Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/ntkgPOeEhw1w8c7pIB8Qn_gxjKw.roa
File:                     ntkgPOeEhw1w8c7pIB8Qn_gxjKw.roa (raw, json)
Hash identifier:          TKEJwJ9PAXtRm0KGNnCXuwbzZuFfd3ZcTzQOFPw6XVA=
Subject key identifier:   9E:D9:20:3C:E7:84:87:0D:70:F1:CE:E9:20:1F:10:9F:F8:31:8C:AC
Certificate issuer:       /CN=21a00080cd2cb1bb073903b32b25ad660a366486
Certificate serial:       018CC80155655A9E8ECF76C03ED17148DCC2
Authority key identifier: 21:A0:00:80:CD:2C:B1:BB:07:39:03:B3:2B:25:AD:66:0A:36:64:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/ntkgPOeEhw1w8c7pIB8Qn_gxjKw.roa
Signing time:             Tue 02 Jan 2024 02:29:39 +0000
ROA not before:           Tue 02 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        213.109.76.0/23 maxlen: 23
                          91.239.43.0/24 maxlen: 24
                          195.191.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:55:65:5a:9e:8e:cf:76:c0:3e:d1:71:48:dc:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21a00080cd2cb1bb073903b32b25ad660a366486
        Validity
            Not Before: Jan  2 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ed9203ce784870d70f1cee9201f109ff8318cac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b2:23:a4:45:2b:1f:92:4c:b7:94:c2:16:71:
                    36:06:b2:13:c3:c1:60:a3:3a:1d:af:69:11:b3:5e:
                    e0:b8:c6:64:ce:01:0a:8f:50:e4:38:e0:52:37:9b:
                    4c:d8:58:2e:21:40:15:40:d6:70:91:35:7b:64:5c:
                    59:02:f3:47:4b:96:92:6c:34:96:a5:64:e7:ee:c4:
                    49:87:49:95:53:5e:1a:e8:85:fa:b2:b0:58:8c:b6:
                    ae:07:56:71:c6:7c:3e:a6:8f:25:bc:9f:19:8e:5a:
                    65:1e:f9:a6:af:58:da:0b:b2:c3:d3:3d:aa:99:e0:
                    48:95:60:cd:6d:56:92:cb:7d:76:9a:39:20:37:92:
                    52:bb:d3:3a:21:ca:3c:aa:45:e3:45:a3:23:01:c3:
                    3f:ef:74:bd:04:10:d8:a2:13:89:e0:e8:a9:e6:01:
                    cc:c4:a4:5f:82:fb:a1:14:d3:2b:f2:6d:a9:60:73:
                    d3:80:d3:28:40:fc:4a:f0:51:c5:ac:47:9c:89:12:
                    e9:31:7c:9a:42:14:17:2d:c8:83:e9:43:5a:b5:fb:
                    df:e1:7b:56:77:27:8d:33:87:be:2b:a9:a5:bb:c2:
                    0e:8e:cc:02:8e:ce:41:27:4a:a0:db:1a:e5:84:d2:
                    3a:f9:06:cc:7b:2d:83:69:5b:97:b6:b2:9e:00:af:
                    eb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D9:20:3C:E7:84:87:0D:70:F1:CE:E9:20:1F:10:9F:F8:31:8C:AC
            X509v3 Authority Key Identifier:
                keyid:21:A0:00:80:CD:2C:B1:BB:07:39:03:B3:2B:25:AD:66:0A:36:64:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/ntkgPOeEhw1w8c7pIB8Qn_gxjKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.43.0/24
