Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/nonbD71ydlyG5h2hlCTnQv-PahI.roa
File:                     nonbD71ydlyG5h2hlCTnQv-PahI.roa (raw, json)
Hash identifier:          UficMPEvZDFA2E5WPRxQnTaKazysNspGjL458TrPC9k=
Subject key identifier:   9E:89:DB:0F:BD:72:76:5C:86:E6:1D:A1:94:24:E7:42:FF:8F:6A:12
Certificate issuer:       /CN=ebfabfa628063f6b8e9888566f5f3fcfa798c621
Certificate serial:       018CC802FCE38DAD30F3206F569EC1D2CBED
Authority key identifier: EB:FA:BF:A6:28:06:3F:6B:8E:98:88:56:6F:5F:3F:CF:A7:98:C6:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/nonbD71ydlyG5h2hlCTnQv-PahI.roa
Signing time:             Tue 02 Jan 2024 02:31:28 +0000
ROA not before:           Tue 02 Jan 2024 02:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43905
IP address blocks:        80.79.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:fc:e3:8d:ad:30:f3:20:6f:56:9e:c1:d2:cb:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebfabfa628063f6b8e9888566f5f3fcfa798c621
        Validity
            Not Before: Jan  2 02:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e89db0fbd72765c86e61da19424e742ff8f6a12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a5:64:3e:81:f0:ae:2b:51:2e:83:3a:66:f5:
                    6a:56:d9:80:d1:3e:98:cd:29:09:06:09:a1:d0:84:
                    bd:85:fb:a0:aa:91:b0:2f:3a:1b:9e:80:3f:bd:94:
                    6e:7d:d1:71:fe:10:0e:8a:6e:78:9d:7b:b1:4c:17:
                    66:7f:49:3e:79:16:d6:22:39:49:5e:47:14:c5:eb:
                    26:9a:d8:5c:0c:05:36:76:b1:79:43:7b:23:71:31:
                    67:2f:44:cd:ad:f0:64:dd:44:5c:c6:05:89:31:04:
                    7f:9f:a6:9f:fc:7a:43:42:a2:57:4f:36:ff:8e:28:
                    83:2b:31:7b:31:69:ee:70:61:4e:52:2a:7f:9b:fb:
                    88:ee:9b:cc:38:7e:28:38:0b:2e:b1:58:d9:10:c3:
                    37:70:3c:4d:c4:63:28:ba:20:64:ef:b8:0f:6a:59:
                    a8:75:c1:b9:09:91:63:0e:bc:83:dd:8b:07:df:b5:
                    82:fc:82:ea:64:14:39:e3:07:4b:33:05:ae:c3:5e:
                    4c:58:8c:19:8f:3b:8b:3b:e4:09:d4:1a:2d:52:0b:
                    2d:db:57:cf:2f:6e:84:6c:65:7f:63:3a:60:0d:a7:
                    5e:46:5f:71:20:e1:2e:c7:45:ea:d3:38:fd:b2:4d:
                    d2:98:aa:58:95:3d:c2:dc:08:2b:ca:5b:5a:2c:a6:
                    a3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:89:DB:0F:BD:72:76:5C:86:E6:1D:A1:94:24:E7:42:FF:8F:6A:12
            X509v3 Authority Key Identifier:
                keyid:EB:FA:BF:A6:28:06:3F:6B:8E:98:88:56:6F:5F:3F:CF:A7:98:C6:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6_q_pigGP2uOmIhWb18_z6eYxiE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/nonbD71ydlyG5h2hlCTnQv-PahI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/a3a311-3784-4818-abf9-e5fd6e9842ab/1/6_q_pigGP2uOmIhWb18_z6eYxiE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.79.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:fc:90:a6:c8:4e:ec:79:4f:f1:f6:a8:20:fc:e8:ce:5e:84:
