Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/nE2zY_MxYyTSdUaGSfITM5yDDLU.roa
File:                     nE2zY_MxYyTSdUaGSfITM5yDDLU.roa (raw, json)
Hash identifier:          4zxZdXuaL9zkDHQnYkl78EvgX0QlXQVjQFPccMnS6fg=
Subject key identifier:   9C:4D:B3:63:F3:31:63:24:D2:75:46:86:49:F2:13:33:9C:83:0C:B5
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       018CC348A9B3DF0AAE062ED9476936C4D897
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/nE2zY_MxYyTSdUaGSfITM5yDDLU.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44639
IP address blocks:        193.255.120.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a9:b3:df:0a:ae:06:2e:d9:47:69:36:c4:d8:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c4db363f3316324d275468649f213339c830cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:05:f8:3f:2d:fe:5e:9d:c1:7c:fb:c1:3d:b3:
                    08:d6:38:fe:71:5c:2e:8b:4f:0c:73:03:5a:d9:a0:
                    19:2c:7d:74:b5:73:43:0a:8b:e5:c0:ca:4e:17:ed:
                    17:eb:45:1a:4a:eb:57:5c:41:d1:64:08:a5:7f:5e:
                    a9:32:6d:04:a7:19:91:c2:e6:8e:91:fc:d7:f7:a2:
                    35:62:be:20:96:58:e7:ca:78:4f:1f:8c:4c:c2:7f:
                    2a:70:c1:27:5c:87:4f:6b:41:e9:d0:e0:b2:54:9e:
                    d9:92:8b:27:cb:bc:0a:4f:43:4f:a5:a1:b3:76:1e:
                    36:cc:7c:cb:71:8f:67:c6:45:77:d6:81:57:82:25:
                    dd:d3:b8:53:98:f0:6f:bf:9f:16:f6:6d:92:f9:77:
                    e9:3a:94:77:6d:31:15:5c:c1:36:8f:b8:28:2a:82:
                    1f:0d:91:ec:fd:25:60:94:a9:12:a8:e8:54:af:3a:
                    bd:9e:30:d8:7d:23:38:88:49:c6:cb:19:38:ee:be:
                    f4:ce:6b:e1:bb:4f:00:af:66:36:bc:99:18:20:d7:
                    99:1e:19:00:f2:9d:a2:fe:8a:ec:6b:32:11:88:a3:
                    1b:75:67:52:75:fd:b4:ff:b3:bb:c7:6c:7c:55:64:
                    d5:89:cd:88:cd:7e:79:39:86:1e:fb:43:a5:d6:61:
                    54:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4D:B3:63:F3:31:63:24:D2:75:46:86:49:F2:13:33:9C:83:0C:B5
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/nE2zY_MxYyTSdUaGSfITM5yDDLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.255.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:8b:4a:4a:96:1d:09:94:50:c7:31:f9:b3:55:5d:03:c3:54:
         61:29:ad:42:13:2a:f6:71:64:b8:ee:ea:6c:43:44:1b:61:a6:
         07:cb:73:27:ae:4a:8f:88:36:4e:a2:a4:0b:af:c2:74:7d:8d:
         6b:5c:76:4e:70:e6:78:27:5e:40:be:fa:0f:40:82:3f:72:fa:
         ae:c7:bb:4a:bb:3e:09:95:93:35:4f:0c:30:48:ad:62:a5:15:
         c8:35:91:cb:5e:b5:d2:ad:c0:7b:23:64:77:f6:d2:7a:27:84:
         96:ea:41:8a:38:ac:72:2b:09:00:cd:89:fd:76:7e:a6:85:6c:
         49:20:e4:b4:e8:f3:f9:18:01:04:16:6c:65:22:c1:19:fb:08:
         4d:58:38:20:6d:91:8b:62:c5:10:3c:85:9f:24:1b:14:bb:4a:
         93:2f:c6:e0:5b:82:08:00:57:e2:be:1b:7f:fb:7b:cc:04:a8:
         67:e2:e4:a0:3c:38:48:25:15:c2:5e:3a:6a:6a:00:e2:a7:58:
         28:db:0a:7c:1d:03:98:4c:5d:69:66:4c:48:7e:dc:8a:6a:49:
         d3:2c:f2:5c:e1:63:a7:f5:e9:da:b5:55:ef:4c:65:3e:34:ef:
         43:13:93:bc:41:b2:da:ce:0d:02:b0:05:db:72:46:9b:80:9f:
         64:d0:45:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKmz3wquBi7ZR2k2xNiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRkYjM2M2YzMzE2MzI0ZDI3NTQ2ODY0OWYyMTMzMzljODMwY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAX4Py3+Xp3BfPvBPbMI1jj+cVwu
i08McwNa2aAZLH10tXNDCovlwMpOF+0X60UaSutXXEHRZAilf16pMm0EpxmRwuaO
kfzX96I1Yr4glljnynhPH4xMwn8qcMEnXIdPa0Hp0OCyVJ7Zkosny7wKT0NPpaGz
dh42zHzLcY9nxkV31oFXgiXd07hTmPBvv58W9m2S+XfpOpR3bTEVXME2j7goKoIf
DZHs/SVglKkSqOhUrzq9njDYfSM4iEnGyxk47r70zmvhu08Ar2Y2vJkYINeZHhkA
8p2i/orsazIRiKMbdWdSdf20/7O7x2x8VWTVic2IzX55OYYe+0Ol1mFU4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxNs2PzMWMk0nVGhknyEzOcgwy1MB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvbkUyellfTXhZeVRTZFVhR1NmSVRNNXlERExVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwf94MA0G
CSqGSIb3DQEBCwUAA4IBAQCoi0pKlh0JlFDHMfmzVV0Dw1RhKa1CEyr2cWS47ups
Q0QbYaYHy3MnrkqPiDZOoqQLr8J0fY1rXHZOcOZ4J15AvvoPQII/cvqux7tKuz4J
lZM1TwwwSK1ipRXINZHLXrXSrcB7I2R39tJ6J4SW6kGKOKxyKwkAzYn9dn6mhWxJ
IOS06PP5GAEEFmxlIsEZ+whNWDggbZGLYsUQPIWfJBsUu0qTL8bgW4IIAFfivht/
+3vMBKhn4uSgPDhIJRXCXjpqagDip1go2wp8HQOYTF1pZkxIftyKaknTLPJc4WOn
9enatVXvTGU+NO9DE5O8QbLazg0CsAXbckabgJ9k0EXn
-----END CERTIFICATE-----