Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/1NPBOEW6dHj495e9tFAIMmO0KU4.roa
File:                     1NPBOEW6dHj495e9tFAIMmO0KU4.roa (raw, json)
Hash identifier:          f2esfTilfm5+unZA7kNbg64rYSWsDYbd3R4dAPXm3Oo=
Subject key identifier:   D4:D3:C1:38:45:BA:74:78:F8:F7:97:BD:B4:50:08:32:63:B4:29:4E
Certificate issuer:       /CN=7755cd8be71e29e72d9690c7cd4087b5f26116f0
Certificate serial:       018CC5DC67B1DB64D9BEC68048D5668988AD
Authority key identifier: 77:55:CD:8B:E7:1E:29:E7:2D:96:90:C7:CD:40:87:B5:F2:61:16:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/1NPBOEW6dHj495e9tFAIMmO0KU4.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9208
IP address blocks:        193.53.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:67:b1:db:64:d9:be:c6:80:48:d5:66:89:88:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7755cd8be71e29e72d9690c7cd4087b5f26116f0
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4d3c13845ba7478f8f797bdb450083263b4294e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:46:1f:68:fa:3f:87:23:3b:08:1a:2a:00:1e:
                    d9:2e:97:04:7e:70:7b:bf:b0:09:f1:21:06:2e:9a:
                    9a:67:6e:67:04:49:24:d1:45:d8:02:1e:1a:7f:ae:
                    92:40:de:a0:56:eb:9a:7c:2d:85:ed:dd:f1:8a:da:
                    39:96:dc:80:11:c7:b3:4a:b5:20:ed:1f:29:a0:e4:
                    df:a5:be:27:35:44:bc:af:82:dc:cc:fe:e2:11:c3:
                    4d:4d:85:b9:b0:df:c7:fc:a9:85:45:55:1c:4b:60:
                    76:40:48:df:61:f6:54:b5:fa:77:da:37:0a:03:97:
                    4b:48:6f:6e:21:5d:28:e2:5a:12:d4:eb:97:81:58:
                    af:44:f0:de:d9:d6:a6:0d:77:b7:e1:df:59:b2:70:
                    21:1c:cb:d2:a5:2f:22:51:b0:8f:f7:5b:02:78:c1:
                    c3:af:29:e7:57:f7:6e:88:39:f6:84:31:ed:a3:82:
                    ac:51:09:bd:a9:53:f1:73:2c:90:67:17:e6:9a:58:
                    8c:41:f7:8a:63:3d:3d:22:ff:af:c3:79:cf:11:62:
                    5e:a3:ae:c2:03:d6:14:86:c9:30:af:29:dc:22:ee:
                    a0:f2:e6:48:d6:3b:d8:76:72:6d:9c:f5:3e:03:65:
                    50:ef:cf:eb:71:42:09:0c:63:63:7b:28:1f:4f:10:
                    d1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D3:C1:38:45:BA:74:78:F8:F7:97:BD:B4:50:08:32:63:B4:29:4E
            X509v3 Authority Key Identifier:
                keyid:77:55:CD:8B:E7:1E:29:E7:2D:96:90:C7:CD:40:87:B5:F2:61:16:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1XNi-ceKectlpDHzUCHtfJhFvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/1NPBOEW6dHj495e9tFAIMmO0KU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/7c0c57-15a8-4307-850d-e021f8ce6c51/1/d1XNi-ceKectlpDHzUCHtfJhFvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.53.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:27:7c:9b:b9:9f:80:e1:8c:f4:1e:ff:d0:f7:aa:cd:94:71:
