Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/76c8b4-387e-4c04-8f35-c04ee05a7953/1/nrvP1MWg-0PoF_ZM_fu6IBwRKnw.roa
File:                     nrvP1MWg-0PoF_ZM_fu6IBwRKnw.roa (raw, json)
Hash identifier:          SFY+/bOEurloX1AKKyiupTLkXVVuX1N6FAKgtfVZvSo=
Subject key identifier:   9E:BB:CF:D4:C5:A0:FB:43:E8:17:F6:4C:FD:FB:BA:20:1C:11:2A:7C
Certificate issuer:       /CN=a9d78ce7a21c841d8735424776eb7ff587ad04d1
Certificate serial:       018CC4938730EF02620AE8D03D3DAA25B77F
Authority key identifier: A9:D7:8C:E7:A2:1C:84:1D:87:35:42:47:76:EB:7F:F5:87:AD:04:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qdeM56IchB2HNUJHdut_9YetBNE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/76c8b4-387e-4c04-8f35-c04ee05a7953/1/nrvP1MWg-0PoF_ZM_fu6IBwRKnw.roa
Signing time:             Mon 01 Jan 2024 10:30:51 +0000
ROA not before:           Mon 01 Jan 2024 10:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21171
IP address blocks:        185.227.124.0/22 maxlen: 22
                          80.91.32.0/20 maxlen: 20
                          2a01:9900::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/76c8b4-387e-4c04-8f35-c04ee05a7953/1/qdeM56IchB2HNUJHdut_9YetBNE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/76c8b4-387e-4c04-8f35-c04ee05a7953/1/qdeM56IchB2HNUJHdut_9YetBNE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qdeM56IchB2HNUJHdut_9YetBNE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:87:30:ef:02:62:0a:e8:d0:3d:3d:aa:25:b7:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9d78ce7a21c841d8735424776eb7ff587ad04d1
        Validity
            Not Before: Jan  1 10:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ebbcfd4c5a0fb43e817f64cfdfbba201c112a7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ba:34:bb:7b:72:2e:c5:af:12:f6:05:05:5a:
                    93:c0:e9:34:a3:d8:8d:63:3b:61:e3:59:0b:88:0d:
                    94:9a:1b:d3:45:43:b4:2a:fc:04:0f:d8:34:f1:70:
                    20:4f:3c:e4:9f:56:d8:60:6f:6b:56:ce:10:87:e8:
                    72:c1:00:bb:3a:02:89:17:8b:af:b7:be:e6:52:7a:
                    58:bf:f3:27:b9:11:14:a7:c6:2d:76:6e:6a:9e:6f:
                    8e:ce:50:c6:03:58:49:ab:d3:9d:ef:20:3a:dd:24:
                    05:c1:71:05:26:ef:b3:77:4d:c5:e5:2f:65:46:18:
                    7f:91:56:07:03:91:d5:90:d7:74:39:09:c7:68:79:
                    eb:2e:d1:07:35:7f:53:12:8a:df:97:ab:e3:02:06:
                    0a:24:02:59:1f:32:3e:ba:80:ef:91:fc:84:a3:a3:
                    08:c5:f5:fd:c4:0c:51:0c:f1:f1:ee:9f:82:27:5d:
                    cd:a1:28:78:c7:ab:f3:0a:9a:b3:5a:d0:a9:31:19:
                    ce:fe:e6:c6:08:27:9c:3e:5a:b1:45:4e:02:26:04:
                    0a:c3:36:4e:b1:a7:84:f5:6e:77:43:9a:9f:7e:18:
                    09:4e:a7:19:1c:50:1c:05:98:4a:4d:56:e8:6d:12:
                    ba:1c:91:6e:51:c8:55:99:e6:c1:fa:0f:6a:2c:3d:
                    dc:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:BB:CF:D4:C5:A0:FB:43:E8:17:F6:4C:FD:FB:BA:20:1C:11:2A:7C
            X509v3 Authority Key Identifier:
                keyid:A9:D7:8C:E7:A2:1C:84:1D:87:35:42:47:76:EB:7F:F5:87:AD:04:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qdeM56IchB2HNUJHdut_9YetBNE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/76c8b4-387e-4c04-8f35-c04ee05a7953/1/nrvP1MWg-0PoF_ZM_fu6IBwRKnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/76c8b4-387e-4c04-8f35-c04ee05a7953/1/qdeM56IchB2HNUJHdut_9YetBNE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.91.32.0/20
                  185.227.124.0/22
                IPv6:
                  2a01:9900::/32

    Signature Algorithm: sha256WithRSAEncryption
         4a:00:14:f9:d8:1d:84:b9:d7:9f:9d:f9:ae:d7:7d:16:dc:69:
         ea:fe:9e:72:6b:1c:44:98:9b:f7:35:c9:43:c0:3c:5b:67:ca:
         cd:6a:27:1c:a9:02:84:71:77:94:8b:9c:6a:d2:c4:f0:10:50:
         27:ff:d3:11:04:7c:2b:7d:ef:47:fb:8a:5c:44:d3:a4:b4:77:
         da:a1:8b:98:6e:75:49:99:45:19:2f:0b:98:34:3b:d4:0e:2c:
         2e:ff:33:81:6e:66:28:09:ba:13:38:2a:9e:29:e9:36:c6:72:
         c1:ca:47:06:f4:61:9f:b6:4c:e3:cf:89:31:f0:ac:60:5e:74:
         2a:f6:28:fb:86:ba:a9:6d:96:a3:bd:02:76:e6:77:15:a3:28:
         0c:01:2d:5a:d3:ee:0e:73:e7:b4:c3:22:a2:3f:bd:c4:21:75:
         ce:5b:32:d0:9f:fb:51:dc:3c:a3:fa:76:77:2c:11:27:e3:ef:
         62:b5:c4:a9:07:34:ac:3a:96:15:da:b6:e1:93:d1:32:52:1d:
         0a:f8:91:74:e5:89:57:15:dd:32:ff:3a:d5:2a:5a:75:23:b9:
         36:c1:8c:dc:06:dd:0e:34:68:ac:f6:e8:29:d1:f7:70:0a:01:
         15:33:f6:cf:a7:ad:71:1c:4d:f3:8d:50:e3:b7:c5:fc:72:71:
         36:08:38:16
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEk4cw7wJiCujQPT2qJbd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZDc4Y2U3YTIxYzg0MWQ4NzM1NDI0Nzc2ZWI3ZmY1ODdh
ZDA0ZDEwHhcNMjQwMTAxMTAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWJiY2ZkNGM1YTBmYjQzZTgxN2Y2NGNmZGZiYmEyMDFjMTEyYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLo0u3tyLsWvEvYFBVqTwOk0o9iN
Yzth41kLiA2UmhvTRUO0KvwED9g08XAgTzzkn1bYYG9rVs4Qh+hywQC7OgKJF4uv
t77mUnpYv/MnuREUp8Ytdm5qnm+OzlDGA1hJq9Od7yA63SQFwXEFJu+zd03F5S9l
Rhh/kVYHA5HVkNd0OQnHaHnrLtEHNX9TEorfl6vjAgYKJAJZHzI+uoDvkfyEo6MI
xfX9xAxRDPHx7p+CJ13NoSh4x6vzCpqzWtCpMRnO/ubGCCecPlqxRU4CJgQKwzZO
saeE9W53Q5qffhgJTqcZHFAcBZhKTVbobRK6HJFuUchVmebB+g9qLD3cRwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJ67z9TFoPtD6Bf2TP37uiAcESp8MB8GA1UdIwQY
MBaAFKnXjOeiHIQdhzVCR3brf/WHrQTRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWRlTTU2SWNoQjJITlVKSGR1dF85WWV0Qk5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi83NmM4YjQtMzg3ZS00YzA0LThmMzUt
YzA0ZWUwNWE3OTUzLzEvbnJ2UDFNV2ctMFBvRl9aTV9mdTZJQndSS253LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi83NmM4YjQtMzg3ZS00YzA0LThmMzUtYzA0ZWUwNWE3OTUz
LzEvcWRlTTU2SWNoQjJITlVKSGR1dF85WWV0Qk5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEUFsgAwQC
ueN8MA0EAgACMAcDBQAqAZkAMA0GCSqGSIb3DQEBCwUAA4IBAQBKABT52B2Eudef
nfmu130W3Gnq/p5yaxxEmJv3NclDwDxbZ8rNaiccqQKEcXeUi5xq0sTwEFAn/9MR
BHwrfe9H+4pcRNOktHfaoYuYbnVJmUUZLwuYNDvUDiwu/zOBbmYoCboTOCqeKek2
xnLBykcG9GGftkzjz4kx8KxgXnQq9ij7hrqpbZajvQJ25ncVoygMAS1a0+4Oc+e0
wyKiP73EIXXOWzLQn/tR3Dyj+nZ3LBEn4+9itcSpBzSsOpYV2rbhk9EyUh0K+JF0
5YlXFd0y/zrVKlp1I7k2wYzcBt0ONGis9ugp0fdwCgEVM/bPp61xHE3zjVDjt8X8
cnE2CDgW
-----END CERTIFICATE-----