Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/niWr3Oascnc2dv4vtMpqMQ5rdT0.roa
File:                     niWr3Oascnc2dv4vtMpqMQ5rdT0.roa (raw, json)
Hash identifier:          7YKliexZat+idH6ASjqvIyOQlfbpRtjPOTcep4g1qrM=
Subject key identifier:   9E:25:AB:DC:E6:AC:72:77:36:76:FE:2F:B4:CA:6A:31:0E:6B:75:3D
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFAD9682105E449A9BA795D8EA451E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/niWr3Oascnc2dv4vtMpqMQ5rdT0.roa
Signing time:             Tue 02 Jan 2024 06:32:31 +0000
ROA not before:           Tue 02 Jan 2024 06:32:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209224
IP address blocks:        185.217.197.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ad:96:82:10:5e:44:9a:9b:a7:95:d8:ea:45:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e25abdce6ac72773676fe2fb4ca6a310e6b753d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:c4:e4:f3:7a:98:aa:e3:df:6b:70:d3:e9:e0:
                    d7:02:df:7a:27:09:b3:dd:6e:d1:1b:97:6d:8e:d9:
                    74:67:24:25:8c:29:bc:a8:08:2f:a4:74:f2:4d:38:
                    ed:f1:f0:d5:50:7d:de:34:1c:7a:1e:e8:bf:5a:e9:
                    3f:cf:96:7f:b3:1a:c7:81:da:f5:bd:06:9c:5f:16:
                    cc:b3:5f:0d:68:eb:01:4b:44:3a:c7:e3:a8:17:03:
                    7e:fd:f7:0f:82:df:3c:79:c6:29:53:3f:57:1f:b9:
                    df:3a:a3:ea:e7:31:89:46:2c:58:71:d7:f6:f3:55:
                    af:38:eb:16:77:51:3a:e1:cf:9a:a2:98:1c:37:02:
                    3f:d3:ac:31:b2:5e:fb:d8:68:72:70:2e:f6:95:fd:
                    75:26:a3:d0:d2:c0:69:15:ee:1d:5c:f5:75:f0:dd:
                    9b:3a:9c:1c:b3:44:dd:d3:25:67:1d:fe:06:a8:38:
                    b7:ca:e1:61:db:fa:34:86:f2:fe:cb:3f:1c:61:e8:
                    ac:b6:11:81:ae:b3:2a:07:c2:d8:5c:51:bb:a0:42:
                    5b:2e:28:88:77:97:2a:47:ea:80:d1:21:5a:7e:a0:
                    27:a9:9f:f7:9a:06:53:47:9f:70:f7:0a:9a:bf:50:
                    12:85:35:b3:e8:8d:99:72:94:ff:86:48:fa:93:0a:
                    fa:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:25:AB:DC:E6:AC:72:77:36:76:FE:2F:B4:CA:6A:31:0E:6B:75:3D
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/niWr3Oascnc2dv4vtMpqMQ5rdT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:06:6c:ba:8d:78:2c:86:b1:49:52:5d:2b:41:04:37:fa:e5:
         91:22:22:02:59:7e:35:b8:a6:36:7c:53:9a:f2:f2:fa:55:a3:
         da:b0:61:70:53:96:c4:a3:86:af:1a:96:38:a5:4c:70:8e:c9:
         9c:01:d0:bd:93:69:c8:8d:19:34:99:09:49:e0:38:be:b9:b9:
         48:ad:af:70:ad:73:d1:7b:c6:6d:ad:bc:c4:10:76:12:86:58:
         5c:a3:34:01:cd:a2:eb:95:3d:1d:75:01:e5:fa:de:49:81:cd:
         14:68:b4:a6:a5:48:c1:9b:cb:43:9b:ef:e3:e0:40:01:9c:4c:
         ed:4a:90:1c:1e:ec:bc:34:55:6c:9a:76:6d:cc:c7:63:66:d1:
         49:77:d7:0b:4e:90:fa:24:88:30:be:b2:c3:b4:09:6d:f9:76:
         de:9d:e2:75:aa:af:03:d5:db:57:56:6f:43:71:3f:ac:70:74:
         f3:b3:23:1d:c7:d3:20:35:5d:b5:d4:37:d8:e6:1c:eb:6c:02:
         eb:a7:70:40:cd:2a:93:fc:b1:1e:28:ad:eb:75:2d:02:4c:b4:
         b8:d8:39:e8:34:fc:16:da:d8:ba:9b:95:31:f3:79:55:c2:fa:
         f1:ba:81:35:44:93:6b:24:0a:30:bc:18:f8:6f:bb:34:69:00:
         ed:ca:c6:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI362WghBeRJqbp5XY6kUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTI1YWJkY2U2YWM3Mjc3MzY3NmZlMmZiNGNhNmEzMTBlNmI3NTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzsTk83qYquPfa3DT6eDXAt96Jwmz
3W7RG5dtjtl0ZyQljCm8qAgvpHTyTTjt8fDVUH3eNBx6Hui/Wuk/z5Z/sxrHgdr1
vQacXxbMs18NaOsBS0Q6x+OoFwN+/fcPgt88ecYpUz9XH7nfOqPq5zGJRixYcdf2
81WvOOsWd1E64c+aopgcNwI/06wxsl772GhycC72lf11JqPQ0sBpFe4dXPV18N2b
Opwcs0Td0yVnHf4GqDi3yuFh2/o0hvL+yz8cYeisthGBrrMqB8LYXFG7oEJbLiiI
d5cqR+qA0SFafqAnqZ/3mgZTR59w9wqav1AShTWz6I2ZcpT/hkj6kwr62wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4lq9zmrHJ3Nnb+L7TKajEOa3U9MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvbmlXcjNPYXNjbmMyZHY0dnRNcHFNUTVyZFQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudnFMA0G
CSqGSIb3DQEBCwUAA4IBAQAXBmy6jXgshrFJUl0rQQQ3+uWRIiICWX41uKY2fFOa
8vL6VaPasGFwU5bEo4avGpY4pUxwjsmcAdC9k2nIjRk0mQlJ4Di+ublIra9wrXPR
e8ZtrbzEEHYShlhcozQBzaLrlT0ddQHl+t5Jgc0UaLSmpUjBm8tDm+/j4EABnEzt
SpAcHuy8NFVsmnZtzMdjZtFJd9cLTpD6JIgwvrLDtAlt+XbeneJ1qq8D1dtXVm9D
cT+scHTzsyMdx9MgNV211DfY5hzrbALrp3BAzSqT/LEeKK3rdS0CTLS42DnoNPwW
2ti6m5Ux83lVwvrxuoE1RJNrJAowvBj4b7s0aQDtysag
-----END CERTIFICATE-----