Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/nvSKQC4enRQvOWpiYUoyaCuLDaU.roa
File:                     nvSKQC4enRQvOWpiYUoyaCuLDaU.roa (raw, json)
Hash identifier:          FKHmSpbqoLL9LSXAFM++mO91SIsWppSHEQnG4xGF8Sc=
Subject key identifier:   9E:F4:8A:40:2E:1E:9D:14:2F:39:6A:62:61:4A:32:68:2B:8B:0D:A5
Certificate issuer:       /CN=d92cad11f12d86d18951cbd751ee5124f718951f
Certificate serial:       018CC4938F74EDF7CD4F1E96886FDAE20DA9
Authority key identifier: D9:2C:AD:11:F1:2D:86:D1:89:51:CB:D7:51:EE:51:24:F7:18:95:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/nvSKQC4enRQvOWpiYUoyaCuLDaU.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50629
IP address blocks:        193.3.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:8f:74:ed:f7:cd:4f:1e:96:88:6f:da:e2:0d:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d92cad11f12d86d18951cbd751ee5124f718951f
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ef48a402e1e9d142f396a62614a32682b8b0da5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:c1:0d:62:f2:2c:6b:7e:ac:01:e4:48:a7:57:
                    83:62:3c:d3:9d:78:1d:a1:96:2f:b2:12:c1:c1:80:
                    ca:d4:5a:52:f3:77:12:4d:b0:08:25:76:5c:f9:95:
                    2f:16:3c:7c:8d:78:66:4b:6f:ad:89:c6:6f:c0:a0:
                    69:2b:55:35:7e:fd:8b:5f:fa:ff:08:75:c0:41:82:
                    47:f7:d9:a9:ce:74:68:fc:02:b0:c7:66:51:88:cd:
                    9f:62:25:f6:d8:30:a8:f9:1e:c8:4a:8d:fe:55:ce:
                    1b:29:24:47:32:c8:a4:d4:8d:08:da:5d:21:2f:fc:
                    f8:de:8a:9b:c8:cc:91:9a:80:31:15:64:1f:a2:4e:
                    7c:34:dd:61:0d:ef:ef:88:c9:05:a6:e0:2d:d9:0a:
                    06:67:a4:7c:7b:05:32:33:c8:7b:c8:53:f8:aa:bd:
                    3e:27:28:6e:a0:da:37:7f:30:eb:ca:6d:09:80:a4:
                    78:3d:f5:1e:04:b6:09:c5:3c:08:c2:dc:10:d0:b0:
                    93:8d:32:fd:70:34:9b:cd:eb:5e:87:df:0e:07:28:
                    8c:16:62:b2:48:48:80:aa:1a:bc:55:86:e4:94:18:
                    84:70:19:a6:49:0d:cd:e8:5c:a4:98:a3:c9:38:92:
                    a2:31:ba:2a:ff:8c:d2:0a:0d:0d:7d:d2:8f:c4:96:
                    d0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F4:8A:40:2E:1E:9D:14:2F:39:6A:62:61:4A:32:68:2B:8B:0D:A5
            X509v3 Authority Key Identifier:
                keyid:D9:2C:AD:11:F1:2D:86:D1:89:51:CB:D7:51:EE:51:24:F7:18:95:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2SytEfEthtGJUcvXUe5RJPcYlR8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/nvSKQC4enRQvOWpiYUoyaCuLDaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/09bd91-5e18-4213-8053-1b03fdba0a24/1/2SytEfEthtGJUcvXUe5RJPcYlR8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:d4:4e:29:53:85:a6:90:06:21:52:ac:da:b4:88:0f:58:7f:
         60:0f:4b:0a:05:5e:45:b1:06:72:c4:27:4f:29:3f:b6:e1:9c:
         50:1a:33:07:22:a8:33:cb:11:1f:e4:54:48:d9:95:82:59:64:
         54:a8:5b:b2:31:37:0f:5a:37:0e:2a:97:63:e7:56:27:23:df:
         d9:eb:ce:f3:3a:dd:2e:22:e5:ef:eb:1f:db:ac:53:2c:4d:c9:
         d2:bc:6e:07:0c:92:43:f1:f0:62:9e:a4:f3:55:a2:24:6b:69:
         6b:1c:6a:5a:74:9c:26:b3:a3:c0:bf:bb:b0:5a:6b:95:7f:54:
         ad:91:b8:50:d6:2e:c0:b4:11:cf:36:2d:fe:25:2c:0d:0d:09:
         82:31:a1:71:4f:5b:6f:4e:f6:7f:8e:f3:f1:74:72:92:17:9b:
         72:bf:e1:be:a1:c1:31:0e:2e:3f:c0:f9:bf:d5:5f:d5:cb:b2:
         15:d8:72:4f:b8:52:05:90:18:13:74:a3:15:29:e8:17:2b:d3:
         c5:68:ff:63:da:f1:c1:25:58:7e:1b:a8:14:6e:57:c3:1a:63:
         c5:06:7c:95:75:c4:6a:9f:f3:d0:40:ac:13:06:b4:0a:0f:7f:
         a7:e4:fa:75:10:15:4a:00:05:1a:4e:3c:3d:86:ca:cf:cf:98:
         67:03:06:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4907ffNTx6WiG/a4g2pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MmNhZDExZjEyZDg2ZDE4OTUxY2JkNzUxZWU1MTI0Zjcx
ODk1MWYwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY0OGE0MDJlMWU5ZDE0MmYzOTZhNjI2MTRhMzI2ODJiOGIwZGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsENYvIsa36sAeRIp1eDYjzTnXgd
oZYvshLBwYDK1FpS83cSTbAIJXZc+ZUvFjx8jXhmS2+ticZvwKBpK1U1fv2LX/r/
CHXAQYJH99mpznRo/AKwx2ZRiM2fYiX22DCo+R7ISo3+Vc4bKSRHMsik1I0I2l0h
L/z43oqbyMyRmoAxFWQfok58NN1hDe/viMkFpuAt2QoGZ6R8ewUyM8h7yFP4qr0+
JyhuoNo3fzDrym0JgKR4PfUeBLYJxTwIwtwQ0LCTjTL9cDSbzeteh98OByiMFmKy
SEiAqhq8VYbklBiEcBmmSQ3N6FykmKPJOJKiMboq/4zSCg0NfdKPxJbQtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ70ikAuHp0ULzlqYmFKMmgriw2lMB8GA1UdIwQY
MBaAFNksrRHxLYbRiVHL11HuUST3GJUfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlN5dEVmRXRodEdKVWN2WFVlNVJKUGNZbFI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8wOWJkOTEtNWUxOC00MjEzLTgwNTMt
MWIwM2ZkYmEwYTI0LzEvbnZTS1FDNGVuUlF2T1dwaVlVb3lhQ3VMRGFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8wOWJkOTEtNWUxOC00MjEzLTgwNTMtMWIwM2ZkYmEwYTI0
LzEvMlN5dEVmRXRodEdKVWN2WFVlNVJKUGNZbFI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQOAMA0G
CSqGSIb3DQEBCwUAA4IBAQAz1E4pU4WmkAYhUqzatIgPWH9gD0sKBV5FsQZyxCdP
KT+24ZxQGjMHIqgzyxEf5FRI2ZWCWWRUqFuyMTcPWjcOKpdj51YnI9/Z687zOt0u
IuXv6x/brFMsTcnSvG4HDJJD8fBinqTzVaIka2lrHGpadJwms6PAv7uwWmuVf1St
kbhQ1i7AtBHPNi3+JSwNDQmCMaFxT1tvTvZ/jvPxdHKSF5tyv+G+ocExDi4/wPm/
1V/Vy7IV2HJPuFIFkBgTdKMVKegXK9PFaP9j2vHBJVh+G6gUblfDGmPFBnyVdcRq
n/PQQKwTBrQKD3+n5Pp1EBVKAAUaTjw9hsrPz5hnAwZd
-----END CERTIFICATE-----