Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/nnG_dczzRcxrabMUG-iHY6IVl9c.roa
File:                     nnG_dczzRcxrabMUG-iHY6IVl9c.roa (raw, json)
Hash identifier:          RU8XkyFdtK9yMmzrIgANyRzzBvPmQfIrfJQBTcZWjh0=
Subject key identifier:   9E:71:BF:75:CC:F3:45:CC:6B:69:B3:14:1B:E8:87:63:A2:15:97:D7
Certificate issuer:       /CN=509c63c6d756bb2acd3f1ad92ac415da857e6c98
Certificate serial:       01924803E9B417B5E1D2CAF66F47F6015F4F
Authority key identifier: 50:9C:63:C6:D7:56:BB:2A:CD:3F:1A:D9:2A:C4:15:DA:85:7E:6C:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/nnG_dczzRcxrabMUG-iHY6IVl9c.roa
Signing time:             Tue 01 Oct 2024 12:17:48 +0000
ROA not before:           Tue 01 Oct 2024 12:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8560
IP address blocks:        185.122.180.0/22 maxlen: 24
                          185.122.183.0/24 maxlen: 24
                          2a03:9160:40::/42 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:48:03:e9:b4:17:b5:e1:d2:ca:f6:6f:47:f6:01:5f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=509c63c6d756bb2acd3f1ad92ac415da857e6c98
        Validity
            Not Before: Oct  1 12:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e71bf75ccf345cc6b69b3141be88763a21597d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e4:3c:25:62:b9:2f:fc:e1:77:91:50:e8:86:
                    08:e3:57:4b:f9:16:90:71:f0:65:c7:97:42:c1:f6:
                    11:8a:b5:c3:b3:55:12:16:de:ee:28:ed:9e:a6:de:
                    5b:41:12:be:46:18:69:0c:87:6f:f2:65:b3:fe:8a:
                    bc:7b:4a:fd:88:92:98:53:ac:cf:8d:b8:d4:c7:bf:
                    33:96:a1:34:73:4c:cb:33:e4:e9:ee:8b:bf:b3:85:
                    ef:87:c3:b3:fd:f8:11:12:d3:f5:4e:dd:11:6d:bf:
                    69:eb:eb:cc:f8:51:d9:b2:d9:5e:1b:14:03:2f:1b:
                    a7:8c:81:1e:c5:e7:19:5b:3c:89:ff:6b:45:73:e1:
                    4a:40:7b:67:b9:24:0d:17:3a:af:c3:62:55:dc:64:
                    2d:3c:72:fa:33:f3:9f:5f:57:74:f6:6d:39:f0:59:
                    5c:4e:b1:f8:f0:67:b8:5d:e3:27:3d:5c:c2:3a:71:
                    8e:cb:11:69:39:b3:7a:1f:1c:2d:33:f8:e6:d5:96:
                    3e:05:4f:24:fe:1c:96:bb:66:08:0e:03:4c:8b:b3:
                    28:18:4e:4e:25:b1:3d:df:38:1a:64:06:63:02:86:
                    d3:0a:9f:44:1f:20:55:30:d0:01:8d:3f:67:03:4d:
                    fd:68:39:d1:28:84:ad:af:49:0a:3d:79:ee:83:1c:
                    57:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:71:BF:75:CC:F3:45:CC:6B:69:B3:14:1B:E8:87:63:A2:15:97:D7
            X509v3 Authority Key Identifier:
                keyid:50:9C:63:C6:D7:56:BB:2A:CD:3F:1A:D9:2A:C4:15:DA:85:7E:6C:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UJxjxtdWuyrNPxrZKsQV2oV-bJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/nnG_dczzRcxrabMUG-iHY6IVl9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/84548d-3f3b-46b9-836c-38a3924776e9/1/UJxjxtdWuyrNPxrZKsQV2oV-bJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.180.0/22
