Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/nb_9sKKoRmI0it8gKIjJVuRTCBQ.roa
File:                     nb_9sKKoRmI0it8gKIjJVuRTCBQ.roa (raw, json)
Hash identifier:          QvyBcTLrp5S6kZOssDDWJ+sBxdXDESr+rp66ndl0H6c=
Subject key identifier:   9D:BF:FD:B0:A2:A8:46:62:34:8A:DF:20:28:88:C9:56:E4:53:08:14
Certificate issuer:       /CN=185a2f67d245cba9518b017061a71692ee79e7ff
Certificate serial:       018CC64B83FADA9CEE6D2774D339348B76CB
Authority key identifier: 18:5A:2F:67:D2:45:CB:A9:51:8B:01:70:61:A7:16:92:EE:79:E7:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GFovZ9JFy6lRiwFwYacWku555_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/nb_9sKKoRmI0it8gKIjJVuRTCBQ.roa
Signing time:             Mon 01 Jan 2024 18:31:26 +0000
ROA not before:           Mon 01 Jan 2024 18:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200638
IP address blocks:        81.163.195.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/GFovZ9JFy6lRiwFwYacWku555_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/GFovZ9JFy6lRiwFwYacWku555_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GFovZ9JFy6lRiwFwYacWku555_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:83:fa:da:9c:ee:6d:27:74:d3:39:34:8b:76:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=185a2f67d245cba9518b017061a71692ee79e7ff
        Validity
            Not Before: Jan  1 18:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dbffdb0a2a84662348adf202888c956e4530814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:63:56:81:48:5d:a5:e1:49:6f:9e:48:18:7c:
                    0d:5a:a0:bb:d0:74:75:1d:83:e1:38:37:31:ad:05:
                    b4:f8:5a:e3:23:b7:4d:49:ca:6f:28:54:9d:b7:c7:
                    80:a8:50:24:ca:e7:51:ef:5e:22:ca:2a:f2:c8:a1:
                    41:63:f2:23:2e:9e:ee:76:07:7e:58:5a:e5:fe:91:
                    52:87:0c:7b:14:ee:42:86:10:95:83:50:4f:e0:52:
                    f1:79:c5:fe:86:bb:f6:42:2b:3f:09:95:42:99:29:
                    58:cd:71:41:f1:dd:05:a6:f9:eb:c3:ca:a6:e9:0c:
                    16:9e:8b:6a:2f:c9:64:ae:36:c7:db:82:4f:0c:f5:
                    b2:85:0c:79:87:25:d5:09:bd:88:48:ec:71:1d:78:
                    0b:04:f5:ba:08:f0:f1:2f:53:e2:50:65:06:79:c3:
                    ed:b1:7f:8d:35:20:2e:24:f1:98:9a:7b:77:cc:e3:
                    ff:30:20:6a:5a:e2:67:e0:e3:07:52:be:ba:6d:f7:
                    27:60:3d:a4:44:23:0c:bb:90:14:56:f5:e6:a4:fb:
                    55:d0:49:a0:47:31:6a:9e:45:ca:fd:27:c9:06:60:
                    c5:a6:4b:c5:f4:98:f0:8a:c2:09:dc:8a:4e:ab:88:
                    f5:e4:79:fe:05:f4:99:af:ea:e1:78:e5:0d:63:8a:
                    c0:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:BF:FD:B0:A2:A8:46:62:34:8A:DF:20:28:88:C9:56:E4:53:08:14
            X509v3 Authority Key Identifier:
                keyid:18:5A:2F:67:D2:45:CB:A9:51:8B:01:70:61:A7:16:92:EE:79:E7:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GFovZ9JFy6lRiwFwYacWku555_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/nb_9sKKoRmI0it8gKIjJVuRTCBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/d55988-42d2-4206-95a9-bb018cfbeaa2/1/GFovZ9JFy6lRiwFwYacWku555_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.163.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:cb:c5:33:82:03:b0:56:79:49:c9:a3:75:ca:2f:8a:ca:54:
         c7:53:f5:c9:0f:7d:13:57:7b:64:19:45:1e:52:aa:84:ed:f7:
         f1:2f:44:e0:9c:85:d1:e8:cf:99:be:be:8a:c1:46:06:34:65:
         45:10:44:29:90:53:03:3a:94:d6:d8:0c:b6:fe:79:45:f0:61:
         d6:ac:eb:95:5b:b6:ca:99:93:85:eb:1a:db:af:d2:f8:1e:e5:
         c0:c1:a4:81:c4:9e:4d:bd:07:f9:ff:b8:91:aa:17:73:e0:bc:
         12:b5:45:c6:07:60:fe:0a:aa:92:51:2e:06:19:5b:18:59:86:
         8e:e4:ac:43:c5:5e:f7:ac:15:ed:5a:a0:04:1e:15:9e:bb:69:
         3d:01:2c:e5:a0:90:03:4d:e7:15:f4:ef:97:33:95:2c:2e:0c:
         92:f6:3b:18:d5:0d:58:3c:f3:1b:76:e6:f5:d5:86:1b:9c:2e:
         c6:76:3d:50:42:c8:8a:c4:a3:f0:9b:02:23:31:90:56:67:ff:
         68:e2:71:ab:2b:3d:19:fb:d3:ec:e1:4b:6e:32:46:49:4f:dc:
         a0:01:35:ba:2b:3e:4e:79:19:2f:f7:ae:fb:e5:a6:7c:c4:22:
         3b:ef:d3:de:b9:b8:c7:3f:e9:2d:6a:13:6f:81:0a:3f:59:84:
         a6:79:e0:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4P62pzubSd00zk0i3bLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NWEyZjY3ZDI0NWNiYTk1MThiMDE3MDYxYTcxNjkyZWU3
OWU3ZmYwHhcNMjQwMTAxMTgzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGJmZmRiMGEyYTg0NjYyMzQ4YWRmMjAyODg4Yzk1NmU0NTMwODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2NWgUhdpeFJb55IGHwNWqC70HR1
HYPhODcxrQW0+FrjI7dNScpvKFSdt8eAqFAkyudR714iyiryyKFBY/IjLp7udgd+
WFrl/pFShwx7FO5ChhCVg1BP4FLxecX+hrv2Qis/CZVCmSlYzXFB8d0Fpvnrw8qm
6QwWnotqL8lkrjbH24JPDPWyhQx5hyXVCb2ISOxxHXgLBPW6CPDxL1PiUGUGecPt
sX+NNSAuJPGYmnt3zOP/MCBqWuJn4OMHUr66bfcnYD2kRCMMu5AUVvXmpPtV0Emg
RzFqnkXK/SfJBmDFpkvF9JjwisIJ3IpOq4j15Hn+BfSZr+rheOUNY4rAgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2//bCiqEZiNIrfICiIyVbkUwgUMB8GA1UdIwQY
MBaAFBhaL2fSRcupUYsBcGGnFpLueef/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0Zvdlo5SkZ5NmxSaXdGd1lhY1drdTU1NV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9kNTU5ODgtNDJkMi00MjA2LTk1YTkt
YmIwMThjZmJlYWEyLzEvbmJfOXNLS29SbUkwaXQ4Z0tJakpWdVJUQ0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9kNTU5ODgtNDJkMi00MjA2LTk1YTktYmIwMThjZmJlYWEy
LzEvR0Zvdlo5SkZ5NmxSaXdGd1lhY1drdTU1NV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUaPDMA0G
CSqGSIb3DQEBCwUAA4IBAQBjy8UzggOwVnlJyaN1yi+KylTHU/XJD30TV3tkGUUe
UqqE7ffxL0TgnIXR6M+Zvr6KwUYGNGVFEEQpkFMDOpTW2Ay2/nlF8GHWrOuVW7bK
mZOF6xrbr9L4HuXAwaSBxJ5NvQf5/7iRqhdz4LwStUXGB2D+CqqSUS4GGVsYWYaO
5KxDxV73rBXtWqAEHhWeu2k9ASzloJADTecV9O+XM5UsLgyS9jsY1Q1YPPMbdub1
1YYbnC7Gdj1QQsiKxKPwmwIjMZBWZ/9o4nGrKz0Z+9Ps4UtuMkZJT9ygATW6Kz5O
eRkv96775aZ8xCI779PeubjHP+ktahNvgQo/WYSmeeAk
-----END CERTIFICATE-----