                  195.191.65.0/24
                  213.109.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:1f:4c:96:c2:e0:13:0d:b8:d0:31:76:6d:f4:ce:4a:e7:97:
         c8:d7:c2:16:f7:25:dc:66:5c:6f:e1:e6:2e:4e:ef:d8:9a:2d:
         9c:e9:ac:fa:8d:ef:8e:6c:d3:14:2f:63:39:32:44:4a:c7:30:
         4d:a4:6b:99:56:da:b1:45:0e:bc:b1:5c:68:81:8f:73:65:52:
         46:c9:24:f8:e0:12:07:9b:37:02:e0:4f:89:40:db:ed:0e:6b:
         db:c8:ec:49:13:1c:59:10:b8:a1:44:32:d2:8e:24:54:d6:87:
         98:29:8c:a5:b1:8f:58:1a:00:79:be:06:1b:ba:8d:25:dd:f2:
         8e:b6:46:22:6f:cd:40:a1:22:51:12:e5:36:ef:20:9e:1b:ee:
         5d:6e:2e:d3:a3:ad:10:80:67:b0:01:d4:ec:00:6d:87:2b:bc:
         7c:b6:92:64:2b:02:cf:4a:91:eb:1e:75:a0:c0:04:9e:aa:72:
         08:a4:ec:3e:2e:33:e7:6a:5a:3a:5e:10:d9:ec:45:b6:59:c7:
         9a:3e:aa:ce:25:8d:e8:2c:e4:70:04:a4:0a:e9:e0:18:b9:46:
         08:17:ee:5f:cb:d6:13:a7:c9:ce:36:67:a5:93:a9:f9:8b:f2:
         8f:f1:61:14:77:d7:fd:cd:da:20:32:5c:54:1c:f5:8b:c3:03:
         d7:a4:e2:76
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAVVlWp6Oz3bAPtFxSNzCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYTAwMDgwY2QyY2IxYmIwNzM5MDNiMzJiMjVhZDY2MGEz
NjY0ODYwHhcNMjQwMTAyMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQ5MjAzY2U3ODQ4NzBkNzBmMWNlZTkyMDFmMTA5ZmY4MzE4Y2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrIjpEUrH5JMt5TCFnE2BrITw8Fg
ozodr2kRs17guMZkzgEKj1DkOOBSN5tM2FguIUAVQNZwkTV7ZFxZAvNHS5aSbDSW
pWTn7sRJh0mVU14a6IX6srBYjLauB1Zxxnw+po8lvJ8ZjlplHvmmr1jaC7LD0z2q
meBIlWDNbVaSy312mjkgN5JSu9M6Ico8qkXjRaMjAcM/73S9BBDYohOJ4Oip5gHM
xKRfgvuhFNMr8m2pYHPTgNMoQPxK8FHFrEeciRLpMXyaQhQXLciD6UNatfvf4XtW
dyeNM4e+K6mlu8IOjswCjs5BJ0qg2xrlhNI6+QbMey2DaVuXtrKeAK/rYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJ7ZIDznhIcNcPHO6SAfEJ/4MYysMB8GA1UdIwQY
MBaAFCGgAIDNLLG7BzkDsyslrWYKNmSGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWFBQWdNMHNzYnNIT1FPekt5V3RaZ28yWklZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82YzNkOWYtOGE0Zi00YTZjLTg1Nzkt
ZTkyZWNlNGQzY2IzLzEvbnRrZ1BPZUVodzF3OGM3cElCOFFuX2d4akt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82YzNkOWYtOGE0Zi00YTZjLTg1NzktZTkyZWNlNGQzY2Iz
LzEvSWFBQWdNMHNzYnNIT1FPekt5V3RaZ28yWklZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+8rAwQA
w79BAwQB1W1MMA0GCSqGSIb3DQEBCwUAA4IBAQBiH0yWwuATDbjQMXZt9M5K55fI
18IW9yXcZlxv4eYuTu/Ymi2c6az6je+ObNMUL2M5MkRKxzBNpGuZVtqxRQ68sVxo
gY9zZVJGyST44BIHmzcC4E+JQNvtDmvbyOxJExxZELihRDLSjiRU1oeYKYylsY9Y
GgB5vgYbuo0l3fKOtkYib81AoSJREuU27yCeG+5dbi7To60QgGewAdTsAG2HK7x8
tpJkKwLPSpHrHnWgwASeqnIIpOw+LjPnalo6XhDZ7EW2WceaPqrOJY3oLORwBKQK
6eAYuUYIF+5fy9YTp8nONmelk6n5i/KP8WEUd9f9zdogMlxUHPWLwwPXpOJ2
-----END CERTIFICATE-----