Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/NGfRsK-Ra-vvv1XcKfCZVRNMM_A.roa
File:                     NGfRsK-Ra-vvv1XcKfCZVRNMM_A.roa (raw, json)
Hash identifier:          E1SpF7qOykWuv3rP2Bj4DWWNlUPNFJlGazw4ZrlsepY=
Subject key identifier:   34:67:D1:B0:AF:91:6B:EB:EF:BF:55:DC:29:F0:99:55:13:4C:33:F0
Certificate issuer:       /CN=f8e826de1070d9d79daa9e415fc432613cc57e57
Certificate serial:       018CC2DB589181FCBF66A501DD6BAD0E8415
Authority key identifier: F8:E8:26:DE:10:70:D9:D7:9D:AA:9E:41:5F:C4:32:61:3C:C5:7E:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/NGfRsK-Ra-vvv1XcKfCZVRNMM_A.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5580
IP address blocks:        185.47.227.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:91:81:fc:bf:66:a5:01:dd:6b:ad:0e:84:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e826de1070d9d79daa9e415fc432613cc57e57
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3467d1b0af916bebefbf55dc29f09955134c33f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:d2:31:6b:79:4b:8f:55:a4:f9:d9:f4:03:f9:
                    7b:63:92:c8:76:f9:1d:fe:e5:b8:f6:3e:98:5d:fa:
                    b4:39:9b:4b:c8:9b:99:d2:12:15:07:93:85:c1:48:
                    0e:d2:04:5f:10:f9:5b:5b:38:79:35:1f:ca:7a:71:
                    65:58:d4:17:8c:cd:55:50:bc:bd:cc:2c:bd:58:57:
                    d7:ed:e4:e8:55:19:bb:6e:ca:e2:bd:07:a1:bb:9d:
                    9e:b0:75:b0:e1:04:cc:cc:e2:99:9e:07:77:38:f9:
                    b7:48:df:c6:f0:00:94:ed:67:f3:ad:2d:88:5c:24:
                    6d:19:bc:80:3f:af:b7:bd:5e:e8:e4:30:65:3e:e4:
                    07:49:a0:fd:34:0d:6d:75:11:15:50:ef:55:9f:2e:
                    75:83:e2:0e:4b:7b:7b:cb:de:65:0b:bb:ff:f9:50:
                    6e:38:af:5f:36:70:8d:71:f3:0e:e7:56:d5:54:fe:
                    09:c6:b6:dc:43:48:e5:23:71:8e:39:68:e0:b5:94:
                    7f:09:24:74:71:9a:fd:fc:14:fb:55:6d:b5:60:a3:
                    df:97:22:34:4a:7d:e4:38:5a:1a:7a:be:c8:10:0b:
                    80:f7:18:22:79:56:d9:b1:18:d8:33:13:03:fb:ea:
                    b7:17:a6:ce:9b:9c:d9:20:63:7b:70:5f:29:50:2a:
                    8b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:67:D1:B0:AF:91:6B:EB:EF:BF:55:DC:29:F0:99:55:13:4C:33:F0
            X509v3 Authority Key Identifier:
                keyid:F8:E8:26:DE:10:70:D9:D7:9D:AA:9E:41:5F:C4:32:61:3C:C5:7E:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Ogm3hBw2dedqp5BX8QyYTzFflc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/NGfRsK-Ra-vvv1XcKfCZVRNMM_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/73db77-0a6b-4f9b-a8e8-eaedb709efbf/1/1-Ogm3hBw2dedqp5BX8QyYTzFflc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.47.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:31:74:4b:74:6b:57:a6:81:bd:42:11:ab:e5:59:c9:5a:da:
         c0:e6:0d:42:00:59:0f:28:8c:24:ce:d1:ff:3d:c0:fc:6a:44:
         42:b3:ce:f7:e1:7b:0a:bf:d8:4d:74:54:78:90:ac:5d:87:e0:
         69:ce:1e:c8:5b:ae:03:27:c1:72:f2:ed:68:1b:1e:1c:0d:8e:
         cb:1c:57:6b:6d:e6:d3:d3:53:29:6c:5b:a5:30:45:f1:a8:0a:
         0d:eb:6d:71:57:17:86:8e:fa:c9:1d:bd:1e:20:68:5f:91:c6:
         3e:3f:d7:c2:1a:aa:39:05:a4:cb:fc:18:84:77:6b:19:07:d1:
         20:e0:c8:5d:10:44:04:45:27:2e:10:4c:f2:52:52:58:5d:3f:
         5b:cc:82:f4:f8:38:bf:bb:32:df:96:4b:94:c0:b8:0e:70:a2:
         86:fc:61:96:3b:be:72:a8:61:fd:fe:2f:b0:20:d3:de:50:d2:
         c3:e1:a3:04:8e:c8:97:ba:e4:9c:1f:00:16:69:bf:2c:dd:6a:
         84:ab:89:6f:b9:71:aa:d7:ce:55:1f:cb:fc:41:3d:04:f6:93:
         5b:14:af:e6:95:b7:24:c5:c0:18:1e:89:ee:89:e1:db:99:e9:
         e3:a5:3b:96:b1:cd:f7:1a:4b:4f:a7:63:2b:27:cd:cf:40:f9:
         2a:e1:f8:57
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC21iRgfy/ZqUB3WutDoQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTgyNmRlMTA3MGQ5ZDc5ZGFhOWU0MTVmYzQzMjYxM2Nj
NTdlNTcwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDY3ZDFiMGFmOTE2YmViZWZiZjU1ZGMyOWYwOTk1NTEzNGMzM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7dIxa3lLj1Wk+dn0A/l7Y5LIdvkd
/uW49j6YXfq0OZtLyJuZ0hIVB5OFwUgO0gRfEPlbWzh5NR/KenFlWNQXjM1VULy9
zCy9WFfX7eToVRm7bsrivQehu52esHWw4QTMzOKZngd3OPm3SN/G8ACU7WfzrS2I
XCRtGbyAP6+3vV7o5DBlPuQHSaD9NA1tdREVUO9Vny51g+IOS3t7y95lC7v/+VBu
OK9fNnCNcfMO51bVVP4JxrbcQ0jlI3GOOWjgtZR/CSR0cZr9/BT7VW21YKPflyI0
Sn3kOFoaer7IEAuA9xgieVbZsRjYMxMD++q3F6bOm5zZIGN7cF8pUCqLKwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDRn0bCvkWvr779V3CnwmVUTTDPwMB8GA1UdIwQY
MBaAFPjoJt4QcNnXnaqeQV/EMmE8xX5XMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PZ20zaEJ3MmRlZHFwNUJYOFF5WVR6RmZsYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWQvNzNkYjc3LTBhNmItNGY5Yi1hOGU4
LWVhZWRiNzA5ZWZiZi8xL05HZlJzSy1SYS12dnYxWGNLZkNaVlJOTU1fQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWQvNzNkYjc3LTBhNmItNGY5Yi1hOGU4LWVhZWRiNzA5ZWZi
Zi8xLzEtT2dtM2hCdzJkZWRxcDVCWDhReVlUekZmbGMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5L+Mw
DQYJKoZIhvcNAQELBQADggEBAF4xdEt0a1emgb1CEavlWcla2sDmDUIAWQ8ojCTO
0f89wPxqREKzzvfhewq/2E10VHiQrF2H4GnOHshbrgMnwXLy7WgbHhwNjsscV2tt
5tPTUylsW6UwRfGoCg3rbXFXF4aO+skdvR4gaF+Rxj4/18IaqjkFpMv8GIR3axkH
0SDgyF0QRARFJy4QTPJSUlhdP1vMgvT4OL+7Mt+WS5TAuA5woob8YZY7vnKoYf3+
L7Ag095Q0sPhowSOyJe65JwfABZpvyzdaoSriW+5carXzlUfy/xBPQT2k1sUr+aV
tyTFwBgeie6J4duZ6eOlO5axzfcaS0+nYysnzc9A+Srh+Fc=
-----END CERTIFICATE-----