Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/78bd05-6006-462f-a187-0ecf4220023e/1/Nn8t4E3PPxZo-b4KPZtpNjvhyP4.roa
File:                     Nn8t4E3PPxZo-b4KPZtpNjvhyP4.roa (raw, json)
Hash identifier:          HK5HnySi54rcIEMxzeutX3Qb0pA3LCKigWhmnubosjg=
Subject key identifier:   36:7F:2D:E0:4D:CF:3F:16:68:F9:BE:0A:3D:9B:69:36:3B:E1:C8:FE
Certificate issuer:       /CN=7e6750e58ca0a2b75f2c53bdf6f61ff63ec831cb
Certificate serial:       018CC3B67E5096BCC943D9EC3BA5B4E35B84
Authority key identifier: 7E:67:50:E5:8C:A0:A2:B7:5F:2C:53:BD:F6:F6:1F:F6:3E:C8:31:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fmdQ5YygordfLFO99vYf9j7IMcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/78bd05-6006-462f-a187-0ecf4220023e/1/Nn8t4E3PPxZo-b4KPZtpNjvhyP4.roa
Signing time:             Mon 01 Jan 2024 06:29:26 +0000
ROA not before:           Mon 01 Jan 2024 06:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29504
IP address blocks:        185.193.84.0/22 maxlen: 22
                          2a0a:3640::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/78bd05-6006-462f-a187-0ecf4220023e/1/fmdQ5YygordfLFO99vYf9j7IMcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/78bd05-6006-462f-a187-0ecf4220023e/1/fmdQ5YygordfLFO99vYf9j7IMcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fmdQ5YygordfLFO99vYf9j7IMcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:7e:50:96:bc:c9:43:d9:ec:3b:a5:b4:e3:5b:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e6750e58ca0a2b75f2c53bdf6f61ff63ec831cb
        Validity
            Not Before: Jan  1 06:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=367f2de04dcf3f1668f9be0a3d9b69363be1c8fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d0:5f:d2:68:e9:da:1b:ca:49:4b:11:8c:e5:
                    b9:82:ee:86:9d:1a:53:6f:e7:34:b7:19:5d:3b:37:
                    52:2e:2e:44:8e:45:ad:ad:e4:87:00:f7:03:94:0b:
                    6f:dd:48:c6:50:95:93:cb:ab:5d:02:c1:37:99:a5:
                    9c:da:cb:3c:48:fa:50:ae:ec:4a:a2:e2:e5:10:4d:
                    a0:47:88:55:d9:e5:b7:d5:5b:b9:51:1b:c5:5d:f3:
                    a2:18:95:3e:14:c5:d2:1d:a3:a0:87:72:74:c9:7b:
                    6e:bf:da:0a:e9:5f:43:76:8d:87:c3:04:63:69:67:
                    4f:17:d3:46:e7:56:0d:78:c6:40:2f:3a:61:31:20:
                    b2:a3:8f:3b:f2:27:61:d4:7f:dd:3c:b2:e3:b5:3c:
                    e5:c1:c2:a1:c4:e2:7e:a1:1b:98:de:22:67:ad:c1:
                    55:0b:39:5d:8c:4a:98:06:e9:b3:5e:c1:81:6e:93:
                    ec:db:9f:b3:9b:1a:86:00:2c:62:1f:ad:5d:29:b4:
                    1b:a9:ef:5c:ea:37:d3:d1:54:2e:9d:7b:08:70:97:
                    cc:df:4f:a4:b2:df:b4:52:e6:e0:a7:6b:ff:d2:74:
                    28:54:06:9e:17:a7:9c:cf:ec:0d:e8:c6:74:89:e7:
                    de:cd:9d:c1:03:27:c4:ad:b6:3a:35:1c:c8:5b:6e:
                    ec:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:7F:2D:E0:4D:CF:3F:16:68:F9:BE:0A:3D:9B:69:36:3B:E1:C8:FE
            X509v3 Authority Key Identifier:
