Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/nvTed6jvc6HSThg56mig2Q0E1VE.roa
File:                     nvTed6jvc6HSThg56mig2Q0E1VE.roa (raw, json)
Hash identifier:          jjaoLdsOxvTwNdLxjHnACJnzmijnQKhr6n36ZW6j6oo=
Subject key identifier:   9E:F4:DE:77:A8:EF:73:A1:D2:4E:18:39:EA:68:A0:D9:0D:04:D5:51
Certificate issuer:       /CN=b464e0af28b755c4ec88010d94298697d1883933
Certificate serial:       01920A63C853983BE2F8297DC08E4CBC2C4C
Authority key identifier: B4:64:E0:AF:28:B7:55:C4:EC:88:01:0D:94:29:86:97:D1:88:39:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tGTgryi3VcTsiAENlCmGl9GIOTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/nvTed6jvc6HSThg56mig2Q0E1VE.roa
Signing time:             Thu 19 Sep 2024 13:06:04 +0000
ROA not before:           Thu 19 Sep 2024 13:06:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208641
IP address blocks:        2.56.12.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/tGTgryi3VcTsiAENlCmGl9GIOTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/tGTgryi3VcTsiAENlCmGl9GIOTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tGTgryi3VcTsiAENlCmGl9GIOTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:0a:63:c8:53:98:3b:e2:f8:29:7d:c0:8e:4c:bc:2c:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b464e0af28b755c4ec88010d94298697d1883933
        Validity
            Not Before: Sep 19 13:06:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ef4de77a8ef73a1d24e1839ea68a0d90d04d551
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f4:51:5a:75:d9:ed:03:fa:3a:05:eb:0c:ad:
                    44:52:65:eb:5a:87:95:e0:8b:bc:70:c7:4c:fd:7c:
                    a6:b3:1c:ca:d9:36:ee:17:5a:ac:fc:c2:d1:75:b9:
                    7b:7f:53:74:43:d5:44:dd:89:02:d2:78:b0:7e:84:
                    86:fb:f7:6e:61:54:e4:f8:6d:2c:39:8e:98:e8:cc:
                    01:29:5e:76:cb:67:9f:dc:77:00:c6:8d:fc:b9:d1:
                    e6:f1:3f:b7:c7:c4:21:c9:75:f2:2c:f7:ca:53:c5:
                    72:b0:a8:1c:2d:28:ee:2d:f7:48:68:38:81:31:8a:
                    f7:dc:e4:a0:d1:51:ba:dc:03:ea:a7:2b:88:21:c2:
                    e3:31:2e:65:55:4e:ed:dc:93:56:13:89:f1:f9:50:
                    bb:56:66:b3:83:db:88:35:d1:dc:f0:3b:e3:f0:82:
                    64:21:b4:a3:71:4f:42:44:ea:24:15:33:a8:2b:b6:
                    61:ff:81:30:c4:69:5e:16:4e:4a:b2:2b:44:1d:d7:
                    ef:8a:81:3c:cc:2d:2e:ce:a1:cc:32:9c:d3:ce:e4:
                    4c:66:c6:9c:1e:4f:e5:81:ba:b9:b2:8e:53:24:44:
                    c5:a8:d6:dd:26:c8:53:b6:dd:6e:5d:45:a6:33:30:
                    5c:43:18:b6:bc:0e:18:25:88:ac:42:74:88:a8:ed:
                    27:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F4:DE:77:A8:EF:73:A1:D2:4E:18:39:EA:68:A0:D9:0D:04:D5:51
            X509v3 Authority Key Identifier:
                keyid:B4:64:E0:AF:28:B7:55:C4:EC:88:01:0D:94:29:86:97:D1:88:39:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGTgryi3VcTsiAENlCmGl9GIOTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/nvTed6jvc6HSThg56mig2Q0E1VE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/0caa6d-109e-45f3-a932-475c5c91f474/1/tGTgryi3VcTsiAENlCmGl9GIOTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c1:99:95:a2:30:9b:23:15:3a:97:5d:aa:b2:e3:d2:43:2f:3f:
         f1:f3:18:55:23:92:80:53:47:db:22:3d:73:89:f4:7c:5e:03:
         ae:ff:19:c3:cc:13:7b:66:fc:41:d5:15:99:fd:21:3c:57:48:
         37:00:3a:e3:63:d9:86:2c:07:39:de:b9:28:3e:74:c2:65:61:
         c7:bd:60:92:92:62:7e:64:5d:e2:9e:fc:29:99:e6:0a:fd:96:
         71:49:5a:ba:36:ff:4f:18:79:fb:3c:39:af:8f:f2:4a:c6:72:
         a9:a2:dc:76:da:88:11:a4:43:97:e5:11:5b:4d:57:1d:a1:58:
         c7:d5:6d:b9:d2:60:c3:ec:cf:47:e1:20:27:b2:59:10:25:2c:
         70:79:41:3b:9d:83:34:5f:3d:a8:3b:69:51:ec:9b:d4:4c:5c:
         d6:70:99:a9:61:d2:1c:97:47:42:fe:12:e2:c1:92:96:25:40:
         30:b6:f8:92:a8:13:29:87:26:07:2f:05:db:ec:26:0e:df:dd:
         96:96:2d:58:c3:c7:d3:44:02:18:7f:64:a3:21:a2:3b:8d:73:
         f1:0f:42:67:5b:3e:53:68:db:23:3a:71:99:5d:14:01:40:50:
         96:17:10:2c:d0:3e:09:3b:0a:ac:be:42:51:8e:60:d7:37:46:
         73:db:bb:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIKY8hTmDvi+Cl9wI5MvCxMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjRlMGFmMjhiNzU1YzRlYzg4MDEwZDk0Mjk4Njk3ZDE4
ODM5MzMwHhcNMjQwOTE5MTMwNjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY0ZGU3N2E4ZWY3M2ExZDI0ZTE4MzllYTY4YTBkOTBkMDRkNTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvRRWnXZ7QP6OgXrDK1EUmXrWoeV
4Iu8cMdM/XymsxzK2TbuF1qs/MLRdbl7f1N0Q9VE3YkC0niwfoSG+/duYVTk+G0s
OY6Y6MwBKV52y2ef3HcAxo38udHm8T+3x8QhyXXyLPfKU8VysKgcLSjuLfdIaDiB
MYr33OSg0VG63APqpyuIIcLjMS5lVU7t3JNWE4nx+VC7Vmazg9uINdHc8Dvj8IJk
IbSjcU9CROokFTOoK7Zh/4EwxGleFk5KsitEHdfvioE8zC0uzqHMMpzTzuRMZsac
Hk/lgbq5so5TJETFqNbdJshTtt1uXUWmMzBcQxi2vA4YJYisQnSIqO0nmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ703neo73Oh0k4YOepooNkNBNVRMB8GA1UdIwQY
MBaAFLRk4K8ot1XE7IgBDZQphpfRiDkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdUZ3J5aTNWY1RzaUFFTmxDbUdsOUdJT1RNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8wY2FhNmQtMTA5ZS00NWYzLWE5MzIt
NDc1YzVjOTFmNDc0LzEvbnZUZWQ2anZjNkhTVGhnNTZtaWcyUTBFMVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8wY2FhNmQtMTA5ZS00NWYzLWE5MzItNDc1YzVjOTFmNDc0
LzEvdEdUZ3J5aTNWY1RzaUFFTmxDbUdsOUdJT1RNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAjgMMA0G
CSqGSIb3DQEBCwUAA4IBAQDBmZWiMJsjFTqXXaqy49JDLz/x8xhVI5KAU0fbIj1z
ifR8XgOu/xnDzBN7ZvxB1RWZ/SE8V0g3ADrjY9mGLAc53rkoPnTCZWHHvWCSkmJ+
ZF3invwpmeYK/ZZxSVq6Nv9PGHn7PDmvj/JKxnKpotx22ogRpEOX5RFbTVcdoVjH
1W250mDD7M9H4SAnslkQJSxweUE7nYM0Xz2oO2lR7JvUTFzWcJmpYdIcl0dC/hLi
wZKWJUAwtviSqBMphyYHLwXb7CYO392Wli1Yw8fTRAIYf2SjIaI7jXPxD0JnWz5T
aNsjOnGZXRQBQFCWFxAs0D4JOwqsvkJRjmDXN0Zz27tg
-----END CERTIFICATE-----