Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/NPo03G3sJtBXFeeAHF4lFuAvnnU.roa
File:                     NPo03G3sJtBXFeeAHF4lFuAvnnU.roa (raw, json)
Hash identifier:          xNV4V68e+P7LxpO+wlRNYd70f01pUhKR4+uKgV54+9I=
Subject key identifier:   34:FA:34:DC:6D:EC:26:D0:57:15:E7:80:1C:5E:25:16:E0:2F:9E:75
Certificate issuer:       /CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
Certificate serial:       019265BE3B3453A42EEFB16F11BE2250A275
Authority key identifier: E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/NPo03G3sJtBXFeeAHF4lFuAvnnU.roa
Signing time:             Mon 07 Oct 2024 06:50:18 +0000
ROA not before:           Mon 07 Oct 2024 06:50:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203020
IP address blocks:        109.196.160.0/22 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:65:be:3b:34:53:a4:2e:ef:b1:6f:11:be:22:50:a2:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
        Validity
            Not Before: Oct  7 06:50:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34fa34dc6dec26d05715e7801c5e2516e02f9e75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:73:1c:63:68:b3:80:1d:0f:09:99:0f:9d:11:
                    34:aa:e1:8e:de:c7:a9:6b:85:4c:13:d2:c2:17:8c:
                    10:9e:a4:6f:07:ae:9a:c1:7f:bf:f5:7f:16:31:b0:
                    22:8d:57:e9:5f:97:4d:df:75:62:8a:8e:10:d7:d1:
                    98:a8:47:5c:ba:80:c8:3b:02:29:ee:d7:84:cf:5b:
                    96:2e:fa:60:8f:fa:30:a2:c3:66:bc:a6:ce:c1:60:
                    f7:74:04:ce:51:d4:4a:b0:10:5d:ee:90:45:e8:3d:
                    70:52:7b:09:d4:ab:2d:b3:8d:00:7f:1a:bf:24:43:
                    13:24:f5:fa:06:cf:b2:1b:e2:12:d9:e7:e6:60:0d:
                    b2:10:97:04:06:10:10:5c:b3:8b:95:77:91:30:75:
                    d0:49:20:62:67:4e:53:0c:b1:1b:76:6b:14:36:5d:
                    ef:e2:fe:d9:df:61:ad:c4:16:c9:2a:27:16:6e:18:
                    19:d1:73:62:0b:02:6f:33:4f:a1:23:6b:25:21:ab:
                    e7:42:cc:2c:42:a6:d9:77:60:d3:a3:58:41:3b:41:
                    62:81:ad:ea:b9:55:da:99:af:04:24:5e:5f:26:b7:
                    ca:18:7a:8e:6b:95:0c:5c:47:7a:6f:1d:c1:8a:84:
                    b2:b9:9f:0a:2e:07:9e:f6:d4:39:f5:96:f7:99:15:
                    20:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:FA:34:DC:6D:EC:26:D0:57:15:E7:80:1C:5E:25:16:E0:2F:9E:75
            X509v3 Authority Key Identifier:
                keyid:E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/NPo03G3sJtBXFeeAHF4lFuAvnnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.196.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:97:ba:62:61:9c:3c:03:23:64:06:25:15:ad:28:82:45:50:
         8e:ac:8f:77:00:d0:37:63:05:7f:37:b8:ee:dc:63:4e:07:43:
         ce:58:6b:37:46:7a:34:fc:cd:aa:5b:f2:89:2d:c1:e9:21:02:
         57:2c:e5:a2:93:a3:17:44:ad:fe:b2:bc:12:4e:a8:54:b0:28:
         d7:6e:02:41:bf:b4:51:7a:4f:52:08:6d:fb:f2:94:81:bf:ac:
         c1:9b:c8:72:52:42:ba:ca:f7:8a:5f:a1:08:ff:57:09:59:87:
         18:8d:be:dd:e7:db:11:b9:16:05:a1:c4:a0:01:ee:5c:cf:cd:
         93:30:f2:82:a4:39:03:82:64:e4:c0:d7:93:b3:51:56:5b:70:
         1f:ac:ad:81:1c:19:94:00:f6:8f:77:d7:96:1a:cf:cb:3d:d0:
         90:26:fe:88:9c:5d:2e:de:16:4e:48:c0:1e:96:63:30:ca:ac:
         7d:d3:18:fc:7c:ea:6d:77:47:96:48:05:22:6e:5c:d3:18:58:
         a5:54:33:fb:e9:c1:08:c4:e2:43:69:76:3f:af:e8:53:a0:ee:
         d8:c8:3c:e8:21:08:2d:dd:4b:a1:b0:1a:05:7a:f0:23:6b:14:
         21:36:d7:08:79:3d:f8:70:da:18:30:71:76:b9:48:f6:59:b5:
         1d:09:2e:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJlvjs0U6Qu77FvEb4iUKJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYjlhM2NlMGY1OTM5MTA4MTljMzI3MWUxZThkMGJkMTM3
MWE2YmUwHhcNMjQxMDA3MDY1MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGZhMzRkYzZkZWMyNmQwNTcxNWU3ODAxYzVlMjUxNmUwMmY5ZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHMcY2izgB0PCZkPnRE0quGO3sep
a4VME9LCF4wQnqRvB66awX+/9X8WMbAijVfpX5dN33Viio4Q19GYqEdcuoDIOwIp
7teEz1uWLvpgj/owosNmvKbOwWD3dATOUdRKsBBd7pBF6D1wUnsJ1Ksts40Afxq/
JEMTJPX6Bs+yG+IS2efmYA2yEJcEBhAQXLOLlXeRMHXQSSBiZ05TDLEbdmsUNl3v
4v7Z32GtxBbJKicWbhgZ0XNiCwJvM0+hI2slIavnQswsQqbZd2DTo1hBO0Figa3q
uVXama8EJF5fJrfKGHqOa5UMXEd6bx3BioSyuZ8KLgee9tQ59Zb3mRUg+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDT6NNxt7CbQVxXngBxeJRbgL551MB8GA1UdIwQY
MBaAFOG5o84PWTkQgZwyceHo0L0Tcaa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTIt
YmE0YzU2ZDhjMGNlLzEvTlBvMDNHM3NKdEJYRmVlQUhGNGxGdUF2bm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTItYmE0YzU2ZDhjMGNl
LzEvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbcSgMA0G
CSqGSIb3DQEBCwUAA4IBAQATl7piYZw8AyNkBiUVrSiCRVCOrI93ANA3YwV/N7ju
3GNOB0POWGs3Rno0/M2qW/KJLcHpIQJXLOWik6MXRK3+srwSTqhUsCjXbgJBv7RR
ek9SCG378pSBv6zBm8hyUkK6yveKX6EI/1cJWYcYjb7d59sRuRYFocSgAe5cz82T
MPKCpDkDgmTkwNeTs1FWW3AfrK2BHBmUAPaPd9eWGs/LPdCQJv6InF0u3hZOSMAe
lmMwyqx90xj8fOptd0eWSAUiblzTGFilVDP76cEIxOJDaXY/r+hToO7YyDzoIQgt
3UuhsBoFevAjaxQhNtcIeT34cNoYMHF2uUj2WbUdCS4e
-----END CERTIFICATE-----