Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/nzjQ-30RygNo77h85F53pRGpGEM.roa
File:                     nzjQ-30RygNo77h85F53pRGpGEM.roa (raw, json)
Hash identifier:          ks6M/V2OTaNeUW0hLoYz6IVqEzR9lHcssvNGWL6OJHI=
Subject key identifier:   9F:38:D0:FB:7D:11:CA:03:68:EF:B8:7C:E4:5E:77:A5:11:A9:18:43
Certificate issuer:       /CN=f7d32e75294187d46e8eae0f8fe72b5fd7abf886
Certificate serial:       0192C9CCD4592137EDE61B936DCE7BEEFBA7
Authority key identifier: F7:D3:2E:75:29:41:87:D4:6E:8E:AE:0F:8F:E7:2B:5F:D7:AB:F8:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/nzjQ-30RygNo77h85F53pRGpGEM.roa
Signing time:             Sat 26 Oct 2024 17:08:17 +0000
ROA not before:           Sat 26 Oct 2024 17:08:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6895
IP address blocks:        185.79.172.0/22 maxlen: 24
                          193.149.0.0/23 maxlen: 24
                          2001:7f8:f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:c9:cc:d4:59:21:37:ed:e6:1b:93:6d:ce:7b:ee:fb:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7d32e75294187d46e8eae0f8fe72b5fd7abf886
        Validity
            Not Before: Oct 26 17:08:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f38d0fb7d11ca0368efb87ce45e77a511a91843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:de:48:fd:6a:a7:14:e2:f0:95:9a:f6:5c:96:
                    25:57:cc:c2:dd:88:56:92:6a:51:0e:8d:50:51:50:
                    1e:2d:a8:a2:39:69:15:a5:cd:2a:b6:0e:2e:8f:e9:
                    45:4c:47:87:b4:41:04:a4:c5:63:44:61:49:e7:1d:
                    ce:d7:23:2a:5a:fc:2a:ca:2d:04:7e:de:41:b5:51:
                    a7:ce:53:c1:f1:8d:7a:2e:73:d2:16:c6:a3:86:98:
                    b1:48:30:fb:1f:03:6f:3f:c6:2f:b1:e0:82:bd:7a:
                    8d:ba:27:83:59:72:60:5c:94:c1:38:1a:ef:f3:db:
                    3d:4e:49:a2:9c:16:a3:6e:61:0d:ee:d4:03:57:98:
                    03:49:b2:4c:b7:58:5d:ca:ec:37:8d:59:31:20:10:
                    84:91:8e:34:33:51:1f:48:0b:52:78:1b:21:2c:2c:
                    cd:f2:9a:b7:e6:58:32:38:8b:57:45:28:9f:fc:24:
                    07:c8:b6:aa:e1:b2:da:a2:8b:b9:73:94:df:0a:cd:
                    e4:0a:be:33:59:b5:c1:a3:11:89:11:4b:74:09:4c:
                    e8:f4:6e:2a:c8:41:78:79:90:df:b3:0d:6b:66:e9:
                    13:77:b9:66:57:bb:42:dd:11:f4:4e:63:65:b8:da:
                    f3:75:72:d8:28:ce:bf:fc:d2:bc:ca:cd:d1:eb:9f:
                    28:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:38:D0:FB:7D:11:CA:03:68:EF:B8:7C:E4:5E:77:A5:11:A9:18:43
            X509v3 Authority Key Identifier:
                keyid:F7:D3:2E:75:29:41:87:D4:6E:8E:AE:0F:8F:E7:2B:5F:D7:AB:F8:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/99MudSlBh9Rujq4Pj-crX9er-IY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/nzjQ-30RygNo77h85F53pRGpGEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d0cc41-c8f1-4a44-91f0-d1a4599cb0e5/1/99MudSlBh9Rujq4Pj-crX9er-IY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.79.172.0/22