         98:b9:9a:95:09:3f:b5:62:e2:aa:19:4f:fe:53:23:3c:ae:47:
         81:09:17:c8:3c:66:d7:6f:07:4f:70:55:a9:7f:53:5b:5e:3a:
         a2:bc:6a:56:b3:08:e3:b7:50:fd:7f:d5:d3:da:49:2a:b0:a4:
         e3:56:08:04:51:c4:9d:ca:17:02:22:a9:0e:e5:9b:29:39:e0:
         6f:b7:32:79:97:ff:c7:b6:09:4a:62:f2:14:db:93:9f:9b:96:
         b3:59:19:a3:d4:63:9f:1b:8e:05:d7:94:b7:1b:b6:65:17:4c:
         01:4f:23:bd:d9:78:bc:33:0b:88:0a:55:ff:a0:93:ca:2e:1f:
         08:fe:49:74:4f:ca:ac:08:19:8c:8d:6f:c6:b1:f1:ce:ed:24:
         ac:c9:53:37:f8:81:95:7b:25:0b:02:c0:9d:bf:44:4d:91:0c:
         da:10:4e:42:d1:72:f9:51:4f:3e:ae:60:a7:e4:ff:d0:9e:bb:
         4a:89:42:ce:f4:39:f3:b6:a3:06:ad:f7:51:1b:48:6b:e9:9c:
         79:5b:fb:fa:28:29:f1:63:c2:3a:5a:8d:37:b6:6d:f4:a8:c9:
         05:81:7c:01:a0:e9:e2:76:28:ce:76:d6:bb:fb:f0:84:92:14:
         d8:2f:d6:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAvzjja0w8yBvVp7B0svtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZmFiZmE2MjgwNjNmNmI4ZTk4ODg1NjZmNWYzZmNmYTc5
OGM2MjEwHhcNMjQwMTAyMDIzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTg5ZGIwZmJkNzI3NjVjODZlNjFkYTE5NDI0ZTc0MmZmOGY2YTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqVkPoHwritRLoM6ZvVqVtmA0T6Y
zSkJBgmh0IS9hfugqpGwLzobnoA/vZRufdFx/hAOim54nXuxTBdmf0k+eRbWIjlJ
XkcUxesmmthcDAU2drF5Q3sjcTFnL0TNrfBk3URcxgWJMQR/n6af/HpDQqJXTzb/
jiiDKzF7MWnucGFOUip/m/uI7pvMOH4oOAsusVjZEMM3cDxNxGMouiBk77gPalmo
dcG5CZFjDryD3YsH37WC/ILqZBQ54wdLMwWuw15MWIwZjzuLO+QJ1BotUgst21fP
L26EbGV/YzpgDadeRl9xIOEux0Xq0zj9sk3SmKpYlT3C3AgryltaLKajVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6J2w+9cnZchuYdoZQk50L/j2oSMB8GA1UdIwQY
MBaAFOv6v6YoBj9rjpiIVm9fP8+nmMYhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNl9xX3BpZ0dQMnVPbUloV2IxOF96NmVZeGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9hM2EzMTEtMzc4NC00ODE4LWFiZjkt
ZTVmZDZlOTg0MmFiLzEvbm9uYkQ3MXlkbHlHNWgyaGxDVG5Rdi1QYWhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9hM2EzMTEtMzc4NC00ODE4LWFiZjktZTVmZDZlOTg0MmFi
LzEvNl9xX3BpZ0dQMnVPbUloV2IxOF96NmVZeGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUE+ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCh/JCmyE7seU/x9qgg/OjOXoSYuZqVCT+1YuKqGU/+
UyM8rkeBCRfIPGbXbwdPcFWpf1NbXjqivGpWswjjt1D9f9XT2kkqsKTjVggEUcSd
yhcCIqkO5ZspOeBvtzJ5l//HtglKYvIU25Ofm5azWRmj1GOfG44F15S3G7ZlF0wB
TyO92Xi8MwuIClX/oJPKLh8I/kl0T8qsCBmMjW/GsfHO7SSsyVM3+IGVeyULAsCd
v0RNkQzaEE5C0XL5UU8+rmCn5P/QnrtKiULO9DnztqMGrfdRG0hr6Zx5W/v6KCnx
Y8I6Wo03tm30qMkFgXwBoOnidijOdta7+/CEkhTYL9bY
-----END CERTIFICATE-----