         79:8f:ff:18:7c:fd:e7:37:1f:af:59:e1:8a:cd:90:27:58:7a:
         04:ad:0c:a8:36:d8:90:59:0d:3f:f5:dd:50:21:e4:d0:06:64:
         e6:e1:df:ad:07:47:81:7e:f6:21:a6:95:7d:91:85:67:d5:58:
         23:50:76:92:83:d9:36:b2:8d:7d:b3:09:74:80:db:9a:e2:68:
         92:03:bb:07:99:4e:8b:2a:52:ca:ad:0d:ec:de:5f:19:17:aa:
         7d:bf:bf:2c:30:5b:aa:62:29:39:68:f7:2c:c6:d4:c5:df:c6:
         b2:47:25:4f:66:34:4a:9b:2d:da:b2:e6:c3:43:56:a0:e8:b7:
         ca:14:d4:df:bf:b1:1a:bf:a2:90:26:c6:73:d6:2c:ab:94:18:
         45:8d:b4:bb:c7:bb:37:20:b2:2d:ac:60:ef:19:a4:2f:7c:ac:
         a5:cb:54:e5:91:87:c6:00:a8:dd:f4:31:4c:db:7b:61:1e:d6:
         ad:86:71:ac:7c:4b:89:48:0f:8d:14:cb:dc:ab:0f:88:f4:c7:
         87:99:1a:da:60:0f:e1:e5:83:c2:6a:b6:4c:a6:d0:8e:19:7c:
         98:bb:47:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2Pe22tGmg+cwff3wPQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOWU5Njk2ZGNjZjZjMWE0MzIwOTA0MDg1MTRhZWNkYzNm
NjA3MzkwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDZmN2I1YWQxMTZiMzliMDRlMTBiYTA1ZmMwZjhhODFmOTgwNmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvetEpGDY79AAmulSdzKRRnvN8u9
jCjwEu3hSk3uFF+bKwL1k5oByPVin12uEJjFOAfmAAfgDOapjdTFx/KITQirZIWp
o4i4ZS49HVoExXcnoLyxr7+VH2vA01zzA3FbBDlAGUJ69IhgQ/7ZauBHMQD5PFa0
sjlnlAYyaKNciZBNFNeocPoTEN3P+d+Yj/vstjRaxHkKPHCmp5AjsHHr7VR4HI29
oHGbBk03an5n686TAjWYzqgAoDmTimpSD9cC6Gyx9te/VkIXpBN3mlKk/mQ65hyw
UtneLu5REXd703nHgsvA7JnPh1pTBHvaQbHQ14tkYdQEZsXCBh8O45dKUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1ve1rRFrObBOELoF/A+KgfmAa0MB8GA1UdIwQY
MBaAFG+elpbcz2waQyCQQIUUrs3D9gc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjU2V2x0elBiQnBESUpCQWhSU3V6Y1AyQnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS81N2NkNzItMzNlNC00MmRkLTlmMjIt
YmFmNGUwYjRhNjllLzEvblc5N1d0RVdzNXNFNFF1Z1g4RDRxQi1ZQnJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS81N2NkNzItMzNlNC00MmRkLTlmMjItYmFmNGUwYjRhNjll
LzEvYjU2V2x0elBiQnBESUpCQWhSU3V6Y1AyQnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucGgMA0G
CSqGSIb3DQEBCwUAA4IBAQBprd6hXouV2OHi71PDxbcwFymqPrOrVt52dOlq9Wd2
Mm0Cm9J5j/8YfP3nNx+vWeGKzZAnWHoErQyoNtiQWQ0/9d1QIeTQBmTm4d+tB0eB
fvYhppV9kYVn1VgjUHaSg9k2so19swl0gNua4miSA7sHmU6LKlLKrQ3s3l8ZF6p9
v78sMFuqYik5aPcsxtTF38ayRyVPZjRKmy3asubDQ1ag6LfKFNTfv7Eav6KQJsZz
1iyrlBhFjbS7x7s3ILItrGDvGaQvfKyly1TlkYfGAKjd9DFM23thHtathnGsfEuJ
SA+NFMvcqw+I9MeHmRraYA/h5YPCarZMptCOGXyYu0fF
-----END CERTIFICATE-----