Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nlRNapCXU-uiiGyi5VN4b74s2Bc.roa
File:                     nlRNapCXU-uiiGyi5VN4b74s2Bc.roa (raw, json)
Hash identifier:          4JCXFlthYhp5yFOvcYg+IIjx+EX5pryW30R4qEzjdmU=
Subject key identifier:   9E:54:4D:6A:90:97:53:EB:A2:88:6C:A2:E5:53:78:6F:BE:2C:D8:17
Certificate issuer:       /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial:       018CC8DECBE4C7A6EB432BC0BE34B87F78BC
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nlRNapCXU-uiiGyi5VN4b74s2Bc.roa
Signing time:             Tue 02 Jan 2024 06:31:33 +0000
ROA not before:           Tue 02 Jan 2024 06:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35450
IP address blocks:        93.113.154.0/24 maxlen: 24
                          89.35.225.0/24 maxlen: 24
                          89.35.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:cb:e4:c7:a6:eb:43:2b:c0:be:34:b8:7f:78:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
        Validity
            Not Before: Jan  2 06:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e544d6a909753eba2886ca2e553786fbe2cd817
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:fb:c5:c6:aa:b2:df:d9:88:ac:0a:cf:12:fd:
                    6b:65:54:cb:26:63:c5:fb:f8:4d:40:56:d6:60:95:
                    4d:b3:f2:02:74:34:ca:25:ea:ff:96:21:1f:38:89:
                    88:ab:44:f6:50:e8:b4:8d:81:a4:41:87:c9:85:34:
                    1d:a6:45:4c:b0:88:b8:15:a2:10:95:d7:79:b9:c4:
                    db:46:ea:04:1f:f2:82:89:d9:63:74:a7:2c:5b:13:
                    4e:ab:81:43:ee:05:41:d9:17:83:6d:e9:e6:b8:4b:
                    56:be:02:81:5c:d8:0f:a4:0e:11:92:0a:45:df:b7:
                    34:35:e9:6a:05:c0:13:20:f3:8f:85:c6:08:50:34:
                    00:27:f8:77:c3:01:a2:2f:90:be:33:bc:8e:e7:23:
                    37:8e:8b:c5:b3:8c:0b:cc:f6:ef:14:1b:83:4f:aa:
                    3d:06:19:aa:8d:4f:7e:72:11:06:88:2c:09:99:ff:
                    a0:e3:5a:91:03:6b:cd:2f:54:ef:f9:36:36:be:2f:
                    f9:27:79:0f:ce:62:90:5b:35:d8:2e:b1:f6:8f:6e:
                    26:c3:9d:e3:a7:34:c2:78:cd:08:5c:c5:a4:85:48:
                    05:eb:95:2a:fd:67:ff:9a:ab:55:8d:b0:e2:ac:4d:
                    d5:3a:5e:57:0d:c2:ee:56:e6:de:aa:8d:ab:22:f1:
                    bb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:54:4D:6A:90:97:53:EB:A2:88:6C:A2:E5:53:78:6F:BE:2C:D8:17
            X509v3 Authority Key Identifier:
                keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nlRNapCXU-uiiGyi5VN4b74s2Bc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.225.0/24
                  89.35.230.0/24
                  93.113.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:d2:28:ed:86:28:ef:b6:15:8d:2e:12:21:3e:f3:1b:5d:cc:
         f5:92:ae:31:bb:27:1c:71:dd:8e:eb:fd:65:b9:ec:dd:e5:38:
         6c:df:77:eb:2e:64:91:0d:0b:df:58:05:aa:92:96:d1:48:ac:
         db:37:26:0d:49:d1:3c:bc:a1:58:9e:b8:d9:e4:d0:f8:00:43:
         fc:8c:18:a7:38:38:e9:d5:d0:42:e7:00:e3:a7:6c:1f:3e:43:
         14:ba:fa:80:84:a7:98:ae:fb:0e:9b:20:6c:ae:f3:33:2c:9a:
         62:21:8e:4b:da:aa:0c:30:db:86:8c:66:af:03:a0:6a:a0:fc:
         4b:6a:a2:3d:14:6c:01:82:5b:68:21:7a:ee:a2:f5:45:f2:2a:
         b8:7b:bf:58:78:29:66:6b:4b:2c:14:c7:df:c7:47:b0:92:65:
         f4:07:64:5d:43:57:07:ff:67:af:4f:08:7e:9e:03:b2:63:d0:
         54:c5:c1:51:1b:ff:d3:e3:53:14:37:ec:e3:8d:03:22:17:fa:
         ad:17:5f:6a:76:9f:ba:c2:2c:6b:70:be:aa:3e:80:dc:cf:1b:
         bc:90:d4:05:ef:e9:5c:f8:41:98:64:44:98:41:d7:47:de:94:
         f2:ba:d8:b8:84:bc:07:46:88:ee:8a:d1:ef:1e:fa:c8:d2:3d:
         b8:23:fd:bf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3svkx6brQyvAvjS4f3i8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTU0NGQ2YTkwOTc1M2ViYTI4ODZjYTJlNTUzNzg2ZmJlMmNkODE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/vFxqqy39mIrArPEv1rZVTLJmPF
+/hNQFbWYJVNs/ICdDTKJer/liEfOImIq0T2UOi0jYGkQYfJhTQdpkVMsIi4FaIQ
ldd5ucTbRuoEH/KCidljdKcsWxNOq4FD7gVB2ReDbenmuEtWvgKBXNgPpA4RkgpF
37c0NelqBcATIPOPhcYIUDQAJ/h3wwGiL5C+M7yO5yM3jovFs4wLzPbvFBuDT6o9
BhmqjU9+chEGiCwJmf+g41qRA2vNL1Tv+TY2vi/5J3kPzmKQWzXYLrH2j24mw53j
pzTCeM0IXMWkhUgF65Uq/Wf/mqtVjbDirE3VOl5XDcLuVubeqo2rIvG7oQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ5UTWqQl1ProohsouVTeG++LNgXMB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvbmxSTmFwQ1hVLXVpaUd5aTVWTjRiNzRzMkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSPhAwQA
WSPmAwQAXXGaMA0GCSqGSIb3DQEBCwUAA4IBAQA30ijthijvthWNLhIhPvMbXcz1
kq4xuycccd2O6/1luezd5Ths33frLmSRDQvfWAWqkpbRSKzbNyYNSdE8vKFYnrjZ
5ND4AEP8jBinODjp1dBC5wDjp2wfPkMUuvqAhKeYrvsOmyBsrvMzLJpiIY5L2qoM
MNuGjGavA6BqoPxLaqI9FGwBgltoIXruovVF8iq4e79YeClma0ssFMffx0ewkmX0
B2RdQ1cH/2evTwh+ngOyY9BUxcFRG//T41MUN+zjjQMiF/qtF19qdp+6wixrcL6q
PoDczxu8kNQF7+lc+EGYZESYQddH3pTyuti4hLwHRojuitHvHvrI0j24I/2/
-----END CERTIFICATE-----