                IPv6:
                  2a03:9160:40::/42

    Signature Algorithm: sha256WithRSAEncryption
         8d:7f:35:af:ba:9b:9e:2b:d1:55:46:61:c4:e0:a8:dd:f2:f1:
         c1:40:7e:68:6e:05:74:5a:0b:26:05:3b:6d:90:7b:29:25:5e:
         13:72:df:a9:6a:6a:78:4c:b4:e3:83:75:60:65:41:3a:58:ba:
         7f:7e:ee:b7:9b:91:58:05:d2:43:1e:8c:fd:38:41:d0:ac:72:
         0b:d3:68:d7:d3:cd:a3:01:bc:0e:4d:25:3d:fa:57:4b:e5:3b:
         c8:81:9a:fe:8d:2d:fd:73:14:a3:20:17:00:61:72:9a:43:f5:
         71:69:d4:fa:bc:1f:10:38:fb:21:31:ff:41:16:9e:af:be:26:
         5d:4d:ce:e1:91:29:87:cb:76:da:2c:54:88:a7:cf:54:81:36:
         4e:c1:e6:9a:89:96:00:91:eb:fd:b4:f9:fe:b9:9e:b0:d1:c0:
         8a:05:c8:da:98:c5:47:a2:25:59:e1:73:64:41:8f:f8:b1:33:
         ca:40:8d:79:a1:fa:2c:64:3c:f3:8c:69:76:e2:1d:b2:78:8e:
         8e:71:f5:d0:65:8e:56:16:7d:7f:70:62:7b:78:7e:85:05:51:
         d5:cc:34:cd:73:af:0f:b6:89:98:74:44:a1:6a:86:2c:c8:fc:
         f8:f3:18:84:7a:f4:12:a1:f6:b4:a0:6d:c7:42:10:23:93:50:
         86:3c:77:7a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZJIA+m0F7Xh0sr2b0f2AV9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwOWM2M2M2ZDc1NmJiMmFjZDNmMWFkOTJhYzQxNWRhODU3
ZTZjOTgwHhcNMjQxMDAxMTIxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTcxYmY3NWNjZjM0NWNjNmI2OWIzMTQxYmU4ODc2M2EyMTU5N2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOQ8JWK5L/zhd5FQ6IYI41dL+RaQ
cfBlx5dCwfYRirXDs1USFt7uKO2ept5bQRK+RhhpDIdv8mWz/oq8e0r9iJKYU6zP
jbjUx78zlqE0c0zLM+Tp7ou/s4Xvh8Oz/fgREtP1Tt0Rbb9p6+vM+FHZstleGxQD
LxunjIEexecZWzyJ/2tFc+FKQHtnuSQNFzqvw2JV3GQtPHL6M/OfX1d09m058Flc
TrH48Ge4XeMnPVzCOnGOyxFpObN6HxwtM/jm1ZY+BU8k/hyWu2YIDgNMi7MoGE5O
JbE93zgaZAZjAobTCp9EHyBVMNABjT9nA039aDnRKIStr0kKPXnugxxXcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ5xv3XM80XMa2mzFBvoh2OiFZfXMB8GA1UdIwQY
MBaAFFCcY8bXVrsqzT8a2SrEFdqFfmyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUp4anh0ZFd1eXJOUHhyWktzUVYyb1YtYkpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi84NDU0OGQtM2YzYi00NmI5LTgzNmMt
MzhhMzkyNDc3NmU5LzEvbm5HX2RjenpSY3hyYWJNVUctaUhZNklWbDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi84NDU0OGQtM2YzYi00NmI5LTgzNmMtMzhhMzkyNDc3NmU5
LzEvVUp4anh0ZFd1eXJOUHhyWktzUVYyb1YtYkpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCuXq0MA8E
AgACMAkDBwYqA5FgAEAwDQYJKoZIhvcNAQELBQADggEBAI1/Na+6m54r0VVGYcTg
qN3y8cFAfmhuBXRaCyYFO22QeyklXhNy36lqanhMtOODdWBlQTpYun9+7rebkVgF
0kMejP04QdCscgvTaNfTzaMBvA5NJT36V0vlO8iBmv6NLf1zFKMgFwBhcppD9XFp
1Pq8HxA4+yEx/0EWnq++Jl1NzuGRKYfLdtosVIinz1SBNk7B5pqJlgCR6/20+f65
nrDRwIoFyNqYxUeiJVnhc2RBj/ixM8pAjXmh+ixkPPOMaXbiHbJ4jo5x9dBljlYW
fX9wYnt4foUFUdXMNM1zrw+2iZh0RKFqhizI/PjzGIR69BKh9rSgbcdCECOTUIY8
d3o=
-----END CERTIFICATE-----