Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b9a4ac-b671-411b-ac47-19005cb98989/1/nXcd68FA6wzEBrKowRhwqwGa0wc.roa
File:                     nXcd68FA6wzEBrKowRhwqwGa0wc.roa (raw, json)
Hash identifier:          COA2j9H9lF4n8M+o6lTXEow6KedsZ5b6uvstYrcIQWQ=
Subject key identifier:   9D:77:1D:EB:C1:40:EB:0C:C4:06:B2:A8:C1:18:70:AB:01:9A:D3:07
Certificate issuer:       /CN=2f407dea499d73d7ebd4e68825188687559cb1f9
Certificate serial:       018CC5DC6C8BC360D1314DAA3C7469E1CA2F
Authority key identifier: 2F:40:7D:EA:49:9D:73:D7:EB:D4:E6:88:25:18:86:87:55:9C:B1:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L0B96kmdc9fr1OaIJRiGh1Wcsfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b9a4ac-b671-411b-ac47-19005cb98989/1/nXcd68FA6wzEBrKowRhwqwGa0wc.roa
Signing time:             Mon 01 Jan 2024 16:30:06 +0000
ROA not before:           Mon 01 Jan 2024 16:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207143
IP address blocks:        194.56.191.0/24 maxlen: 24
                          194.56.190.0/24 maxlen: 24
                          194.56.189.0/24 maxlen: 24
                          194.56.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b9a4ac-b671-411b-ac47-19005cb98989/1/L0B96kmdc9fr1OaIJRiGh1Wcsfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b9a4ac-b671-411b-ac47-19005cb98989/1/L0B96kmdc9fr1OaIJRiGh1Wcsfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L0B96kmdc9fr1OaIJRiGh1Wcsfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 13:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:6c:8b:c3:60:d1:31:4d:aa:3c:74:69:e1:ca:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f407dea499d73d7ebd4e68825188687559cb1f9
        Validity
            Not Before: Jan  1 16:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d771debc140eb0cc406b2a8c11870ab019ad307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:64:5e:ca:60:63:77:bd:58:f5:77:ba:66:c2:
                    e7:b0:af:66:fd:5b:31:09:f8:3e:a6:05:37:2a:3b:
                    19:fe:89:77:e3:c7:f7:a4:d3:99:58:e7:e2:75:49:
                    21:15:a0:a0:a2:46:3e:fb:3f:86:f9:38:56:27:a8:
                    18:db:ed:64:fc:00:a1:42:33:24:ca:dc:9c:13:e9:
                    6d:86:2b:c3:a1:4f:60:0e:55:8e:61:19:1d:bd:24:
                    f0:33:06:2e:ca:aa:b6:87:f6:bf:5c:35:d8:ae:ca:
                    22:63:ce:a9:96:fb:3b:c7:a4:8f:b7:34:55:db:19:
                    18:96:c1:af:52:91:b2:e9:40:4e:4a:73:1c:c7:86:
                    b7:12:2e:0b:df:9b:1a:b9:8d:d2:75:3d:9b:02:01:
                    b0:b2:67:52:de:58:40:dc:48:dd:b0:05:d3:e0:25:
                    8f:56:fd:e0:be:61:8e:62:34:f4:33:5c:79:b3:db:
                    ed:7a:55:de:dd:bc:d4:e3:98:bf:8a:1d:63:47:51:
                    3e:0b:c0:04:e4:41:91:da:3e:37:4b:f1:18:62:52:
                    d8:a1:5f:db:44:c9:d7:22:1b:8b:b1:fe:90:e6:50:
                    59:33:8f:64:94:52:26:a6:25:cb:3e:03:bd:80:38:
                    b7:5c:25:fa:5a:3b:29:61:b7:76:cb:b5:65:38:ce:
                    6e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:77:1D:EB:C1:40:EB:0C:C4:06:B2:A8:C1:18:70:AB:01:9A:D3:07
