Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/98b024-9d8f-4869-a2a9-0afb7c3fbf30/1/n_KIMJqfqW83fJfLKKGYTQuyHsk.roa
File:                     n_KIMJqfqW83fJfLKKGYTQuyHsk.roa (raw, json)
Hash identifier:          J1iTlQF83Arp/FjjdBZnwqbM+mAOyZjQ4pWH1gpPPS0=
Subject key identifier:   9F:F2:88:30:9A:9F:A9:6F:37:7C:97:CB:28:A1:98:4D:0B:B2:1E:C9
Certificate issuer:       /CN=7f42d27c21da86c7e9fbf44ae0e56c98f3d2f80b
Certificate serial:       018CCA29DEE86B1F9410B929FDD71DC995A1
Authority key identifier: 7F:42:D2:7C:21:DA:86:C7:E9:FB:F4:4A:E0:E5:6C:98:F3:D2:F8:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f0LSfCHahsfp-_RK4OVsmPPS-As.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/98b024-9d8f-4869-a2a9-0afb7c3fbf30/1/n_KIMJqfqW83fJfLKKGYTQuyHsk.roa
Signing time:             Tue 02 Jan 2024 12:33:10 +0000
ROA not before:           Tue 02 Jan 2024 12:33:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198127
IP address blocks:        193.150.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/98b024-9d8f-4869-a2a9-0afb7c3fbf30/1/f0LSfCHahsfp-_RK4OVsmPPS-As.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/98b024-9d8f-4869-a2a9-0afb7c3fbf30/1/f0LSfCHahsfp-_RK4OVsmPPS-As.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f0LSfCHahsfp-_RK4OVsmPPS-As.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:de:e8:6b:1f:94:10:b9:29:fd:d7:1d:c9:95:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f42d27c21da86c7e9fbf44ae0e56c98f3d2f80b
        Validity
            Not Before: Jan  2 12:33:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ff288309a9fa96f377c97cb28a1984d0bb21ec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:34:89:48:45:36:46:6d:7c:89:74:eb:5c:80:
                    1e:ed:17:5d:6b:cb:a4:3b:6f:d0:57:a5:2d:0d:d4:
                    99:ea:d3:a3:39:20:52:a5:99:9f:ea:a2:85:c8:39:
                    c4:29:84:de:c1:5b:0e:a5:d1:f3:f0:28:0e:41:5c:
                    09:e2:64:64:61:3d:5c:57:fb:92:d9:ed:76:2f:64:
                    4c:c4:b1:99:e1:48:39:6c:4c:80:15:57:75:ca:00:
                    4d:aa:b3:41:5d:13:cd:43:18:8e:5d:9b:43:d6:97:
                    df:c6:ef:17:15:c7:a8:54:81:e5:5b:c3:a4:f9:b9:
                    8c:8d:92:45:f4:b8:28:82:5c:e1:47:ce:4d:b1:b4:
                    f3:9d:c1:3e:cd:a2:36:8c:69:fd:15:55:df:ca:7b:
                    6c:c9:6c:17:c8:92:59:20:b8:21:3e:bb:fc:42:e5:
                    1b:87:a2:c3:79:2f:5d:b2:d8:3d:d2:79:2d:5c:5d:
                    ea:27:02:bf:8a:9c:b9:ca:83:9a:9c:6b:4a:83:ad:
                    32:4d:93:40:2e:bc:a8:cc:09:87:98:dc:fa:14:7a:
                    02:5d:0e:e2:e3:fa:a9:22:7f:8a:18:47:38:04:b5:
                    89:9f:b4:e1:0e:ec:05:a8:71:41:c5:10:98:61:f8:
                    05:6d:c0:b2:17:f2:aa:d2:d0:6d:4c:06:df:b2:13:
                    80:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F2:88:30:9A:9F:A9:6F:37:7C:97:CB:28:A1:98:4D:0B:B2:1E:C9
            X509v3 Authority Key Identifier:
                keyid:7F:42:D2:7C:21:DA:86:C7:E9:FB:F4:4A:E0:E5:6C:98:F3:D2:F8:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0LSfCHahsfp-_RK4OVsmPPS-As.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/98b024-9d8f-4869-a2a9-0afb7c3fbf30/1/n_KIMJqfqW83fJfLKKGYTQuyHsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/98b024-9d8f-4869-a2a9-0afb7c3fbf30/1/f0LSfCHahsfp-_RK4OVsmPPS-As.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c4:6d:c1:d8:bc:17:70:d0:fb:e0:ad:a0:68:70:a3:b5:12:
         02:36:0c:d0:1c:5b:6c:bd:14:45:36:eb:fa:dd:6f:06:96:b1:
         61:d1:0a:2a:aa:40:e1:fe:bc:59:4a:a0:8e:49:1c:9e:b2:ec:
         53:98:1b:36:4c:79:d1:64:2b:5b:04:dd:69:1d:3d:26:e7:52:
         14:d7:54:25:34:48:ed:77:38:29:8f:76:98:16:52:90:06:8d:
         7c:b4:0f:b3:6d:e9:62:48:c6:a5:92:bc:8b:3e:26:72:d8:fb:
         fe:5e:73:60:88:d1:6f:f4:09:1a:20:ba:a9:1e:d3:b7:7f:86:
         ce:73:dd:d4:4d:7b:f2:31:80:45:56:87:00:d6:fc:7e:a2:6d:
         3d:42:f7:a0:09:4c:d9:e6:39:be:51:29:20:5c:9f:4c:3f:00:
         39:a9:47:01:04:4d:d1:c5:c1:cc:62:ef:8e:45:73:4b:d5:a8:
         02:84:65:da:f4:20:89:99:7a:17:bf:1e:d8:92:98:80:49:7e:
         9d:d6:fc:fa:8f:58:7f:c9:1c:0d:51:d5:9a:c2:c0:fe:fc:f1:
         1e:f5:fb:a2:ca:8b:21:a9:ab:eb:91:b5:41:5b:70:55:35:a2:
         24:ad:87:36:c5:db:6e:70:78:a5:a7:3b:38:c7:44:f8:bc:a7:
         3e:f6:bd:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKd7oax+UELkp/dcdyZWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNDJkMjdjMjFkYTg2YzdlOWZiZjQ0YWUwZTU2Yzk4ZjNk
MmY4MGIwHhcNMjQwMTAyMTIzMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmYyODgzMDlhOWZhOTZmMzc3Yzk3Y2IyOGExOTg0ZDBiYjIxZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojSJSEU2Rm18iXTrXIAe7Rdda8uk
O2/QV6UtDdSZ6tOjOSBSpZmf6qKFyDnEKYTewVsOpdHz8CgOQVwJ4mRkYT1cV/uS
2e12L2RMxLGZ4Ug5bEyAFVd1ygBNqrNBXRPNQxiOXZtD1pffxu8XFceoVIHlW8Ok
+bmMjZJF9LgoglzhR85NsbTzncE+zaI2jGn9FVXfyntsyWwXyJJZILghPrv8QuUb
h6LDeS9dstg90nktXF3qJwK/ipy5yoOanGtKg60yTZNALryozAmHmNz6FHoCXQ7i
4/qpIn+KGEc4BLWJn7ThDuwFqHFBxRCYYfgFbcCyF/Kq0tBtTAbfshOAkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/yiDCan6lvN3yXyyihmE0Lsh7JMB8GA1UdIwQY
MBaAFH9C0nwh2obH6fv0SuDlbJjz0vgLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjBMU2ZDSGFoc2ZwLV9SSzRPVnNtUFBTLUFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS85OGIwMjQtOWQ4Zi00ODY5LWEyYTkt
MGFmYjdjM2ZiZjMwLzEvbl9LSU1KcWZxVzgzZkpmTEtLR1lUUXV5SHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS85OGIwMjQtOWQ4Zi00ODY5LWEyYTktMGFmYjdjM2ZiZjMw
LzEvZjBMU2ZDSGFoc2ZwLV9SSzRPVnNtUFBTLUFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZZDMA0G
CSqGSIb3DQEBCwUAA4IBAQAuxG3B2LwXcND74K2gaHCjtRICNgzQHFtsvRRFNuv6
3W8GlrFh0QoqqkDh/rxZSqCOSRyesuxTmBs2THnRZCtbBN1pHT0m51IU11QlNEjt
dzgpj3aYFlKQBo18tA+zbeliSMalkryLPiZy2Pv+XnNgiNFv9AkaILqpHtO3f4bO
c93UTXvyMYBFVocA1vx+om09QvegCUzZ5jm+USkgXJ9MPwA5qUcBBE3RxcHMYu+O
RXNL1agChGXa9CCJmXoXvx7YkpiASX6d1vz6j1h/yRwNUdWawsD+/PEe9fuiyosh
qavrkbVBW3BVNaIkrYc2xdtucHilpzs4x0T4vKc+9r04
-----END CERTIFICATE-----