Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/nVGgA3t8BALq2oiddcJrOHrsQR8.roa
File:                     nVGgA3t8BALq2oiddcJrOHrsQR8.roa (raw, json)
Hash identifier:          GM0A+6sl43YqnNYGrpmJtPx98nMbt43XPtejKSR3jkw=
Subject key identifier:   9D:51:A0:03:7B:7C:04:02:EA:DA:88:9D:75:C2:6B:38:7A:EC:41:1F
Certificate issuer:       /CN=cced992030531e7e8b518aefd9e267cc528eda9a
Certificate serial:       0191DF6F24C0AAA3A5BF168CBE53B69DFD0B
Authority key identifier: CC:ED:99:20:30:53:1E:7E:8B:51:8A:EF:D9:E2:67:CC:52:8E:DA:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zO2ZIDBTHn6LUYrv2eJnzFKO2po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/nVGgA3t8BALq2oiddcJrOHrsQR8.roa
Signing time:             Wed 11 Sep 2024 04:54:48 +0000
ROA not before:           Wed 11 Sep 2024 04:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140641
IP address blocks:        195.170.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/zO2ZIDBTHn6LUYrv2eJnzFKO2po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/zO2ZIDBTHn6LUYrv2eJnzFKO2po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zO2ZIDBTHn6LUYrv2eJnzFKO2po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:df:6f:24:c0:aa:a3:a5:bf:16:8c:be:53:b6:9d:fd:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cced992030531e7e8b518aefd9e267cc528eda9a
        Validity
            Not Before: Sep 11 04:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d51a0037b7c0402eada889d75c26b387aec411f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:30:c1:1f:23:df:da:93:93:56:9b:4c:3b:da:
                    82:57:fc:c6:90:e8:ba:c6:2c:39:70:12:fa:a3:aa:
                    29:84:cb:ac:c7:ca:f2:c1:20:00:8e:8e:af:c0:65:
                    b6:d6:75:e9:fc:1e:5a:0a:1a:4c:17:a8:c2:7b:5a:
                    dc:46:21:8a:f2:6f:51:01:2e:4e:05:d1:da:4a:71:
                    02:47:f7:b5:6a:8e:72:07:59:f7:f5:eb:6f:64:36:
                    99:5c:01:4c:f7:74:32:85:18:55:96:8d:dc:61:e2:
                    55:3f:ba:7d:d0:b1:87:14:99:4a:7f:bc:b5:98:da:
                    55:88:d7:16:6d:55:16:10:04:bf:b2:48:8a:04:31:
                    d6:43:35:19:a9:3d:7e:06:c1:00:c3:f7:87:3d:d7:
                    1c:ab:9e:51:e8:c4:2c:38:5a:ab:31:dd:30:8c:72:
                    b6:bb:3c:c3:90:27:30:0b:e5:27:87:af:54:74:c7:
                    00:99:1a:4b:e3:e5:1d:42:3b:f8:9b:06:fe:6f:98:
                    29:77:40:33:be:81:df:ce:4b:ee:e7:86:f7:a8:f2:
                    aa:02:38:72:6d:3d:de:76:79:d2:ff:e7:2b:8e:ee:
                    84:e5:14:69:79:57:b2:76:c6:eb:10:be:3a:05:b2:
                    e0:77:b4:b3:13:cb:4c:d5:0f:61:c7:aa:66:e4:d0:
                    5a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:51:A0:03:7B:7C:04:02:EA:DA:88:9D:75:C2:6B:38:7A:EC:41:1F
            X509v3 Authority Key Identifier:
                keyid:CC:ED:99:20:30:53:1E:7E:8B:51:8A:EF:D9:E2:67:CC:52:8E:DA:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zO2ZIDBTHn6LUYrv2eJnzFKO2po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/nVGgA3t8BALq2oiddcJrOHrsQR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/a05e77-f301-4125-9118-e4d1f0a27b21/1/zO2ZIDBTHn6LUYrv2eJnzFKO2po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.170.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:2a:53:7a:ba:1a:48:f5:f7:dc:31:9b:80:36:a4:01:13:b2:
         a8:b2:51:bf:95:d6:b7:d8:62:31:50:1e:b6:5f:92:b0:93:da:
         53:c7:ad:8e:64:e8:4f:57:44:19:4d:85:9a:3c:28:e6:53:21:
         b7:16:77:81:31:79:91:21:10:b6:c2:30:db:da:61:5b:35:0f:
         92:61:a0:01:48:ba:e1:38:0d:ba:31:a6:08:c1:a4:08:de:b2:
         b3:91:c3:ac:fc:2a:28:dc:1d:0e:73:eb:b9:55:17:1e:bf:77:
         76:14:81:71:4a:5f:f2:a7:21:5d:2a:bd:8f:0f:58:f9:01:d9:
         9e:7d:ed:b9:a9:da:c1:ab:d2:6f:8b:6d:db:88:74:82:45:65:
         6b:79:b7:36:00:51:f1:e4:ff:71:83:36:d4:aa:cd:a7:26:75:
         f3:d5:4f:7d:c2:27:57:5e:c9:67:4f:c8:24:a1:1d:a0:1c:c1:
         5e:7d:c1:be:51:b1:58:c6:7d:9f:99:ed:e7:57:95:8c:7e:05:
         c5:a5:51:42:0c:ec:f4:0b:3a:41:4b:1b:46:8b:16:02:60:df:
         d9:bd:a1:e9:95:d6:30:13:fd:8f:df:07:ce:f0:fd:99:9d:3c:
         00:68:f4:9c:42:03:f1:8b:49:e4:34:f0:63:37:70:8f:83:30:
         66:90:4b:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHfbyTAqqOlvxaMvlO2nf0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZWQ5OTIwMzA1MzFlN2U4YjUxOGFlZmQ5ZTI2N2NjNTI4
ZWRhOWEwHhcNMjQwOTExMDQ1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDUxYTAwMzdiN2MwNDAyZWFkYTg4OWQ3NWMyNmIzODdhZWM0MTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jDBHyPf2pOTVptMO9qCV/zGkOi6
xiw5cBL6o6ophMusx8rywSAAjo6vwGW21nXp/B5aChpMF6jCe1rcRiGK8m9RAS5O
BdHaSnECR/e1ao5yB1n39etvZDaZXAFM93QyhRhVlo3cYeJVP7p90LGHFJlKf7y1
mNpViNcWbVUWEAS/skiKBDHWQzUZqT1+BsEAw/eHPdccq55R6MQsOFqrMd0wjHK2
uzzDkCcwC+Unh69UdMcAmRpL4+UdQjv4mwb+b5gpd0AzvoHfzkvu54b3qPKqAjhy
bT3ednnS/+crju6E5RRpeVeydsbrEL46BbLgd7SzE8tM1Q9hx6pm5NBa5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1RoAN7fAQC6tqInXXCazh67EEfMB8GA1UdIwQY
MBaAFMztmSAwUx5+i1GK79niZ8xSjtqaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek8yWklEQlRIbjZMVVlydjJlSm56RktPMnBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9hMDVlNzctZjMwMS00MTI1LTkxMTgt
ZTRkMWYwYTI3YjIxLzEvblZHZ0EzdDhCQUxxMm9pZGRjSnJPSHJzUVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9hMDVlNzctZjMwMS00MTI1LTkxMTgtZTRkMWYwYTI3YjIx
LzEvek8yWklEQlRIbjZMVVlydjJlSm56RktPMnBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6qjMA0G
CSqGSIb3DQEBCwUAA4IBAQCIKlN6uhpI9ffcMZuANqQBE7KoslG/lda32GIxUB62
X5Kwk9pTx62OZOhPV0QZTYWaPCjmUyG3FneBMXmRIRC2wjDb2mFbNQ+SYaABSLrh
OA26MaYIwaQI3rKzkcOs/Coo3B0Oc+u5VRcev3d2FIFxSl/ypyFdKr2PD1j5Adme
fe25qdrBq9Jvi23biHSCRWVrebc2AFHx5P9xgzbUqs2nJnXz1U99widXXslnT8gk
oR2gHMFefcG+UbFYxn2fme3nV5WMfgXFpVFCDOz0CzpBSxtGixYCYN/ZvaHpldYw
E/2P3wfO8P2ZnTwAaPScQgPxi0nkNPBjN3CPgzBmkEsl
-----END CERTIFICATE-----