Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/cd9b7f-7e57-4f95-ab39-f4d1bcb5c901/1/NHXBDSx1CVgjbRFADrS9LLUPW4M.roa
File:                     NHXBDSx1CVgjbRFADrS9LLUPW4M.roa (raw, json)
Hash identifier:          1E8QAkNqfJCo21Sd8/S7uvFGnGQKnB/kfAk2musHIXQ=
Subject key identifier:   34:75:C1:0D:2C:75:09:58:23:6D:11:40:0E:B4:BD:2C:B5:0F:5B:83
Certificate issuer:       /CN=7a30a5a2e3324d5e412667f9f296f52af297bb4d
Certificate serial:       018CC794110597C7FE5060F97825692EB0AC
Authority key identifier: 7A:30:A5:A2:E3:32:4D:5E:41:26:67:F9:F2:96:F5:2A:F2:97:BB:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ejClouMyTV5BJmf58pb1KvKXu00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/cd9b7f-7e57-4f95-ab39-f4d1bcb5c901/1/NHXBDSx1CVgjbRFADrS9LLUPW4M.roa
Signing time:             Tue 02 Jan 2024 00:30:18 +0000
ROA not before:           Tue 02 Jan 2024 00:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201042
IP address blocks:        194.13.142.0/24 maxlen: 24
                          2a13:4840::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/cd9b7f-7e57-4f95-ab39-f4d1bcb5c901/1/ejClouMyTV5BJmf58pb1KvKXu00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/cd9b7f-7e57-4f95-ab39-f4d1bcb5c901/1/ejClouMyTV5BJmf58pb1KvKXu00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ejClouMyTV5BJmf58pb1KvKXu00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:11:05:97:c7:fe:50:60:f9:78:25:69:2e:b0:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7a30a5a2e3324d5e412667f9f296f52af297bb4d
        Validity
            Not Before: Jan  2 00:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3475c10d2c750958236d11400eb4bd2cb50f5b83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:50:da:18:0b:47:d8:98:f6:f3:67:fb:60:25:
                    ef:4a:81:ad:1b:66:fa:e3:32:ed:d4:81:0d:c0:99:
                    b5:8b:45:b4:93:bb:cb:b5:4e:4b:8e:e2:40:3c:35:
                    0c:f6:72:e1:fb:ee:aa:60:de:45:21:0d:08:03:ad:
                    d3:f6:b7:40:bd:7a:a2:46:e1:66:37:c3:75:3b:a7:
                    09:a7:f9:fb:9a:dd:5e:6b:c2:7c:70:94:06:f2:ed:
                    75:2e:b9:48:46:b1:11:c9:c8:ae:cf:d1:d8:7a:2d:
                    40:89:b5:02:f4:86:47:b7:4d:bc:ff:d3:e0:70:25:
                    f1:cb:ca:8a:6c:fb:d7:59:f2:34:eb:7d:9b:db:86:
                    78:91:b2:96:93:60:89:74:0f:1f:7a:0e:4f:3e:0e:
                    6a:bf:f0:ca:f1:2f:d8:1f:de:f9:08:6c:8a:f6:2a:
                    f4:5d:45:89:3d:64:3d:57:06:10:ea:77:e5:40:33:
                    53:b0:b9:6f:b6:6a:b4:cb:05:e0:86:51:00:66:c4:
                    5c:76:fd:f1:fd:b7:36:d8:13:af:14:90:02:9a:d3:
                    e9:fe:24:96:21:d9:ff:c1:2d:af:1a:11:79:a3:c4:
                    f8:0b:c8:50:03:10:12:be:54:fb:1f:6d:80:e2:cd:
                    0b:65:86:58:ac:e8:6b:02:6b:47:81:7b:ce:34:78:
                    96:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:75:C1:0D:2C:75:09:58:23:6D:11:40:0E:B4:BD:2C:B5:0F:5B:83
            X509v3 Authority Key Identifier:
                keyid:7A:30:A5:A2:E3:32:4D:5E:41:26:67:F9:F2:96:F5:2A:F2:97:BB:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ejClouMyTV5BJmf58pb1KvKXu00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/cd9b7f-7e57-4f95-ab39-f4d1bcb5c901/1/NHXBDSx1CVgjbRFADrS9LLUPW4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/cd9b7f-7e57-4f95-ab39-f4d1bcb5c901/1/ejClouMyTV5BJmf58pb1KvKXu00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.142.0/24
                IPv6:
                  2a13:4840::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:f0:ea:2c:a1:0c:57:8f:ec:44:01:47:f7:da:cd:94:2c:c2:
         87:2c:95:29:74:2f:65:70:5f:20:23:55:33:97:ab:ec:fd:d6:
         2e:14:d7:4e:34:0e:ca:36:fd:25:27:8d:04:13:90:1c:64:4a:
         dd:4f:42:71:91:75:f3:11:c8:e3:45:3f:e4:c8:f9:0c:50:8f:
         a7:83:28:c2:c1:64:a5:e3:82:8c:38:86:eb:47:fc:ad:40:95:
         ae:38:89:a2:83:88:d7:ab:a9:7d:cd:29:39:0f:50:4b:0f:0e:
         6e:b9:37:bb:dd:05:f1:92:d2:a2:06:cd:82:da:df:31:ca:1b:
         f3:0f:56:84:d7:f9:32:c3:ac:90:13:ff:6e:e7:4b:e4:c8:45:
         b7:17:ef:2b:29:9e:fe:7a:df:76:90:af:5f:5e:d9:61:f1:eb:
         b7:15:19:46:08:c4:7b:51:e3:2b:99:94:e2:62:1b:8e:33:46:
         e5:14:61:9e:82:93:56:6c:17:46:30:65:9b:cd:03:7d:4a:84:
         80:41:24:18:ce:59:79:38:d6:dd:92:b9:fe:5f:fe:ce:bf:5f:
         9b:d1:5d:e7:1b:24:d5:a0:5f:ef:01:a5:a2:a9:99:c9:f9:ac:
         51:99:5f:5b:89:64:52:8c:0e:b6:2c:b8:46:61:3b:ab:9e:2a:
         19:69:1b:4c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlBEFl8f+UGD5eCVpLrCsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMzBhNWEyZTMzMjRkNWU0MTI2NjdmOWYyOTZmNTJhZjI5
N2JiNGQwHhcNMjQwMTAyMDAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDc1YzEwZDJjNzUwOTU4MjM2ZDExNDAwZWI0YmQyY2I1MGY1YjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjVDaGAtH2Jj282f7YCXvSoGtG2b6
4zLt1IENwJm1i0W0k7vLtU5LjuJAPDUM9nLh++6qYN5FIQ0IA63T9rdAvXqiRuFm
N8N1O6cJp/n7mt1ea8J8cJQG8u11LrlIRrERyciuz9HYei1AibUC9IZHt028/9Pg
cCXxy8qKbPvXWfI0632b24Z4kbKWk2CJdA8feg5PPg5qv/DK8S/YH975CGyK9ir0
XUWJPWQ9VwYQ6nflQDNTsLlvtmq0ywXghlEAZsRcdv3x/bc22BOvFJACmtPp/iSW
Idn/wS2vGhF5o8T4C8hQAxASvlT7H22A4s0LZYZYrOhrAmtHgXvONHiWXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDR1wQ0sdQlYI20RQA60vSy1D1uDMB8GA1UdIwQY
MBaAFHowpaLjMk1eQSZn+fKW9Sryl7tNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWpDbG91TXlUVjVCSm1mNThwYjFLdktYdTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jZDliN2YtN2U1Ny00Zjk1LWFiMzkt
ZjRkMWJjYjVjOTAxLzEvTkhYQkRTeDFDVmdqYlJGQURyUzlMTFVQVzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jZDliN2YtN2U1Ny00Zjk1LWFiMzktZjRkMWJjYjVjOTAx
LzEvZWpDbG91TXlUVjVCSm1mNThwYjFLdktYdTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwg2OMA0E
AgACMAcDBQMqE0hAMA0GCSqGSIb3DQEBCwUAA4IBAQCg8OosoQxXj+xEAUf32s2U
LMKHLJUpdC9lcF8gI1Uzl6vs/dYuFNdONA7KNv0lJ40EE5AcZErdT0JxkXXzEcjj
RT/kyPkMUI+ngyjCwWSl44KMOIbrR/ytQJWuOImig4jXq6l9zSk5D1BLDw5uuTe7
3QXxktKiBs2C2t8xyhvzD1aE1/kyw6yQE/9u50vkyEW3F+8rKZ7+et92kK9fXtlh
8eu3FRlGCMR7UeMrmZTiYhuOM0blFGGegpNWbBdGMGWbzQN9SoSAQSQYzll5ONbd
krn+X/7Ov1+b0V3nGyTVoF/vAaWiqZnJ+axRmV9biWRSjA62LLhGYTurnioZaRtM
-----END CERTIFICATE-----