Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/nsaZA6iIyWtFswu-xQbOeZhkgKg.roa
File:                     nsaZA6iIyWtFswu-xQbOeZhkgKg.roa (raw, json)
Hash identifier:          1PmANUjg8PltBqFPi5uCI8OuB2yk5AeuI55XVvasu4w=
Subject key identifier:   9E:C6:99:03:A8:88:C9:6B:45:B3:0B:BE:C5:06:CE:79:98:64:80:A8
Certificate issuer:       /CN=47e05df247174cd350b1af37833327c7702b8fff
Certificate serial:       018D5976C970CC557701319209591E46AFA5
Authority key identifier: 47:E0:5D:F2:47:17:4C:D3:50:B1:AF:37:83:33:27:C7:70:2B:8F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R-Bd8kcXTNNQsa83gzMnx3Arj_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/nsaZA6iIyWtFswu-xQbOeZhkgKg.roa
Signing time:             Tue 30 Jan 2024 08:22:53 +0000
ROA not before:           Tue 30 Jan 2024 08:22:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24953
IP address blocks:        194.59.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/R-Bd8kcXTNNQsa83gzMnx3Arj_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/R-Bd8kcXTNNQsa83gzMnx3Arj_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R-Bd8kcXTNNQsa83gzMnx3Arj_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:76:c9:70:cc:55:77:01:31:92:09:59:1e:46:af:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47e05df247174cd350b1af37833327c7702b8fff
        Validity
            Not Before: Jan 30 08:22:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ec69903a888c96b45b30bbec506ce79986480a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7e:f3:f3:bb:3b:1b:c6:02:3c:91:60:11:1d:
                    ea:60:0e:cf:21:21:8a:65:16:04:47:96:e9:3b:d7:
                    4e:c8:fe:95:ab:bd:46:75:be:54:2a:35:97:df:90:
                    f8:ad:77:7b:75:19:0e:7b:26:20:45:ad:cc:00:7b:
                    0c:79:83:5c:d1:b2:4d:ac:35:cb:bc:39:b6:fe:85:
                    d8:31:a1:af:40:a6:4d:e1:34:e9:9d:8d:d5:40:27:
                    a4:94:99:41:93:fd:1a:21:a1:47:26:b8:88:41:a6:
                    12:27:86:b7:ba:cc:bb:48:1d:78:94:b6:39:1f:71:
                    f6:11:9a:04:d9:e8:41:72:5c:83:64:14:ab:79:f9:
                    1c:90:b9:66:e0:b0:3d:b1:3e:98:84:28:4e:0f:07:
                    b7:21:00:1a:f5:27:75:34:4e:de:15:1f:ff:88:57:
                    c7:3b:c6:22:b6:96:2c:cf:60:ee:9c:04:4b:58:e9:
                    e1:81:8b:9a:ff:40:db:71:42:1d:24:58:39:d2:c4:
                    86:49:f2:3e:93:37:21:13:dd:5f:5f:6c:ef:ef:74:
                    8a:3c:e9:eb:cb:15:b7:0f:4b:30:a4:cc:8c:97:b6:
                    1c:3b:ec:6f:54:f2:eb:08:58:3c:c7:ea:fc:e0:ea:
                    01:a4:7a:05:56:df:5b:94:17:19:53:a0:3e:ee:ce:
                    6a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:C6:99:03:A8:88:C9:6B:45:B3:0B:BE:C5:06:CE:79:98:64:80:A8
            X509v3 Authority Key Identifier:
                keyid:47:E0:5D:F2:47:17:4C:D3:50:B1:AF:37:83:33:27:C7:70:2B:8F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-Bd8kcXTNNQsa83gzMnx3Arj_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/nsaZA6iIyWtFswu-xQbOeZhkgKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/38c2e1-8a3f-40b1-8353-aec96f431018/1/R-Bd8kcXTNNQsa83gzMnx3Arj_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.59.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:dd:5b:6b:80:a1:bc:d7:2c:94:2f:b1:0a:63:63:71:ac:e2:
         c9:eb:3f:a8:27:16:36:9d:61:0d:23:e2:52:89:55:7d:ca:98:
         9a:14:3d:55:bf:ef:0b:90:6c:46:68:48:fd:92:f9:18:70:7c:
         2b:52:e9:db:ff:07:d2:9b:d0:da:a7:7d:3a:97:c3:37:b2:08:
         05:a9:5d:2d:1b:f7:24:c1:1d:35:48:0a:d7:19:a6:ef:36:49:
         96:3c:4e:2d:37:a1:8f:14:8f:43:3a:bd:23:65:75:97:5b:55:
         ef:ba:1a:29:1b:3c:85:d5:40:51:e1:c8:b4:ba:a2:98:b6:2a:
         70:29:d5:3e:9e:68:ae:92:95:5e:9d:95:c0:0f:4b:e8:67:36:
         84:ac:f0:68:2a:a2:9f:c6:2b:0c:3e:11:54:1f:99:e5:18:61:
         1d:ea:61:49:0c:b6:22:dc:ff:d6:1a:69:49:da:bd:4b:d5:3e:
         9a:3a:48:4c:a0:7b:d0:26:f3:3f:19:6a:55:b5:52:5e:b0:47:
         ba:45:49:ea:2d:18:08:de:31:7f:99:fe:32:2a:20:53:1e:6c:
         c4:a6:95:00:46:88:52:0e:61:00:54:41:78:76:22:b2:f8:d5:
         ca:de:f2:74:9a:05:ae:10:9f:50:2a:50:41:96:2e:b9:a4:01:
         63:81:32:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1ZdslwzFV3ATGSCVkeRq+lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZTA1ZGYyNDcxNzRjZDM1MGIxYWYzNzgzMzMyN2M3NzAy
YjhmZmYwHhcNMjQwMTMwMDgyMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWM2OTkwM2E4ODhjOTZiNDViMzBiYmVjNTA2Y2U3OTk4NjQ4MGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr37z87s7G8YCPJFgER3qYA7PISGK
ZRYER5bpO9dOyP6Vq71Gdb5UKjWX35D4rXd7dRkOeyYgRa3MAHsMeYNc0bJNrDXL
vDm2/oXYMaGvQKZN4TTpnY3VQCeklJlBk/0aIaFHJriIQaYSJ4a3usy7SB14lLY5
H3H2EZoE2ehBclyDZBSrefkckLlm4LA9sT6YhChODwe3IQAa9Sd1NE7eFR//iFfH
O8YitpYsz2DunARLWOnhgYua/0DbcUIdJFg50sSGSfI+kzchE91fX2zv73SKPOnr
yxW3D0swpMyMl7YcO+xvVPLrCFg8x+r84OoBpHoFVt9blBcZU6A+7s5qNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7GmQOoiMlrRbMLvsUGznmYZICoMB8GA1UdIwQY
MBaAFEfgXfJHF0zTULGvN4MzJ8dwK4//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1CZDhrY1hUTk5Rc2E4M2d6TW54M0Fyal84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8zOGMyZTEtOGEzZi00MGIxLTgzNTMt
YWVjOTZmNDMxMDE4LzEvbnNhWkE2aUl5V3RGc3d1LXhRYk9lWmhrZ0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8zOGMyZTEtOGEzZi00MGIxLTgzNTMtYWVjOTZmNDMxMDE4
LzEvUi1CZDhrY1hUTk5Rc2E4M2d6TW54M0Fyal84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjuyMA0G
CSqGSIb3DQEBCwUAA4IBAQB63VtrgKG81yyUL7EKY2NxrOLJ6z+oJxY2nWENI+JS
iVV9ypiaFD1Vv+8LkGxGaEj9kvkYcHwrUunb/wfSm9Dap306l8M3sggFqV0tG/ck
wR01SArXGabvNkmWPE4tN6GPFI9DOr0jZXWXW1XvuhopGzyF1UBR4ci0uqKYtipw
KdU+nmiukpVenZXAD0voZzaErPBoKqKfxisMPhFUH5nlGGEd6mFJDLYi3P/WGmlJ
2r1L1T6aOkhMoHvQJvM/GWpVtVJesEe6RUnqLRgI3jF/mf4yKiBTHmzEppUARohS
DmEAVEF4diKy+NXK3vJ0mgWuEJ9QKlBBli65pAFjgTL3
-----END CERTIFICATE-----