Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/nZLouYJBG9OmqSmoOJICH6UNAnM.roa
File:                     nZLouYJBG9OmqSmoOJICH6UNAnM.roa (raw, json)
Hash identifier:          fmTUM7Sq0SkG7XLcZ14wrgwIRK1bvQ48wK3wBIUT9wc=
Subject key identifier:   9D:92:E8:B9:82:41:1B:D3:A6:A9:29:A8:38:92:02:1F:A5:0D:02:73
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       01933006285A2E21060B96B8CBF1F19957D6
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/nZLouYJBG9OmqSmoOJICH6UNAnM.roa
Signing time:             Fri 15 Nov 2024 13:32:10 +0000
ROA not before:           Fri 15 Nov 2024 13:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207241
IP address blocks:        193.200.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:30:06:28:5a:2e:21:06:0b:96:b8:cb:f1:f1:99:57:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Nov 15 13:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d92e8b982411bd3a6a929a83892021fa50d0273
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:cb:f9:e4:32:f0:e2:6b:b1:cc:39:1d:40:50:
                    f9:15:5b:f6:80:e5:6b:61:7a:83:b1:d0:4f:97:2e:
                    17:17:cf:5f:ed:2e:64:d0:65:d5:54:8a:c7:1e:9a:
                    96:a3:4f:29:b4:7d:b9:bd:5e:b7:a7:60:fb:36:03:
                    21:cf:cf:15:3a:9f:55:30:58:b4:81:4f:c7:a6:49:
                    63:5a:d6:6f:ab:8f:fe:02:bd:05:08:4c:38:f4:4c:
                    87:46:37:c8:be:cf:7e:c7:65:9a:bc:e1:0d:5b:e7:
                    6c:51:cf:27:f0:b2:de:32:f0:f3:a2:98:cc:08:87:
                    13:8c:23:f9:c3:11:ea:57:b5:6c:5a:e5:25:f3:d4:
                    fc:42:c8:45:09:93:58:00:b3:a3:eb:49:d8:22:fc:
                    03:dc:99:2a:db:cc:98:1e:42:95:8c:33:03:f4:5a:
                    36:31:d6:0e:52:3c:bf:de:ff:fa:a6:95:94:20:e6:
                    b1:c1:2e:6b:dc:aa:91:9b:b2:ce:f7:65:e5:79:56:
                    07:84:35:4e:b9:b9:1d:bb:0e:85:64:13:6b:5d:58:
                    14:fe:17:fe:33:3c:3f:e3:55:f3:22:a4:ef:6d:ed:
                    af:ef:82:c6:9c:83:4b:66:3a:f5:35:db:77:1b:00:
                    61:f8:8a:a6:3a:b0:6f:e1:7f:54:63:bc:38:e1:4b:
                    75:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:92:E8:B9:82:41:1B:D3:A6:A9:29:A8:38:92:02:1F:A5:0D:02:73
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/nZLouYJBG9OmqSmoOJICH6UNAnM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:c1:6d:1b:f0:a8:f2:92:34:34:46:7d:c4:20:30:0b:23:55:
         e3:92:88:b1:cb:a7:32:06:5a:99:32:e2:6e:73:70:48:83:c8:
         27:7d:b1:93:40:1c:2f:be:1a:66:34:fc:db:26:52:54:aa:e2:
         b0:1c:56:71:19:c6:c3:3c:c9:5c:91:68:1d:f5:fd:f8:1e:00:
         02:7d:4c:16:8b:c1:d7:ed:04:2f:8a:f8:2c:e7:10:18:6f:e1:
         04:16:d3:3c:ac:f0:87:e3:fb:7b:60:1d:3b:7b:99:a2:a0:89:
         8f:a3:7e:8b:88:62:c8:0a:bd:4d:f6:d4:a5:a2:0c:3b:3a:c1:
         d2:7c:ec:59:b0:d9:aa:c4:62:21:57:cc:cb:31:d3:b1:0e:36:
         52:91:a1:1b:b6:0a:15:a4:34:93:80:26:a9:f0:7f:55:37:f9:
         0b:c9:5a:e3:ae:4f:bb:72:e3:c3:dc:39:6d:68:b3:43:ea:ad:
         6c:50:64:81:df:2d:a2:55:b1:be:42:db:88:71:02:c2:bb:69:
         6e:98:1e:f7:77:fb:f0:7c:09:f1:39:ff:73:b9:a7:06:8b:da:
         ad:6b:d6:bf:ed:ac:38:82:ad:46:3b:e1:64:c5:27:bc:d8:04:
         df:1a:2b:28:ac:7b:e9:2d:3f:a1:e5:07:19:07:10:e9:bb:21:
         2e:67:2f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMwBihaLiEGC5a4y/HxmVfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQxMTE1MTMzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDkyZThiOTgyNDExYmQzYTZhOTI5YTgzODkyMDIxZmE1MGQwMjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMv55DLw4muxzDkdQFD5FVv2gOVr
YXqDsdBPly4XF89f7S5k0GXVVIrHHpqWo08ptH25vV63p2D7NgMhz88VOp9VMFi0
gU/HpkljWtZvq4/+Ar0FCEw49EyHRjfIvs9+x2WavOENW+dsUc8n8LLeMvDzopjM
CIcTjCP5wxHqV7VsWuUl89T8QshFCZNYALOj60nYIvwD3Jkq28yYHkKVjDMD9Fo2
MdYOUjy/3v/6ppWUIOaxwS5r3KqRm7LO92XleVYHhDVOubkduw6FZBNrXVgU/hf+
Mzw/41XzIqTvbe2v74LGnINLZjr1Ndt3GwBh+IqmOrBv4X9UY7w44Ut17wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2S6LmCQRvTpqkpqDiSAh+lDQJzMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvblpMb3VZSkJHOU9tcVNtb09KSUNINlVOQW5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwci1MA0G
CSqGSIb3DQEBCwUAA4IBAQCbwW0b8KjykjQ0Rn3EIDALI1Xjkoixy6cyBlqZMuJu
c3BIg8gnfbGTQBwvvhpmNPzbJlJUquKwHFZxGcbDPMlckWgd9f34HgACfUwWi8HX
7QQvivgs5xAYb+EEFtM8rPCH4/t7YB07e5mioImPo36LiGLICr1N9tSlogw7OsHS
fOxZsNmqxGIhV8zLMdOxDjZSkaEbtgoVpDSTgCap8H9VN/kLyVrjrk+7cuPD3Dlt
aLND6q1sUGSB3y2iVbG+QtuIcQLCu2lumB73d/vwfAnxOf9zuacGi9qta9a/7aw4
gq1GO+FkxSe82ATfGisorHvpLT+h5QcZBxDpuyEuZy+w
-----END CERTIFICATE-----