                  193.149.0.0/23
                IPv6:
                  2001:7f8:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:43:80:46:1a:db:7e:bf:06:48:71:76:f0:fa:4b:a5:57:19:
         e6:c0:b5:a0:95:1e:d2:95:fb:8b:af:55:b0:cd:d1:d2:ee:3b:
         c0:95:4e:1a:61:75:b9:e2:4b:19:4a:85:42:47:cf:6c:02:63:
         af:9f:8f:30:fb:ac:2e:d3:f1:67:ff:df:d5:e6:6a:16:13:76:
         2b:82:19:f5:31:b4:15:ee:34:6d:a2:d3:21:d7:af:cc:c1:a1:
         6c:d3:f2:e6:dd:bf:e8:75:67:fc:68:2e:1d:3c:d0:0c:ca:c3:
         b1:d6:0b:68:bb:87:cb:ce:a5:9b:b1:a8:9e:3e:0c:d9:e8:c2:
         d9:3d:af:f5:64:7a:89:e2:bb:2f:e2:1b:bb:5d:7b:2a:a5:2e:
         b1:9e:f0:d2:6b:a5:a9:b2:7b:6a:86:18:09:85:fe:72:a1:09:
         be:7b:ab:9d:34:0c:5e:f6:9d:68:2d:88:fd:5a:91:23:f8:b8:
         32:c1:10:0d:43:97:fb:b8:76:8e:12:4e:5a:60:23:b7:88:e6:
         35:f1:7c:2a:19:5d:98:e2:28:94:9a:fe:81:06:cf:f0:81:82:
         dd:9b:c8:ee:ee:cc:db:50:cd:ae:54:94:b0:f0:7d:86:15:46:
         e4:de:13:81:31:1f:df:e2:bf:fc:6f:ff:a4:fd:6c:aa:f8:ff:
         13:f3:ea:1f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZLJzNRZITft5huTbc577vunMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZDMyZTc1Mjk0MTg3ZDQ2ZThlYWUwZjhmZTcyYjVmZDdh
YmY4ODYwHhcNMjQxMDI2MTcwODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjM4ZDBmYjdkMTFjYTAzNjhlZmI4N2NlNDVlNzdhNTExYTkxODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh95I/WqnFOLwlZr2XJYlV8zC3YhW
kmpRDo1QUVAeLaiiOWkVpc0qtg4uj+lFTEeHtEEEpMVjRGFJ5x3O1yMqWvwqyi0E
ft5BtVGnzlPB8Y16LnPSFsajhpixSDD7HwNvP8YvseCCvXqNuieDWXJgXJTBOBrv
89s9TkminBajbmEN7tQDV5gDSbJMt1hdyuw3jVkxIBCEkY40M1EfSAtSeBshLCzN
8pq35lgyOItXRSif/CQHyLaq4bLaoou5c5TfCs3kCr4zWbXBoxGJEUt0CUzo9G4q
yEF4eZDfsw1rZukTd7lmV7tC3RH0TmNluNrzdXLYKM6//NK8ys3R658oXwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJ840Pt9EcoDaO+4fORed6URqRhDMB8GA1UdIwQY
MBaAFPfTLnUpQYfUbo6uD4/nK1/Xq/iGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTlNdWRTbEJoOVJ1anE0UGotY3JYOWVyLUlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMGNjNDEtYzhmMS00YTQ0LTkxZjAt
ZDFhNDU5OWNiMGU1LzEvbnpqUS0zMFJ5Z05vNzdoODVGNTNwUkdwR0VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMGNjNDEtYzhmMS00YTQ0LTkxZjAtZDFhNDU5OWNiMGU1
LzEvOTlNdWRTbEJoOVJ1anE0UGotY3JYOWVyLUlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCuU+sAwQB
wZUAMA8EAgACMAkDBwAgAQf4AA8wDQYJKoZIhvcNAQELBQADggEBAB5DgEYa236/
BkhxdvD6S6VXGebAtaCVHtKV+4uvVbDN0dLuO8CVThphdbniSxlKhUJHz2wCY6+f
jzD7rC7T8Wf/39XmahYTdiuCGfUxtBXuNG2i0yHXr8zBoWzT8ubdv+h1Z/xoLh08
0AzKw7HWC2i7h8vOpZuxqJ4+DNnowtk9r/Vkeoniuy/iG7tdeyqlLrGe8NJrpamy
e2qGGAmF/nKhCb57q500DF72nWgtiP1akSP4uDLBEA1Dl/u4do4STlpgI7eI5jXx
fCoZXZjiKJSa/oEGz/CBgt2byO7uzNtQza5UlLDwfYYVRuTeE4ExH9/iv/xv/6T9
bKr4/xPz6h8=
-----END CERTIFICATE-----