Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/ntFxttxIno9PUxR_NpSbOFdHlwo.roa
File:                     ntFxttxIno9PUxR_NpSbOFdHlwo.roa (raw, json)
Hash identifier:          yAmte/84lItLdQof0DLEYQob527SBsIQ1SdIKmWcooQ=
Subject key identifier:   9E:D1:71:B6:DC:48:9E:8F:4F:53:14:7F:36:94:9B:38:57:47:97:0A
Certificate issuer:       /CN=e58024b729d99f05133ec6d14390c73eb36db99e
Certificate serial:       018DA85BC2942C2291347FDE8608513F5A0F
Authority key identifier: E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/ntFxttxIno9PUxR_NpSbOFdHlwo.roa
Signing time:             Wed 14 Feb 2024 16:03:22 +0000
ROA not before:           Wed 14 Feb 2024 16:03:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34476
IP address blocks:        82.129.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a8:5b:c2:94:2c:22:91:34:7f:de:86:08:51:3f:5a:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e58024b729d99f05133ec6d14390c73eb36db99e
        Validity
            Not Before: Feb 14 16:03:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ed171b6dc489e8f4f53147f36949b385747970a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:0b:0f:f8:3f:52:f4:4e:f1:cc:76:ea:76:0c:
                    23:fa:15:86:84:e5:56:55:0f:a6:31:95:0b:d9:37:
                    ef:24:7d:fa:a9:70:82:93:f5:b4:bf:6f:1a:0b:aa:
                    80:99:86:ab:20:27:16:b3:26:94:12:78:00:ff:f9:
                    d8:7d:29:c6:e7:49:1c:ca:7f:72:ca:c6:79:81:f0:
                    18:25:2c:a3:16:ee:2c:b1:d7:8d:84:59:63:4f:9c:
                    37:f3:6c:32:8f:17:d9:2d:39:1b:00:f8:ef:93:8f:
                    9d:ce:3f:e2:bb:3a:19:7d:b5:70:f6:13:98:3b:d1:
                    cc:8f:8e:25:af:a8:72:03:b8:5e:51:0f:ed:c4:e7:
                    19:be:fa:aa:ee:ea:71:b8:00:71:5a:60:15:bb:4a:
                    1c:f8:dd:04:9b:32:32:f9:98:d3:38:dd:be:1f:0d:
                    b4:16:29:2e:a5:9e:00:54:ad:3d:84:6c:61:32:9d:
                    a2:05:2f:0c:ca:49:76:6e:cb:2b:50:4a:4e:e9:5e:
                    e6:32:15:f3:6a:71:9c:a1:19:e4:5a:33:8a:06:86:
                    07:75:53:1f:28:95:1d:32:b9:1d:77:d4:b7:e2:ad:
                    2d:b2:a8:17:f7:a2:5f:18:bc:fd:9b:29:69:ee:ad:
                    7b:f8:8a:2b:2e:70:c1:3d:33:8c:e8:b8:af:c0:64:
                    49:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D1:71:B6:DC:48:9E:8F:4F:53:14:7F:36:94:9B:38:57:47:97:0A
            X509v3 Authority Key Identifier:
