Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/ngnCW83s0d1AoBEMZpLQS8CIovA.roa
File:                     ngnCW83s0d1AoBEMZpLQS8CIovA.roa (raw, json)
Hash identifier:          +Kpp7pyCA1hBIfLoyX2+PGBAIH8MPq7Jm9cyBk1iTqo=
Subject key identifier:   9E:09:C2:5B:CD:EC:D1:DD:40:A0:11:0C:66:92:D0:4B:C0:88:A2:F0
Certificate issuer:       /CN=ad109dee6fbdc256df911460ccc915d066a8ff8b
Certificate serial:       018CC726FADDA203B294C9BF31B7958AE482
Authority key identifier: AD:10:9D:EE:6F:BD:C2:56:DF:91:14:60:CC:C9:15:D0:66:A8:FF:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/ngnCW83s0d1AoBEMZpLQS8CIovA.roa
Signing time:             Mon 01 Jan 2024 22:31:09 +0000
ROA not before:           Mon 01 Jan 2024 22:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216280
IP address blocks:        84.20.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fa:dd:a2:03:b2:94:c9:bf:31:b7:95:8a:e4:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad109dee6fbdc256df911460ccc915d066a8ff8b
        Validity
            Not Before: Jan  1 22:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e09c25bcdecd1dd40a0110c6692d04bc088a2f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:23:8a:da:1e:9e:5c:0f:2a:e2:41:9c:1d:71:
                    46:4c:5f:6e:fb:fa:3e:91:08:c1:d4:23:35:73:95:
                    2c:e6:fb:e4:fc:ee:7f:49:bf:84:57:6b:d2:38:50:
                    53:52:3d:16:43:e0:79:82:53:39:b6:79:0c:8a:83:
                    c0:f9:44:4e:ab:9c:21:af:32:01:95:2f:f6:6d:20:
                    e8:c0:60:16:7a:19:40:be:4e:9b:a1:0f:d6:0a:24:
                    e4:6e:64:64:ba:e7:7d:de:00:2f:23:75:ec:46:b0:
                    3d:ff:a5:3b:a5:c0:01:8a:30:93:93:64:ae:29:cc:
                    1c:d6:7e:38:fd:68:da:37:c8:95:fe:26:7c:8b:80:
                    ca:7d:99:67:34:b9:f8:97:98:71:e6:8e:c5:ff:b8:
                    c6:d7:c6:af:03:5f:75:16:8b:a2:78:2b:b2:e3:48:
                    51:80:0b:b5:c2:cb:9f:21:7b:58:03:27:cc:1b:71:
                    f6:77:90:9c:aa:e9:38:49:78:a1:51:55:87:dc:ac:
                    fc:f6:38:02:44:db:32:4c:3b:7d:7f:15:0c:c3:12:
                    6e:88:84:f5:82:13:fd:e2:74:ba:9f:73:51:5a:37:
                    8c:2c:1d:7a:4a:b2:ec:4f:84:e7:e6:cc:fb:61:5c:
                    1e:6f:36:32:d7:37:57:ec:45:e8:6d:49:3a:23:27:
                    4e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:09:C2:5B:CD:EC:D1:DD:40:A0:11:0C:66:92:D0:4B:C0:88:A2:F0
            X509v3 Authority Key Identifier:
                keyid:AD:10:9D:EE:6F:BD:C2:56:DF:91:14:60:CC:C9:15:D0:66:A8:FF:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rRCd7m-9wlbfkRRgzMkV0Gao_4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/ngnCW83s0d1AoBEMZpLQS8CIovA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/4615be-e566-4253-83ef-f6626b63383e/1/rRCd7m-9wlbfkRRgzMkV0Gao_4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.20.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:c6:4c:f4:fe:b1:ff:d6:ad:43:c2:07:2f:a4:71:63:47:c2:
