Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/100ea7-3afa-40c5-a2c3-37c652f0f348/1/nwGHMhoWkJPP2Nvl2QOLCfCd6m0.roa
File:                     nwGHMhoWkJPP2Nvl2QOLCfCd6m0.roa (raw, json)
Hash identifier:          o9jT//YhsPWCHZ1joIfWpeW+V4r4JgvRmkoDzUHJWyk=
Subject key identifier:   9F:01:87:32:1A:16:90:93:CF:D8:DB:E5:D9:03:8B:09:F0:9D:EA:6D
Certificate issuer:       /CN=ca9a2be7a2b9b9a473dabc8578b444a7b2e8952e
Certificate serial:       018CC348A4BCFF79C4679F644A3E1AC9BED2
Authority key identifier: CA:9A:2B:E7:A2:B9:B9:A4:73:DA:BC:85:78:B4:44:A7:B2:E8:95:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypor56K5uaRz2ryFeLREp7LolS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/100ea7-3afa-40c5-a2c3-37c652f0f348/1/nwGHMhoWkJPP2Nvl2QOLCfCd6m0.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60631
IP address blocks:        158.255.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/100ea7-3afa-40c5-a2c3-37c652f0f348/1/ypor56K5uaRz2ryFeLREp7LolS4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/100ea7-3afa-40c5-a2c3-37c652f0f348/1/ypor56K5uaRz2ryFeLREp7LolS4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypor56K5uaRz2ryFeLREp7LolS4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a4:bc:ff:79:c4:67:9f:64:4a:3e:1a:c9:be:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca9a2be7a2b9b9a473dabc8578b444a7b2e8952e
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f0187321a169093cfd8dbe5d9038b09f09dea6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ba:c6:2e:ea:20:b6:73:39:7a:7c:c7:38:eb:
                    2d:19:bf:d7:d2:8f:47:21:ab:4e:b0:e7:e7:02:9c:
                    c4:4e:ef:d1:00:b7:a3:a3:d1:5e:d7:8b:6b:a7:4b:
                    b8:56:7a:ea:bb:19:e4:26:e1:8a:de:82:e9:93:12:
                    44:d5:5f:a9:8e:e3:e6:30:11:b1:dd:bc:28:f8:49:
                    d0:1a:dc:50:76:68:2b:e0:5a:3e:3b:52:c3:7e:ff:
                    3a:0b:7c:1d:a3:6a:a9:08:28:9b:81:e7:9e:83:cc:
                    33:bc:b9:d6:0c:21:b7:9f:fa:9c:ee:1a:e0:19:95:
                    ed:4e:c4:86:3f:a6:87:00:d7:ba:ab:c9:12:61:74:
                    d8:1f:8f:77:40:67:e6:7f:91:55:0f:a9:25:0a:57:
                    20:47:ce:6f:d9:42:13:57:69:de:9f:07:81:95:82:
                    72:9f:8a:1b:ba:1b:69:bc:c1:71:78:44:b1:2c:72:
                    9d:00:c5:29:3b:76:1b:6c:4c:a4:69:c3:bf:40:2c:
                    58:96:74:a9:c5:5b:52:fa:7c:17:91:cc:89:de:ee:
                    2b:bb:42:95:f9:d1:b6:b4:95:e1:25:5a:15:d7:59:
                    cb:df:7d:6b:06:55:92:b0:59:dc:10:77:f6:af:76:
                    4c:c4:ff:f7:a1:6c:bc:52:e4:45:0f:18:10:58:a2:
                    ba:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:01:87:32:1A:16:90:93:CF:D8:DB:E5:D9:03:8B:09:F0:9D:EA:6D
            X509v3 Authority Key Identifier:
                keyid:CA:9A:2B:E7:A2:B9:B9:A4:73:DA:BC:85:78:B4:44:A7:B2:E8:95:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypor56K5uaRz2ryFeLREp7LolS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/100ea7-3afa-40c5-a2c3-37c652f0f348/1/nwGHMhoWkJPP2Nvl2QOLCfCd6m0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/100ea7-3afa-40c5-a2c3-37c652f0f348/1/ypor56K5uaRz2ryFeLREp7LolS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.255.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:5b:f0:28:be:37:c6:b6:7c:66:69:45:c4:79:02:a8:c3:56:
         d1:8a:99:cb:53:53:80:33:52:d0:69:c4:41:6f:86:b2:64:f1:
         cc:98:f5:f7:51:6f:cc:ac:bf:33:fc:3d:c4:60:26:84:29:ae:
         4a:22:62:cb:a7:f3:01:d9:b6:b7:4a:d9:4f:aa:a1:be:b2:08:
         f6:13:78:77:2a:56:2e:dc:ef:eb:11:41:3f:f8:8a:8d:76:86:
         bd:4b:54:d8:b3:32:6d:3d:e1:0a:52:b7:d2:7b:da:5b:a5:72:
         8b:d0:c0:d0:2c:1f:40:41:c4:07:55:74:35:79:be:d4:a3:59:
         cd:75:bf:b8:1e:d3:da:75:1e:e1:c0:b6:41:d4:f6:ac:80:7e:
         c6:4b:f1:7b:c1:55:a9:64:fe:15:1a:65:d8:d7:35:58:5c:19:
         38:82:da:b5:17:a2:6b:4b:89:ea:46:fd:f1:88:90:22:ba:c7:
         47:c6:db:fb:53:52:07:e3:44:61:ae:d2:32:99:0a:92:7d:7d:
         bc:6e:57:80:95:fc:7a:72:ec:76:de:80:7c:5b:11:25:a1:09:
         2f:9b:1b:4b:3d:a2:00:32:29:c0:47:c3:88:17:df:03:e7:b6:
         32:b7:fe:10:ae:fd:f2:25:ae:bd:e0:f7:2d:e9:e1:3a:ec:a6:
         e8:ef:53:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKS8/3nEZ59kSj4ayb7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWEyYmU3YTJiOWI5YTQ3M2RhYmM4NTc4YjQ0NGE3YjJl
ODk1MmUwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjAxODczMjFhMTY5MDkzY2ZkOGRiZTVkOTAzOGIwOWYwOWRlYTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLrGLuogtnM5enzHOOstGb/X0o9H
IatOsOfnApzETu/RALejo9Fe14trp0u4VnrquxnkJuGK3oLpkxJE1V+pjuPmMBGx
3bwo+EnQGtxQdmgr4Fo+O1LDfv86C3wdo2qpCCibgeeeg8wzvLnWDCG3n/qc7hrg
GZXtTsSGP6aHANe6q8kSYXTYH493QGfmf5FVD6klClcgR85v2UITV2nenweBlYJy
n4obuhtpvMFxeESxLHKdAMUpO3YbbEykacO/QCxYlnSpxVtS+nwXkcyJ3u4ru0KV
+dG2tJXhJVoV11nL331rBlWSsFncEHf2r3ZMxP/3oWy8UuRFDxgQWKK69wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8BhzIaFpCTz9jb5dkDiwnwneptMB8GA1UdIwQY
MBaAFMqaK+eiubmkc9q8hXi0RKey6JUuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBvcjU2SzV1YVJ6MnJ5RmVMUkVwN0xvbFM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8xMDBlYTctM2FmYS00MGM1LWEyYzMt
MzdjNjUyZjBmMzQ4LzEvbndHSE1ob1drSlBQMk52bDJRT0xDZkNkNm0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8xMDBlYTctM2FmYS00MGM1LWEyYzMtMzdjNjUyZjBmMzQ4
LzEveXBvcjU2SzV1YVJ6MnJ5RmVMUkVwN0xvbFM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnv9KMA0G
CSqGSIb3DQEBCwUAA4IBAQBXW/AovjfGtnxmaUXEeQKow1bRipnLU1OAM1LQacRB
b4ayZPHMmPX3UW/MrL8z/D3EYCaEKa5KImLLp/MB2ba3StlPqqG+sgj2E3h3KlYu
3O/rEUE/+IqNdoa9S1TYszJtPeEKUrfSe9pbpXKL0MDQLB9AQcQHVXQ1eb7Uo1nN
db+4HtPadR7hwLZB1PasgH7GS/F7wVWpZP4VGmXY1zVYXBk4gtq1F6JrS4nqRv3x
iJAiusdHxtv7U1IH40RhrtIymQqSfX28bleAlfx6cux23oB8WxEloQkvmxtLPaIA
MinAR8OIF98D57Yyt/4Qrv3yJa694Pct6eE67Kbo71N2
-----END CERTIFICATE-----