Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/nyGWsnDuRlSSnqIUHFI4I3R0hwI.roa
File:                     nyGWsnDuRlSSnqIUHFI4I3R0hwI.roa (raw, json)
Hash identifier:          5lwQMCxWoeHMeRTbQbk8ahKqjCOjk2e3XI1pPawbv1c=
Subject key identifier:   9F:21:96:B2:70:EE:46:54:92:9E:A2:14:1C:52:38:23:74:74:87:02
Certificate issuer:       /CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
Certificate serial:       018F30FEAF2B253C97AA887E1F84A7CA5905
Authority key identifier: 0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/nyGWsnDuRlSSnqIUHFI4I3R0hwI.roa
Signing time:             Tue 30 Apr 2024 21:52:28 +0000
ROA not before:           Tue 30 Apr 2024 21:52:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202777
IP address blocks:        185.124.148.0/24 maxlen: 24
                          185.235.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 21:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:30:fe:af:2b:25:3c:97:aa:88:7e:1f:84:a7:ca:59:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
        Validity
            Not Before: Apr 30 21:52:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f2196b270ee4654929ea2141c52382374748702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:11:27:9f:dc:ea:78:63:45:f6:bb:d7:be:9b:
                    70:3a:44:30:c7:c3:77:dd:58:2f:a0:26:e6:37:25:
                    d7:23:c6:65:3b:dd:90:9d:c5:ad:e7:99:42:74:9d:
                    db:24:f6:b0:7f:6b:47:48:65:80:5b:7d:63:16:2b:
                    e4:98:66:29:f2:8a:4c:32:41:d1:08:3a:e6:8a:33:
                    e1:78:ff:80:55:3b:91:c7:c1:7c:55:30:6e:fa:6a:
                    ea:6b:68:90:c5:ef:67:f1:4a:32:d2:ca:21:45:a2:
                    bf:3a:e7:1e:f1:74:8a:fd:63:f5:d7:4d:97:48:35:
                    12:47:80:0f:73:4a:f7:ea:79:0a:d2:c6:b6:4c:81:
                    b3:2e:3e:15:e4:a3:7f:43:41:50:0e:05:ba:4d:26:
                    bc:4f:11:e6:76:7b:0d:04:c0:cf:c1:d9:7f:b4:7b:
                    2d:83:9e:b1:5f:d3:55:a2:5d:62:fa:6c:b1:13:40:
                    5b:d3:db:24:40:77:95:a5:c1:f9:57:2c:20:5a:39:
                    dd:ab:b8:9d:85:f7:b3:a9:82:53:e9:5e:a3:48:2a:
                    16:e6:3a:ff:cd:52:4a:ef:3f:57:1e:49:cc:70:61:
                    d0:a7:97:70:28:5d:ae:21:21:e4:ea:9e:9e:de:5e:
                    2e:08:5a:4b:ec:2e:4e:a9:6b:9e:4b:0e:0e:b2:4c:
                    5f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:21:96:B2:70:EE:46:54:92:9E:A2:14:1C:52:38:23:74:74:87:02
            X509v3 Authority Key Identifier:
                keyid:0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/nyGWsnDuRlSSnqIUHFI4I3R0hwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.148.0/24
                  185.235.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:fe:09:84:ff:c5:22:83:3e:8d:2c:c4:78:04:54:31:50:b2:
         8c:ea:51:1e:ce:36:a2:bb:55:51:62:34:1f:b2:d7:cb:05:69:
         73:bf:4c:98:a1:4e:ae:40:56:52:8e:de:2a:3b:c2:64:f1:84:
         41:2b:a5:3b:07:71:99:23:96:ba:4a:33:7b:86:7f:d6:eb:f7:
         26:34:b2:b6:8c:22:7a:ef:7e:75:98:fb:ce:25:fa:70:89:66:
         f1:c7:09:33:27:79:35:5c:4c:2d:c8:a3:8e:3e:04:c8:93:1b:
         c9:28:07:78:8c:d8:38:f7:57:73:f6:d8:67:0a:c6:68:8b:76:
         ce:9f:b0:32:e2:6b:43:d3:c9:73:fb:e3:34:43:e1:99:3e:85:
         80:07:6e:88:ef:a7:77:88:a7:2b:d7:01:6d:3d:8b:a5:aa:58:
         f2:12:2e:dd:0e:20:8f:fa:47:1a:65:55:4d:4f:1a:be:4e:83:
         1f:01:13:18:45:e4:d2:30:64:6c:dc:a6:fa:e5:e8:37:42:62:
         e1:f9:5e:f2:4e:46:40:11:24:c2:4c:34:42:a5:3b:a4:3c:a8:
         e1:f8:78:da:40:d8:d9:a4:fc:eb:9a:41:45:7d:83:f6:e6:30:
         f6:3f:af:5f:a8:bc:dd:15:cb:21:39:61:81:ad:ab:32:89:73:
         45:78:9b:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8w/q8rJTyXqoh+H4SnylkFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMmY4YjJiOTQ3MjFlOTI4ZjYxODhiNWNmMTUwNTMxNDRk
ZWRmOGMwHhcNMjQwNDMwMjE1MjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjIxOTZiMjcwZWU0NjU0OTI5ZWEyMTQxYzUyMzgyMzc0NzQ4NzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hEnn9zqeGNF9rvXvptwOkQwx8N3
3VgvoCbmNyXXI8ZlO92QncWt55lCdJ3bJPawf2tHSGWAW31jFivkmGYp8opMMkHR
CDrmijPheP+AVTuRx8F8VTBu+mrqa2iQxe9n8Uoy0sohRaK/Ouce8XSK/WP1102X
SDUSR4APc0r36nkK0sa2TIGzLj4V5KN/Q0FQDgW6TSa8TxHmdnsNBMDPwdl/tHst
g56xX9NVol1i+myxE0Bb09skQHeVpcH5VywgWjndq7idhfezqYJT6V6jSCoW5jr/
zVJK7z9XHknMcGHQp5dwKF2uISHk6p6e3l4uCFpL7C5OqWueSw4OskxfTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ8hlrJw7kZUkp6iFBxSOCN0dIcCMB8GA1UdIwQY
MBaAFA8viyuUch6Sj2GItc8VBTFE3t+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2Mt
NzIyNmE4ODQ1ZTAxLzEvbnlHV3NuRHVSbFNTbnFJVUhGSTRJM1IwaHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2MtNzIyNmE4ODQ1ZTAx
LzEvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXyUAwQA
ueuNMA0GCSqGSIb3DQEBCwUAA4IBAQCl/gmE/8Uigz6NLMR4BFQxULKM6lEezjai
u1VRYjQfstfLBWlzv0yYoU6uQFZSjt4qO8Jk8YRBK6U7B3GZI5a6SjN7hn/W6/cm
NLK2jCJ67351mPvOJfpwiWbxxwkzJ3k1XEwtyKOOPgTIkxvJKAd4jNg491dz9thn
CsZoi3bOn7Ay4mtD08lz++M0Q+GZPoWAB26I76d3iKcr1wFtPYulqljyEi7dDiCP
+kcaZVVNTxq+ToMfARMYReTSMGRs3Kb65eg3QmLh+V7yTkZAESTCTDRCpTukPKjh
+HjaQNjZpPzrmkFFfYP25jD2P69fqLzdFcshOWGBrasyiXNFeJve
-----END CERTIFICATE-----