Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/npNEKC63vhpD-JUi-uElDvCyPSE.roa
File:                     npNEKC63vhpD-JUi-uElDvCyPSE.roa (raw, json)
Hash identifier:          SAAuFAYy66F0RW6/nMVV1tL4PHOBauhvBAT9BvyurFQ=
Subject key identifier:   9E:93:44:28:2E:B7:BE:1A:43:F8:95:22:FA:E1:25:0E:F0:B2:3D:21
Certificate issuer:       /CN=74722f16a87cffd78fd79050568a1b4c959b1224
Certificate serial:       018DA5F743C6254F593078087A1D91F76D25
Authority key identifier: 74:72:2F:16:A8:7C:FF:D7:8F:D7:90:50:56:8A:1B:4C:95:9B:12:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/npNEKC63vhpD-JUi-uElDvCyPSE.roa
Signing time:             Wed 14 Feb 2024 04:54:21 +0000
ROA not before:           Wed 14 Feb 2024 04:54:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202948
IP address blocks:        185.172.116.0/24 maxlen: 24
                          185.172.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a5:f7:43:c6:25:4f:59:30:78:08:7a:1d:91:f7:6d:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74722f16a87cffd78fd79050568a1b4c959b1224
        Validity
            Not Before: Feb 14 04:54:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e9344282eb7be1a43f89522fae1250ef0b23d21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7e:c1:9e:dc:85:73:0a:41:ad:22:c7:fe:2a:
                    ad:da:4d:2d:76:40:d2:f7:eb:93:11:7a:e7:4f:3f:
                    b3:ee:8d:42:cb:a8:a0:89:53:c1:16:69:92:ca:11:
                    1a:50:e1:f1:51:5c:49:d7:d5:40:f4:19:89:e7:0c:
                    8b:3b:74:95:1d:16:8a:79:63:fb:a7:de:5f:1b:39:
                    74:a2:c2:54:a3:d1:dd:65:89:07:86:8d:16:d1:02:
                    17:5b:fa:57:31:8b:36:22:dc:11:25:35:44:cc:dc:
                    eb:b6:0f:a0:72:e8:9b:80:eb:db:1e:59:3d:90:eb:
                    4d:1b:84:79:7f:fb:49:50:c0:3e:e0:de:91:3c:c3:
                    ca:2f:7e:0e:3f:44:c0:07:14:97:84:87:ed:58:6e:
                    de:8f:f0:7b:04:92:9c:25:45:c6:2f:c5:cf:d7:d3:
                    10:00:e6:36:69:1b:5d:b5:03:6c:28:9b:48:98:cb:
                    82:4b:d6:5b:6c:b0:02:3f:2d:93:4c:1d:51:46:41:
                    80:e7:3b:f4:22:38:68:96:3b:26:98:3a:cb:bb:9e:
                    11:c3:ab:54:42:f4:6e:5b:3c:db:31:f8:48:c1:59:
                    b1:75:fb:a3:83:dc:b8:e7:73:a6:e3:7f:9f:37:58:
                    a9:6b:d5:75:01:eb:81:09:64:aa:91:0c:a3:91:37:
                    31:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:93:44:28:2E:B7:BE:1A:43:F8:95:22:FA:E1:25:0E:F0:B2:3D:21
            X509v3 Authority Key Identifier:
                keyid:74:72:2F:16:A8:7C:FF:D7:8F:D7:90:50:56:8A:1B:4C:95:9B:12:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/npNEKC63vhpD-JUi-uElDvCyPSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:90:c3:2c:31:03:59:b1:be:47:80:e7:dd:ad:5e:ce:76:a0:
         e4:03:97:09:ec:43:3b:e8:e4:d9:54:9b:35:37:ab:eb:33:cb:
         82:fe:43:19:6b:13:3b:14:ff:1a:1a:75:22:46:dc:a8:8e:fa:
         0e:7b:19:10:33:f5:0e:54:6b:22:1a:22:9e:2e:76:21:c2:86:
         2b:19:8e:2d:46:e1:b0:c5:4a:72:53:e2:6e:f8:bb:83:1e:3a:
         9b:bd:32:c5:c2:44:ba:01:e5:52:c6:81:d8:5e:33:b3:83:c5:
         38:80:74:2d:bf:67:6f:89:67:fd:e5:ab:80:25:5d:ff:70:db:
         1d:70:81:e7:3e:4a:19:d9:17:33:79:20:7c:b7:27:9a:f2:f9:
         58:5d:a6:8c:72:51:71:a6:77:ad:56:e8:eb:76:12:aa:32:2d:
         32:c5:17:ae:83:41:1b:83:ba:1c:6c:21:27:ac:06:ca:a8:0e:
         00:a3:ed:30:cb:7a:1f:69:69:d8:7e:e4:92:0b:3a:55:a4:93:
         43:94:02:b8:06:0b:6b:d0:ca:ae:54:35:b8:e1:3d:61:38:b9:
         09:80:e9:e1:ac:6b:ff:f5:8d:7c:81:60:36:e6:4c:a8:d9:8f:
         42:ed:c2:15:67:57:40:34:d7:f9:71:1b:23:84:90:01:37:ca:
         36:f7:e2:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2l90PGJU9ZMHgIeh2R920lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NzIyZjE2YTg3Y2ZmZDc4ZmQ3OTA1MDU2OGExYjRjOTU5
YjEyMjQwHhcNMjQwMjE0MDQ1NDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTkzNDQyODJlYjdiZTFhNDNmODk1MjJmYWUxMjUwZWYwYjIzZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun7BntyFcwpBrSLH/iqt2k0tdkDS
9+uTEXrnTz+z7o1Cy6igiVPBFmmSyhEaUOHxUVxJ19VA9BmJ5wyLO3SVHRaKeWP7
p95fGzl0osJUo9HdZYkHho0W0QIXW/pXMYs2ItwRJTVEzNzrtg+gcuibgOvbHlk9
kOtNG4R5f/tJUMA+4N6RPMPKL34OP0TABxSXhIftWG7ej/B7BJKcJUXGL8XP19MQ
AOY2aRtdtQNsKJtImMuCS9ZbbLACPy2TTB1RRkGA5zv0IjholjsmmDrLu54Rw6tU
QvRuWzzbMfhIwVmxdfujg9y453Om43+fN1ipa9V1AeuBCWSqkQyjkTcxSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6TRCgut74aQ/iVIvrhJQ7wsj0hMB8GA1UdIwQY
MBaAFHRyLxaofP/Xj9eQUFaKG0yVmxIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhJdkZxaDhfOWVQMTVCUVZvb2JUSldiRWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mOWU5YTEtZmU1Mi00NTFhLWExNTQt
MzNmNzNkOWZkZGI1LzEvbnBORUtDNjN2aHBELUpVaS11RWxEdkN5UFNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mOWU5YTEtZmU1Mi00NTFhLWExNTQtMzNmNzNkOWZkZGI1
LzEvZEhJdkZxaDhfOWVQMTVCUVZvb2JUSldiRWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuax0MA0G
CSqGSIb3DQEBCwUAA4IBAQBKkMMsMQNZsb5HgOfdrV7OdqDkA5cJ7EM76OTZVJs1
N6vrM8uC/kMZaxM7FP8aGnUiRtyojvoOexkQM/UOVGsiGiKeLnYhwoYrGY4tRuGw
xUpyU+Ju+LuDHjqbvTLFwkS6AeVSxoHYXjOzg8U4gHQtv2dviWf95auAJV3/cNsd
cIHnPkoZ2RczeSB8tyea8vlYXaaMclFxpnetVujrdhKqMi0yxReug0Ebg7ocbCEn
rAbKqA4Ao+0wy3ofaWnYfuSSCzpVpJNDlAK4Bgtr0MquVDW44T1hOLkJgOnhrGv/
9Y18gWA25kyo2Y9C7cIVZ1dANNf5cRsjhJABN8o29+KJ
-----END CERTIFICATE-----