Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/nTBHWmgxyhWcacNlVFSCYzx0xA0.roa
File:                     nTBHWmgxyhWcacNlVFSCYzx0xA0.roa (raw, json)
Hash identifier:          ktRUk1RBVAT6WhF7x1dJLStdOgXq1auNj9IXSm1VZKA=
Subject key identifier:   9D:30:47:5A:68:31:CA:15:9C:69:C3:65:54:54:82:63:3C:74:C4:0D
Certificate issuer:       /CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
Certificate serial:       018E286F5A73345249793E05F3E3D1112615
Authority key identifier: 5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/nTBHWmgxyhWcacNlVFSCYzx0xA0.roa
Signing time:             Sun 10 Mar 2024 12:56:10 +0000
ROA not before:           Sun 10 Mar 2024 12:56:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25780
IP address blocks:        185.206.168.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:28:6f:5a:73:34:52:49:79:3e:05:f3:e3:d1:11:26:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
        Validity
            Not Before: Mar 10 12:56:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d30475a6831ca159c69c365545482633c74c40d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:47:6c:68:41:8d:01:b6:25:db:d7:67:2a:9e:
                    de:90:4b:c1:86:f3:db:ee:28:2d:9b:50:b0:82:17:
                    b5:36:d5:33:be:3d:b1:5b:21:2b:a3:b6:78:02:a2:
                    5e:ea:8c:91:59:f5:91:57:3a:74:bd:54:8c:a3:c8:
                    42:42:9c:48:72:7c:e6:8b:17:6a:9b:1b:5c:b6:1a:
                    9e:db:f9:fd:7e:91:f7:6a:43:90:c1:d3:b4:79:04:
                    65:99:80:74:fa:34:89:1c:95:f1:ff:67:6f:5a:ea:
                    3a:6e:a5:02:c9:77:a3:07:f6:96:6f:1a:fd:40:9e:
                    df:e0:92:58:c7:5f:d3:d2:17:3c:a9:b6:28:ec:96:
                    04:b1:7f:7b:09:ba:c7:d6:19:c1:50:65:6c:ab:be:
                    de:29:d4:33:8a:0b:da:db:c3:6d:e4:a4:23:3d:4e:
                    a4:a6:a4:80:94:b2:89:21:3c:bb:94:1b:c5:37:2e:
                    eb:e8:39:14:b7:18:93:7d:bc:bd:eb:b8:79:fd:b2:
                    fb:1c:b8:1f:ef:d3:dd:8a:c9:d2:02:42:c2:b4:25:
                    b8:83:21:b5:36:9d:d6:1f:8d:14:fa:05:ac:a7:3a:
                    01:54:e6:8f:8f:b1:24:d1:88:3a:d3:8e:72:bc:f4:
                    a5:c4:c7:cc:84:cc:c2:e3:6d:68:ce:44:e5:8c:9f:
                    be:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:30:47:5A:68:31:CA:15:9C:69:C3:65:54:54:82:63:3C:74:C4:0D
            X509v3 Authority Key Identifier:
                keyid:5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/nTBHWmgxyhWcacNlVFSCYzx0xA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:e2:5a:24:46:ea:f0:13:1d:94:46:b0:cd:cf:47:75:03:46:
         3d:73:dd:75:9d:34:58:32:2e:bf:09:bd:11:76:8a:c1:c0:0d:
         9d:a4:79:0f:0b:d2:82:94:3f:79:f3:cb:0a:f2:d0:14:99:9e:
         7c:66:d6:be:3c:eb:5d:26:74:bc:db:2f:46:26:83:0a:9f:5a:
         9e:6e:9f:ca:ce:3d:da:bf:ab:63:40:27:03:03:94:50:26:6b:
         65:21:42:56:36:87:81:44:76:76:ce:82:89:05:43:34:5f:33:
         94:23:ac:a3:20:0c:2b:19:1b:3f:ed:b1:38:90:1b:00:10:dd:
         e0:3e:01:34:b1:49:39:81:12:05:63:ae:34:9f:c4:fd:49:87:
         3e:4f:82:b0:44:9c:a1:4e:a3:5e:0a:b8:41:af:46:d2:eb:d0:
         ec:f6:1c:56:2c:d3:e0:37:c5:fe:3d:5f:ca:15:06:84:ab:3a:
         72:bb:0e:3d:cf:ed:1d:bc:c3:12:6b:31:3e:16:e4:d6:a5:94:
         eb:01:52:29:91:ea:3a:9a:32:e9:4a:42:16:06:9a:dc:02:0c:
         c9:ad:11:8b:3b:0b:f1:78:dd:70:03:eb:d1:87:29:53:d6:87:
         6b:9c:56:e3:c7:9a:79:30:3b:81:5f:87:ed:41:5f:72:01:6d:
         4e:5e:a3:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4ob1pzNFJJeT4F8+PRESYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZGU0YjNiODJmMjA5YjcwMWFlMzQwY2Y1M2I5NzQwNzhm
MTZhOWYwHhcNMjQwMzEwMTI1NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDMwNDc1YTY4MzFjYTE1OWM2OWMzNjU1NDU0ODI2MzNjNzRjNDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkdsaEGNAbYl29dnKp7ekEvBhvPb
7igtm1Cwghe1NtUzvj2xWyEro7Z4AqJe6oyRWfWRVzp0vVSMo8hCQpxIcnzmixdq
mxtcthqe2/n9fpH3akOQwdO0eQRlmYB0+jSJHJXx/2dvWuo6bqUCyXejB/aWbxr9
QJ7f4JJYx1/T0hc8qbYo7JYEsX97CbrH1hnBUGVsq77eKdQzigva28Nt5KQjPU6k
pqSAlLKJITy7lBvFNy7r6DkUtxiTfby967h5/bL7HLgf79PdisnSAkLCtCW4gyG1
Np3WH40U+gWspzoBVOaPj7Ek0Yg6045yvPSlxMfMhMzC421ozkTljJ++aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0wR1poMcoVnGnDZVRUgmM8dMQNMB8GA1UdIwQY
MBaAFF3eSzuC8gm3Aa40DPU7l0B48WqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWIt
ODZhNTUxOGUyZDUyLzEvblRCSFdtZ3h5aFdjYWNObFZGU0NZengweEEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWItODZhNTUxOGUyZDUy
LzEvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc6oMA0G
CSqGSIb3DQEBCwUAA4IBAQA64lokRurwEx2URrDNz0d1A0Y9c911nTRYMi6/Cb0R
dorBwA2dpHkPC9KClD9588sK8tAUmZ58Zta+POtdJnS82y9GJoMKn1qebp/Kzj3a
v6tjQCcDA5RQJmtlIUJWNoeBRHZ2zoKJBUM0XzOUI6yjIAwrGRs/7bE4kBsAEN3g
PgE0sUk5gRIFY640n8T9SYc+T4KwRJyhTqNeCrhBr0bS69Ds9hxWLNPgN8X+PV/K
FQaEqzpyuw49z+0dvMMSazE+FuTWpZTrAVIpkeo6mjLpSkIWBprcAgzJrRGLOwvx
eN1wA+vRhylT1odrnFbjx5p5MDuBX4ftQV9yAW1OXqOf
-----END CERTIFICATE-----