            X509v3 Authority Key Identifier:
                keyid:2F:40:7D:EA:49:9D:73:D7:EB:D4:E6:88:25:18:86:87:55:9C:B1:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L0B96kmdc9fr1OaIJRiGh1Wcsfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b9a4ac-b671-411b-ac47-19005cb98989/1/nXcd68FA6wzEBrKowRhwqwGa0wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b9a4ac-b671-411b-ac47-19005cb98989/1/L0B96kmdc9fr1OaIJRiGh1Wcsfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:f9:22:5c:f7:00:bf:d8:9f:07:bf:f9:92:54:3f:ab:bb:f0:
         b8:68:b5:71:1d:db:5b:4c:b2:dc:8e:91:1f:e7:55:d9:77:b9:
         7a:ea:99:cd:40:a4:9b:d4:07:ad:84:b0:77:be:14:05:4d:95:
         6c:2b:89:7e:b8:1f:9f:20:dd:2a:d4:5e:c0:5c:0a:e4:11:94:
         9c:96:f3:23:d4:d5:ca:c7:3f:14:ce:9b:66:00:db:79:14:2e:
         9c:86:da:4b:72:66:5b:e2:74:16:76:47:d7:28:46:92:26:29:
         e4:fa:32:6a:b7:18:88:00:37:7e:c5:88:34:5f:e2:3f:53:30:
         ae:65:fa:d9:e0:77:88:d5:38:71:b2:17:63:e1:cc:06:ea:a4:
         85:9f:ea:a0:05:24:64:6a:99:fc:d5:13:0e:36:a9:ee:d6:1d:
         93:a2:b6:da:0a:bc:65:80:24:c4:b4:53:08:ff:77:0a:17:30:
         37:3b:dd:f5:e0:04:0b:5e:ec:ac:69:25:6e:90:16:9b:96:a5:
         87:be:91:48:ac:f7:e4:16:4f:28:ca:ac:c0:2c:74:42:f9:ff:
         ef:80:e8:f6:07:33:54:1a:af:fb:6e:a5:77:2c:d8:90:e8:ef:
         30:59:03:a1:ba:66:dd:3f:99:f7:7c:b2:45:1b:d4:79:11:58:
         dc:f7:47:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3GyLw2DRMU2qPHRp4covMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNDA3ZGVhNDk5ZDczZDdlYmQ0ZTY4ODI1MTg4Njg3NTU5
Y2IxZjkwHhcNMjQwMTAxMTYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDc3MWRlYmMxNDBlYjBjYzQwNmIyYThjMTE4NzBhYjAxOWFkMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2ReymBjd71Y9Xe6ZsLnsK9m/Vsx
Cfg+pgU3KjsZ/ol348f3pNOZWOfidUkhFaCgokY++z+G+ThWJ6gY2+1k/AChQjMk
ytycE+lthivDoU9gDlWOYRkdvSTwMwYuyqq2h/a/XDXYrsoiY86plvs7x6SPtzRV
2xkYlsGvUpGy6UBOSnMcx4a3Ei4L35sauY3SdT2bAgGwsmdS3lhA3EjdsAXT4CWP
Vv3gvmGOYjT0M1x5s9vtelXe3bzU45i/ih1jR1E+C8AE5EGR2j43S/EYYlLYoV/b
RMnXIhuLsf6Q5lBZM49klFImpiXLPgO9gDi3XCX6WjspYbd2y7VlOM5uVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ13HevBQOsMxAayqMEYcKsBmtMHMB8GA1UdIwQY
MBaAFC9AfepJnXPX69TmiCUYhodVnLH5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDBCOTZrbWRjOWZyMU9hSUpSaUdoMVdjc2ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOWE0YWMtYjY3MS00MTFiLWFjNDct
MTkwMDVjYjk4OTg5LzEvblhjZDY4RkE2d3pFQnJLb3dSaHdxd0dhMHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOWE0YWMtYjY3MS00MTFiLWFjNDctMTkwMDVjYjk4OTg5
LzEvTDBCOTZrbWRjOWZyMU9hSUpSaUdoMVdjc2ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwji8MA0G
CSqGSIb3DQEBCwUAA4IBAQCY+SJc9wC/2J8Hv/mSVD+ru/C4aLVxHdtbTLLcjpEf
51XZd7l66pnNQKSb1AethLB3vhQFTZVsK4l+uB+fIN0q1F7AXArkEZSclvMj1NXK
xz8UzptmANt5FC6chtpLcmZb4nQWdkfXKEaSJink+jJqtxiIADd+xYg0X+I/UzCu
ZfrZ4HeI1Thxshdj4cwG6qSFn+qgBSRkapn81RMONqnu1h2TorbaCrxlgCTEtFMI
/3cKFzA3O9314AQLXuysaSVukBablqWHvpFIrPfkFk8oyqzALHRC+f/vgOj2BzNU
Gq/7bqV3LNiQ6O8wWQOhumbdP5n3fLJFG9R5EVjc90e7
-----END CERTIFICATE-----