         97:b4:30:3a:0c:68:73:42:6f:b6:5d:02:e5:40:72:06:6c:1c:
         1a:91:4d:c7:a5:4c:52:42:34:65:c2:f1:91:93:e2:d3:bd:ee:
         06:e5:51:e6:3c:67:bc:70:ac:d1:7c:e5:4f:9c:8b:2c:57:47:
         8d:f7:06:06:bb:5f:28:5c:0f:88:1f:96:1d:16:41:b4:dd:49:
         b8:53:38:21:fa:e0:38:fb:61:56:58:94:a8:e7:44:d7:3b:31:
         0b:c9:e2:8c:5e:4e:6d:5c:7b:ac:ca:d8:7b:95:e6:9b:c8:88:
         85:81:d3:f3:95:fd:6e:96:4c:09:23:a8:6e:f5:83:c0:09:13:
         bc:bf:c7:2b:f3:69:f4:7f:7e:3d:34:d6:88:ef:89:24:4b:51:
         d6:2d:c6:66:75:13:c8:0c:7d:a1:5b:16:6d:9f:f4:cf:8a:77:
         99:d7:75:7a:a0:aa:b9:b3:e0:c4:1a:fa:91:90:56:49:6e:48:
         76:8a:c0:f4:e2:5d:48:73:22:8f:42:b0:8f:dc:db:20:d4:38:
         d3:fd:31:22:63:ae:fc:55:15:57:a7:15:df:21:9c:d0:49:70:
         09:dc:8a:7f:5d:38:b4:fd:22:d7:5e:16:44:d9:09:f6:64:17:
         6b:ca:42:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvrdogOylMm/MbeViuSCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMTA5ZGVlNmZiZGMyNTZkZjkxMTQ2MGNjYzkxNWQwNjZh
OGZmOGIwHhcNMjQwMTAxMjIzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTA5YzI1YmNkZWNkMWRkNDBhMDExMGM2NjkyZDA0YmMwODhhMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSOK2h6eXA8q4kGcHXFGTF9u+/o+
kQjB1CM1c5Us5vvk/O5/Sb+EV2vSOFBTUj0WQ+B5glM5tnkMioPA+UROq5whrzIB
lS/2bSDowGAWehlAvk6boQ/WCiTkbmRkuud93gAvI3XsRrA9/6U7pcABijCTk2Su
Kcwc1n44/WjaN8iV/iZ8i4DKfZlnNLn4l5hx5o7F/7jG18avA191FouieCuy40hR
gAu1wsufIXtYAyfMG3H2d5Ccquk4SXihUVWH3Kz89jgCRNsyTDt9fxUMwxJuiIT1
ghP94nS6n3NRWjeMLB16SrLsT4Tn5sz7YVwebzYy1zdX7EXobUk6IydOhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4JwlvN7NHdQKARDGaS0EvAiKLwMB8GA1UdIwQY
MBaAFK0Qne5vvcJW35EUYMzJFdBmqP+LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclJDZDdtLTl3bGJma1JSZ3pNa1YwR2FvXzRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi80NjE1YmUtZTU2Ni00MjUzLTgzZWYt
ZjY2MjZiNjMzODNlLzEvbmduQ1c4M3MwZDFBb0JFTVpwTFFTOENJb3ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi80NjE1YmUtZTU2Ni00MjUzLTgzZWYtZjY2MjZiNjMzODNl
LzEvclJDZDdtLTl3bGJma1JSZ3pNa1YwR2FvXzRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBReMA0G
CSqGSIb3DQEBCwUAA4IBAQAsxkz0/rH/1q1DwgcvpHFjR8KXtDA6DGhzQm+2XQLl
QHIGbBwakU3HpUxSQjRlwvGRk+LTve4G5VHmPGe8cKzRfOVPnIssV0eN9wYGu18o
XA+IH5YdFkG03Um4Uzgh+uA4+2FWWJSo50TXOzELyeKMXk5tXHusyth7leabyIiF
gdPzlf1ulkwJI6hu9YPACRO8v8cr82n0f349NNaI74kkS1HWLcZmdRPIDH2hWxZt
n/TPineZ13V6oKq5s+DEGvqRkFZJbkh2isD04l1IcyKPQrCP3Nsg1DjT/TEiY678
VRVXpxXfIZzQSXAJ3Ip/XTi0/SLXXhZE2Qn2ZBdrykJc
-----END CERTIFICATE-----