Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/N0OvdA9TrpNsH2iC1bnY1h5uJw4.roa
File:                     N0OvdA9TrpNsH2iC1bnY1h5uJw4.roa (raw, json)
Hash identifier:          9/BfQh9QdvWg10OVhh4S7KmJ8TjkS4kIKAJ80IGibXs=
Subject key identifier:   37:43:AF:74:0F:53:AE:93:6C:1F:68:82:D5:B9:D8:D6:1E:6E:27:0E
Certificate issuer:       /CN=0e6d8fd77dade3d3f96cb49931948c2729ada0de
Certificate serial:       01912202A643CABD3B5F093757C337A23ECA
Authority key identifier: 0E:6D:8F:D7:7D:AD:E3:D3:F9:6C:B4:99:31:94:8C:27:29:AD:A0:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dm2P132t49P5bLSZMZSMJymtoN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/N0OvdA9TrpNsH2iC1bnY1h5uJw4.roa
Signing time:             Mon 05 Aug 2024 10:08:04 +0000
ROA not before:           Mon 05 Aug 2024 10:08:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209049
IP address blocks:        195.110.176.0/21 maxlen: 24
                          195.110.184.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/Dm2P132t49P5bLSZMZSMJymtoN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/Dm2P132t49P5bLSZMZSMJymtoN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dm2P132t49P5bLSZMZSMJymtoN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:22:02:a6:43:ca:bd:3b:5f:09:37:57:c3:37:a2:3e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e6d8fd77dade3d3f96cb49931948c2729ada0de
        Validity
            Not Before: Aug  5 10:08:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3743af740f53ae936c1f6882d5b9d8d61e6e270e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:bf:36:d3:e0:2e:9c:16:89:e7:02:67:47:9c:
                    5a:28:43:fa:0b:00:f2:5f:5b:7b:61:ca:52:af:8e:
                    06:ce:b2:06:85:9f:87:76:ac:ac:75:43:81:d4:c5:
                    c3:97:5c:b4:8d:67:84:a7:5d:26:c7:bd:30:26:47:
                    7a:3f:5e:bb:e2:24:3a:39:88:b6:2e:f7:37:bc:f1:
                    ca:b7:49:f5:83:73:46:fa:d1:c0:36:b0:ec:19:28:
                    bc:40:d9:ca:ee:45:8e:a1:67:08:6c:ed:75:aa:8e:
                    82:2d:e2:f4:a3:a3:f3:b1:42:b7:0d:c7:2e:2c:0a:
                    3d:58:70:a6:35:70:49:21:6d:c0:7e:d3:77:80:a1:
                    11:41:bd:e2:79:b1:3b:48:8e:c5:7c:f5:b6:ea:01:
                    59:d6:11:9f:fd:53:e8:18:55:ad:c6:da:50:79:5e:
                    56:82:50:ba:e9:df:78:0e:fd:92:9e:16:22:02:f6:
                    dc:f9:3d:1b:10:1c:09:8d:82:f4:11:7c:00:03:49:
                    af:26:af:9b:62:d1:08:b1:da:7d:2a:31:e0:0e:72:
                    9b:da:bd:82:78:4c:d1:cc:b6:72:c6:a5:f6:23:2e:
                    8b:0b:32:88:1d:46:06:41:52:09:4b:a2:e6:3e:20:
                    39:22:fc:9d:7d:5b:02:fa:53:b8:10:cf:9d:1e:84:
                    9b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:43:AF:74:0F:53:AE:93:6C:1F:68:82:D5:B9:D8:D6:1E:6E:27:0E
            X509v3 Authority Key Identifier:
                keyid:0E:6D:8F:D7:7D:AD:E3:D3:F9:6C:B4:99:31:94:8C:27:29:AD:A0:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dm2P132t49P5bLSZMZSMJymtoN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/N0OvdA9TrpNsH2iC1bnY1h5uJw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/6977cd-4343-4b4c-8cea-bd35c048b930/1/Dm2P132t49P5bLSZMZSMJymtoN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.110.176.0-195.110.185.255

    Signature Algorithm: sha256WithRSAEncryption
         28:15:76:eb:90:cf:b1:73:02:74:fe:c3:20:c1:32:ff:a7:d8:
         43:49:1e:e9:a5:50:d5:c4:df:b0:a0:a3:55:8d:5c:d5:1d:e0:
         55:d3:c9:6d:ad:d0:01:89:37:0c:9b:b5:23:7a:b2:71:1a:3a:
         d1:14:ff:b6:98:1e:7c:75:36:2a:b0:c2:77:cd:66:5c:94:31:
         f9:e5:1c:e1:6e:8f:5c:58:8a:9c:d4:3e:b7:23:fe:b2:ec:85:
         7e:54:38:12:d5:84:a5:6d:ae:b2:ba:aa:21:36:9e:0d:b7:cd:
         8c:6e:6b:f9:e8:fd:fc:30:b1:fb:e5:be:89:9a:15:d0:1f:2f:
         db:b7:c0:37:77:01:e1:d6:70:d8:5d:63:b5:b3:44:48:97:2d:
         a0:c7:5b:a1:5c:40:1e:d5:e6:7f:07:27:3d:ee:bb:33:bf:d3:
         4f:90:1c:0b:2a:9c:37:1b:c1:26:a9:ea:c4:97:2d:35:e2:ae:
         f6:f4:02:28:ef:23:2a:78:5e:c7:71:82:fd:4d:27:63:94:a3:
         77:1e:0f:c1:38:2f:c6:ad:f2:13:04:6f:9a:1d:86:77:fb:e4:
         8f:b7:a7:22:86:82:b9:45:5a:21:d7:08:f6:dd:38:1f:de:06:
         0f:c7:56:1d:b8:32:10:1d:02:8f:23:08:13:88:c8:c2:8c:67:
         91:15:6c:e6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZEiAqZDyr07Xwk3V8M3oj7KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlNmQ4ZmQ3N2RhZGUzZDNmOTZjYjQ5OTMxOTQ4YzI3Mjlh
ZGEwZGUwHhcNMjQwODA1MTAwODA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzQzYWY3NDBmNTNhZTkzNmMxZjY4ODJkNWI5ZDhkNjFlNmUyNzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7820+AunBaJ5wJnR5xaKEP6CwDy
X1t7YcpSr44GzrIGhZ+HdqysdUOB1MXDl1y0jWeEp10mx70wJkd6P1674iQ6OYi2
Lvc3vPHKt0n1g3NG+tHANrDsGSi8QNnK7kWOoWcIbO11qo6CLeL0o6PzsUK3Dccu
LAo9WHCmNXBJIW3AftN3gKERQb3iebE7SI7FfPW26gFZ1hGf/VPoGFWtxtpQeV5W
glC66d94Dv2SnhYiAvbc+T0bEBwJjYL0EXwAA0mvJq+bYtEIsdp9KjHgDnKb2r2C
eEzRzLZyxqX2Iy6LCzKIHUYGQVIJS6LmPiA5IvydfVsC+lO4EM+dHoSbIQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDdDr3QPU66TbB9ogtW52NYebicOMB8GA1UdIwQY
MBaAFA5tj9d9rePT+Wy0mTGUjCcpraDeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG0yUDEzMnQ0OVA1YkxTWk1aU01KeW10b040LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi82OTc3Y2QtNDM0My00YjRjLThjZWEt
YmQzNWMwNDhiOTMwLzEvTjBPdmRBOVRycE5zSDJpQzFiblkxaDV1Snc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi82OTc3Y2QtNDM0My00YjRjLThjZWEtYmQzNWMwNDhiOTMw
LzEvRG0yUDEzMnQ0OVA1YkxTWk1aU01KeW10b040LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBATDbrAD
BAHDbrgwDQYJKoZIhvcNAQELBQADggEBACgVduuQz7FzAnT+wyDBMv+n2ENJHuml
UNXE37Cgo1WNXNUd4FXTyW2t0AGJNwybtSN6snEaOtEU/7aYHnx1NiqwwnfNZlyU
MfnlHOFuj1xYipzUPrcj/rLshX5UOBLVhKVtrrK6qiE2ng23zYxua/no/fwwsfvl
vomaFdAfL9u3wDd3AeHWcNhdY7WzREiXLaDHW6FcQB7V5n8HJz3uuzO/00+QHAsq
nDcbwSap6sSXLTXirvb0AijvIyp4Xsdxgv1NJ2OUo3ceD8E4L8at8hMEb5odhnf7
5I+3pyKGgrlFWiHXCPbdOB/eBg/HVh24MhAdAo8jCBOIyMKMZ5EVbOY=
-----END CERTIFICATE-----