Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/NYd2e9Jv56An0ARDHI1TntKuoVI.roa
File:                     NYd2e9Jv56An0ARDHI1TntKuoVI.roa (raw, json)
Hash identifier:          R+LgAA8JARQ99lFp+xf0QjZ85rVFzM4c4bJvS8PtUGY=
Subject key identifier:   35:87:76:7B:D2:6F:E7:A0:27:D0:04:43:1C:8D:53:9E:D2:AE:A1:52
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC4011B2CBCA6C2C2731B9028F53F1
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/NYd2e9Jv56An0ARDHI1TntKuoVI.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13075
IP address blocks:        195.208.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:40:11:b2:cb:ca:6c:2c:27:31:b9:02:8f:53:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3587767bd26fe7a027d004431c8d539ed2aea152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7b:cc:f8:8f:d8:dc:5d:b7:4a:ed:ee:34:2d:
                    9d:2b:8f:72:58:87:3f:00:b9:74:cd:98:74:18:25:
                    c5:f1:6b:9a:ff:c2:99:d6:c9:b5:8b:99:e2:aa:62:
                    6f:21:86:c1:76:d7:96:d0:38:01:3c:57:53:c7:07:
                    5c:44:67:74:50:b4:f2:d5:b8:9c:b4:8d:aa:38:4b:
                    d6:7d:e2:7c:b4:4a:58:fa:c2:da:55:41:cb:86:28:
                    49:e1:40:a1:ac:a5:43:c8:41:9d:56:a8:17:da:df:
                    43:db:5c:c5:89:3a:1a:ef:d6:05:05:e4:61:47:f4:
                    22:96:a2:74:40:c8:7b:9e:97:6c:97:41:7c:08:a3:
                    24:52:74:53:c5:36:49:64:16:9f:a8:16:0a:4d:f4:
                    2c:8d:9f:8c:a1:73:40:06:e3:b9:94:81:f9:50:1f:
                    81:5f:05:8d:f0:0e:61:53:97:08:db:02:72:ef:70:
                    06:fc:22:6e:44:4b:73:f8:eb:3a:78:31:85:8c:9c:
                    a9:30:f0:eb:e6:e6:a9:6e:fc:fe:4c:ad:d6:3f:0d:
                    3b:c9:ec:cc:ad:d0:4f:ff:a2:f6:a9:48:57:11:ac:
                    8f:9f:3f:9a:86:77:fc:82:63:7b:8d:95:69:23:e2:
                    30:fc:d4:e5:5c:1f:0e:f1:c8:84:fc:06:e2:4d:08:
                    7a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:87:76:7B:D2:6F:E7:A0:27:D0:04:43:1C:8D:53:9E:D2:AE:A1:52
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/NYd2e9Jv56An0ARDHI1TntKuoVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.208.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:b3:1b:fc:5c:7a:10:33:57:23:17:35:79:0d:cc:67:42:79:
         f1:4b:45:b9:3f:d7:4d:67:5c:65:20:9d:34:a0:eb:77:46:51:
         d1:90:db:65:49:c8:03:3e:8d:44:59:d5:50:38:21:e4:0d:e9:
         39:ad:c8:5a:57:dd:ca:4f:3d:bd:14:05:37:73:a3:0e:14:d1:
         73:b1:2c:e1:45:d2:86:c5:e9:5b:3a:05:46:05:4e:1b:de:9e:
         e5:a4:1a:e9:5d:fd:81:96:cf:97:1a:f1:08:7b:59:cd:ff:8d:
         92:c2:01:06:ce:0a:07:ff:d0:a4:ad:62:9c:88:e7:59:1f:75:
         80:39:12:79:bb:59:10:65:c8:82:3a:95:76:f5:f0:62:8f:f4:
         cd:14:1a:ff:8c:63:9d:32:09:18:65:a6:06:55:42:6f:34:1f:
         7a:e8:1f:f6:da:e8:3b:40:d4:8a:ac:cb:31:83:da:8d:c3:64:
         62:29:d5:b3:c6:05:82:ca:af:6c:de:3c:25:40:2a:08:ae:bb:
         07:6d:67:29:b8:01:90:e3:c5:5e:9f:fe:5a:08:a8:13:e6:dd:
         f6:b7:71:96:38:d3:14:dc:c1:5a:3d:36:f6:9b:b6:e2:21:22:
         c2:cd:62:84:94:2f:39:f3:66:c8:e0:93:49:8b:9b:77:f1:ee:
         89:ec:48:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EARssvKbCwnMbkCj1PxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTg3NzY3YmQyNmZlN2EwMjdkMDA0NDMxYzhkNTM5ZWQyYWVhMTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnvM+I/Y3F23Su3uNC2dK49yWIc/
ALl0zZh0GCXF8Wua/8KZ1sm1i5niqmJvIYbBdteW0DgBPFdTxwdcRGd0ULTy1bic
tI2qOEvWfeJ8tEpY+sLaVUHLhihJ4UChrKVDyEGdVqgX2t9D21zFiToa79YFBeRh
R/QilqJ0QMh7npdsl0F8CKMkUnRTxTZJZBafqBYKTfQsjZ+MoXNABuO5lIH5UB+B
XwWN8A5hU5cI2wJy73AG/CJuREtz+Os6eDGFjJypMPDr5uapbvz+TK3WPw07yezM
rdBP/6L2qUhXEayPnz+ahnf8gmN7jZVpI+Iw/NTlXB8O8ciE/AbiTQh6EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWHdnvSb+egJ9AEQxyNU57SrqFSMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvTllkMmU5SnY1NkFuMEFSREhJMVRudEt1b1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9AmMA0G
CSqGSIb3DQEBCwUAA4IBAQBrsxv8XHoQM1cjFzV5DcxnQnnxS0W5P9dNZ1xlIJ00
oOt3RlHRkNtlScgDPo1EWdVQOCHkDek5rchaV93KTz29FAU3c6MOFNFzsSzhRdKG
xelbOgVGBU4b3p7lpBrpXf2Bls+XGvEIe1nN/42SwgEGzgoH/9CkrWKciOdZH3WA
ORJ5u1kQZciCOpV29fBij/TNFBr/jGOdMgkYZaYGVUJvNB966B/22ug7QNSKrMsx
g9qNw2RiKdWzxgWCyq9s3jwlQCoIrrsHbWcpuAGQ48Ven/5aCKgT5t32t3GWONMU
3MFaPTb2m7biISLCzWKElC8582bI4JNJi5t38e6J7Eh4
-----END CERTIFICATE-----