Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/NXriI_07fx7jbEdUXH_Ma2BCgtE.roa
File:                     NXriI_07fx7jbEdUXH_Ma2BCgtE.roa (raw, json)
Hash identifier:          FLu40u6ycM/zySyd8FGMzKJy/Wr9RODz4OaC3uPHT3s=
Subject key identifier:   35:7A:E2:23:FD:3B:7F:1E:E3:6C:47:54:5C:7F:CC:6B:60:42:82:D1
Certificate issuer:       /CN=ab4f00f5c3ab3df4c674a410d8a0f0182fb5e918
Certificate serial:       018CC4251BA82E23D7EB586E316535EFFFEE
Authority key identifier: AB:4F:00:F5:C3:AB:3D:F4:C6:74:A4:10:D8:A0:F0:18:2F:B5:E9:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/NXriI_07fx7jbEdUXH_Ma2BCgtE.roa
Signing time:             Mon 01 Jan 2024 08:30:15 +0000
ROA not before:           Mon 01 Jan 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        178.209.64.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1b:a8:2e:23:d7:eb:58:6e:31:65:35:ef:ff:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab4f00f5c3ab3df4c674a410d8a0f0182fb5e918
        Validity
            Not Before: Jan  1 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=357ae223fd3b7f1ee36c47545c7fcc6b604282d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0e:06:23:04:ed:2f:cf:78:bf:fa:01:d4:da:
                    71:ed:ba:b6:b9:66:06:35:96:34:81:99:4d:80:ed:
                    59:83:d4:5c:31:79:4c:31:83:32:ce:ee:a1:42:9a:
                    99:a7:59:f1:0a:91:e0:db:f6:17:10:f4:3c:e4:c5:
                    74:82:e7:e2:f6:ac:1d:9e:d1:15:52:28:a1:b7:5d:
                    14:f0:4b:0c:48:44:57:ad:e6:2a:7f:0f:26:4e:9f:
                    1c:1a:bc:95:d4:87:3c:4b:cb:22:5a:b9:e0:28:3b:
                    57:df:6e:7e:52:ca:ea:a4:6e:d4:67:65:d1:af:c8:
                    bf:1c:f4:d0:00:5f:8b:dc:15:be:d2:e3:39:00:56:
                    2c:51:49:71:bb:8e:f3:d7:1a:9c:99:1e:88:77:f2:
                    08:bc:d7:77:9e:ef:d0:bb:07:cd:75:8a:1d:4b:5d:
                    12:a5:ee:32:9d:cd:50:37:4f:ad:cd:e9:fc:5f:be:
                    49:80:27:cd:be:3d:b7:91:ac:c1:e7:4b:0a:d0:82:
                    af:0c:57:65:26:37:1d:96:64:c1:5a:7e:6b:df:83:
                    00:fd:42:39:8a:fb:cf:88:51:56:08:8b:34:97:a3:
                    e0:52:34:92:37:d3:db:97:f9:1f:58:b4:90:b0:a2:
                    27:19:41:1a:9d:a4:b9:d5:2c:41:9c:0c:94:5f:af:
                    59:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:7A:E2:23:FD:3B:7F:1E:E3:6C:47:54:5C:7F:CC:6B:60:42:82:D1
            X509v3 Authority Key Identifier:
                keyid:AB:4F:00:F5:C3:AB:3D:F4:C6:74:A4:10:D8:A0:F0:18:2F:B5:E9:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q08A9cOrPfTGdKQQ2KDwGC-16Rg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/NXriI_07fx7jbEdUXH_Ma2BCgtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a1f212-ba35-466b-b52e-3853d340c9a6/1/q08A9cOrPfTGdKQQ2KDwGC-16Rg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.209.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         30:a6:86:a1:59:70:db:62:3a:cb:ea:c4:8f:30:83:93:c8:be:
         9c:b9:06:d3:8d:62:60:78:b7:ba:2c:c2:e8:9d:19:73:e6:bf:
         f7:1b:c0:2e:26:4b:ff:06:f0:36:28:e2:f6:4e:ae:54:9d:87:
         2d:39:55:1b:77:dc:d2:27:20:b1:e6:23:e7:34:c6:7d:42:11:
         81:98:5f:8d:6c:c1:44:c3:30:09:73:f0:c6:b5:d1:25:9f:e3:
         ff:e8:27:4e:db:93:3c:ed:12:31:d9:64:73:99:01:13:fb:68:
         43:ab:6e:1e:01:c6:08:74:4f:23:ae:04:62:c7:4e:91:b8:9d:
         e8:66:f6:1b:75:41:ca:2d:39:49:6e:14:53:39:a8:ee:b0:01:
         cf:c0:4a:a0:6b:ca:30:a1:ef:f6:f3:eb:56:96:cb:df:a3:43:
         aa:17:49:da:29:d8:ce:2e:81:02:eb:3e:e6:95:26:ab:d1:a6:
         f2:c3:62:cf:e3:e2:4d:2f:36:7d:e0:bb:3d:c6:0c:b4:f9:90:
         4e:a7:90:bc:ad:06:cc:3a:aa:e7:2a:46:72:0d:5a:83:f1:47:
         2b:03:12:df:4a:f9:01:65:d1:12:04:c3:00:ad:84:87:1b:e0:
         7c:06:9b:22:ff:c3:99:aa:50:7b:4e:a8:46:b4:fe:8a:08:7b:
         71:da:7e:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRuoLiPX61huMWU17//uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNGYwMGY1YzNhYjNkZjRjNjc0YTQxMGQ4YTBmMDE4MmZi
NWU5MTgwHhcNMjQwMTAxMDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTdhZTIyM2ZkM2I3ZjFlZTM2YzQ3NTQ1YzdmY2M2YjYwNDI4MmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyg4GIwTtL894v/oB1Npx7bq2uWYG
NZY0gZlNgO1Zg9RcMXlMMYMyzu6hQpqZp1nxCpHg2/YXEPQ85MV0gufi9qwdntEV
Uiiht10U8EsMSERXreYqfw8mTp8cGryV1Ic8S8siWrngKDtX325+UsrqpG7UZ2XR
r8i/HPTQAF+L3BW+0uM5AFYsUUlxu47z1xqcmR6Id/IIvNd3nu/QuwfNdYodS10S
pe4ync1QN0+tzen8X75JgCfNvj23kazB50sK0IKvDFdlJjcdlmTBWn5r34MA/UI5
ivvPiFFWCIs0l6PgUjSSN9Pbl/kfWLSQsKInGUEanaS51SxBnAyUX69ZZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDV64iP9O38e42xHVFx/zGtgQoLRMB8GA1UdIwQY
MBaAFKtPAPXDqz30xnSkENig8BgvtekYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTA4QTljT3JQZlRHZEtRUTJLRHdHQy0xNlJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMWYyMTItYmEzNS00NjZiLWI1MmUt
Mzg1M2QzNDBjOWE2LzEvTlhyaUlfMDdmeDdqYkVkVVhIX01hMkJDZ3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMWYyMTItYmEzNS00NjZiLWI1MmUtMzg1M2QzNDBjOWE2
LzEvcTA4QTljT3JQZlRHZEtRUTJLRHdHQy0xNlJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEstFAMA0G
CSqGSIb3DQEBCwUAA4IBAQAwpoahWXDbYjrL6sSPMIOTyL6cuQbTjWJgeLe6LMLo
nRlz5r/3G8AuJkv/BvA2KOL2Tq5UnYctOVUbd9zSJyCx5iPnNMZ9QhGBmF+NbMFE
wzAJc/DGtdEln+P/6CdO25M87RIx2WRzmQET+2hDq24eAcYIdE8jrgRix06RuJ3o
ZvYbdUHKLTlJbhRTOajusAHPwEqga8owoe/28+tWlsvfo0OqF0naKdjOLoEC6z7m
lSar0abyw2LP4+JNLzZ94Ls9xgy0+ZBOp5C8rQbMOqrnKkZyDVqD8UcrAxLfSvkB
ZdESBMMArYSHG+B8Bpsi/8OZqlB7TqhGtP6KCHtx2n4m
-----END CERTIFICATE-----