Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/NfHp_KURQRvxrBTLR6Ym_BnKK_0.roa
File:                     NfHp_KURQRvxrBTLR6Ym_BnKK_0.roa (raw, json)
Hash identifier:          siID7RVjOlrbTaVZoXKHyBIlGS7RtMjHfRXOLDl9HYM=
Subject key identifier:   35:F1:E9:FC:A5:11:41:1B:F1:AC:14:CB:47:A6:26:FC:19:CA:2B:FD
Certificate issuer:       /CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
Certificate serial:       018CCA2A008F14E9E968E1C932C8EA6CA374
Authority key identifier: 09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/NfHp_KURQRvxrBTLR6Ym_BnKK_0.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198218
IP address blocks:        164.40.160.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:00:8f:14:e9:e9:68:e1:c9:32:c8:ea:6c:a3:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35f1e9fca511411bf1ac14cb47a626fc19ca2bfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:09:9b:b8:32:84:4b:3f:60:95:7b:a3:9f:77:
                    36:91:62:1b:ce:b0:b7:0f:ce:3c:88:7a:83:8b:f6:
                    2b:30:ee:90:37:22:f5:75:9b:ac:dc:ab:30:70:52:
                    ef:e6:58:73:b4:3e:f3:28:c2:5a:2f:47:d7:7c:b9:
                    2a:b1:db:74:5f:7f:28:1e:48:81:f6:7b:c8:e5:1b:
                    a1:01:e9:1c:37:e0:2c:3e:2a:0a:87:c1:c5:7f:b8:
                    ed:06:83:76:6c:50:29:3e:96:3f:6f:39:c7:78:dd:
                    b7:cb:47:ca:41:0b:0b:f8:c1:e7:c7:27:a5:7c:ab:
                    78:a1:78:56:dd:85:af:cb:81:9e:41:ba:87:2b:48:
                    91:3f:78:dc:74:52:bc:da:c5:78:13:6d:1f:09:22:
                    22:9e:21:49:77:e3:75:f1:9d:80:00:ba:b8:80:e7:
                    1e:84:54:73:9f:ca:51:2a:56:89:fb:7a:ff:12:57:
                    c7:02:03:de:93:20:f5:a1:a1:bc:58:e5:30:ae:3c:
                    8f:fe:d2:f2:c2:d7:0d:65:64:a7:78:3d:9c:a1:76:
                    0c:fb:c1:ee:1a:bb:52:c1:4e:98:22:f3:63:e6:b9:
                    fc:cc:49:a7:3d:62:9f:8d:71:7d:e8:19:15:ad:66:
                    c0:c9:87:80:96:06:e6:35:9e:7c:4a:cb:25:63:f6:
                    08:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F1:E9:FC:A5:11:41:1B:F1:AC:14:CB:47:A6:26:FC:19:CA:2B:FD
            X509v3 Authority Key Identifier:
                keyid:09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/NfHp_KURQRvxrBTLR6Ym_BnKK_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.40.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4b:09:51:61:fa:93:c3:18:7d:4e:d3:fd:a4:f2:ac:79:d0:99:
         5c:dd:f5:5c:79:02:b1:05:62:b1:c0:dd:ed:66:6f:13:bb:dc:
         8e:79:1a:63:78:3a:36:5e:9b:26:c8:8a:8a:62:1c:79:66:cf:
         8c:ea:db:f9:4c:9a:65:4e:d4:ca:70:84:0b:39:4e:a9:f4:44:
         a4:18:77:18:dd:08:77:51:eb:ac:5d:49:4b:27:75:29:c4:20:
         d2:84:ee:5e:70:4c:af:96:a0:f6:48:63:82:32:0b:82:0e:2d:
         49:46:37:11:ae:67:24:27:96:28:0f:d9:4d:18:04:6f:c7:99:
         5e:da:14:ba:ea:ef:ae:ed:25:c7:b6:7a:be:84:53:8d:bb:f0:
         0b:54:86:05:43:0e:ca:32:eb:e8:8d:50:6e:c6:ae:4a:0b:a3:
         a7:f5:4a:d2:79:20:1a:ed:1a:a3:e9:90:42:a3:d5:7e:3b:bf:
         d7:86:3c:58:92:ae:af:05:03:83:88:b7:09:15:87:0f:d2:33:
         6d:0a:93:a5:1c:be:26:9b:c7:1e:e3:c8:fc:0c:5e:e1:1b:a8:
         f5:77:ce:5b:bc:5c:87:74:37:3b:b6:cc:b3:8b:ec:d8:2d:d0:
         4d:28:e6:2f:95:08:0b:bb:d5:64:db:ef:7d:0f:cc:45:b8:60:
         d2:19:cd:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgCPFOnpaOHJMsjqbKN0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZjBkY2NlYjc0ZjExODVhY2Q5N2FlZWFhYzI1ZGRhNWU5
YjA5MzYwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWYxZTlmY2E1MTE0MTFiZjFhYzE0Y2I0N2E2MjZmYzE5Y2EyYmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwmbuDKESz9glXujn3c2kWIbzrC3
D848iHqDi/YrMO6QNyL1dZus3KswcFLv5lhztD7zKMJaL0fXfLkqsdt0X38oHkiB
9nvI5RuhAekcN+AsPioKh8HFf7jtBoN2bFApPpY/bznHeN23y0fKQQsL+MHnxyel
fKt4oXhW3YWvy4GeQbqHK0iRP3jcdFK82sV4E20fCSIiniFJd+N18Z2AALq4gOce
hFRzn8pRKlaJ+3r/ElfHAgPekyD1oaG8WOUwrjyP/tLywtcNZWSneD2coXYM+8Hu
GrtSwU6YIvNj5rn8zEmnPWKfjXF96BkVrWbAyYeAlgbmNZ58SsslY/YIxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXx6fylEUEb8awUy0emJvwZyiv9MB8GA1UdIwQY
MBaAFAnw3M63TxGFrNl67qrCXdpemwk2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgt
OTk2MTg5ZjljZTE0LzEvTmZIcF9LVVJRUnZ4ckJUTFI2WW1fQm5LS18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgtOTk2MTg5ZjljZTE0
LzEvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDpCigMA0G
CSqGSIb3DQEBCwUAA4IBAQBLCVFh+pPDGH1O0/2k8qx50Jlc3fVceQKxBWKxwN3t
Zm8Tu9yOeRpjeDo2XpsmyIqKYhx5Zs+M6tv5TJplTtTKcIQLOU6p9ESkGHcY3Qh3
UeusXUlLJ3UpxCDShO5ecEyvlqD2SGOCMguCDi1JRjcRrmckJ5YoD9lNGARvx5le
2hS66u+u7SXHtnq+hFONu/ALVIYFQw7KMuvojVBuxq5KC6On9UrSeSAa7Rqj6ZBC
o9V+O7/XhjxYkq6vBQODiLcJFYcP0jNtCpOlHL4mm8ce48j8DF7hG6j1d85bvFyH
dDc7tsyzi+zYLdBNKOYvlQgLu9Vk2+99D8xFuGDSGc0L
-----END CERTIFICATE-----