Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/a2be14-aec9-4ada-8784-debe5747b293/1/nhlklxbuDjVUor5UO5tkTgBHggk.roa
File:                     nhlklxbuDjVUor5UO5tkTgBHggk.roa (raw, json)
Hash identifier:          gIRioTZ0taIJVPWEwwqMgECoL06InpQGuJtYcu8J+XQ=
Subject key identifier:   9E:19:64:97:16:EE:0E:35:54:A2:BE:54:3B:9B:64:4E:00:47:82:09
Certificate issuer:       /CN=113f03bf1451eee62ea72405fa8b64abfae3c4e9
Certificate serial:       0194252163CC3EF7B7F5FF8A1611F3CB12BB
Authority key identifier: 11:3F:03:BF:14:51:EE:E6:2E:A7:24:05:FA:8B:64:AB:FA:E3:C4:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ET8DvxRR7uYupyQF-otkq_rjxOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/a2be14-aec9-4ada-8784-debe5747b293/1/nhlklxbuDjVUor5UO5tkTgBHggk.roa
Signing time:             Thu 02 Jan 2025 03:48:52 +0000
ROA not before:           Thu 02 Jan 2025 03:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60627
IP address blocks:        193.228.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/a2be14-aec9-4ada-8784-debe5747b293/1/ET8DvxRR7uYupyQF-otkq_rjxOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/a2be14-aec9-4ada-8784-debe5747b293/1/ET8DvxRR7uYupyQF-otkq_rjxOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ET8DvxRR7uYupyQF-otkq_rjxOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:63:cc:3e:f7:b7:f5:ff:8a:16:11:f3:cb:12:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=113f03bf1451eee62ea72405fa8b64abfae3c4e9
        Validity
            Not Before: Jan  2 03:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e19649716ee0e3554a2be543b9b644e00478209
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c0:e0:87:c2:b4:5a:68:f5:cf:8b:d7:b6:68:
                    74:b0:42:09:03:e4:7c:f8:67:d8:4c:53:21:9f:f7:
                    60:87:0e:29:4b:13:f0:c4:2b:1a:f8:04:b2:54:b6:
                    66:af:f5:3e:54:0c:74:65:59:b3:c6:dc:5f:25:92:
                    6d:f2:ea:3b:f0:64:35:36:6f:6b:d8:7a:a8:1f:0e:
                    f9:ab:de:98:f4:3c:b4:a8:a8:ec:5b:46:1c:5c:a5:
                    0c:0c:d2:65:3b:76:78:53:77:2c:c0:35:e7:6f:92:
                    b0:21:69:83:45:76:8c:33:76:96:3a:ec:d2:4a:c4:
                    bf:45:8b:0e:48:53:ff:da:01:9c:66:1b:23:c8:34:
                    5d:e5:cc:e8:d1:21:2a:dc:0d:4f:31:16:b4:df:4d:
                    a4:15:0b:b7:98:19:85:60:c1:96:bd:27:80:f5:6b:
                    e4:42:cb:cc:63:77:b7:80:51:32:2a:fe:b6:c5:cd:
                    a5:90:c6:41:e5:93:1a:3e:60:f9:11:c7:89:c9:c1:
                    b2:b2:a4:dd:1d:6b:15:f4:78:ee:06:8e:c8:6d:ff:
                    e0:34:28:ca:08:d1:ca:37:4b:2b:5b:28:0e:6e:b5:
                    7a:2f:c9:4a:61:4c:4e:0e:c5:de:c5:25:76:16:a9:
                    b7:ac:ff:3a:72:45:44:58:bb:07:8f:21:63:dd:57:
                    81:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:19:64:97:16:EE:0E:35:54:A2:BE:54:3B:9B:64:4E:00:47:82:09
            X509v3 Authority Key Identifier:
                keyid:11:3F:03:BF:14:51:EE:E6:2E:A7:24:05:FA:8B:64:AB:FA:E3:C4:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ET8DvxRR7uYupyQF-otkq_rjxOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a2be14-aec9-4ada-8784-debe5747b293/1/nhlklxbuDjVUor5UO5tkTgBHggk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/a2be14-aec9-4ada-8784-debe5747b293/1/ET8DvxRR7uYupyQF-otkq_rjxOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.228.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:c1:ae:af:30:35:0f:48:e4:47:f7:ae:b2:3b:d8:72:b4:63:
         ed:2b:6d:11:82:42:6f:d0:c2:47:47:65:12:54:69:ca:ce:92:
         6a:04:f9:5d:91:48:26:64:01:78:01:4f:01:69:13:7f:69:f8:
         5c:df:74:08:2d:ee:3c:b7:06:95:5e:a0:bc:78:85:5f:a9:62:
         68:44:91:89:f2:f6:3a:db:22:5b:a3:8b:75:71:cf:f9:45:90:
         24:f8:88:b2:e1:cb:55:2f:5c:03:fc:d4:f5:2c:4f:b5:45:6c:
         48:13:11:94:f4:e5:82:3c:5f:f2:7c:0c:cf:a4:4a:8e:4a:92:
         d5:55:87:7d:07:16:c4:f4:37:e6:12:c6:65:07:44:c0:cf:4f:
         66:38:7f:60:3e:39:12:74:cf:81:6a:14:fc:5c:0b:29:31:83:
         0e:de:42:22:87:b6:69:a3:d5:82:4c:a3:b7:39:13:db:4a:86:
         16:80:09:bb:90:2c:95:b7:25:b7:f3:14:a3:4b:10:49:b4:c2:
         51:1b:e3:66:3b:b6:cb:f4:20:31:df:02:a0:f8:d6:2b:3e:78:
         35:ec:e5:64:a1:3d:71:e5:ec:98:00:09:1e:7f:b1:bc:92:84:
         93:85:64:cf:61:7e:00:a5:fc:74:dc:f5:ca:2d:73:07:95:44:
         65:69:1d:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWPMPve39f+KFhHzyxK7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExM2YwM2JmMTQ1MWVlZTYyZWE3MjQwNWZhOGI2NGFiZmFl
M2M0ZTkwHhcNMjUwMTAyMDM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTE5NjQ5NzE2ZWUwZTM1NTRhMmJlNTQzYjliNjQ0ZTAwNDc4MjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcDgh8K0Wmj1z4vXtmh0sEIJA+R8
+GfYTFMhn/dghw4pSxPwxCsa+ASyVLZmr/U+VAx0ZVmzxtxfJZJt8uo78GQ1Nm9r
2HqoHw75q96Y9Dy0qKjsW0YcXKUMDNJlO3Z4U3cswDXnb5KwIWmDRXaMM3aWOuzS
SsS/RYsOSFP/2gGcZhsjyDRd5czo0SEq3A1PMRa0302kFQu3mBmFYMGWvSeA9Wvk
QsvMY3e3gFEyKv62xc2lkMZB5ZMaPmD5EceJycGysqTdHWsV9HjuBo7Ibf/gNCjK
CNHKN0srWygObrV6L8lKYUxODsXexSV2Fqm3rP86ckVEWLsHjyFj3VeBrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4ZZJcW7g41VKK+VDubZE4AR4IJMB8GA1UdIwQY
MBaAFBE/A78UUe7mLqckBfqLZKv648TpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVQ4RHZ4UlI3dVl1cHlRRi1vdGtxX3JqeE9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9hMmJlMTQtYWVjOS00YWRhLTg3ODQt
ZGViZTU3NDdiMjkzLzEvbmhsa2x4YnVEalZVb3I1VU81dGtUZ0JIZ2drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9hMmJlMTQtYWVjOS00YWRhLTg3ODQtZGViZTU3NDdiMjkz
LzEvRVQ4RHZ4UlI3dVl1cHlRRi1vdGtxX3JqeE9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAweSIMA0G
CSqGSIb3DQEBCwUAA4IBAQA/wa6vMDUPSORH966yO9hytGPtK20RgkJv0MJHR2US
VGnKzpJqBPldkUgmZAF4AU8BaRN/afhc33QILe48twaVXqC8eIVfqWJoRJGJ8vY6
2yJbo4t1cc/5RZAk+Iiy4ctVL1wD/NT1LE+1RWxIExGU9OWCPF/yfAzPpEqOSpLV
VYd9BxbE9DfmEsZlB0TAz09mOH9gPjkSdM+BahT8XAspMYMO3kIih7Zpo9WCTKO3
ORPbSoYWgAm7kCyVtyW38xSjSxBJtMJRG+NmO7bL9CAx3wKg+NYrPng17OVkoT1x
5eyYAAkef7G8koSThWTPYX4Apfx03PXKLXMHlURlaR2c
-----END CERTIFICATE-----