                keyid:E5:80:24:B7:29:D9:9F:05:13:3E:C6:D1:43:90:C7:3E:B3:6D:B9:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YAktynZnwUTPsbRQ5DHPrNtuZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/ntFxttxIno9PUxR_NpSbOFdHlwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d5628a-d9b1-4da9-a744-956f6b5c6170/1/5YAktynZnwUTPsbRQ5DHPrNtuZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.129.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:d6:f2:55:d7:fc:39:7e:d0:08:13:19:90:0d:c0:bd:cc:56:
         0f:db:dc:09:c1:18:f7:42:18:60:bb:ae:0c:ac:24:d4:f7:65:
         31:54:08:10:ad:37:45:ef:f9:a7:eb:3d:79:82:c4:e7:a2:95:
         03:71:ea:55:c5:a8:cc:3c:68:b4:62:bb:f9:7a:fd:13:4d:7b:
         7a:ff:5c:98:b8:b2:36:c1:7e:06:5a:98:62:50:bd:36:8f:49:
         54:31:71:83:c7:11:08:ec:63:95:7d:94:52:8d:f4:87:af:8f:
         23:04:d8:1e:7f:0e:2d:96:a1:35:bb:2a:95:4a:5c:de:e6:c2:
         53:b3:95:2f:f8:07:1b:fd:0b:24:aa:cc:de:fd:18:bc:a2:c0:
         ca:80:b0:60:64:be:d7:43:ef:f1:e3:e3:67:1a:ab:39:d7:96:
         81:a1:32:f4:05:26:f0:96:1c:ce:d1:45:38:74:b4:5b:98:cf:
         5d:32:e0:1b:8b:3d:20:8e:e1:33:fa:1a:af:22:22:f9:8f:7c:
         4f:99:6f:62:70:66:10:74:31:3c:c7:99:6e:29:fd:e5:47:e8:
         fa:8b:3d:69:17:9f:de:c2:f8:6d:0a:b2:d4:fa:48:05:46:5d:
         28:f1:1c:46:e2:9b:fc:1b:8e:58:27:fa:27:ff:eb:07:7d:db:
         3d:50:4d:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2oW8KULCKRNH/ehghRP1oPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODAyNGI3MjlkOTlmMDUxMzNlYzZkMTQzOTBjNzNlYjM2
ZGI5OWUwHhcNMjQwMjE0MTYwMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQxNzFiNmRjNDg5ZThmNGY1MzE0N2YzNjk0OWIzODU3NDc5NzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwsP+D9S9E7xzHbqdgwj+hWGhOVW
VQ+mMZUL2TfvJH36qXCCk/W0v28aC6qAmYarICcWsyaUEngA//nYfSnG50kcyn9y
ysZ5gfAYJSyjFu4ssdeNhFljT5w382wyjxfZLTkbAPjvk4+dzj/iuzoZfbVw9hOY
O9HMj44lr6hyA7heUQ/txOcZvvqq7upxuABxWmAVu0oc+N0EmzIy+ZjTON2+Hw20
FikupZ4AVK09hGxhMp2iBS8Mykl2bssrUEpO6V7mMhXzanGcoRnkWjOKBoYHdVMf
KJUdMrkdd9S34q0tsqgX96JfGLz9mylp7q17+IorLnDBPTOM6LivwGRJUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7RcbbcSJ6PT1MUfzaUmzhXR5cKMB8GA1UdIwQY
MBaAFOWAJLcp2Z8FEz7G0UOQxz6zbbmeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQt
OTU2ZjZiNWM2MTcwLzEvbnRGeHR0eElubzlQVXhSX05wU2JPRmRIbHdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kNTYyOGEtZDliMS00ZGE5LWE3NDQtOTU2ZjZiNWM2MTcw
LzEvNVlBa3R5blpud1VUUHNiUlE1REhQck50dVo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUoEMMA0G
CSqGSIb3DQEBCwUAA4IBAQCE1vJV1/w5ftAIExmQDcC9zFYP29wJwRj3Qhhgu64M
rCTU92UxVAgQrTdF7/mn6z15gsTnopUDcepVxajMPGi0Yrv5ev0TTXt6/1yYuLI2
wX4GWphiUL02j0lUMXGDxxEI7GOVfZRSjfSHr48jBNgefw4tlqE1uyqVSlze5sJT
s5Uv+Acb/Qskqsze/Ri8osDKgLBgZL7XQ+/x4+NnGqs515aBoTL0BSbwlhzO0UU4
dLRbmM9dMuAbiz0gjuEz+hqvIiL5j3xPmW9icGYQdDE8x5luKf3lR+j6iz1pF5/e
wvhtCrLU+kgFRl0o8RxG4pv8G45YJ/on/+sHfds9UE3N
-----END CERTIFICATE-----