Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/nMgeDSRn1palbG1YFRplQLiBJ88.roa
File:                     nMgeDSRn1palbG1YFRplQLiBJ88.roa (raw, json)
Hash identifier:          qMMTHgMyiQ7I7jN7xNsRXFOKbCMbPEhnaDyD9fJClec=
Subject key identifier:   9C:C8:1E:0D:24:67:D6:96:A5:6C:6D:58:15:1A:65:40:B8:81:27:CF
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       0194221F979E5C9CF74E36A280230002BB61
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/nMgeDSRn1palbG1YFRplQLiBJ88.roa
Signing time:             Wed 01 Jan 2025 13:48:03 +0000
ROA not before:           Wed 01 Jan 2025 13:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210185
IP address blocks:        194.56.80.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:97:9e:5c:9c:f7:4e:36:a2:80:23:00:02:bb:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Jan  1 13:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9cc81e0d2467d696a56c6d58151a6540b88127cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:50:e9:c9:a1:8b:72:c1:13:85:c9:e3:38:0e:
                    b2:be:64:04:e7:d8:cd:10:9c:6f:7f:40:54:6a:6a:
                    36:b8:b5:6e:ec:f8:25:55:cb:19:86:43:6a:64:ce:
                    43:78:97:65:79:b8:6a:9a:bd:ec:9b:90:7c:13:83:
                    f2:0f:9b:50:39:f7:da:d0:cd:0a:37:a2:5f:0b:e0:
                    00:5a:a7:dc:6c:15:f1:c1:1b:55:3e:a1:62:5d:ce:
                    2f:05:7e:ef:6a:78:26:6b:13:43:cc:14:3e:6c:08:
                    33:10:4c:66:d8:6d:06:24:48:13:b0:ef:79:5e:f1:
                    f6:5f:c9:4b:28:01:a6:eb:cc:0b:c4:32:47:d8:e1:
                    be:76:12:29:85:da:83:7b:84:40:04:b5:c3:27:56:
                    50:14:34:0e:ca:73:85:c4:43:b6:73:55:c2:49:46:
                    58:bc:a8:c4:35:44:98:be:3e:c6:21:2f:b3:31:3b:
                    6e:98:a6:6e:3c:55:97:57:ec:0f:f7:ba:66:0a:0f:
                    c3:f5:b7:82:87:3e:f5:dd:41:f5:ac:9f:e5:02:63:
                    c8:92:a0:5e:63:7b:81:1e:ce:34:f4:54:23:eb:3a:
                    2e:9d:8d:9f:26:1a:12:41:6c:2a:10:5b:ce:e4:2d:
                    a0:b0:f1:80:10:a7:e7:20:af:a9:54:9e:f0:aa:96:
                    c3:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C8:1E:0D:24:67:D6:96:A5:6C:6D:58:15:1A:65:40:B8:81:27:CF
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/nMgeDSRn1palbG1YFRplQLiBJ88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:da:99:3e:b3:be:5c:11:c1:86:c4:40:42:53:83:cd:35:e4:
         65:32:c6:41:d9:c1:fd:98:68:c9:11:bb:60:40:34:5c:47:c2:
         a4:a2:74:0f:4b:b7:f6:32:7e:af:c9:dc:65:36:4d:bc:44:d6:
         f0:f4:d4:4a:bb:82:ae:a1:53:cb:57:10:86:f8:f1:1e:63:10:
         d6:f0:f9:b0:d3:12:2d:8d:b2:25:95:ec:9b:78:4c:81:f2:e1:
         b5:ba:86:46:a2:0a:d9:16:c1:9f:75:c9:ca:43:de:e7:85:3b:
         6f:94:c9:7e:8c:df:78:6a:de:b5:0a:d1:f6:ce:4c:af:5b:c8:
         4d:50:6d:f6:32:0f:ac:b2:dd:ce:95:d6:07:4b:75:eb:85:37:
         23:10:bb:b9:f7:ee:f4:83:3c:11:88:ee:02:49:7f:b9:c8:71:
         36:7b:71:82:80:ef:2e:59:a7:f1:f3:d2:1b:c2:82:04:af:0f:
         5b:6b:a7:55:ce:50:dc:3e:f0:50:67:bd:a1:2f:82:00:0f:5f:
         25:0a:95:8b:81:40:f7:80:1b:be:dc:92:5a:c6:c5:3d:55:0c:
         3c:1f:a1:6a:f1:94:6c:38:40:41:e0:03:4c:0c:c4:8d:6d:d7:
         ca:b2:2b:9e:0d:4f:8e:33:d2:01:1b:20:52:95:68:ce:98:aa:
         d4:75:a6:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH5eeXJz3TjaigCMAArthMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjUwMTAxMTM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2M4MWUwZDI0NjdkNjk2YTU2YzZkNTgxNTFhNjU0MGI4ODEyN2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1DpyaGLcsEThcnjOA6yvmQE59jN
EJxvf0BUamo2uLVu7PglVcsZhkNqZM5DeJdlebhqmr3sm5B8E4PyD5tQOffa0M0K
N6JfC+AAWqfcbBXxwRtVPqFiXc4vBX7vangmaxNDzBQ+bAgzEExm2G0GJEgTsO95
XvH2X8lLKAGm68wLxDJH2OG+dhIphdqDe4RABLXDJ1ZQFDQOynOFxEO2c1XCSUZY
vKjENUSYvj7GIS+zMTtumKZuPFWXV+wP97pmCg/D9beChz713UH1rJ/lAmPIkqBe
Y3uBHs409FQj6zounY2fJhoSQWwqEFvO5C2gsPGAEKfnIK+pVJ7wqpbDuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzIHg0kZ9aWpWxtWBUaZUC4gSfPMB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvbk1nZURTUm4xcGFsYkcxWUZScGxRTGlCSjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjhQMA0G
CSqGSIb3DQEBCwUAA4IBAQCw2pk+s75cEcGGxEBCU4PNNeRlMsZB2cH9mGjJEbtg
QDRcR8KkonQPS7f2Mn6vydxlNk28RNbw9NRKu4KuoVPLVxCG+PEeYxDW8Pmw0xIt
jbIlleybeEyB8uG1uoZGogrZFsGfdcnKQ97nhTtvlMl+jN94at61CtH2zkyvW8hN
UG32Mg+sst3OldYHS3XrhTcjELu59+70gzwRiO4CSX+5yHE2e3GCgO8uWafx89Ib
woIErw9ba6dVzlDcPvBQZ72hL4IAD18lCpWLgUD3gBu+3JJaxsU9VQw8H6Fq8ZRs
OEBB4ANMDMSNbdfKsiueDU+OM9IBGyBSlWjOmKrUdab7
-----END CERTIFICATE-----