Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/nGn_W0gSwBrRPKhat5R4cEQoqhY.roa
File:                     nGn_W0gSwBrRPKhat5R4cEQoqhY.roa (raw, json)
Hash identifier:          XVU8sWeUw+6VazizBI8PMCmNF85+iRw+0SNowFdIf08=
Subject key identifier:   9C:69:FF:5B:48:12:C0:1A:D1:3C:A8:5A:B7:94:78:70:44:28:AA:16
Certificate issuer:       /CN=c86406264e49cf6f89ca5d2c6af750b36e156564
Certificate serial:       019421437AFC578508724B4BFAC6A46D22CC
Authority key identifier: C8:64:06:26:4E:49:CF:6F:89:CA:5D:2C:6A:F7:50:B3:6E:15:65:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/nGn_W0gSwBrRPKhat5R4cEQoqhY.roa
Signing time:             Wed 01 Jan 2025 09:47:37 +0000
ROA not before:           Wed 01 Jan 2025 09:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20929
IP address blocks:        194.50.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:7a:fc:57:85:08:72:4b:4b:fa:c6:a4:6d:22:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c86406264e49cf6f89ca5d2c6af750b36e156564
        Validity
            Not Before: Jan  1 09:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c69ff5b4812c01ad13ca85ab79478704428aa16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7a:85:de:8b:51:9c:8a:75:b8:6e:fc:cd:91:
                    bd:72:06:f4:19:50:ee:93:a4:db:0f:6b:e9:3b:0e:
                    4e:bd:d8:7c:a6:10:1b:1c:cb:51:7d:89:6d:0a:fb:
                    57:0a:ab:4a:f3:ae:c1:0f:4d:1c:92:92:ee:94:e7:
                    b7:2d:b0:f0:92:2d:eb:b8:f8:55:c2:5b:c1:49:85:
                    ef:80:3f:0c:7d:84:ed:90:2e:58:63:16:b6:e9:64:
                    7f:4b:02:86:c6:4f:d0:51:6a:17:2e:30:56:d7:fc:
                    ac:df:5f:8c:60:fa:2c:e9:02:29:13:1f:c6:b9:d7:
                    8c:41:71:2a:5f:e3:6c:b5:07:e9:36:4b:76:de:ca:
                    46:45:a0:57:29:d8:5f:80:9c:cb:b9:5e:43:f1:15:
                    e3:b2:f5:6c:10:d9:bc:ba:c9:00:b4:f6:ae:57:39:
                    5c:d7:1b:55:70:17:92:ba:c6:db:f5:bc:ea:41:0c:
                    b2:79:c9:6b:fc:2c:9f:a8:4f:94:2a:8e:57:53:2d:
                    14:1c:14:12:f4:a1:74:f2:e8:f0:54:01:7c:3e:52:
                    47:ff:b9:14:6b:20:c5:d7:01:5a:03:ea:50:41:fb:
                    d4:a0:60:17:f0:f3:88:e8:09:59:20:38:17:65:21:
                    97:6c:a3:01:46:37:de:9c:a0:f9:1b:4f:fc:9d:95:
                    9f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:69:FF:5B:48:12:C0:1A:D1:3C:A8:5A:B7:94:78:70:44:28:AA:16
            X509v3 Authority Key Identifier:
                keyid:C8:64:06:26:4E:49:CF:6F:89:CA:5D:2C:6A:F7:50:B3:6E:15:65:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGQGJk5Jz2-Jyl0savdQs24VZWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/nGn_W0gSwBrRPKhat5R4cEQoqhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/874b3b-67de-49ef-8fc1-62dd6ecfe725/1/yGQGJk5Jz2-Jyl0savdQs24VZWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:e2:46:63:94:3e:a4:3d:dd:eb:f7:c8:6b:03:c3:dd:ae:1c:
         85:f1:10:94:c6:92:00:29:31:d6:76:7d:32:05:b5:3b:fb:e4:
         19:32:5b:7f:38:45:10:2d:bc:e1:48:f2:64:bb:ea:84:51:86:
         1a:21:27:c1:f8:aa:41:81:86:1f:6a:da:2a:96:6d:cb:cd:9e:
         a4:91:ec:e9:7f:96:a8:4c:0c:ff:2b:51:73:eb:25:a1:af:a0:
         54:3f:d8:9b:e3:f8:bb:16:57:70:74:5f:f8:b0:2c:00:b5:5d:
         86:ea:7e:17:3c:31:c1:b7:8f:ac:93:04:1c:71:b7:c4:50:15:
         d0:16:0d:eb:7a:97:be:ad:ef:42:94:89:90:df:62:9a:22:21:
         86:ad:83:9a:1f:b9:15:d9:c4:0d:c2:cf:f0:db:ec:e0:b0:2f:
         17:ce:b0:2b:8d:7d:07:08:10:53:dd:c0:97:31:7b:c6:80:d6:
         46:f3:61:ee:63:4e:44:2e:f5:e1:0e:45:33:b2:fb:84:fd:e3:
         71:51:24:32:2d:5b:a0:26:bf:57:d4:60:2f:d5:07:96:d4:8e:
         ce:56:7f:4f:a7:fa:13:49:16:3e:f5:b3:98:06:ed:9b:5e:bd:
         42:3f:72:34:57:ca:b9:7a:58:dd:3e:6a:5a:44:eb:4f:00:33:
         a5:1f:5e:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ3r8V4UIcktL+sakbSLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NjQwNjI2NGU0OWNmNmY4OWNhNWQyYzZhZjc1MGIzNmUx
NTY1NjQwHhcNMjUwMTAxMDk0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzY5ZmY1YjQ4MTJjMDFhZDEzY2E4NWFiNzk0Nzg3MDQ0MjhhYTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXqF3otRnIp1uG78zZG9cgb0GVDu
k6TbD2vpOw5Ovdh8phAbHMtRfYltCvtXCqtK867BD00ckpLulOe3LbDwki3ruPhV
wlvBSYXvgD8MfYTtkC5YYxa26WR/SwKGxk/QUWoXLjBW1/ys31+MYPos6QIpEx/G
udeMQXEqX+NstQfpNkt23spGRaBXKdhfgJzLuV5D8RXjsvVsENm8uskAtPauVzlc
1xtVcBeSusbb9bzqQQyyeclr/CyfqE+UKo5XUy0UHBQS9KF08ujwVAF8PlJH/7kU
ayDF1wFaA+pQQfvUoGAX8POI6AlZIDgXZSGXbKMBRjfenKD5G0/8nZWfeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxp/1tIEsAa0TyoWreUeHBEKKoWMB8GA1UdIwQY
MBaAFMhkBiZOSc9vicpdLGr3ULNuFWVkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUdRR0prNUp6Mi1KeWwwc2F2ZFFzMjRWWldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC84NzRiM2ItNjdkZS00OWVmLThmYzEt
NjJkZDZlY2ZlNzI1LzEvbkduX1cwZ1N3QnJSUEtoYXQ1UjRjRVFvcWhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC84NzRiM2ItNjdkZS00OWVmLThmYzEtNjJkZDZlY2ZlNzI1
LzEveUdRR0prNUp6Mi1KeWwwc2F2ZFFzMjRWWldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjKuMA0G
CSqGSIb3DQEBCwUAA4IBAQAq4kZjlD6kPd3r98hrA8PdrhyF8RCUxpIAKTHWdn0y
BbU7++QZMlt/OEUQLbzhSPJku+qEUYYaISfB+KpBgYYfatoqlm3LzZ6kkezpf5ao
TAz/K1Fz6yWhr6BUP9ib4/i7FldwdF/4sCwAtV2G6n4XPDHBt4+skwQccbfEUBXQ
Fg3repe+re9ClImQ32KaIiGGrYOaH7kV2cQNws/w2+zgsC8XzrArjX0HCBBT3cCX
MXvGgNZG82HuY05ELvXhDkUzsvuE/eNxUSQyLVugJr9X1GAv1QeW1I7OVn9Pp/oT
SRY+9bOYBu2bXr1CP3I0V8q5eljdPmpaROtPADOlH143
-----END CERTIFICATE-----