Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/nf_gt-uFFwZdCQPvoCzArcOdCrk.roa
File:                     nf_gt-uFFwZdCQPvoCzArcOdCrk.roa (raw, json)
Hash identifier:          DVxDdsHkr2411WAslPnPQ8q7DYGTBx1Rwm95ZhOJQUg=
Subject key identifier:   9D:FF:E0:B7:EB:85:17:06:5D:09:03:EF:A0:2C:C0:AD:C3:9D:0A:B9
Certificate issuer:       /CN=93ece780dfda43ab4a841727eb20d71fc76528bc
Certificate serial:       019192C001FF9E85D5BD8F11E65E6A89AABB
Authority key identifier: 93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/nf_gt-uFFwZdCQPvoCzArcOdCrk.roa
Signing time:             Tue 27 Aug 2024 07:32:22 +0000
ROA not before:           Tue 27 Aug 2024 07:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214438
IP address blocks:        62.169.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 19:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:92:c0:01:ff:9e:85:d5:bd:8f:11:e6:5e:6a:89:aa:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93ece780dfda43ab4a841727eb20d71fc76528bc
        Validity
            Not Before: Aug 27 07:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dffe0b7eb8517065d0903efa02cc0adc39d0ab9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7f:c9:8e:4a:7e:41:5e:36:40:a1:89:58:08:
                    15:80:23:fc:75:1d:ee:4e:34:72:91:e7:64:06:30:
                    43:37:be:63:3f:8d:15:06:d0:f4:5b:77:47:b4:9a:
                    05:d1:6a:56:fa:25:51:41:ce:c6:a6:cd:91:e1:17:
                    6e:87:7b:0b:bc:93:d5:16:bf:ae:53:a9:40:e0:90:
                    ed:a1:ca:d2:4c:29:b7:cd:a8:12:be:70:62:35:1c:
                    37:ec:e4:48:7d:e0:53:46:43:59:25:2b:f2:32:e5:
                    c8:06:2e:1d:60:4a:d0:99:6b:74:8c:26:45:96:c8:
                    c0:b5:0f:23:e2:05:c0:6a:2b:ee:1d:ca:d0:98:a8:
                    8f:d7:ef:9c:ce:60:63:e5:a3:e2:36:04:36:da:c5:
                    14:63:56:d1:79:51:6e:89:28:64:41:de:b9:86:3d:
                    34:5f:41:d2:f6:2c:38:ce:b9:c6:53:cf:e0:29:7f:
                    ec:8c:0c:13:9c:7e:85:32:e7:a6:47:1d:e0:57:ba:
                    22:5e:ad:b9:f4:50:2f:f3:08:71:fd:71:62:8f:62:
                    08:0e:42:31:4d:b8:6e:aa:af:2f:a3:10:05:de:fe:
                    5e:de:c0:49:da:b3:e9:f1:16:fe:0b:2a:55:c5:34:
                    b2:f6:92:86:54:4a:e3:b9:7e:f9:c4:76:2e:ae:47:
                    18:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FF:E0:B7:EB:85:17:06:5D:09:03:EF:A0:2C:C0:AD:C3:9D:0A:B9
            X509v3 Authority Key Identifier:
                keyid:93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/nf_gt-uFFwZdCQPvoCzArcOdCrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:ac:8e:de:a1:1a:d0:01:e0:b3:e1:32:7d:87:cf:cd:ce:ed:
         c6:18:d5:d5:12:69:de:be:d7:85:c0:ec:80:8d:81:48:aa:70:
         e8:82:cd:8a:f9:38:03:85:ee:43:a1:ac:a6:e3:40:a9:f9:10:
         bb:59:46:6b:2e:1b:ad:b4:36:4a:22:95:3f:a7:6a:3f:dc:91:
         f0:6b:3d:5e:80:dd:c0:19:2f:56:cb:52:15:0e:22:26:d4:ef:
         98:66:51:ed:a6:29:b9:35:05:f1:5a:ac:74:1a:f6:13:c1:f8:
         02:31:a2:92:07:be:f5:e2:7e:6d:2e:c7:cf:75:36:97:92:63:
         71:80:77:f2:1f:6d:e8:dc:dd:1f:57:48:2a:d3:27:73:e7:98:
         f0:fc:4b:e5:50:70:61:03:2c:42:db:86:33:d7:56:d5:4b:05:
         13:98:59:87:59:b7:dd:92:06:09:72:8b:35:68:ce:1e:81:17:
         d5:3c:f0:c8:f1:18:00:2f:07:be:20:ea:4c:d4:c1:b9:51:8d:
         85:2a:58:52:6d:8e:c1:68:7d:ad:e7:8f:35:0f:73:eb:be:09:
         c4:c5:11:0d:da:e1:f1:ce:76:a2:6b:93:93:64:1b:12:b5:aa:
         5d:9e:91:c6:20:f3:7d:af:c8:de:f1:0f:25:dd:1c:f6:56:75:
         12:56:49:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGSwAH/noXVvY8R5l5qiaq7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZWNlNzgwZGZkYTQzYWI0YTg0MTcyN2ViMjBkNzFmYzc2
NTI4YmMwHhcNMjQwODI3MDczMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGZmZTBiN2ViODUxNzA2NWQwOTAzZWZhMDJjYzBhZGMzOWQwYWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX/Jjkp+QV42QKGJWAgVgCP8dR3u
TjRykedkBjBDN75jP40VBtD0W3dHtJoF0WpW+iVRQc7Gps2R4Rduh3sLvJPVFr+u
U6lA4JDtocrSTCm3zagSvnBiNRw37ORIfeBTRkNZJSvyMuXIBi4dYErQmWt0jCZF
lsjAtQ8j4gXAaivuHcrQmKiP1++czmBj5aPiNgQ22sUUY1bReVFuiShkQd65hj00
X0HS9iw4zrnGU8/gKX/sjAwTnH6FMuemRx3gV7oiXq259FAv8whx/XFij2IIDkIx
Tbhuqq8voxAF3v5e3sBJ2rPp8Rb+CypVxTSy9pKGVErjuX75xHYurkcY6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3/4LfrhRcGXQkD76AswK3DnQq5MB8GA1UdIwQY
MBaAFJPs54Df2kOrSoQXJ+sg1x/HZSi8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUt
YTRkNDEzZDdmODljLzEvbmZfZ3QtdUZGd1pkQ1FQdm9DekFyY09kQ3JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUtYTRkNDEzZDdmODlj
LzEvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPqmeMA0G
CSqGSIb3DQEBCwUAA4IBAQADrI7eoRrQAeCz4TJ9h8/Nzu3GGNXVEmnevteFwOyA
jYFIqnDogs2K+TgDhe5Doaym40Cp+RC7WUZrLhuttDZKIpU/p2o/3JHwaz1egN3A
GS9Wy1IVDiIm1O+YZlHtpim5NQXxWqx0GvYTwfgCMaKSB7714n5tLsfPdTaXkmNx
gHfyH23o3N0fV0gq0ydz55jw/EvlUHBhAyxC24Yz11bVSwUTmFmHWbfdkgYJcos1
aM4egRfVPPDI8RgALwe+IOpM1MG5UY2FKlhSbY7BaH2t5481D3PrvgnExREN2uHx
znaia5OTZBsStapdnpHGIPN9r8je8Q8l3Rz2VnUSVknv
-----END CERTIFICATE-----