                keyid:7E:67:50:E5:8C:A0:A2:B7:5F:2C:53:BD:F6:F6:1F:F6:3E:C8:31:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fmdQ5YygordfLFO99vYf9j7IMcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/78bd05-6006-462f-a187-0ecf4220023e/1/Nn8t4E3PPxZo-b4KPZtpNjvhyP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/78bd05-6006-462f-a187-0ecf4220023e/1/fmdQ5YygordfLFO99vYf9j7IMcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.84.0/22
                IPv6:
                  2a0a:3640::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:59:04:fc:00:a5:17:d8:d4:2f:24:c2:b5:0d:c3:b8:7b:2f:
         b5:d4:8e:15:d0:27:20:8d:ce:53:5f:f9:d3:90:74:4e:a8:42:
         5e:a7:36:86:c5:af:3b:c6:0f:98:a8:62:49:f8:e2:be:00:9b:
         4f:53:9e:2b:d1:f0:57:6d:15:20:96:6c:46:bf:e5:ec:5e:cc:
         69:e0:46:62:98:87:3d:67:1b:3a:3a:e4:bc:13:1c:0f:3e:15:
         35:92:b2:91:d1:19:68:3e:95:fc:19:1c:4f:10:34:a4:29:7b:
         db:03:f5:7f:63:dc:ec:f0:c8:c1:0f:3f:02:d9:fc:5e:30:b0:
         b4:b5:42:e9:69:93:8d:ac:6d:f1:0e:a3:62:d0:b8:d2:0f:f5:
         79:54:8d:52:b7:f4:a9:01:ca:98:a3:99:76:eb:66:e2:c0:0e:
         db:29:9f:20:0b:b5:54:98:f4:5b:77:e1:40:99:3e:cd:d7:41:
         ee:80:65:b2:83:0f:34:2c:b6:f0:cd:3c:c2:1f:1b:91:51:35:
         77:79:a1:41:13:6a:04:3d:ee:dd:5e:c3:fc:47:36:71:de:e4:
         53:9e:bf:32:db:d7:e7:50:d5:4c:54:c2:e0:61:30:bd:d3:78:
         ca:cd:e4:b3:aa:bb:03:52:af:70:73:40:51:c4:69:d4:58:83:
         fd:95:dc:84
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDtn5QlrzJQ9nsO6W041uEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNjc1MGU1OGNhMGEyYjc1ZjJjNTNiZGY2ZjYxZmY2M2Vj
ODMxY2IwHhcNMjQwMTAxMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjdmMmRlMDRkY2YzZjE2NjhmOWJlMGEzZDliNjkzNjNiZTFjOGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9Bf0mjp2hvKSUsRjOW5gu6GnRpT
b+c0txldOzdSLi5EjkWtreSHAPcDlAtv3UjGUJWTy6tdAsE3maWc2ss8SPpQruxK
ouLlEE2gR4hV2eW31Vu5URvFXfOiGJU+FMXSHaOgh3J0yXtuv9oK6V9Ddo2HwwRj
aWdPF9NG51YNeMZALzphMSCyo4878idh1H/dPLLjtTzlwcKhxOJ+oRuY3iJnrcFV
CzldjEqYBumzXsGBbpPs25+zmxqGACxiH61dKbQbqe9c6jfT0VQunXsIcJfM30+k
st+0Uubgp2v/0nQoVAaeF6ecz+wN6MZ0iefezZ3BAyfErbY6NRzIW27ssQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDZ/LeBNzz8WaPm+Cj2baTY74cj+MB8GA1UdIwQY
MBaAFH5nUOWMoKK3XyxTvfb2H/Y+yDHLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm1kUTVZeWdvcmRmTEZPOTl2WWY5ajdJTWNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS83OGJkMDUtNjAwNi00NjJmLWExODct
MGVjZjQyMjAwMjNlLzEvTm44dDRFM1BQeFpvLWI0S1BadHBOanZoeVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS83OGJkMDUtNjAwNi00NjJmLWExODctMGVjZjQyMjAwMjNl
LzEvZm1kUTVZeWdvcmRmTEZPOTl2WWY5ajdJTWNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucFUMA0E
AgACMAcDBQMqCjZAMA0GCSqGSIb3DQEBCwUAA4IBAQCGWQT8AKUX2NQvJMK1DcO4
ey+11I4V0Ccgjc5TX/nTkHROqEJepzaGxa87xg+YqGJJ+OK+AJtPU54r0fBXbRUg
lmxGv+XsXsxp4EZimIc9Zxs6OuS8ExwPPhU1krKR0RloPpX8GRxPEDSkKXvbA/V/
Y9zs8MjBDz8C2fxeMLC0tULpaZONrG3xDqNi0LjSD/V5VI1St/SpAcqYo5l262bi
wA7bKZ8gC7VUmPRbd+FAmT7N10HugGWygw80LLbwzTzCHxuRUTV3eaFBE2oEPe7d
XsP8RzZx3uRTnr8y29fnUNVMVMLgYTC903jKzeSzqrsDUq9wc0BRxGnUWIP9ldyE
-----END CERTIFICATE-----