Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/8cce86-b0ae-4166-9042-528eff52febd/1/Npmw2y3OLPNo8mkhQ0OU4-P0djs.roa
File:                     Npmw2y3OLPNo8mkhQ0OU4-P0djs.roa (raw, json)
Hash identifier:          2mxski6u97/0G5wVYibMBcBCOr/A6RYXhLk1iaZussE=
Subject key identifier:   36:99:B0:DB:2D:CE:2C:F3:68:F2:69:21:43:43:94:E3:E3:F4:76:3B
Certificate issuer:       /CN=9c21a5e4cf6e9e2e70338aeebfa0d1588d73b6ef
Certificate serial:       018CC86EEF0B7659463FB34CA875CF596557
Authority key identifier: 9C:21:A5:E4:CF:6E:9E:2E:70:33:8A:EE:BF:A0:D1:58:8D:73:B6:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nCGl5M9uni5wM4ruv6DRWI1ztu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/8cce86-b0ae-4166-9042-528eff52febd/1/Npmw2y3OLPNo8mkhQ0OU4-P0djs.roa
Signing time:             Tue 02 Jan 2024 04:29:22 +0000
ROA not before:           Tue 02 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41720
IP address blocks:        217.197.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/8cce86-b0ae-4166-9042-528eff52febd/1/nCGl5M9uni5wM4ruv6DRWI1ztu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/8cce86-b0ae-4166-9042-528eff52febd/1/nCGl5M9uni5wM4ruv6DRWI1ztu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nCGl5M9uni5wM4ruv6DRWI1ztu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Nov 2024 01:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ef:0b:76:59:46:3f:b3:4c:a8:75:cf:59:65:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c21a5e4cf6e9e2e70338aeebfa0d1588d73b6ef
        Validity
            Not Before: Jan  2 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3699b0db2dce2cf368f26921434394e3e3f4763b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e3:46:a0:88:5c:ac:9f:94:9b:b5:ee:57:c2:
                    9b:63:72:f8:66:03:bf:b6:a4:20:ec:91:e9:d1:a0:
                    4e:b6:29:5f:4d:27:cd:ed:7f:cc:fe:b2:d6:d2:1b:
                    3a:54:60:9b:bd:be:62:02:38:4a:08:e1:d2:14:79:
                    a0:f7:54:ea:e2:59:6e:44:9a:a4:05:af:4d:a0:7e:
                    ab:3f:cd:1d:57:95:47:da:5c:81:88:b0:47:71:9f:
                    32:f2:bd:33:cb:a6:48:90:bc:2a:eb:42:f4:c3:b0:
                    e9:dc:1d:19:4a:92:44:94:af:36:e7:27:c1:bb:d1:
                    f7:94:a3:74:3e:5f:fa:52:c5:cf:0d:88:b5:5b:b8:
                    9d:5f:86:1a:aa:5b:da:71:c1:06:e2:2f:91:0e:8c:
                    ba:e7:5e:91:91:fa:00:ee:83:9c:07:5d:ad:80:f9:
                    a6:ed:87:84:16:2d:ae:be:01:3a:26:23:2c:2d:e7:
                    0f:52:be:a2:36:01:65:de:12:09:7d:ca:35:10:48:
                    5c:8b:97:a0:36:61:55:51:5b:85:6d:2c:ee:c1:59:
                    f5:06:19:e7:53:f5:ff:45:7d:6d:a9:ac:74:78:01:
                    4b:2e:85:d9:64:74:3f:ca:94:11:42:72:68:8e:bf:
                    f5:a2:6e:1d:94:c6:d9:16:1a:dd:81:74:8b:65:b7:
                    4c:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:99:B0:DB:2D:CE:2C:F3:68:F2:69:21:43:43:94:E3:E3:F4:76:3B
            X509v3 Authority Key Identifier:
                keyid:9C:21:A5:E4:CF:6E:9E:2E:70:33:8A:EE:BF:A0:D1:58:8D:73:B6:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nCGl5M9uni5wM4ruv6DRWI1ztu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/8cce86-b0ae-4166-9042-528eff52febd/1/Npmw2y3OLPNo8mkhQ0OU4-P0djs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/8cce86-b0ae-4166-9042-528eff52febd/1/nCGl5M9uni5wM4ruv6DRWI1ztu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.197.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:a9:bc:67:88:d8:da:59:c1:16:6f:25:c4:6f:3a:e3:68:a3:
         de:7c:95:dc:66:a6:9c:e0:f5:fa:c6:d5:7d:26:5b:7e:9b:07:
         67:7b:95:eb:3f:18:0d:3e:6f:7a:64:a0:0b:3c:30:18:40:e8:
         04:ce:f0:2c:35:08:cc:94:a1:1c:51:31:d9:56:68:76:5e:09:
         48:d7:c2:ff:16:8f:de:de:14:21:af:0c:cc:57:a7:4b:22:15:
         e7:3c:f6:26:d2:d6:34:bf:e9:88:c8:ee:9f:68:96:d0:79:4a:
         51:62:eb:f3:c1:97:e6:6a:68:00:b5:4d:ab:72:e4:49:71:e6:
         06:83:ad:4e:de:0e:ed:81:d4:2e:31:d1:4e:4e:c4:7d:98:5c:
         c5:67:f4:f2:51:f5:d2:c5:6f:b6:a0:af:81:e1:67:0d:65:d1:
         31:e2:1b:a8:98:63:d6:e6:54:e9:0a:08:a9:ab:b3:9b:04:64:
         c7:b9:bb:02:d6:3f:e6:7c:7c:c5:38:f5:4f:7e:39:fb:c8:0a:
         8c:0a:cd:91:22:f0:8b:42:7d:21:a1:9a:58:4a:77:84:64:be:
         4b:8e:33:5a:46:02:29:d6:b8:11:4e:f3:23:5b:4d:cd:af:9c:
         e2:e8:98:07:c9:ac:ae:1e:89:7c:5c:46:11:0a:bf:a0:9e:79:
         3d:29:aa:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbu8LdllGP7NMqHXPWWVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMjFhNWU0Y2Y2ZTllMmU3MDMzOGFlZWJmYTBkMTU4OGQ3
M2I2ZWYwHhcNMjQwMTAyMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjk5YjBkYjJkY2UyY2YzNjhmMjY5MjE0MzQzOTRlM2UzZjQ3NjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeNGoIhcrJ+Um7XuV8KbY3L4ZgO/
tqQg7JHp0aBOtilfTSfN7X/M/rLW0hs6VGCbvb5iAjhKCOHSFHmg91Tq4lluRJqk
Ba9NoH6rP80dV5VH2lyBiLBHcZ8y8r0zy6ZIkLwq60L0w7Dp3B0ZSpJElK825yfB
u9H3lKN0Pl/6UsXPDYi1W7idX4YaqlvaccEG4i+RDoy6516RkfoA7oOcB12tgPmm
7YeEFi2uvgE6JiMsLecPUr6iNgFl3hIJfco1EEhci5egNmFVUVuFbSzuwVn1Bhnn
U/X/RX1tqax0eAFLLoXZZHQ/ypQRQnJojr/1om4dlMbZFhrdgXSLZbdM4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaZsNstzizzaPJpIUNDlOPj9HY7MB8GA1UdIwQY
MBaAFJwhpeTPbp4ucDOK7r+g0ViNc7bvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkNHbDVNOXVuaTV3TTRydXY2RFJXSTF6dHU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi84Y2NlODYtYjBhZS00MTY2LTkwNDIt
NTI4ZWZmNTJmZWJkLzEvTnBtdzJ5M09MUE5vOG1raFEwT1U0LVAwZGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi84Y2NlODYtYjBhZS00MTY2LTkwNDItNTI4ZWZmNTJmZWJk
LzEvbkNHbDVNOXVuaTV3TTRydXY2RFJXSTF6dHU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2cVkMA0G
CSqGSIb3DQEBCwUAA4IBAQBjqbxniNjaWcEWbyXEbzrjaKPefJXcZqac4PX6xtV9
Jlt+mwdne5XrPxgNPm96ZKALPDAYQOgEzvAsNQjMlKEcUTHZVmh2XglI18L/Fo/e
3hQhrwzMV6dLIhXnPPYm0tY0v+mIyO6faJbQeUpRYuvzwZfmamgAtU2rcuRJceYG
g61O3g7tgdQuMdFOTsR9mFzFZ/TyUfXSxW+2oK+B4WcNZdEx4huomGPW5lTpCgip
q7ObBGTHubsC1j/mfHzFOPVPfjn7yAqMCs2RIvCLQn0hoZpYSneEZL5LjjNaRgIp
1rgRTvMjW03Nr5zi6JgHyayuHol8XEYRCr+gnnk9Kaod
-----END CERTIFICATE-----