Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/nMDPz3zsXkJci6RvRZvRFCR6Wu8.roa
File:                     nMDPz3zsXkJci6RvRZvRFCR6Wu8.roa (raw, json)
Hash identifier:          1nd0fsVK7cl6tNaxbLKtIqUxnFseeNDFFuv1uJpOAIQ=
Subject key identifier:   9C:C0:CF:CF:7C:EC:5E:42:5C:8B:A4:6F:45:9B:D1:14:24:7A:5A:EF
Certificate issuer:       /CN=042d9f4d6aff383c59e9de7802dbee024ee887dc
Certificate serial:       018F3310C65635E7D56EEE46FB3DFB6CE21F
Authority key identifier: 04:2D:9F:4D:6A:FF:38:3C:59:E9:DE:78:02:DB:EE:02:4E:E8:87:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BC2fTWr_ODxZ6d54AtvuAk7oh9w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/nMDPz3zsXkJci6RvRZvRFCR6Wu8.roa
Signing time:             Wed 01 May 2024 07:31:28 +0000
ROA not before:           Wed 01 May 2024 07:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36998
IP address blocks:        151.248.99.240/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/BC2fTWr_ODxZ6d54AtvuAk7oh9w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/BC2fTWr_ODxZ6d54AtvuAk7oh9w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BC2fTWr_ODxZ6d54AtvuAk7oh9w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:33:10:c6:56:35:e7:d5:6e:ee:46:fb:3d:fb:6c:e2:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=042d9f4d6aff383c59e9de7802dbee024ee887dc
        Validity
            Not Before: May  1 07:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cc0cfcf7cec5e425c8ba46f459bd114247a5aef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ba:f6:34:0a:04:fb:38:96:bf:fa:71:82:49:
                    33:aa:ee:ab:25:04:09:45:e9:1b:62:67:d1:e7:84:
                    2b:bb:eb:42:aa:37:be:73:80:c9:e3:15:ba:ea:81:
                    a7:d6:ce:c7:05:61:c8:54:e7:df:c1:0f:10:bf:60:
                    28:37:b2:8c:8d:fb:fb:e0:6b:ea:20:69:3c:81:77:
                    55:8d:b3:04:96:9d:31:6d:6c:9e:b1:ff:76:ef:09:
                    5a:c8:ee:91:2e:51:67:8c:08:7c:2b:18:a2:6b:a3:
                    e5:a2:5b:ec:ce:2e:bb:22:13:ee:c8:cb:9b:f4:17:
                    36:43:da:02:1f:d5:f8:ad:52:ff:68:94:a6:c2:c1:
                    ba:9d:6a:35:c8:7d:a0:d0:1e:be:3d:f9:be:f4:a5:
                    9d:d7:c6:ec:38:68:3f:33:f3:ed:b5:27:fd:e0:62:
                    a1:29:f4:ae:cb:32:51:21:7f:e2:25:b1:da:42:b7:
                    a2:d7:3d:df:6a:d3:c8:1c:93:e3:8d:75:1d:91:1b:
                    90:4a:a4:b4:ea:34:9e:d7:6d:e2:9c:fa:5b:c3:7f:
                    82:5c:bb:7d:35:f4:7c:98:df:91:dd:5f:26:51:27:
                    9a:0c:6b:37:96:d3:05:3e:f8:0f:e4:7a:53:85:dd:
                    b9:d9:7f:b5:30:d5:48:74:c2:e9:04:d6:1b:9a:cb:
                    3e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C0:CF:CF:7C:EC:5E:42:5C:8B:A4:6F:45:9B:D1:14:24:7A:5A:EF
            X509v3 Authority Key Identifier:
                keyid:04:2D:9F:4D:6A:FF:38:3C:59:E9:DE:78:02:DB:EE:02:4E:E8:87:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BC2fTWr_ODxZ6d54AtvuAk7oh9w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/nMDPz3zsXkJci6RvRZvRFCR6Wu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/c1364a-0501-4faf-bcfa-aae1447603c0/1/BC2fTWr_ODxZ6d54AtvuAk7oh9w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.248.99.240/29

    Signature Algorithm: sha256WithRSAEncryption
         39:d3:c4:9a:05:28:86:ef:9a:a2:94:ba:68:11:78:c0:a4:f4:
         c6:b6:8b:01:04:70:24:05:4d:9b:5e:c7:9b:8f:36:00:f2:cf:
         f9:28:ba:29:aa:a3:8c:30:ba:80:31:d5:38:ff:3c:cd:42:23:
         a1:cc:88:a1:91:d2:a2:93:23:14:a7:0a:74:3e:7c:ea:df:c9:
         bb:62:40:4b:40:f7:2b:97:7d:94:29:64:14:22:37:8a:47:66:
         66:93:71:25:6e:2d:e7:43:66:1b:09:63:a1:db:89:f0:53:7a:
         79:b7:58:6d:cd:e6:26:47:6d:4b:ec:fd:74:b2:51:95:17:0d:
         0d:d0:d2:95:1a:04:b9:e4:91:cb:b5:12:98:ab:56:36:40:54:
         74:68:04:45:7a:ed:5c:60:13:ca:90:47:91:e2:72:25:9e:0b:
         5c:f6:70:29:6b:eb:9f:93:b8:f8:bc:33:ee:70:21:c6:a4:aa:
         f8:f1:68:7f:10:6a:80:55:b7:b7:91:47:34:7a:a6:0e:9b:e1:
         17:7d:6d:d3:0a:6c:d7:25:e6:d6:9c:b7:d3:03:89:57:af:43:
         f3:5b:1b:4a:54:21:55:72:8b:b4:fb:2f:60:67:04:71:58:17:
         84:10:8a:96:50:5a:f1:3f:c1:56:f2:60:df:5d:b6:5b:da:13:
         1a:d6:ee:6c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8zEMZWNefVbu5G+z37bOIfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MmQ5ZjRkNmFmZjM4M2M1OWU5ZGU3ODAyZGJlZTAyNGVl
ODg3ZGMwHhcNMjQwNTAxMDczMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2MwY2ZjZjdjZWM1ZTQyNWM4YmE0NmY0NTliZDExNDI0N2E1YWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbr2NAoE+ziWv/pxgkkzqu6rJQQJ
RekbYmfR54Qru+tCqje+c4DJ4xW66oGn1s7HBWHIVOffwQ8Qv2AoN7KMjfv74Gvq
IGk8gXdVjbMElp0xbWyesf927wlayO6RLlFnjAh8Kxiia6Plolvszi67IhPuyMub
9Bc2Q9oCH9X4rVL/aJSmwsG6nWo1yH2g0B6+Pfm+9KWd18bsOGg/M/PttSf94GKh
KfSuyzJRIX/iJbHaQrei1z3fatPIHJPjjXUdkRuQSqS06jSe123inPpbw3+CXLt9
NfR8mN+R3V8mUSeaDGs3ltMFPvgP5HpThd252X+1MNVIdMLpBNYbmss+LwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJzAz8987F5CXIukb0Wb0RQkelrvMB8GA1UdIwQY
MBaAFAQtn01q/zg8WeneeALb7gJO6IfcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkMyZlRXcl9PRHhaNmQ1NEF0dnVBazdvaDl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9jMTM2NGEtMDUwMS00ZmFmLWJjZmEt
YWFlMTQ0NzYwM2MwLzEvbk1EUHozenNYa0pjaTZSdlJadlJGQ1I2V3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9jMTM2NGEtMDUwMS00ZmFmLWJjZmEtYWFlMTQ0NzYwM2Mw
LzEvQkMyZlRXcl9PRHhaNmQ1NEF0dnVBazdvaDl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUDl/hj8DAN
BgkqhkiG9w0BAQsFAAOCAQEAOdPEmgUohu+aopS6aBF4wKT0xraLAQRwJAVNm17H
m482APLP+Si6KaqjjDC6gDHVOP88zUIjocyIoZHSopMjFKcKdD586t/Ju2JAS0D3
K5d9lClkFCI3ikdmZpNxJW4t50NmGwljoduJ8FN6ebdYbc3mJkdtS+z9dLJRlRcN
DdDSlRoEueSRy7USmKtWNkBUdGgERXrtXGATypBHkeJyJZ4LXPZwKWvrn5O4+Lwz
7nAhxqSq+PFofxBqgFW3t5FHNHqmDpvhF31t0wps1yXm1py30wOJV69D81sbSlQh
VXKLtPsvYGcEcVgXhBCKllBa8T/BVvJg3122W9oTGtbubA==
-----END CERTIFICATE-----