Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/NpDuImnVXVMXf1sS29z_qcTQ16U.roa
File:                     NpDuImnVXVMXf1sS29z_qcTQ16U.roa (raw, json)
Hash identifier:          Rqqg42ueS0mi44PRL+RoIN916ZfqmSkCecCsKAmgnXk=
Subject key identifier:   36:90:EE:22:69:D5:5D:53:17:7F:5B:12:DB:DC:FF:A9:C4:D0:D7:A5
Certificate issuer:       /CN=be84ae7c0503ac450934c9f6cff39a1537a5126d
Certificate serial:       018CC5DC5932325243555EED3C8C19029D50
Authority key identifier: BE:84:AE:7C:05:03:AC:45:09:34:C9:F6:CF:F3:9A:15:37:A5:12:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/voSufAUDrEUJNMn2z_OaFTelEm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/NpDuImnVXVMXf1sS29z_qcTQ16U.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56469
IP address blocks:        193.22.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/voSufAUDrEUJNMn2z_OaFTelEm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/voSufAUDrEUJNMn2z_OaFTelEm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/voSufAUDrEUJNMn2z_OaFTelEm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 16:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:59:32:32:52:43:55:5e:ed:3c:8c:19:02:9d:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be84ae7c0503ac450934c9f6cff39a1537a5126d
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3690ee2269d55d53177f5b12dbdcffa9c4d0d7a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f2:92:8d:8e:4d:31:21:b7:4d:03:8a:b5:af:
                    6b:f5:f5:57:9d:e8:dc:ec:0f:bd:f5:64:1a:13:2f:
                    13:de:a7:70:3f:29:b2:89:d1:a4:d1:04:14:1e:cf:
                    b6:f5:8a:6c:3d:1e:d7:89:e2:0f:e6:60:61:d5:5d:
                    8f:36:d8:6d:4e:a3:10:8f:76:d5:24:cb:20:f5:bc:
                    92:ea:e7:84:87:52:b8:e6:4f:fe:08:1d:43:6a:05:
                    a0:a7:63:9f:d9:2e:81:0e:f5:34:fb:79:f6:b1:6e:
                    db:65:86:e9:da:5a:39:d1:9c:05:1c:9a:31:e7:7b:
                    fd:12:44:f6:ba:f1:33:5a:99:ef:43:d7:c4:f9:3e:
                    e7:be:8d:0d:6a:79:cd:03:b9:08:d8:a7:21:74:43:
                    81:f6:ab:ec:1a:37:0b:87:55:39:b5:0d:79:fd:ab:
                    19:4e:f1:fe:96:de:fb:34:5e:14:de:ed:27:68:5e:
                    9c:25:d1:a6:4a:a7:a1:9e:83:68:82:7d:03:a3:53:
                    6c:44:9c:38:9a:89:71:39:d3:5f:6c:7d:e2:cc:5c:
                    b4:13:7d:a0:9e:2e:25:c6:75:6d:b9:9b:08:c4:32:
                    aa:22:a3:8b:ae:04:02:94:6d:22:13:64:36:74:e0:
                    b0:b7:32:12:e2:36:90:2f:5a:50:a4:31:9b:32:8f:
                    40:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:90:EE:22:69:D5:5D:53:17:7F:5B:12:DB:DC:FF:A9:C4:D0:D7:A5
            X509v3 Authority Key Identifier:
                keyid:BE:84:AE:7C:05:03:AC:45:09:34:C9:F6:CF:F3:9A:15:37:A5:12:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/voSufAUDrEUJNMn2z_OaFTelEm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/NpDuImnVXVMXf1sS29z_qcTQ16U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/a204a5-1950-4b44-ac90-81a2b347da84/1/voSufAUDrEUJNMn2z_OaFTelEm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.22.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:4c:28:17:c9:a1:fe:71:e4:9d:26:4e:a0:f4:37:97:1b:4b:
         78:c9:b4:be:47:fb:a7:8c:8f:a1:58:a5:f4:f4:23:eb:bd:97:
         6d:78:07:71:17:ca:5b:c4:a0:ca:30:9b:f6:a6:f0:62:2f:7e:
         95:54:3e:2f:0a:2c:48:46:42:76:25:c7:45:65:25:8d:97:f0:
         08:d2:94:c7:d2:91:43:63:ea:9a:a7:ad:43:37:28:94:af:b7:
         f8:86:3e:83:07:8b:7a:fe:50:2e:07:5e:fc:ff:cd:f4:0a:6e:
         6e:c0:08:a6:38:7f:c4:97:26:6a:c7:e6:2e:d3:b0:ff:eb:ba:
         95:8c:a0:7b:5f:79:cb:90:1b:71:f9:83:b0:45:77:6f:22:b3:
         ea:b1:62:ce:ef:96:66:8a:a1:d4:8b:87:2d:e3:60:a2:0d:73:
         0d:2f:a2:f9:a2:81:c8:77:cd:db:1a:54:4e:00:2a:dc:17:7c:
         97:6a:f1:51:9c:a6:17:93:98:de:cc:01:f5:61:b1:62:45:5d:
         f0:4b:34:6d:96:76:22:00:70:73:23:f7:d9:63:dd:9f:8e:25:
         59:f5:b4:7c:e4:9e:33:75:d5:8b:cb:f9:81:ca:29:c9:e6:ca:
         7a:0d:f5:90:b1:2b:ba:98:2c:6b:8f:0f:dc:9c:45:e5:66:8f:
         0d:07:97:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3FkyMlJDVV7tPIwZAp1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlODRhZTdjMDUwM2FjNDUwOTM0YzlmNmNmZjM5YTE1Mzdh
NTEyNmQwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjkwZWUyMjY5ZDU1ZDUzMTc3ZjViMTJkYmRjZmZhOWM0ZDBkN2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvKSjY5NMSG3TQOKta9r9fVXnejc
7A+99WQaEy8T3qdwPymyidGk0QQUHs+29YpsPR7XieIP5mBh1V2PNthtTqMQj3bV
JMsg9byS6ueEh1K45k/+CB1DagWgp2Of2S6BDvU0+3n2sW7bZYbp2lo50ZwFHJox
53v9EkT2uvEzWpnvQ9fE+T7nvo0NannNA7kI2KchdEOB9qvsGjcLh1U5tQ15/asZ
TvH+lt77NF4U3u0naF6cJdGmSqehnoNogn0Do1NsRJw4molxOdNfbH3izFy0E32g
ni4lxnVtuZsIxDKqIqOLrgQClG0iE2Q2dOCwtzIS4jaQL1pQpDGbMo9AMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaQ7iJp1V1TF39bEtvc/6nE0NelMB8GA1UdIwQY
MBaAFL6ErnwFA6xFCTTJ9s/zmhU3pRJtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdm9TdWZBVURyRVVKTk1uMnpfT2FGVGVsRW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9hMjA0YTUtMTk1MC00YjQ0LWFjOTAt
ODFhMmIzNDdkYTg0LzEvTnBEdUltblZYVk1YZjFzUzI5el9xY1RRMTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9hMjA0YTUtMTk1MC00YjQ0LWFjOTAtODFhMmIzNDdkYTg0
LzEvdm9TdWZBVURyRVVKTk1uMnpfT2FGVGVsRW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRaAMA0G
CSqGSIb3DQEBCwUAA4IBAQAnTCgXyaH+ceSdJk6g9DeXG0t4ybS+R/unjI+hWKX0
9CPrvZdteAdxF8pbxKDKMJv2pvBiL36VVD4vCixIRkJ2JcdFZSWNl/AI0pTH0pFD
Y+qap61DNyiUr7f4hj6DB4t6/lAuB178/830Cm5uwAimOH/ElyZqx+Yu07D/67qV
jKB7X3nLkBtx+YOwRXdvIrPqsWLO75ZmiqHUi4ct42CiDXMNL6L5ooHId83bGlRO
ACrcF3yXavFRnKYXk5jezAH1YbFiRV3wSzRtlnYiAHBzI/fZY92fjiVZ9bR85J4z
ddWLy/mByinJ5sp6DfWQsSu6mCxrjw/cnEXlZo8NB5cS
-----END CERTIFICATE-----