Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/nQ1HC-e9g9F6AGc0XdansnFPUB0.roa
File:                     nQ1HC-e9g9F6AGc0XdansnFPUB0.roa (raw, json)
Hash identifier:          2/JL18cW5Xhifnpa2xtlHbHpkpydchKqLgS25akgTBU=
Subject key identifier:   9D:0D:47:0B:E7:BD:83:D1:7A:00:67:34:5D:D6:A7:B2:71:4F:50:1D
Certificate issuer:       /CN=d98247d3f81472dbba06dbea9bd19c785d18babe
Certificate serial:       018CC34958CB1849D04A130C7BAA226668CB
Authority key identifier: D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/nQ1HC-e9g9F6AGc0XdansnFPUB0.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400040
IP address blocks:        194.169.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:58:cb:18:49:d0:4a:13:0c:7b:aa:22:66:68:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d98247d3f81472dbba06dbea9bd19c785d18babe
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d0d470be7bd83d17a0067345dd6a7b2714f501d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5f:17:1e:d4:eb:df:37:de:09:6a:dc:f4:5b:
                    ad:dc:6f:3c:3f:d0:b0:ef:d2:62:23:02:f1:ed:8e:
                    44:e0:49:4e:24:04:d0:cc:c1:19:56:e3:6a:f2:9d:
                    9f:5a:0a:a7:eb:e6:fe:cf:17:c0:1f:dd:bd:0d:38:
                    33:2b:ee:0f:41:a8:59:29:45:2f:7b:4b:1d:e6:e7:
                    d2:9a:a1:95:82:ba:cd:7c:40:2d:d9:cd:c5:35:ec:
                    32:01:41:b2:a1:b9:d0:70:4a:1a:6f:86:19:43:47:
                    6d:06:b1:54:f8:80:16:59:80:d1:e6:45:12:bd:c9:
                    6d:2e:de:72:4c:2c:70:8d:d5:53:f8:07:bf:64:4d:
                    10:42:1b:f9:85:bc:9c:de:e4:77:47:00:68:82:82:
                    06:96:2e:a3:87:60:e7:6e:d9:c8:2e:41:79:c0:f2:
                    6c:d6:4d:d5:95:06:c6:c1:f3:19:ab:6d:3d:df:b7:
                    18:98:da:ab:a8:3f:27:93:ad:fc:61:3d:8c:c7:af:
                    05:e3:9b:96:c7:b3:db:88:78:ef:72:80:ce:83:fd:
                    a2:9a:44:79:e0:31:60:e7:0c:14:9f:4b:5e:e1:4d:
                    10:77:db:74:ee:89:fe:ac:f9:9b:6c:97:64:73:66:
                    67:b1:97:8f:6d:8a:1b:8c:81:f9:67:44:2b:a2:9b:
                    a8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:0D:47:0B:E7:BD:83:D1:7A:00:67:34:5D:D6:A7:B2:71:4F:50:1D
            X509v3 Authority Key Identifier:
                keyid:D9:82:47:D3:F8:14:72:DB:BA:06:DB:EA:9B:D1:9C:78:5D:18:BA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2YJH0_gUctu6Btvqm9GceF0Yur4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/nQ1HC-e9g9F6AGc0XdansnFPUB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/6dbc99-bfa9-4ef7-a798-a3032615660c/1/2YJH0_gUctu6Btvqm9GceF0Yur4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:fe:11:4f:05:53:ac:47:5a:f1:60:2d:33:6f:77:28:34:c5:
         c3:26:db:f5:56:e6:2a:a4:ab:b0:98:85:e9:86:54:d2:97:53:
         35:a3:ef:9c:1d:6d:34:9b:3d:c0:7c:3c:f0:06:6f:a7:b1:9b:
         eb:7f:21:82:19:bf:12:9b:32:9b:4c:a9:5b:3d:fd:9a:a8:0c:
         85:a9:b8:d6:4d:a3:ca:55:d4:41:d7:28:aa:db:52:44:48:12:
         1e:d8:15:01:af:0d:ad:70:98:4b:67:c8:23:9f:19:54:b3:7f:
         af:44:e6:d1:7e:c5:66:af:e5:68:34:cf:6e:10:a2:0b:26:70:
         19:e3:43:31:02:b1:bd:cb:42:f4:35:af:2d:e9:eb:55:1d:88:
         d5:94:14:de:9f:98:94:4e:3b:e7:0d:b7:2c:a8:d6:c7:e7:ae:
         4b:6c:8d:c7:d1:3a:de:d2:58:44:28:8e:22:67:4d:cd:e6:be:
         26:cc:4b:03:82:30:71:5f:fe:6a:82:2a:57:0d:f9:a3:c5:7b:
         4d:29:1d:01:63:56:67:18:13:89:bc:f8:5a:77:d2:b2:98:6b:
         92:70:a4:4a:32:a4:70:1b:54:ad:30:6c:b9:f4:c6:13:20:32:
         ad:1e:73:aa:f2:9e:ac:83:08:0e:67:5c:98:2a:93:fc:1d:df:
         61:48:a6:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVjLGEnQShMMe6oiZmjLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ODI0N2QzZjgxNDcyZGJiYTA2ZGJlYTliZDE5Yzc4NWQx
OGJhYmUwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDBkNDcwYmU3YmQ4M2QxN2EwMDY3MzQ1ZGQ2YTdiMjcxNGY1MDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAul8XHtTr3zfeCWrc9Fut3G88P9Cw
79JiIwLx7Y5E4ElOJATQzMEZVuNq8p2fWgqn6+b+zxfAH929DTgzK+4PQahZKUUv
e0sd5ufSmqGVgrrNfEAt2c3FNewyAUGyobnQcEoab4YZQ0dtBrFU+IAWWYDR5kUS
vcltLt5yTCxwjdVT+Ae/ZE0QQhv5hbyc3uR3RwBogoIGli6jh2DnbtnILkF5wPJs
1k3VlQbGwfMZq20937cYmNqrqD8nk638YT2Mx68F45uWx7PbiHjvcoDOg/2imkR5
4DFg5wwUn0te4U0Qd9t07on+rPmbbJdkc2ZnsZePbYobjIH5Z0Qropuo1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0NRwvnvYPRegBnNF3Wp7JxT1AdMB8GA1UdIwQY
MBaAFNmCR9P4FHLbugbb6pvRnHhdGLq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgt
YTMwMzI2MTU2NjBjLzEvblExSEMtZTlnOUY2QUdjMFhkYW5zbkZQVUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ZGJjOTktYmZhOS00ZWY3LWE3OTgtYTMwMzI2MTU2NjBj
LzEvMllKSDBfZ1VjdHU2QnR2cW05R2NlRjBZdXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqkxMA0G
CSqGSIb3DQEBCwUAA4IBAQBC/hFPBVOsR1rxYC0zb3coNMXDJtv1VuYqpKuwmIXp
hlTSl1M1o++cHW00mz3AfDzwBm+nsZvrfyGCGb8SmzKbTKlbPf2aqAyFqbjWTaPK
VdRB1yiq21JESBIe2BUBrw2tcJhLZ8gjnxlUs3+vRObRfsVmr+VoNM9uEKILJnAZ
40MxArG9y0L0Na8t6etVHYjVlBTen5iUTjvnDbcsqNbH565LbI3H0Tre0lhEKI4i
Z03N5r4mzEsDgjBxX/5qgipXDfmjxXtNKR0BY1ZnGBOJvPhad9KymGuScKRKMqRw
G1StMGy59MYTIDKtHnOq8p6sgwgOZ1yYKpP8Hd9hSKYP
-----END CERTIFICATE-----