         34:a9:a4:91:a6:d6:eb:c9:52:10:03:a2:10:ad:b1:c5:d2:a8:
         8c:23:38:54:65:8c:eb:08:bc:09:d7:3f:2a:aa:3b:73:02:e3:
         09:98:f5:ba:95:3d:2b:56:74:d7:9c:7a:c9:62:c6:11:56:63:
         a9:78:64:21:1f:55:2e:0e:6f:b7:b3:00:8d:3c:5d:02:81:0b:
         23:a2:3e:6a:35:3b:c3:ab:bf:d1:c6:dd:27:3c:9b:e4:c4:5c:
         43:59:d4:64:b6:f9:e9:e8:84:7a:8e:8d:a5:f8:e2:d9:49:f7:
         d1:82:1b:c2:bf:ce:06:8f:76:10:18:ae:fe:82:a2:fd:a3:19:
         14:30:2e:cf:77:8c:e1:36:b6:54:62:2a:32:9b:5f:ed:ef:7c:
         ee:2a:61:d0:7b:54:9f:df:a2:29:cb:e0:f5:5a:0a:bc:51:61:
         45:5a:cf:0f:b1:a8:62:59:1b:e3:ef:06:79:ab:58:8a:7f:be:
         35:ce:e8:4f:1e:19:9d:3b:d4:8c:eb:5e:fe:1c:fd:b0:c9:e6:
         be:bb:21:a8:ab:cc:ad:11:2a:4e:c1:aa:c7:fa:bb:67:74:9c:
         f9:06:c1:58:71:9e:de:be:cd:9e:76:cd:82:4c:b8:34:07:b2:
         c1:d0:64:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Gex22TZvsaASNVmiYitMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NTVjZDhiZTcxZTI5ZTcyZDk2OTBjN2NkNDA4N2I1ZjI2
MTE2ZjAwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGQzYzEzODQ1YmE3NDc4ZjhmNzk3YmRiNDUwMDgzMjYzYjQyOTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEYfaPo/hyM7CBoqAB7ZLpcEfnB7
v7AJ8SEGLpqaZ25nBEkk0UXYAh4af66SQN6gVuuafC2F7d3xito5ltyAEcezSrUg
7R8poOTfpb4nNUS8r4LczP7iEcNNTYW5sN/H/KmFRVUcS2B2QEjfYfZUtfp32jcK
A5dLSG9uIV0o4loS1OuXgVivRPDe2damDXe34d9ZsnAhHMvSpS8iUbCP91sCeMHD
rynnV/duiDn2hDHto4KsUQm9qVPxcyyQZxfmmliMQfeKYz09Iv+vw3nPEWJeo67C
A9YUhskwryncIu6g8uZI1jvYdnJtnPU+A2VQ78/rcUIJDGNjeygfTxDRnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNTTwThFunR4+PeXvbRQCDJjtClOMB8GA1UdIwQY
MBaAFHdVzYvnHinnLZaQx81Ah7XyYRbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDFYTmktY2VLZWN0bHBESHpVQ0h0ZkpoRnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My83YzBjNTctMTVhOC00MzA3LTg1MGQt
ZTAyMWY4Y2U2YzUxLzEvMU5QQk9FVzZkSGo0OTVlOXRGQUlNbU8wS1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My83YzBjNTctMTVhOC00MzA3LTg1MGQtZTAyMWY4Y2U2YzUx
LzEvZDFYTmktY2VLZWN0bHBESHpVQ0h0ZkpoRnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTV9MA0G
CSqGSIb3DQEBCwUAA4IBAQA1J3ybuZ+A4Yz0Hv/Q96rNlHE0qaSRptbryVIQA6IQ
rbHF0qiMIzhUZYzrCLwJ1z8qqjtzAuMJmPW6lT0rVnTXnHrJYsYRVmOpeGQhH1Uu
Dm+3swCNPF0CgQsjoj5qNTvDq7/Rxt0nPJvkxFxDWdRktvnp6IR6jo2l+OLZSffR
ghvCv84Gj3YQGK7+gqL9oxkUMC7Pd4zhNrZUYioym1/t73zuKmHQe1Sf36Ipy+D1
Wgq8UWFFWs8PsahiWRvj7wZ5q1iKf741zuhPHhmdO9SM617+HP2wyea+uyGoq8yt
ESpOwarH+rtndJz5BsFYcZ7evs2eds2CTLg0B7LB0GTY
-----END CERTIFICATE-----