Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/1f8bb8-6342-440f-b05f-9f2cc64e0745/1/nw-D0-xCQCmGycdBjGXn8wi5MuM.roa
File:                     nw-D0-xCQCmGycdBjGXn8wi5MuM.roa (raw, json)
Hash identifier:          nKsnExtzborlOQZaSxTXBCMhOUXnWDueTO8O5XQEnq8=
Subject key identifier:   9F:0F:83:D3:EC:42:40:29:86:C9:C7:41:8C:65:E7:F3:08:B9:32:E3
Certificate issuer:       /CN=5e3cb7d982c7f9edbc93d4cb42b94fa029c382df
Certificate serial:       018CC80109D2581618B15B388306D30061B1
Authority key identifier: 5E:3C:B7:D9:82:C7:F9:ED:BC:93:D4:CB:42:B9:4F:A0:29:C3:82:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xjy32YLH-e28k9TLQrlPoCnDgt8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/1f8bb8-6342-440f-b05f-9f2cc64e0745/1/nw-D0-xCQCmGycdBjGXn8wi5MuM.roa
Signing time:             Tue 02 Jan 2024 02:29:20 +0000
ROA not before:           Tue 02 Jan 2024 02:29:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207810
IP address blocks:        185.167.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/1f8bb8-6342-440f-b05f-9f2cc64e0745/1/Xjy32YLH-e28k9TLQrlPoCnDgt8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/1f8bb8-6342-440f-b05f-9f2cc64e0745/1/Xjy32YLH-e28k9TLQrlPoCnDgt8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xjy32YLH-e28k9TLQrlPoCnDgt8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:09:d2:58:16:18:b1:5b:38:83:06:d3:00:61:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e3cb7d982c7f9edbc93d4cb42b94fa029c382df
        Validity
            Not Before: Jan  2 02:29:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f0f83d3ec42402986c9c7418c65e7f308b932e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:90:95:96:08:e0:8e:4f:78:59:1e:ec:15:1b:
                    52:29:eb:cc:ba:49:24:d9:67:51:3b:5f:b3:2d:61:
                    3c:11:e3:b4:df:6c:5b:02:75:8c:3a:43:27:d0:36:
                    69:c3:f6:ff:02:71:18:39:1f:08:d9:ed:08:e8:8f:
                    23:fa:42:08:b7:9a:8b:cf:b9:40:c7:61:5e:39:17:
                    c2:d4:6f:58:a4:92:f9:b6:db:4d:3f:91:c8:f3:dd:
                    4a:a2:d4:4b:43:55:3e:e9:89:de:91:46:06:ec:8e:
                    0e:95:43:a8:00:ce:36:8c:5d:2f:a8:bd:af:77:84:
                    0c:a8:5b:4a:8e:56:42:21:c9:7c:0f:6e:e9:a7:1f:
                    a0:ff:92:ce:3e:2d:6e:87:79:4d:40:69:b9:90:d1:
                    60:6a:de:a3:ca:56:e6:18:ee:82:32:ca:a2:98:d5:
                    0e:2c:2a:6b:58:b2:aa:4f:a5:34:51:5c:0e:d1:ba:
                    27:14:96:1d:79:80:8a:71:52:8f:5b:a8:8f:08:d4:
                    c1:0a:ca:ed:01:dd:99:07:ac:43:88:0e:67:69:9b:
                    62:a4:2a:45:f2:0d:75:79:45:b5:bc:b6:88:aa:e1:
                    d8:8a:1d:da:e6:26:2a:20:04:37:ab:5d:0e:2c:f4:
                    3f:eb:4e:86:29:28:ef:68:bb:b9:4f:99:db:22:b9:
                    5c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:0F:83:D3:EC:42:40:29:86:C9:C7:41:8C:65:E7:F3:08:B9:32:E3
            X509v3 Authority Key Identifier:
