Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nqUlTviiOIIEu3DWfMBtVZjNeN4.roa
File:                     nqUlTviiOIIEu3DWfMBtVZjNeN4.roa (raw, json)
Hash identifier:          lfUed03KZa2VwAiQf6+0B4IDUVxTJL8ER+7jmmK+Cek=
Subject key identifier:   9E:A5:25:4E:F8:A2:38:82:04:BB:70:D6:7C:C0:6D:55:98:CD:78:DE
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EC46E1836213D833E08A8041FBD8E9A1E
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nqUlTviiOIIEu3DWfMBtVZjNeN4.roa
Signing time:             Tue 09 Apr 2024 19:55:33 +0000
ROA not before:           Tue 09 Apr 2024 19:55:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        195.216.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 00:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:6e:18:36:21:3d:83:3e:08:a8:04:1f:bd:8e:9a:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  9 19:55:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ea5254ef8a2388204bb70d67cc06d5598cd78de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a6:f1:3a:3a:30:05:7c:e1:b4:be:50:a2:1c:
                    ed:bb:86:4b:4e:2d:75:28:17:04:b2:5c:ce:eb:5c:
                    e7:ed:a2:a7:bd:64:a7:aa:0b:67:0b:79:6d:f2:20:
                    56:27:5d:49:ba:6c:04:fb:dc:84:bf:58:dd:0f:c1:
                    05:c5:14:03:41:9e:7d:4b:87:47:c8:86:b9:d8:69:
                    b4:50:2d:fe:fb:9e:40:c9:3e:40:13:3b:c6:8f:f2:
                    c6:01:ae:4c:b8:fc:02:a3:62:4a:2c:c9:45:18:02:
                    fa:b4:54:24:ae:e7:b8:21:c5:54:56:ed:55:c9:c3:
                    bd:87:f8:1c:87:ad:ba:5b:df:5f:31:d4:33:d7:a9:
                    18:57:5b:f4:d2:5a:93:a4:ca:8d:1d:d4:59:9b:13:
                    17:3e:05:d0:f2:d9:86:36:df:4c:bd:e8:eb:91:ab:
                    3c:59:54:33:5a:a7:05:16:cd:00:6d:b8:5c:fb:38:
                    fd:3e:8b:c4:85:a8:fa:3a:95:69:49:af:2b:b9:68:
                    b7:02:49:54:28:e7:16:c3:63:58:9b:56:03:c8:10:
                    d9:84:46:ed:4e:67:ec:99:66:0a:a8:e1:5f:cc:19:
                    06:6d:79:35:43:f8:c0:c2:dc:d8:5c:66:cc:90:64:
                    bb:04:c0:d9:cf:dc:ab:51:f9:a6:b9:af:dc:f3:e1:
                    5c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A5:25:4E:F8:A2:38:82:04:BB:70:D6:7C:C0:6D:55:98:CD:78:DE
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/nqUlTviiOIIEu3DWfMBtVZjNeN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.216.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:22:52:cd:c3:28:7f:b8:f8:38:fd:ec:e0:0a:60:63:8c:89:
         2f:83:26:76:8f:52:74:be:fe:e5:3a:b8:48:a0:71:5a:c6:1d:
         40:cd:a9:fb:03:a6:d6:94:ab:9a:b6:6c:4c:24:ad:1e:14:02:
         d1:30:3f:9f:70:5c:d8:39:50:47:bb:24:6c:e6:bc:f2:bd:e2:
         e5:0c:21:12:44:5e:bb:62:9a:46:87:c7:75:99:77:c5:d8:4c:
         d0:b0:a5:e5:1d:b3:d1:23:96:97:c0:24:46:9c:a6:83:f3:2d:
         1e:da:d3:53:42:a6:54:9c:80:ae:76:3c:3e:e0:82:6c:2b:c6:
         eb:92:3a:8c:69:63:a9:41:25:57:64:d9:26:56:46:68:d1:02:
         02:f8:fc:39:c3:50:c1:af:55:22:48:e2:a3:cf:cf:84:1a:33:
         73:7b:1d:51:56:36:47:be:71:09:6e:9b:f0:a2:95:dc:85:45:
         f2:b0:45:f8:4e:fb:ca:28:31:94:a4:f1:7c:70:1d:ea:9c:5e:
         d8:ca:ea:48:b1:13:31:00:0a:85:31:1f:8f:80:6f:28:4e:30:
         6c:db:e7:34:50:33:ba:86:d9:41:48:f1:4f:e2:8f:c3:8a:36:
         ec:ad:87:90:3c:c2:dd:5d:3c:b9:61:fc:a6:15:52:53:80:4d:
         cc:88:39:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Ebhg2IT2DPgioBB+9jpoeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDA5MTk1NTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWE1MjU0ZWY4YTIzODgyMDRiYjcwZDY3Y2MwNmQ1NTk4Y2Q3OGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6bxOjowBXzhtL5Qohztu4ZLTi11
KBcEslzO61zn7aKnvWSnqgtnC3lt8iBWJ11JumwE+9yEv1jdD8EFxRQDQZ59S4dH
yIa52Gm0UC3++55AyT5AEzvGj/LGAa5MuPwCo2JKLMlFGAL6tFQkrue4IcVUVu1V
ycO9h/gch626W99fMdQz16kYV1v00lqTpMqNHdRZmxMXPgXQ8tmGNt9Mvejrkas8
WVQzWqcFFs0Abbhc+zj9PovEhaj6OpVpSa8ruWi3AklUKOcWw2NYm1YDyBDZhEbt
TmfsmWYKqOFfzBkGbXk1Q/jAwtzYXGbMkGS7BMDZz9yrUfmmua/c8+Fc1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6lJU74ojiCBLtw1nzAbVWYzXjeMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvbnFVbFR2aWlPSUlFdTNEV2ZNQnRWWmpOZU40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9ibMA0G
CSqGSIb3DQEBCwUAA4IBAQBiIlLNwyh/uPg4/ezgCmBjjIkvgyZ2j1J0vv7lOrhI
oHFaxh1Azan7A6bWlKuatmxMJK0eFALRMD+fcFzYOVBHuyRs5rzyveLlDCESRF67
YppGh8d1mXfF2EzQsKXlHbPRI5aXwCRGnKaD8y0e2tNTQqZUnICudjw+4IJsK8br
kjqMaWOpQSVXZNkmVkZo0QIC+Pw5w1DBr1UiSOKjz8+EGjNzex1RVjZHvnEJbpvw
opXchUXysEX4TvvKKDGUpPF8cB3qnF7YyupIsRMxAAqFMR+PgG8oTjBs2+c0UDO6
htlBSPFP4o/DijbsrYeQPMLdXTy5YfymFVJTgE3MiDnG
-----END CERTIFICATE-----