Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/nrTiMbKFPmHoMYLNrE7-2fHs-us.roa
File:                     nrTiMbKFPmHoMYLNrE7-2fHs-us.roa (raw, json)
Hash identifier:          f/vLt8V7Z7ANk9/A2S9IG9RdZjq72tnEFBOYa1idNwI=
Subject key identifier:   9E:B4:E2:31:B2:85:3E:61:E8:31:82:CD:AC:4E:FE:D9:F1:EC:FA:EB
Certificate issuer:       /CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
Certificate serial:       0192056578301E4A6330127BF173CEF6F206
Authority key identifier: A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/nrTiMbKFPmHoMYLNrE7-2fHs-us.roa
Signing time:             Wed 18 Sep 2024 13:49:48 +0000
ROA not before:           Wed 18 Sep 2024 13:49:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29286
IP address blocks:        213.175.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:05:65:78:30:1e:4a:63:30:12:7b:f1:73:ce:f6:f2:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
        Validity
            Not Before: Sep 18 13:49:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eb4e231b2853e61e83182cdac4efed9f1ecfaeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d0:7a:66:9b:9a:ea:c5:e4:23:b3:0f:a1:63:
                    d4:0b:74:51:10:63:9d:3c:f7:dc:01:2e:be:85:2d:
                    a8:f9:53:d1:43:7d:52:7a:b5:bd:11:a7:e8:c8:34:
                    3b:6f:16:67:b0:b1:c3:a8:05:06:f1:4f:6d:1e:d5:
                    07:bf:28:93:8b:f2:a2:d8:2b:a9:a2:a5:3a:a0:c3:
                    09:16:f0:bf:85:56:7b:8b:36:88:18:09:63:f2:ce:
                    93:f8:3e:c6:4f:e0:79:86:da:ee:99:4c:ae:99:75:
                    cd:a9:23:12:7b:b1:ff:2b:2c:33:18:bf:a8:25:42:
                    3f:bf:67:45:dc:40:55:f1:2d:b6:52:13:01:14:42:
                    c2:06:73:16:13:85:ba:50:a0:c3:6a:9e:d1:f7:aa:
                    91:a9:8e:33:99:1c:36:c8:58:73:be:d2:16:46:50:
                    60:61:e9:19:bc:5f:2a:7f:af:ea:07:e0:ce:34:90:
                    64:c5:11:3d:67:c7:5c:5b:b4:52:21:f6:2f:48:93:
                    2c:80:3a:7f:c6:a0:c7:71:30:05:80:aa:86:61:ff:
                    b5:e2:9f:8f:4e:64:c3:2b:ef:73:1e:e5:87:1c:9e:
                    b1:bd:30:ad:2e:91:a7:cc:2c:50:0a:03:ed:bf:4a:
                    70:d4:9d:37:9b:63:58:5b:d6:da:b8:21:ae:dc:70:
                    2a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B4:E2:31:B2:85:3E:61:E8:31:82:CD:AC:4E:FE:D9:F1:EC:FA:EB
            X509v3 Authority Key Identifier:
                keyid:A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/nrTiMbKFPmHoMYLNrE7-2fHs-us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.175.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:c1:52:a1:e1:e1:6a:86:2d:4b:60:7f:32:d4:bc:f4:dd:8b:
         ef:b2:e7:b9:68:a5:35:d8:ae:06:b9:cc:ae:7d:c6:e0:23:a4:
         c4:cd:d9:3f:e0:eb:1b:6a:32:95:0c:47:96:24:69:01:01:55:
         f4:5a:0d:ff:8b:39:da:8a:a9:89:28:92:95:98:33:d2:c1:fd:
         ec:d2:21:dc:e6:88:c4:38:a7:84:53:2d:1e:3f:76:40:23:79:
         99:9a:b6:e9:c9:65:46:f2:04:13:50:24:88:1a:60:85:98:6a:
         27:b6:43:11:03:56:09:2b:93:e1:81:40:3a:6f:c2:e3:d9:c2:
         00:2b:38:28:45:65:3d:43:1d:1c:71:29:dd:e8:1f:3a:7b:6e:
         0f:f7:1e:3a:bf:86:72:ae:48:f8:17:48:47:19:81:c0:d4:d8:
         c2:a7:e9:44:9c:81:1d:20:47:d9:a9:43:2d:76:4a:6b:64:76:
         f1:c0:bc:d6:22:8a:82:62:2d:fa:d8:f1:16:ab:ee:62:80:94:
         93:f0:78:4d:37:14:be:17:8d:1b:ca:2d:de:bd:70:69:b9:9f:
         b2:fb:ba:5a:6a:42:59:7e:03:7c:92:1f:6b:4f:9b:c5:13:15:
         18:be:09:cb:25:23:a0:2f:93:36:27:1c:76:82:65:3a:bc:17:
         81:c6:b5:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIFZXgwHkpjMBJ78XPO9vIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDEwY2ViMjBmMmUwNzZhM2YwMDAyNzFhNWMzNzU3NjFi
ZWMyZjUwHhcNMjQwOTE4MTM0OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWI0ZTIzMWIyODUzZTYxZTgzMTgyY2RhYzRlZmVkOWYxZWNmYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNB6Zpua6sXkI7MPoWPUC3RREGOd
PPfcAS6+hS2o+VPRQ31SerW9EafoyDQ7bxZnsLHDqAUG8U9tHtUHvyiTi/Ki2Cup
oqU6oMMJFvC/hVZ7izaIGAlj8s6T+D7GT+B5htrumUyumXXNqSMSe7H/KywzGL+o
JUI/v2dF3EBV8S22UhMBFELCBnMWE4W6UKDDap7R96qRqY4zmRw2yFhzvtIWRlBg
YekZvF8qf6/qB+DONJBkxRE9Z8dcW7RSIfYvSJMsgDp/xqDHcTAFgKqGYf+14p+P
TmTDK+9zHuWHHJ6xvTCtLpGnzCxQCgPtv0pw1J03m2NYW9bauCGu3HAquwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ604jGyhT5h6DGCzaxO/tnx7PrrMB8GA1UdIwQY
MBaAFKgBDOsg8uB2o/AAJxpcN1dhvsL1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMt
NDlmNjVjNmE0OGJmLzEvbnJUaU1iS0ZQbUhvTVlMTnJFNy0yZkhzLXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMtNDlmNjVjNmE0OGJm
LzEvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1a+FMA0G
CSqGSIb3DQEBCwUAA4IBAQBewVKh4eFqhi1LYH8y1Lz03Yvvsue5aKU12K4Gucyu
fcbgI6TEzdk/4OsbajKVDEeWJGkBAVX0Wg3/iznaiqmJKJKVmDPSwf3s0iHc5ojE
OKeEUy0eP3ZAI3mZmrbpyWVG8gQTUCSIGmCFmGontkMRA1YJK5PhgUA6b8Lj2cIA
KzgoRWU9Qx0ccSnd6B86e24P9x46v4Zyrkj4F0hHGYHA1NjCp+lEnIEdIEfZqUMt
dkprZHbxwLzWIoqCYi362PEWq+5igJST8HhNNxS+F40byi3evXBpuZ+y+7paakJZ
fgN8kh9rT5vFExUYvgnLJSOgL5M2Jxx2gmU6vBeBxrUV
-----END CERTIFICATE-----