                keyid:5E:3C:B7:D9:82:C7:F9:ED:BC:93:D4:CB:42:B9:4F:A0:29:C3:82:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xjy32YLH-e28k9TLQrlPoCnDgt8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/1f8bb8-6342-440f-b05f-9f2cc64e0745/1/nw-D0-xCQCmGycdBjGXn8wi5MuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/1f8bb8-6342-440f-b05f-9f2cc64e0745/1/Xjy32YLH-e28k9TLQrlPoCnDgt8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:3a:fb:84:fc:35:8d:1e:86:62:5f:1d:50:51:fe:53:48:f1:
         c5:dc:81:fa:d8:57:19:e8:0c:0e:1e:54:51:f0:f6:27:e4:5d:
         10:ea:e6:e3:dc:d3:80:29:cd:b4:60:73:07:3c:b2:a7:43:85:
         b9:42:09:a6:1d:7d:f4:d0:a9:54:7b:3c:4e:55:36:6f:76:bd:
         0d:b7:d0:46:e8:7c:60:0a:40:5d:dd:4e:15:92:65:32:b7:70:
         0f:c9:78:fc:9a:e0:e4:d7:53:fd:4e:59:d2:d6:f6:27:62:1b:
         35:96:68:3e:75:38:be:41:21:8a:dd:8b:4a:72:d6:df:06:49:
         9d:85:df:10:1e:19:f4:0d:8b:c0:94:3d:5c:12:80:0e:90:ab:
         6c:75:79:82:6f:dc:10:b0:7e:d1:72:06:08:d9:e0:dd:69:97:
         b1:4c:62:28:31:2a:25:f9:62:b6:54:96:b5:8b:54:2e:0a:9a:
         85:76:6b:4e:ff:7e:89:49:5e:ed:ea:a0:ad:a2:05:e6:96:ef:
         7e:90:d3:7c:05:d3:a8:e1:7a:b1:72:98:d3:da:b0:1e:cd:8c:
         5e:28:8d:20:70:13:fd:3d:ee:20:db:8d:3f:71:61:0a:8b:30:
         11:bf:f4:5b:55:27:48:71:f3:15:ec:db:4c:62:c7:bf:f8:44:
         59:5f:38:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAQnSWBYYsVs4gwbTAGGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlM2NiN2Q5ODJjN2Y5ZWRiYzkzZDRjYjQyYjk0ZmEwMjlj
MzgyZGYwHhcNMjQwMTAyMDIyOTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjBmODNkM2VjNDI0MDI5ODZjOWM3NDE4YzY1ZTdmMzA4YjkzMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypCVlgjgjk94WR7sFRtSKevMukkk
2WdRO1+zLWE8EeO032xbAnWMOkMn0DZpw/b/AnEYOR8I2e0I6I8j+kIIt5qLz7lA
x2FeORfC1G9YpJL5tttNP5HI891KotRLQ1U+6YnekUYG7I4OlUOoAM42jF0vqL2v
d4QMqFtKjlZCIcl8D27ppx+g/5LOPi1uh3lNQGm5kNFgat6jylbmGO6CMsqimNUO
LCprWLKqT6U0UVwO0bonFJYdeYCKcVKPW6iPCNTBCsrtAd2ZB6xDiA5naZtipCpF
8g11eUW1vLaIquHYih3a5iYqIAQ3q10OLPQ/606GKSjvaLu5T5nbIrlcFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8Pg9PsQkAphsnHQYxl5/MIuTLjMB8GA1UdIwQY
MBaAFF48t9mCx/ntvJPUy0K5T6Apw4LfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGp5MzJZTEgtZTI4azlUTFFybFBvQ25EZ3Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi8xZjhiYjgtNjM0Mi00NDBmLWIwNWYt
OWYyY2M2NGUwNzQ1LzEvbnctRDAteENRQ21HeWNkQmpHWG44d2k1TXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi8xZjhiYjgtNjM0Mi00NDBmLWIwNWYtOWYyY2M2NGUwNzQ1
LzEvWGp5MzJZTEgtZTI4azlUTFFybFBvQ25EZ3Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafZMA0G
CSqGSIb3DQEBCwUAA4IBAQBGOvuE/DWNHoZiXx1QUf5TSPHF3IH62FcZ6AwOHlRR
8PYn5F0Q6ubj3NOAKc20YHMHPLKnQ4W5QgmmHX300KlUezxOVTZvdr0Nt9BG6Hxg
CkBd3U4VkmUyt3APyXj8muDk11P9TlnS1vYnYhs1lmg+dTi+QSGK3YtKctbfBkmd
hd8QHhn0DYvAlD1cEoAOkKtsdXmCb9wQsH7RcgYI2eDdaZexTGIoMSol+WK2VJa1
i1QuCpqFdmtO/36JSV7t6qCtogXmlu9+kNN8BdOo4XqxcpjT2rAezYxeKI0gcBP9
Pe4g240/cWEKizARv/RbVSdIcfMV7NtMYse/+ERZXzgT
-----END CERTIFICATE-----