Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/251360-c5c5-4a40-af72-04427a99f1c5/1/ncNSS9GBBFmhah0cqwWqlQ_wfEE.roa
File:                     ncNSS9GBBFmhah0cqwWqlQ_wfEE.roa (raw, json)
Hash identifier:          drdEjdhHucGHSoCW87PwK4Lz7uSZSlIfGrEA/JeRgeM=
Subject key identifier:   9D:C3:52:4B:D1:81:04:59:A1:6A:1D:1C:AB:05:AA:95:0F:F0:7C:41
Certificate issuer:       /CN=8ab3e965c8747e2fa5ddd12857673f06042efa43
Certificate serial:       019198A0386B566899DBD5F0400BFA390E06
Authority key identifier: 8A:B3:E9:65:C8:74:7E:2F:A5:DD:D1:28:57:67:3F:06:04:2E:FA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/irPpZch0fi-l3dEoV2c_BgQu-kM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/251360-c5c5-4a40-af72-04427a99f1c5/1/ncNSS9GBBFmhah0cqwWqlQ_wfEE.roa
Signing time:             Wed 28 Aug 2024 10:55:22 +0000
ROA not before:           Wed 28 Aug 2024 10:55:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        193.105.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/251360-c5c5-4a40-af72-04427a99f1c5/1/irPpZch0fi-l3dEoV2c_BgQu-kM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/251360-c5c5-4a40-af72-04427a99f1c5/1/irPpZch0fi-l3dEoV2c_BgQu-kM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/irPpZch0fi-l3dEoV2c_BgQu-kM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 13:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:98:a0:38:6b:56:68:99:db:d5:f0:40:0b:fa:39:0e:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ab3e965c8747e2fa5ddd12857673f06042efa43
        Validity
            Not Before: Aug 28 10:55:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9dc3524bd1810459a16a1d1cab05aa950ff07c41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:62:38:bf:06:dd:32:c5:0e:71:63:22:94:5a:
                    1b:9d:48:65:b9:69:54:82:9a:27:68:7f:eb:a1:4f:
                    61:87:c0:c8:da:cb:40:f9:0b:15:cd:ec:a0:73:96:
                    64:57:36:29:16:08:dc:8d:b1:c2:62:5a:e0:4d:fc:
                    ff:5b:bf:51:4c:6c:07:35:90:07:a5:a8:de:dc:24:
                    9c:7f:3e:66:fc:d5:33:4d:5c:e2:f1:bc:bb:a2:15:
                    31:23:58:4e:1b:1c:9b:d7:df:74:1a:14:13:74:5d:
                    59:7d:22:70:87:0b:38:77:66:57:d5:59:6a:21:72:
                    44:2a:7f:9e:50:c5:88:93:e8:f4:d7:10:01:9f:6c:
                    cc:25:25:0d:d1:d4:e0:fa:84:b1:5f:e8:c7:76:9b:
                    89:1e:b7:24:c7:6a:a6:12:bc:d4:c5:1a:79:2f:16:
                    0b:0f:7c:f1:0a:db:71:be:68:c9:f2:e7:c3:af:37:
                    22:f1:95:b7:9f:08:25:72:11:de:e7:82:db:c3:c8:
                    e6:ea:e5:be:ce:01:e2:d9:bf:10:a3:7b:42:2c:ad:
                    e3:ce:52:ed:8f:e9:ee:28:44:e9:70:69:d4:5d:0d:
                    db:0b:e9:00:6d:b9:86:b8:74:55:1d:5f:d6:c7:fe:
                    29:d6:f6:05:7e:b3:ff:c3:c9:5a:fa:5f:1c:a9:4c:
                    3b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C3:52:4B:D1:81:04:59:A1:6A:1D:1C:AB:05:AA:95:0F:F0:7C:41
            X509v3 Authority Key Identifier:
                keyid:8A:B3:E9:65:C8:74:7E:2F:A5:DD:D1:28:57:67:3F:06:04:2E:FA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/irPpZch0fi-l3dEoV2c_BgQu-kM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/251360-c5c5-4a40-af72-04427a99f1c5/1/ncNSS9GBBFmhah0cqwWqlQ_wfEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/251360-c5c5-4a40-af72-04427a99f1c5/1/irPpZch0fi-l3dEoV2c_BgQu-kM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.105.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:16:e0:84:4f:35:aa:f4:a0:25:64:80:dd:70:ec:71:7f:de:
         81:fb:38:1a:47:79:0c:47:4d:07:dc:76:fc:3f:7e:5e:e3:0a:
         43:0d:8a:a5:2e:79:d1:0a:ca:f6:13:95:c1:da:72:53:77:fb:
         08:6f:e1:f6:19:9d:4e:4c:72:1f:b9:e9:f8:45:51:ef:51:25:
         bf:4f:97:65:67:4d:a5:97:d1:98:8e:a1:ff:f9:de:b9:23:d3:
         f6:74:6b:90:d5:da:8f:ff:5d:6b:12:30:60:40:f7:cc:3b:f8:
         e3:47:9d:2d:e4:6c:73:e0:24:c7:65:ae:32:95:8f:9f:6c:84:
         08:68:b4:37:ca:a3:7a:74:8c:4d:de:8a:36:80:d4:cf:67:28:
         16:1a:40:02:72:38:33:00:5a:a0:d1:14:f5:56:d0:1a:19:dc:
         7a:ec:c7:f4:86:51:38:ab:2f:7a:3d:d3:1b:78:48:5e:3a:d3:
         bd:b2:31:35:1a:8f:c6:ed:2a:bd:20:80:97:e7:8a:e1:89:8d:
         6d:99:70:26:69:47:4f:9c:43:aa:8d:c2:d9:4e:71:e9:0b:42:
         67:49:ac:a3:c9:da:79:4e:bc:6b:6f:b4:af:60:52:d1:64:9a:
         8c:76:0b:69:fe:b2:f2:ee:e6:ea:e0:f2:89:a2:53:6d:55:3b:
         04:e5:1f:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGYoDhrVmiZ29XwQAv6OQ4GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYjNlOTY1Yzg3NDdlMmZhNWRkZDEyODU3NjczZjA2MDQy
ZWZhNDMwHhcNMjQwODI4MTA1NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGMzNTI0YmQxODEwNDU5YTE2YTFkMWNhYjA1YWE5NTBmZjA3YzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5mI4vwbdMsUOcWMilFobnUhluWlU
gponaH/roU9hh8DI2stA+QsVzeygc5ZkVzYpFgjcjbHCYlrgTfz/W79RTGwHNZAH
paje3CScfz5m/NUzTVzi8by7ohUxI1hOGxyb1990GhQTdF1ZfSJwhws4d2ZX1Vlq
IXJEKn+eUMWIk+j01xABn2zMJSUN0dTg+oSxX+jHdpuJHrckx2qmErzUxRp5LxYL
D3zxCttxvmjJ8ufDrzci8ZW3nwglchHe54Lbw8jm6uW+zgHi2b8Qo3tCLK3jzlLt
j+nuKETpcGnUXQ3bC+kAbbmGuHRVHV/Wx/4p1vYFfrP/w8la+l8cqUw73wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ3DUkvRgQRZoWodHKsFqpUP8HxBMB8GA1UdIwQY
MBaAFIqz6WXIdH4vpd3RKFdnPwYELvpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXJQcFpjaDBmaS1sM2RFb1YyY19CZ1F1LWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8yNTEzNjAtYzVjNS00YTQwLWFmNzIt
MDQ0MjdhOTlmMWM1LzEvbmNOU1M5R0JCRm1oYWgwY3F3V3FsUV93ZkVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8yNTEzNjAtYzVjNS00YTQwLWFmNzItMDQ0MjdhOTlmMWM1
LzEvaXJQcFpjaDBmaS1sM2RFb1YyY19CZ1F1LWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWkvMA0G
CSqGSIb3DQEBCwUAA4IBAQCQFuCETzWq9KAlZIDdcOxxf96B+zgaR3kMR00H3Hb8
P35e4wpDDYqlLnnRCsr2E5XB2nJTd/sIb+H2GZ1OTHIfuen4RVHvUSW/T5dlZ02l
l9GYjqH/+d65I9P2dGuQ1dqP/11rEjBgQPfMO/jjR50t5Gxz4CTHZa4ylY+fbIQI
aLQ3yqN6dIxN3oo2gNTPZygWGkACcjgzAFqg0RT1VtAaGdx67Mf0hlE4qy96PdMb
eEheOtO9sjE1Go/G7Sq9IICX54rhiY1tmXAmaUdPnEOqjcLZTnHpC0JnSayjydp5
Trxrb7SvYFLRZJqMdgtp/rLy7ubq4PKJolNtVTsE5R9E
-----END CERTIFICATE-----