Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cef3b5-a848-43d5-873a-0757a6d28224/1/nutAg_NdQc9BEKagzkaJckDBJxU.roa
File:                     nutAg_NdQc9BEKagzkaJckDBJxU.roa (raw, json)
Hash identifier:          h3nkbmO54RxHU1u5y33G55Y5ODebDfx/IaivEqTVJU4=
Subject key identifier:   9E:EB:40:83:F3:5D:41:CF:41:10:A6:A0:CE:46:89:72:40:C1:27:15
Certificate issuer:       /CN=08664835f8aafe614971ffa8683f9f74bf4d0ff4
Certificate serial:       018CC94D589F18944003EC9F131EE7DA0DAD
Authority key identifier: 08:66:48:35:F8:AA:FE:61:49:71:FF:A8:68:3F:9F:74:BF:4D:0F:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CGZINfiq_mFJcf-oaD-fdL9ND_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cef3b5-a848-43d5-873a-0757a6d28224/1/nutAg_NdQc9BEKagzkaJckDBJxU.roa
Signing time:             Tue 02 Jan 2024 08:32:18 +0000
ROA not before:           Tue 02 Jan 2024 08:32:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50647
IP address blocks:        185.181.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cef3b5-a848-43d5-873a-0757a6d28224/1/CGZINfiq_mFJcf-oaD-fdL9ND_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cef3b5-a848-43d5-873a-0757a6d28224/1/CGZINfiq_mFJcf-oaD-fdL9ND_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CGZINfiq_mFJcf-oaD-fdL9ND_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:58:9f:18:94:40:03:ec:9f:13:1e:e7:da:0d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08664835f8aafe614971ffa8683f9f74bf4d0ff4
        Validity
            Not Before: Jan  2 08:32:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9eeb4083f35d41cf4110a6a0ce46897240c12715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5f:9f:99:3c:59:18:64:59:64:a1:c4:76:e5:
                    89:49:cf:19:87:02:5f:1a:2d:8a:0b:93:5e:62:cc:
                    94:17:7c:3d:27:ae:fb:5e:20:b9:f3:e7:28:fe:40:
                    fa:6a:72:7d:b9:be:2c:56:ce:58:9c:53:37:80:58:
                    47:82:b2:ea:e8:8f:41:22:c9:6c:69:b2:be:98:8b:
                    7d:2b:4d:61:93:a6:15:49:de:58:0b:bb:50:c9:33:
                    ef:3e:6e:2b:41:07:a0:0d:61:a3:31:7d:9e:2c:39:
                    4c:d8:4b:75:41:b5:0c:17:2f:80:10:f5:eb:78:ed:
                    a2:f5:91:3a:49:53:26:ea:20:9e:56:b9:9b:55:04:
                    ed:4c:29:54:ab:67:b8:9c:0e:41:6f:fc:53:d4:1e:
                    1d:32:57:e1:e4:7b:97:8f:bf:69:38:94:7f:0f:e7:
                    01:89:ac:da:79:3f:60:b0:8f:58:6e:3d:93:34:f9:
                    81:50:b9:ce:f9:94:83:1c:73:47:a5:a6:10:af:3d:
                    3b:82:5e:15:83:33:61:8f:3b:6a:e4:80:ff:74:7e:
                    ef:a3:9c:d0:63:a4:87:49:0d:30:90:1a:1d:8b:c9:
                    ba:27:69:db:5f:d8:7b:a1:4c:0f:97:d4:31:f8:91:
                    42:00:f2:a7:3e:92:e3:fe:07:d7:bc:0d:be:d8:75:
                    64:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:EB:40:83:F3:5D:41:CF:41:10:A6:A0:CE:46:89:72:40:C1:27:15
            X509v3 Authority Key Identifier:
                keyid:08:66:48:35:F8:AA:FE:61:49:71:FF:A8:68:3F:9F:74:BF:4D:0F:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CGZINfiq_mFJcf-oaD-fdL9ND_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cef3b5-a848-43d5-873a-0757a6d28224/1/nutAg_NdQc9BEKagzkaJckDBJxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cef3b5-a848-43d5-873a-0757a6d28224/1/CGZINfiq_mFJcf-oaD-fdL9ND_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:e9:5a:9f:b0:cb:7a:b0:04:7b:ae:d2:cc:aa:b3:b4:ea:b2:
         b7:3c:de:7b:58:80:0d:f1:7d:34:55:04:0d:6e:4c:e8:63:c3:
         d6:60:cf:4a:fd:9c:7e:85:5a:19:c9:05:df:a3:ce:c3:94:b1:
         e2:9d:44:88:5e:4a:cc:3f:85:5e:af:84:f9:41:4f:94:b5:fc:
         d2:fe:54:23:87:85:49:4b:d0:c5:a7:2c:6c:06:a8:1b:55:39:
         50:2d:0a:6b:f7:9f:0e:e6:39:e9:be:ee:16:19:48:db:66:d6:
         38:78:ce:4c:1d:57:4c:e4:5c:92:73:95:33:ea:9a:2d:6e:1f:
         fa:d4:c3:a4:2c:15:1a:49:7f:2d:0f:55:e5:5f:42:38:f0:7e:
         16:ca:6d:40:fa:d1:aa:62:7e:1d:14:67:fd:d0:d3:49:38:84:
         81:ac:72:7c:2a:df:16:73:c7:cd:43:1d:63:da:4e:83:99:93:
         fe:bf:a3:77:1f:cb:31:8f:92:6b:ef:d4:d4:c2:ea:87:bf:4a:
         bb:6c:ac:a9:a3:0a:03:be:16:c4:90:5f:d7:46:88:b0:8e:9c:
         33:45:1b:0b:0f:21:31:08:28:f7:9f:ce:35:c3:2f:43:bb:c3:
         99:f6:b6:3b:8a:1a:52:f0:8c:38:c1:8d:6b:c9:ad:41:a1:62:
         f8:9b:01:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTVifGJRAA+yfEx7n2g2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4NjY0ODM1ZjhhYWZlNjE0OTcxZmZhODY4M2Y5Zjc0YmY0
ZDBmZjQwHhcNMjQwMTAyMDgzMjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWViNDA4M2YzNWQ0MWNmNDExMGE2YTBjZTQ2ODk3MjQwYzEyNzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgF+fmTxZGGRZZKHEduWJSc8ZhwJf
Gi2KC5NeYsyUF3w9J677XiC58+co/kD6anJ9ub4sVs5YnFM3gFhHgrLq6I9BIsls
abK+mIt9K01hk6YVSd5YC7tQyTPvPm4rQQegDWGjMX2eLDlM2Et1QbUMFy+AEPXr
eO2i9ZE6SVMm6iCeVrmbVQTtTClUq2e4nA5Bb/xT1B4dMlfh5HuXj79pOJR/D+cB
iazaeT9gsI9Ybj2TNPmBULnO+ZSDHHNHpaYQrz07gl4VgzNhjztq5ID/dH7vo5zQ
Y6SHSQ0wkBodi8m6J2nbX9h7oUwPl9Qx+JFCAPKnPpLj/gfXvA2+2HVkEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7rQIPzXUHPQRCmoM5GiXJAwScVMB8GA1UdIwQY
MBaAFAhmSDX4qv5hSXH/qGg/n3S/TQ/0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0daSU5maXFfbUZKY2Ytb2FELWZkTDlORF9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZWYzYjUtYTg0OC00M2Q1LTg3M2Et
MDc1N2E2ZDI4MjI0LzEvbnV0QWdfTmRRYzlCRUthZ3prYUpja0RCSnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZWYzYjUtYTg0OC00M2Q1LTg3M2EtMDc1N2E2ZDI4MjI0
LzEvQ0daSU5maXFfbUZKY2Ytb2FELWZkTDlORF9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubX4MA0G
CSqGSIb3DQEBCwUAA4IBAQCL6VqfsMt6sAR7rtLMqrO06rK3PN57WIAN8X00VQQN
bkzoY8PWYM9K/Zx+hVoZyQXfo87DlLHinUSIXkrMP4Ver4T5QU+UtfzS/lQjh4VJ
S9DFpyxsBqgbVTlQLQpr958O5jnpvu4WGUjbZtY4eM5MHVdM5FySc5Uz6potbh/6
1MOkLBUaSX8tD1XlX0I48H4Wym1A+tGqYn4dFGf90NNJOISBrHJ8Kt8Wc8fNQx1j
2k6DmZP+v6N3H8sxj5Jr79TUwuqHv0q7bKypowoDvhbEkF/XRoiwjpwzRRsLDyEx
CCj3n841wy9Du8OZ9rY7ihpS8Iw4wY1rya1BoWL4mwGs
-----END CERTIFICATE-----