Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/nsi8EGHbYtSL0vzOANhAjTx6TxY.roa
File:                     nsi8EGHbYtSL0vzOANhAjTx6TxY.roa (raw, json)
Hash identifier:          ALbWC5Hy6hiP0+Qllp9HpjE958Ll3p0dZE6FK/Ed6I4=
Subject key identifier:   9E:C8:BC:10:61:DB:62:D4:8B:D2:FC:CE:00:D8:40:8D:3C:7A:4F:16
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       0192E7867478438D84F2D872CAF2C087052F
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/nsi8EGHbYtSL0vzOANhAjTx6TxY.roa
Signing time:             Fri 01 Nov 2024 11:40:01 +0000
ROA not before:           Fri 01 Nov 2024 11:40:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209075
IP address blocks:        2a0a:79c0:900::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e7:86:74:78:43:8d:84:f2:d8:72:ca:f2:c0:87:05:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Nov  1 11:40:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ec8bc1061db62d48bd2fcce00d8408d3c7a4f16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:20:58:2c:ca:b5:f7:28:9b:d8:19:8f:bc:f4:
                    6c:bf:37:7c:6a:97:76:a0:5d:81:b8:51:f6:31:82:
                    e5:d3:70:ef:1b:2a:d9:39:9a:99:25:97:b4:97:a4:
                    7a:4c:0c:6a:f0:22:3e:8f:d8:8f:93:df:b5:48:89:
                    ed:c1:6a:a6:fb:ef:27:8b:b8:0c:84:00:b2:ea:79:
                    43:b3:f7:77:e1:4f:ef:65:2e:48:ab:8a:66:3c:69:
                    ef:aa:f7:57:af:c1:72:c8:de:a7:3a:14:f6:39:2c:
                    ea:a9:ce:bd:8e:d7:11:6d:ff:6b:4b:9d:7f:e6:6f:
                    a1:6c:af:f0:d7:8e:cf:d7:8e:9b:55:c0:02:aa:56:
                    1d:81:75:91:4e:16:f3:12:86:98:13:a0:ec:c6:b9:
                    16:81:5b:59:db:18:f9:5d:1d:60:30:4c:03:38:4e:
                    b5:8e:6d:0f:1d:bc:97:71:12:90:66:c1:67:ae:3d:
                    02:d3:eb:89:e9:9a:b7:47:7e:5b:45:17:4a:a0:af:
                    51:e0:ef:d7:93:b9:e4:20:4e:10:df:4f:60:98:2b:
                    cc:5b:b7:68:6f:e8:96:c6:a4:50:11:80:14:8e:85:
                    90:d8:f4:de:ea:9c:3c:7f:0b:a2:54:b2:42:c6:11:
                    0d:e0:ec:0e:4c:82:f1:cf:34:f4:fb:01:18:e1:b8:
                    f7:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C8:BC:10:61:DB:62:D4:8B:D2:FC:CE:00:D8:40:8D:3C:7A:4F:16
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/nsi8EGHbYtSL0vzOANhAjTx6TxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c0:900::/44

    Signature Algorithm: sha256WithRSAEncryption
         9c:bb:8c:b6:c7:6a:bf:c1:1b:12:48:b0:4b:61:2c:8f:cb:06:
         6e:37:01:2e:a0:9a:29:6d:95:dc:4f:e6:25:a2:35:f9:0f:f9:
         e1:82:f3:96:42:46:56:5a:97:87:a0:04:3c:2a:ec:33:1d:1d:
         04:a4:10:fa:38:bb:1d:24:d7:32:f8:95:62:14:4c:13:7d:c1:
         66:0d:d4:ea:fb:8f:20:cd:cf:94:ee:ab:80:82:c2:3e:c2:58:
         99:53:1a:2e:7a:28:b8:4d:65:aa:86:52:7f:37:39:4c:7b:0c:
         1d:0a:89:08:33:eb:b0:02:28:9b:e5:0c:d0:00:90:ce:0a:a1:
         18:d2:2b:4e:1b:90:bf:bd:c2:a4:cb:16:07:c1:56:1f:15:b4:
         28:81:68:c0:73:eb:35:46:bc:f4:76:dd:da:0c:b6:1e:0e:9f:
         33:03:92:dd:8e:c3:91:eb:6e:b3:73:51:f8:e3:d5:81:dd:6e:
         ae:4f:c9:ac:4c:89:e6:66:7e:b6:72:11:24:fd:6c:87:ab:d1:
         31:74:e9:2a:be:13:1e:39:34:54:c2:e5:5c:68:cf:58:99:de:
         1b:45:7d:ed:a7:96:52:50:fd:eb:7d:e4:f1:da:49:f0:d4:75:
         9a:0d:60:25:19:26:49:20:13:d5:df:14:01:a9:69:70:46:5f:
         e0:e0:08:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZLnhnR4Q42E8thyyvLAhwUvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQxMTAxMTE0MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWM4YmMxMDYxZGI2MmQ0OGJkMmZjY2UwMGQ4NDA4ZDNjN2E0ZjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCBYLMq19yib2BmPvPRsvzd8apd2
oF2BuFH2MYLl03DvGyrZOZqZJZe0l6R6TAxq8CI+j9iPk9+1SIntwWqm++8ni7gM
hACy6nlDs/d34U/vZS5Iq4pmPGnvqvdXr8FyyN6nOhT2OSzqqc69jtcRbf9rS51/
5m+hbK/w147P146bVcACqlYdgXWRThbzEoaYE6DsxrkWgVtZ2xj5XR1gMEwDOE61
jm0PHbyXcRKQZsFnrj0C0+uJ6Zq3R35bRRdKoK9R4O/Xk7nkIE4Q309gmCvMW7do
b+iWxqRQEYAUjoWQ2PTe6pw8fwuiVLJCxhEN4OwOTILxzzT0+wEY4bj3swIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ7IvBBh22LUi9L8zgDYQI08ek8WMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvbnNpOEVHSGJZdFNMMHZ6T0FOaEFqVHg2VHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgp5wAkA
MA0GCSqGSIb3DQEBCwUAA4IBAQCcu4y2x2q/wRsSSLBLYSyPywZuNwEuoJopbZXc
T+YlojX5D/nhgvOWQkZWWpeHoAQ8KuwzHR0EpBD6OLsdJNcy+JViFEwTfcFmDdTq
+48gzc+U7quAgsI+wliZUxoueii4TWWqhlJ/NzlMewwdCokIM+uwAiib5QzQAJDO
CqEY0itOG5C/vcKkyxYHwVYfFbQogWjAc+s1Rrz0dt3aDLYeDp8zA5LdjsOR626z
c1H449WB3W6uT8msTInmZn62chEk/WyHq9ExdOkqvhMeOTRUwuVcaM9Ymd4bRX3t
p5ZSUP3rfeTx2knw1HWaDWAlGSZJIBPV3xQBqWlwRl/g4Ajw
-----END CERTIFICATE-----