Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/nUabXGlrnvFx4XrAbzKmA0uAr2w.roa
File:                     nUabXGlrnvFx4XrAbzKmA0uAr2w.roa (raw, json)
Hash identifier:          lG5262Qtuas5H1MOVnZ2Zsu/tOTP5UAtZ1rmz6Y4rQg=
Subject key identifier:   9D:46:9B:5C:69:6B:9E:F1:71:E1:7A:C0:6F:32:A6:03:4B:80:AF:6C
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       0191372C21BE55922A55011AA8D94FE7FAF8
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/nUabXGlrnvFx4XrAbzKmA0uAr2w.roa
Signing time:             Fri 09 Aug 2024 12:45:24 +0000
ROA not before:           Fri 09 Aug 2024 12:45:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216024
IP address blocks:        193.38.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:37:2c:21:be:55:92:2a:55:01:1a:a8:d9:4f:e7:fa:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Aug  9 12:45:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d469b5c696b9ef171e17ac06f32a6034b80af6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:12:05:a5:d1:ca:8a:48:8a:90:64:9f:f3:a8:
                    4a:ab:34:e2:8b:e2:4e:99:8f:63:54:61:c2:3f:27:
                    97:ba:9a:df:f6:44:64:8c:2e:97:64:5f:71:57:a4:
                    ad:62:96:0d:30:60:60:c3:2e:1e:e0:d2:1a:85:3e:
                    c0:00:62:57:95:51:d2:a9:c3:08:98:11:da:35:ca:
                    c1:df:d6:6b:4c:2f:88:c5:5d:32:3c:8d:da:f3:c6:
                    92:8e:7d:94:ff:65:b6:2c:67:fb:4a:75:af:18:9e:
                    bb:c8:49:09:16:40:74:eb:50:73:35:b0:71:4b:5b:
                    16:54:df:7a:f7:c2:91:07:99:a4:ce:bd:69:ae:a1:
                    01:0b:d4:49:47:a4:a2:de:7c:1c:74:5b:ee:10:a4:
                    38:0b:2a:f8:23:d2:03:29:4c:3c:4b:e0:1f:6d:8c:
                    40:4f:ae:c1:3c:05:51:d2:ea:ec:ee:54:07:26:75:
                    ba:1e:c1:69:5c:e8:80:a9:6d:3d:5a:d2:fa:53:98:
                    f4:9f:a4:e8:e9:86:35:6f:63:df:87:19:d4:91:08:
                    10:b8:ba:98:95:06:cd:fa:47:98:a9:b1:43:37:0a:
                    5a:29:f5:87:d8:76:be:cf:eb:77:2f:64:b2:00:a5:
                    67:fb:c7:b9:8e:d9:c9:58:01:a5:67:64:7e:45:82:
                    55:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:46:9B:5C:69:6B:9E:F1:71:E1:7A:C0:6F:32:A6:03:4B:80:AF:6C
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/nUabXGlrnvFx4XrAbzKmA0uAr2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:77:71:22:25:4e:f9:28:10:e9:53:c7:8a:11:7e:f0:90:e1:
         ec:79:d2:4d:e6:76:b3:08:41:1b:58:c2:16:26:9b:d0:1b:60:
         f1:1f:44:ba:73:ff:72:e1:cf:9a:4e:bd:0c:58:ad:d8:1e:52:
         32:fd:bf:ef:af:11:8b:1d:65:6f:7c:54:f1:e3:fe:73:56:81:
         76:0b:7f:7f:e5:b6:76:66:c4:8c:74:dd:7a:e4:24:48:ef:ec:
         3f:99:29:32:19:3b:29:5f:b5:bd:54:23:34:a3:36:c4:dc:22:
         a0:3d:97:30:bf:23:bc:15:f6:be:2e:b5:60:22:b9:ac:e4:a0:
         ae:a8:eb:e7:b8:60:4c:b7:37:e6:20:90:52:43:af:69:51:0b:
         5a:6a:22:9a:83:af:ac:82:2b:59:a4:e7:30:55:f9:2e:88:5b:
         aa:f4:5a:39:03:0c:50:81:0b:38:72:16:1f:fa:69:36:ba:14:
         58:c1:c2:ed:6f:4e:25:e3:57:4d:c7:e4:79:a8:1d:28:6e:39:
         70:17:80:ce:1c:36:55:18:a7:5a:99:9d:e7:60:b0:0b:6d:d4:
         4d:54:6b:a9:01:07:ab:b9:c7:ed:71:2a:a0:9b:d4:eb:54:92:
         36:eb:a9:d1:48:a5:c7:fa:77:a8:63:b5:8d:b8:c2:f7:03:07:
         95:b7:6f:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE3LCG+VZIqVQEaqNlP5/r4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwODA5MTI0NTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQ2OWI1YzY5NmI5ZWYxNzFlMTdhYzA2ZjMyYTYwMzRiODBhZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshIFpdHKikiKkGSf86hKqzTii+JO
mY9jVGHCPyeXuprf9kRkjC6XZF9xV6StYpYNMGBgwy4e4NIahT7AAGJXlVHSqcMI
mBHaNcrB39ZrTC+IxV0yPI3a88aSjn2U/2W2LGf7SnWvGJ67yEkJFkB061BzNbBx
S1sWVN9698KRB5mkzr1prqEBC9RJR6Si3nwcdFvuEKQ4Cyr4I9IDKUw8S+AfbYxA
T67BPAVR0urs7lQHJnW6HsFpXOiAqW09WtL6U5j0n6To6YY1b2PfhxnUkQgQuLqY
lQbN+keYqbFDNwpaKfWH2Ha+z+t3L2SyAKVn+8e5jtnJWAGlZ2R+RYJVXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1Gm1xpa57xceF6wG8ypgNLgK9sMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvblVhYlhHbHJudkZ4NFhyQWJ6S21BMHVBcjJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSbrMA0G
CSqGSIb3DQEBCwUAA4IBAQASd3EiJU75KBDpU8eKEX7wkOHsedJN5nazCEEbWMIW
JpvQG2DxH0S6c/9y4c+aTr0MWK3YHlIy/b/vrxGLHWVvfFTx4/5zVoF2C39/5bZ2
ZsSMdN165CRI7+w/mSkyGTspX7W9VCM0ozbE3CKgPZcwvyO8Ffa+LrVgIrms5KCu
qOvnuGBMtzfmIJBSQ69pUQtaaiKag6+sgitZpOcwVfkuiFuq9Fo5AwxQgQs4chYf
+mk2uhRYwcLtb04l41dNx+R5qB0objlwF4DOHDZVGKdamZ3nYLALbdRNVGupAQer
ucftcSqgm9TrVJI266nRSKXH+neoY7WNuML3AweVt2+d
-----END CERTIFICATE-----