Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/nLCex99Fex6qDf4taRS7xq0Ho8o.roa
File:                     nLCex99Fex6qDf4taRS7xq0Ho8o.roa (raw, json)
Hash identifier:          p09joS+llhcRvEANJs6w0bdgPv4+ZSLY+3qpdhf/kA8=
Subject key identifier:   9C:B0:9E:C7:DF:45:7B:1E:AA:0D:FE:2D:69:14:BB:C6:AD:07:A3:CA
Certificate issuer:       /CN=3aa32ee01266e018d2365c3bba1772f424179ac2
Certificate serial:       018CC8DF89649B7EF5303ACDCE030DF60F83
Authority key identifier: 3A:A3:2E:E0:12:66:E0:18:D2:36:5C:3B:BA:17:72:F4:24:17:9A:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OqMu4BJm4BjSNlw7uhdy9CQXmsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/nLCex99Fex6qDf4taRS7xq0Ho8o.roa
Signing time:             Tue 02 Jan 2024 06:32:22 +0000
ROA not before:           Tue 02 Jan 2024 06:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        193.104.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/OqMu4BJm4BjSNlw7uhdy9CQXmsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/OqMu4BJm4BjSNlw7uhdy9CQXmsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OqMu4BJm4BjSNlw7uhdy9CQXmsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:89:64:9b:7e:f5:30:3a:cd:ce:03:0d:f6:0f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aa32ee01266e018d2365c3bba1772f424179ac2
        Validity
            Not Before: Jan  2 06:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cb09ec7df457b1eaa0dfe2d6914bbc6ad07a3ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:3c:a5:82:6f:04:88:6a:d8:c6:5c:e1:e7:43:
                    58:77:65:86:4c:65:62:46:7e:b0:18:fe:4d:fc:73:
                    1a:82:43:21:7b:b2:21:34:c3:89:b9:d1:62:e8:85:
                    30:58:39:2b:e6:bb:35:2d:53:8a:fe:a1:76:b0:e9:
                    69:ce:2f:00:10:5f:3d:fd:01:17:74:98:48:29:0f:
                    62:c6:59:cb:ca:90:46:1f:fb:90:7b:ce:11:f9:cd:
                    97:ff:09:b2:56:c5:4c:d9:98:d3:7c:e2:4a:ae:e4:
                    47:ef:bb:f7:a8:86:b0:16:d4:98:18:0a:41:e4:b2:
                    02:af:ee:ea:1c:88:8d:7b:7f:5c:03:c5:31:46:ba:
                    19:96:ad:a6:cc:27:37:4f:39:3f:1b:04:27:68:52:
                    b7:42:fb:2f:67:ba:1d:e5:60:e3:68:7c:a5:86:6b:
                    a4:74:67:67:66:13:d5:09:0d:80:7c:7e:f0:8e:c3:
                    21:53:9f:77:96:56:c0:b0:bb:5e:62:b6:1e:d9:44:
                    87:ba:55:3b:39:cc:6e:44:72:53:bb:d7:b3:32:9d:
                    1d:56:de:d1:9f:ff:d7:b9:e3:0d:ea:1c:66:4b:68:
                    0c:77:46:92:fd:d7:17:76:b3:96:0f:45:b3:c3:a5:
                    c6:af:27:6d:e9:04:8d:a9:42:14:52:94:9c:14:99:
                    56:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:B0:9E:C7:DF:45:7B:1E:AA:0D:FE:2D:69:14:BB:C6:AD:07:A3:CA
            X509v3 Authority Key Identifier:
                keyid:3A:A3:2E:E0:12:66:E0:18:D2:36:5C:3B:BA:17:72:F4:24:17:9A:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OqMu4BJm4BjSNlw7uhdy9CQXmsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/nLCex99Fex6qDf4taRS7xq0Ho8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/a13a17-6c73-4c78-9752-949dbe9b57fe/1/OqMu4BJm4BjSNlw7uhdy9CQXmsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:79:fa:60:27:c8:ca:70:3b:01:67:2b:56:cc:15:a0:fa:68:
         54:dc:d3:db:0e:ac:84:ca:6d:c8:de:1c:e4:17:90:80:33:71:
         95:93:38:a0:b0:68:76:af:f6:14:46:5c:90:80:09:a8:43:bc:
         c5:6d:bd:29:3d:64:48:82:50:29:cf:c9:fc:bc:6b:3c:e0:80:
         e3:2a:1c:2b:3c:db:c6:2d:6c:51:55:2c:79:e5:4a:e8:16:4e:
         81:72:8d:22:1c:e5:61:75:50:84:84:34:91:63:17:6f:54:6a:
         cd:87:f0:57:2b:40:e1:f4:4f:43:8c:cc:ea:6d:c6:c6:7b:66:
         17:96:8d:58:a0:8d:38:ea:14:e9:b1:47:e5:a4:de:59:ee:e3:
         da:9f:b2:58:24:fc:c7:08:29:d1:37:ef:c3:3d:c8:cc:e8:f4:
         85:2c:68:19:11:3f:fd:25:e1:2c:ee:68:1b:19:a8:c5:a1:40:
         82:f6:dd:d5:01:c5:ca:af:96:f8:3f:54:1c:b5:9f:a6:f3:05:
         38:e0:99:4f:e7:0b:4d:dc:58:bd:c2:ce:03:1a:97:24:87:f5:
         42:9e:16:89:e0:44:11:f1:ab:12:fd:b8:28:06:d7:fb:74:1a:
         01:c6:cc:fc:58:b3:cb:86:48:99:61:30:8e:20:db:ff:00:d3:
         38:32:d6:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI34lkm371MDrNzgMN9g+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYTMyZWUwMTI2NmUwMThkMjM2NWMzYmJhMTc3MmY0MjQx
NzlhYzIwHhcNMjQwMTAyMDYzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2IwOWVjN2RmNDU3YjFlYWEwZGZlMmQ2OTE0YmJjNmFkMDdhM2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjylgm8EiGrYxlzh50NYd2WGTGVi
Rn6wGP5N/HMagkMhe7IhNMOJudFi6IUwWDkr5rs1LVOK/qF2sOlpzi8AEF89/QEX
dJhIKQ9ixlnLypBGH/uQe84R+c2X/wmyVsVM2ZjTfOJKruRH77v3qIawFtSYGApB
5LICr+7qHIiNe39cA8UxRroZlq2mzCc3Tzk/GwQnaFK3QvsvZ7od5WDjaHylhmuk
dGdnZhPVCQ2AfH7wjsMhU593llbAsLteYrYe2USHulU7OcxuRHJTu9ezMp0dVt7R
n//XueMN6hxmS2gMd0aS/dcXdrOWD0Wzw6XGrydt6QSNqUIUUpScFJlWiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJywnsffRXseqg3+LWkUu8atB6PKMB8GA1UdIwQY
MBaAFDqjLuASZuAY0jZcO7oXcvQkF5rCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3FNdTRCSm00QmpTTmx3N3VoZHk5Q1FYbXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9hMTNhMTctNmM3My00Yzc4LTk3NTIt
OTQ5ZGJlOWI1N2ZlLzEvbkxDZXg5OUZleDZxRGY0dGFSUzd4cTBIbzhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9hMTNhMTctNmM3My00Yzc4LTk3NTItOTQ5ZGJlOWI1N2Zl
LzEvT3FNdTRCSm00QmpTTmx3N3VoZHk5Q1FYbXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWj2MA0G
CSqGSIb3DQEBCwUAA4IBAQBOefpgJ8jKcDsBZytWzBWg+mhU3NPbDqyEym3I3hzk
F5CAM3GVkzigsGh2r/YURlyQgAmoQ7zFbb0pPWRIglApz8n8vGs84IDjKhwrPNvG
LWxRVSx55UroFk6Bco0iHOVhdVCEhDSRYxdvVGrNh/BXK0Dh9E9DjMzqbcbGe2YX
lo1YoI046hTpsUflpN5Z7uPan7JYJPzHCCnRN+/DPcjM6PSFLGgZET/9JeEs7mgb
GajFoUCC9t3VAcXKr5b4P1QctZ+m8wU44JlP5wtN3Fi9ws4DGpckh/VCnhaJ4EQR
8asS/bgoBtf7dBoBxsz8WLPLhkiZYTCOINv/ANM4MtZ6
-----END CERTIFICATE-----