Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Nn4s79cmGN8GKnYtH6FbeyKHpMM.roa
File:                     Nn4s79cmGN8GKnYtH6FbeyKHpMM.roa (raw, json)
Hash identifier:          D64o6YmW4z7iXTcM7gqxmWe1Em8zx32EZRHk7NWMISY=
Subject key identifier:   36:7E:2C:EF:D7:26:18:DF:06:2A:76:2D:1F:A1:5B:7B:22:87:A4:C3
Certificate issuer:       /CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
Certificate serial:       018CC94DA91780039ACB144A8D30E46EDFA3
Authority key identifier: 30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Nn4s79cmGN8GKnYtH6FbeyKHpMM.roa
Signing time:             Tue 02 Jan 2024 08:32:39 +0000
ROA not before:           Tue 02 Jan 2024 08:32:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16347
IP address blocks:        185.14.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:a9:17:80:03:9a:cb:14:4a:8d:30:e4:6e:df:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30f1ba6111c8f1d3f37c1b7c1a5ed737402192f2
        Validity
            Not Before: Jan  2 08:32:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=367e2cefd72618df062a762d1fa15b7b2287a4c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:01:dd:99:47:61:f0:f5:fe:ca:17:bb:f6:6c:
                    ef:71:eb:65:ce:a3:97:3a:0a:45:ea:7a:ae:f1:ac:
                    7f:f7:59:fb:f9:e5:7b:9f:c1:83:0f:6e:50:03:f7:
                    d1:ad:ab:c2:e2:2a:70:58:7a:a1:ab:a9:cb:83:f8:
                    7e:4d:8e:1e:6c:57:1a:7e:7c:db:08:07:00:e3:92:
                    c8:99:11:a5:49:4d:16:c7:88:9d:5f:0d:63:75:61:
                    61:77:f2:0c:fc:ce:84:3c:be:8a:98:b6:c1:04:e8:
                    b3:34:ba:21:15:79:c8:3f:77:5f:60:07:68:4f:63:
                    62:64:e5:dd:ef:8f:01:6c:0a:e8:36:42:f9:71:b8:
                    7b:cb:02:a4:a9:20:ad:1d:a4:64:f7:fa:63:ff:6f:
                    8e:1e:8f:e5:af:ba:ac:94:7a:c8:8d:12:07:21:77:
                    d9:a4:c0:9e:8b:3a:a3:c4:dd:31:dd:86:a2:94:2f:
                    f7:67:d5:2f:f0:4e:ea:46:b9:a9:89:40:b2:80:c1:
                    30:26:15:57:b4:9b:9e:05:8d:12:74:c4:db:26:98:
                    0b:b0:b9:0e:e2:e1:ee:df:44:64:b2:5b:87:c9:72:
                    31:cf:74:6a:7a:66:d5:3b:75:eb:b6:a7:f5:90:ae:
                    ad:02:ef:51:c6:4e:4b:3d:a8:a7:63:8b:a5:0e:97:
                    ca:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:7E:2C:EF:D7:26:18:DF:06:2A:76:2D:1F:A1:5B:7B:22:87:A4:C3
            X509v3 Authority Key Identifier:
                keyid:30:F1:BA:61:11:C8:F1:D3:F3:7C:1B:7C:1A:5E:D7:37:40:21:92:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/Nn4s79cmGN8GKnYtH6FbeyKHpMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/8d7c57-ba65-47fc-bcc4-c33018633d33/1/MPG6YRHI8dPzfBt8Gl7XN0AhkvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:88:d5:82:c7:be:bb:ae:4e:67:8b:f8:2c:f6:7a:19:2d:95:
         40:bc:2f:78:c7:fd:84:f3:c3:a3:a8:37:79:27:18:9f:78:20:
         17:27:ed:9d:87:51:6d:09:2f:28:eb:20:28:23:9d:13:ce:9a:
         ee:f9:d3:76:a7:53:0d:46:22:db:3d:4c:1a:e3:44:15:56:25:
         88:ee:03:df:fa:41:90:61:74:6f:f9:cf:2f:f5:f5:56:32:05:
         5a:72:bb:65:4b:29:20:50:a2:6e:84:93:7f:41:e0:b4:56:51:
         45:22:f7:75:55:07:f8:3c:00:41:25:d4:ab:4e:a0:c7:5c:e6:
         91:0a:ff:2d:5a:91:ef:bd:e6:13:3c:7e:79:7a:44:f3:81:8c:
         54:3b:95:58:a1:3f:a4:d3:71:3c:b1:22:9f:3f:02:25:28:9a:
         45:fd:8b:ed:21:a6:68:63:a8:2a:0e:9e:8e:32:38:50:3b:c3:
         63:09:0e:83:d0:eb:c3:03:aa:b6:9a:68:95:ea:c5:6e:c4:05:
         b8:56:91:a0:f6:96:06:01:fb:a7:49:9b:50:95:a1:53:37:e4:
         94:49:38:26:98:72:3d:81:0d:52:5e:de:66:59:8c:90:16:b8:
         58:47:c4:13:08:6a:0e:12:ed:65:7f:f6:02:b6:a7:be:46:77:
         71:0b:c6:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTakXgAOayxRKjTDkbt+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZjFiYTYxMTFjOGYxZDNmMzdjMWI3YzFhNWVkNzM3NDAy
MTkyZjIwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjdlMmNlZmQ3MjYxOGRmMDYyYTc2MmQxZmExNWI3YjIyODdhNGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwHdmUdh8PX+yhe79mzvcetlzqOX
OgpF6nqu8ax/91n7+eV7n8GDD25QA/fRravC4ipwWHqhq6nLg/h+TY4ebFcafnzb
CAcA45LImRGlSU0Wx4idXw1jdWFhd/IM/M6EPL6KmLbBBOizNLohFXnIP3dfYAdo
T2NiZOXd748BbAroNkL5cbh7ywKkqSCtHaRk9/pj/2+OHo/lr7qslHrIjRIHIXfZ
pMCeizqjxN0x3YailC/3Z9Uv8E7qRrmpiUCygMEwJhVXtJueBY0SdMTbJpgLsLkO
4uHu30RksluHyXIxz3RqembVO3Xrtqf1kK6tAu9Rxk5LPainY4ulDpfKoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZ+LO/XJhjfBip2LR+hW3sih6TDMB8GA1UdIwQY
MBaAFDDxumERyPHT83wbfBpe1zdAIZLyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQt
YzMzMDE4NjMzZDMzLzEvTm40czc5Y21HTjhHS25ZdEg2RmJleUtIcE1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy84ZDdjNTctYmE2NS00N2ZjLWJjYzQtYzMzMDE4NjMzZDMz
LzEvTVBHNllSSEk4ZFB6ZkJ0OEdsN1hOMEFoa3ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ6zMA0G
CSqGSIb3DQEBCwUAA4IBAQBMiNWCx767rk5ni/gs9noZLZVAvC94x/2E88OjqDd5
JxifeCAXJ+2dh1FtCS8o6yAoI50Tzpru+dN2p1MNRiLbPUwa40QVViWI7gPf+kGQ
YXRv+c8v9fVWMgVacrtlSykgUKJuhJN/QeC0VlFFIvd1VQf4PABBJdSrTqDHXOaR
Cv8tWpHvveYTPH55ekTzgYxUO5VYoT+k03E8sSKfPwIlKJpF/YvtIaZoY6gqDp6O
MjhQO8NjCQ6D0OvDA6q2mmiV6sVuxAW4VpGg9pYGAfunSZtQlaFTN+SUSTgmmHI9
gQ1SXt5mWYyQFrhYR8QTCGoOEu1lf/YCtqe+RndxC8Z2
-----END CERTIFICATE-----