Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/nRHvC3S6H6OF9LLq0ogOX8Zl4yo.roa
File:                     nRHvC3S6H6OF9LLq0ogOX8Zl4yo.roa (raw, json)
Hash identifier:          tS76E2lzZsDNXN+CpTO/PY5u/Eonx622qRvZjqr5TcQ=
Subject key identifier:   9D:11:EF:0B:74:BA:1F:A3:85:F4:B2:EA:D2:88:0E:5F:C6:65:E3:2A
Certificate issuer:       /CN=405d645741215677b7748d1fdefd416207adb12d
Certificate serial:       0194236A2722F0E104A63027FB997E345FDD
Authority key identifier: 40:5D:64:57:41:21:56:77:B7:74:8D:1F:DE:FD:41:62:07:AD:B1:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/nRHvC3S6H6OF9LLq0ogOX8Zl4yo.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206123
IP address blocks:        193.8.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:27:22:f0:e1:04:a6:30:27:fb:99:7e:34:5f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=405d645741215677b7748d1fdefd416207adb12d
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d11ef0b74ba1fa385f4b2ead2880e5fc665e32a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d5:d9:e7:e7:bb:0b:d3:7e:57:f6:71:a5:01:
                    8f:92:b3:ea:3f:7f:45:34:d1:a8:af:ff:1f:af:63:
                    26:b7:22:ef:00:8a:8c:9a:97:a0:32:ef:ae:04:d2:
                    3e:b1:1a:20:c4:a4:96:20:2c:b1:70:e6:7e:c3:ca:
                    f8:0c:83:fb:60:90:bf:4f:71:11:73:d5:fd:85:8a:
                    44:2e:e6:5e:88:0a:1c:53:a8:0f:73:d9:87:51:be:
                    37:94:08:77:9e:c8:7e:46:89:1e:4d:8e:73:06:e3:
                    aa:ac:70:c2:78:13:59:db:95:cf:8b:24:1d:ec:cb:
                    c1:3a:05:0f:f2:54:74:d0:b1:11:ba:69:ed:6a:4f:
                    fe:cb:d9:98:f2:a2:9f:2e:14:2f:0c:8e:aa:55:75:
                    f2:23:a5:d4:52:87:83:c3:a6:7b:a4:f6:bf:cf:b0:
                    4b:44:84:04:1e:d8:00:21:55:68:3f:1c:78:32:17:
                    f7:6d:a3:15:55:50:28:f5:56:2d:93:10:96:07:d1:
                    14:6c:70:8d:d6:d9:bb:c1:40:63:7d:c0:f2:fc:bf:
                    05:0c:e9:2a:a7:9c:dc:ef:7f:d5:ee:52:b1:cb:30:
                    63:c5:81:a0:75:cc:82:67:3d:b7:a8:dd:48:7f:37:
                    da:50:09:b8:fb:99:cf:2d:12:59:3d:55:4f:fe:98:
                    61:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:11:EF:0B:74:BA:1F:A3:85:F4:B2:EA:D2:88:0E:5F:C6:65:E3:2A
            X509v3 Authority Key Identifier:
                keyid:40:5D:64:57:41:21:56:77:B7:74:8D:1F:DE:FD:41:62:07:AD:B1:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/nRHvC3S6H6OF9LLq0ogOX8Zl4yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:55:53:4b:87:8b:4d:ad:c3:b3:b7:8d:2f:5b:b2:e0:5b:16:
         0a:39:6d:46:11:93:26:cd:a5:f1:eb:e9:84:45:af:b8:41:65:
         f0:e3:a3:88:e1:04:48:2a:3c:b2:43:e2:2f:c1:5d:67:32:8e:
         07:47:aa:d2:c5:2e:d6:7e:d3:09:fe:1e:20:75:ec:e3:27:59:
         b3:cd:b9:f9:af:c1:f1:65:e6:65:53:b6:a7:1e:ef:7c:1c:1b:
         f4:26:cf:92:44:57:c7:93:51:84:76:cc:d1:b4:86:0f:b4:e8:
         6a:08:d0:04:1b:96:9e:6d:5a:53:f3:9d:0e:1c:de:f5:48:7f:
         80:95:4f:dd:91:2b:76:45:08:7f:ba:93:8e:93:bc:c2:57:52:
         ad:11:44:a5:fe:aa:b7:1b:07:9e:59:0a:bf:90:ed:85:0d:3f:
         ca:57:0d:07:ec:39:99:7e:d8:60:9d:07:c7:64:98:9d:11:03:
         8b:2d:9c:a9:1b:ed:32:8a:f6:a1:3f:f6:64:98:c1:f1:56:a7:
         c8:03:e0:1a:9f:9a:6d:56:89:97:29:9a:a9:86:a4:4b:38:af:
         32:4f:fb:b3:46:93:74:3a:76:44:10:f0:b9:51:10:8e:29:07:
         00:e0:81:57:11:32:91:83:d8:10:95:ac:16:b9:1b:d6:f1:ce:
         ba:7c:9f:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaici8OEEpjAn+5l+NF/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNWQ2NDU3NDEyMTU2NzdiNzc0OGQxZmRlZmQ0MTYyMDdh
ZGIxMmQwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDExZWYwYjc0YmExZmEzODVmNGIyZWFkMjg4MGU1ZmM2NjVlMzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29XZ5+e7C9N+V/ZxpQGPkrPqP39F
NNGor/8fr2MmtyLvAIqMmpegMu+uBNI+sRogxKSWICyxcOZ+w8r4DIP7YJC/T3ER
c9X9hYpELuZeiAocU6gPc9mHUb43lAh3nsh+RokeTY5zBuOqrHDCeBNZ25XPiyQd
7MvBOgUP8lR00LERumntak/+y9mY8qKfLhQvDI6qVXXyI6XUUoeDw6Z7pPa/z7BL
RIQEHtgAIVVoPxx4Mhf3baMVVVAo9VYtkxCWB9EUbHCN1tm7wUBjfcDy/L8FDOkq
p5zc73/V7lKxyzBjxYGgdcyCZz23qN1IfzfaUAm4+5nPLRJZPVVP/phhjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0R7wt0uh+jhfSy6tKIDl/GZeMqMB8GA1UdIwQY
MBaAFEBdZFdBIVZ3t3SNH979QWIHrbEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUYxa1YwRWhWbmUzZEkwZjN2MUJZZ2V0c1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni80M2Q4MzAtOTgxMS00NTk5LTgzNDkt
NDQwZGQwMTJiMTQxLzEvblJIdkMzUzZINk9GOUxMcTBvZ09YOFpsNHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni80M2Q4MzAtOTgxMS00NTk5LTgzNDktNDQwZGQwMTJiMTQx
LzEvUUYxa1YwRWhWbmUzZEkwZjN2MUJZZ2V0c1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhMMA0G
CSqGSIb3DQEBCwUAA4IBAQCmVVNLh4tNrcOzt40vW7LgWxYKOW1GEZMmzaXx6+mE
Ra+4QWXw46OI4QRIKjyyQ+IvwV1nMo4HR6rSxS7WftMJ/h4gdezjJ1mzzbn5r8Hx
ZeZlU7anHu98HBv0Js+SRFfHk1GEdszRtIYPtOhqCNAEG5aebVpT850OHN71SH+A
lU/dkSt2RQh/upOOk7zCV1KtEUSl/qq3GweeWQq/kO2FDT/KVw0H7DmZfthgnQfH
ZJidEQOLLZypG+0yivahP/ZkmMHxVqfIA+Aan5ptVomXKZqphqRLOK8yT/uzRpN0
OnZEEPC5URCOKQcA4IFXETKRg9gQlawWuRvW8c66fJ+I
-----END CERTIFICATE-----