Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/nmbAw0PF_9uvmNDVc4sUjXkkF8Q.roa
File:                     nmbAw0PF_9uvmNDVc4sUjXkkF8Q.roa (raw, json)
Hash identifier:          H7CgRPLGbVj8HojuuDALjBbbCEKhiccERm+DkmA2qd4=
Subject key identifier:   9E:66:C0:C3:43:C5:FF:DB:AF:98:D0:D5:73:8B:14:8D:79:24:17:C4
Certificate issuer:       /CN=b085804db153eb724c58557c79359c4408205550
Certificate serial:       018EEB6DCEE4196B3EE2C494C254F625EB0C
Authority key identifier: B0:85:80:4D:B1:53:EB:72:4C:58:55:7C:79:35:9C:44:08:20:55:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sIWATbFT63JMWFV8eTWcRAggVVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/nmbAw0PF_9uvmNDVc4sUjXkkF8Q.roa
Signing time:             Wed 17 Apr 2024 09:40:25 +0000
ROA not before:           Wed 17 Apr 2024 09:40:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51171
IP address blocks:        195.54.168.0/23 maxlen: 23
                          195.54.168.0/24 maxlen: 24
                          195.54.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/sIWATbFT63JMWFV8eTWcRAggVVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/sIWATbFT63JMWFV8eTWcRAggVVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sIWATbFT63JMWFV8eTWcRAggVVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 11:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:eb:6d:ce:e4:19:6b:3e:e2:c4:94:c2:54:f6:25:eb:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b085804db153eb724c58557c79359c4408205550
        Validity
            Not Before: Apr 17 09:40:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e66c0c343c5ffdbaf98d0d5738b148d792417c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3f:a7:40:28:d1:13:65:27:42:80:b2:95:56:
                    38:88:dd:ef:10:4a:74:7a:0d:ee:88:7a:39:54:9d:
                    ff:9f:aa:dd:3b:94:46:45:e6:da:b4:95:b3:49:06:
                    0d:8f:aa:ee:cc:8b:35:10:f1:32:9f:1e:6e:5f:10:
                    da:3a:78:d0:db:88:06:c3:76:40:9b:53:01:ec:87:
                    c2:8a:da:59:8b:43:aa:6f:d6:08:a8:09:ad:f7:02:
                    23:b7:cd:06:62:8d:31:b0:23:d8:50:1e:9e:a4:44:
                    b5:f0:6f:73:b1:b4:6a:fa:0a:47:f3:8b:84:cf:d3:
                    07:fa:1c:10:52:ca:9e:af:73:38:8a:bf:50:08:c4:
                    bc:2c:c8:01:8c:c1:4a:97:5f:d4:b0:7a:86:43:e4:
                    43:a6:48:6d:40:da:8c:37:1f:85:d8:e0:be:2a:18:
                    b8:f3:a4:40:cb:65:f5:1d:01:19:c5:dd:9b:b1:85:
                    6f:65:90:f2:36:33:8b:45:57:d2:0a:b0:cc:78:3c:
                    3d:cf:ee:b4:60:60:67:84:f8:ae:c8:2b:f3:c7:54:
                    1c:f1:5b:49:29:1c:45:a0:cb:85:94:d5:31:c4:13:
                    a8:74:8b:70:e0:af:18:f5:50:54:d0:66:e2:9f:a2:
                    35:d4:19:c3:30:96:c1:1e:e8:09:28:61:da:1e:cb:
                    ff:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:66:C0:C3:43:C5:FF:DB:AF:98:D0:D5:73:8B:14:8D:79:24:17:C4
            X509v3 Authority Key Identifier:
                keyid:B0:85:80:4D:B1:53:EB:72:4C:58:55:7C:79:35:9C:44:08:20:55:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sIWATbFT63JMWFV8eTWcRAggVVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/nmbAw0PF_9uvmNDVc4sUjXkkF8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/29aa96-123f-40ea-95d5-d25b7ca3db89/1/sIWATbFT63JMWFV8eTWcRAggVVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:fa:33:d1:82:d8:45:92:e5:04:b3:94:f2:84:3f:01:99:41:
         d3:ea:ce:3b:68:6a:d9:fa:0f:cc:38:63:6b:78:c9:d2:42:14:
         e4:a1:d1:d2:b1:5c:70:2d:39:9c:f0:d2:ac:24:99:20:e8:21:
         b3:31:6f:f8:88:4c:c4:03:50:58:2e:f7:ea:f7:33:df:cb:fe:
         b6:85:b6:a6:62:99:e8:5f:0a:22:e1:ad:94:52:39:5b:d2:ce:
         de:d7:78:dd:41:f7:d3:24:6e:e1:18:fd:0c:a6:48:3c:8b:ee:
         3d:80:8e:c9:1e:ad:b2:8e:a7:2b:32:4e:16:f6:a9:ea:2e:cd:
         94:d6:31:9d:2a:1a:a7:c9:82:a5:0c:d6:66:ab:05:6c:88:1c:
         02:52:37:39:ad:87:c5:77:a7:36:fc:cf:ba:c3:f5:cc:df:9f:
         e3:68:e9:b7:a2:c7:73:70:31:f9:ee:f5:bb:25:99:e5:44:12:
         b7:7f:48:2d:31:82:5f:d3:b5:8f:6f:77:84:cf:12:15:a4:35:
         d9:fd:28:68:d6:c4:b4:fd:75:99:6d:5f:df:99:dd:33:83:04:
         33:fd:be:9a:68:f2:6a:09:1f:f0:01:9a:90:ed:93:06:cb:84:
         4c:d7:63:a0:99:ce:9b:f0:d8:78:9a:47:09:50:29:2b:99:27:
         9a:91:cf:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7rbc7kGWs+4sSUwlT2JesMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwODU4MDRkYjE1M2ViNzI0YzU4NTU3Yzc5MzU5YzQ0MDgy
MDU1NTAwHhcNMjQwNDE3MDk0MDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTY2YzBjMzQzYzVmZmRiYWY5OGQwZDU3MzhiMTQ4ZDc5MjQxN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj+nQCjRE2UnQoCylVY4iN3vEEp0
eg3uiHo5VJ3/n6rdO5RGRebatJWzSQYNj6ruzIs1EPEynx5uXxDaOnjQ24gGw3ZA
m1MB7IfCitpZi0Oqb9YIqAmt9wIjt80GYo0xsCPYUB6epES18G9zsbRq+gpH84uE
z9MH+hwQUsqer3M4ir9QCMS8LMgBjMFKl1/UsHqGQ+RDpkhtQNqMNx+F2OC+Khi4
86RAy2X1HQEZxd2bsYVvZZDyNjOLRVfSCrDMeDw9z+60YGBnhPiuyCvzx1Qc8VtJ
KRxFoMuFlNUxxBOodItw4K8Y9VBU0Gbin6I11BnDMJbBHugJKGHaHsv/jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5mwMNDxf/br5jQ1XOLFI15JBfEMB8GA1UdIwQY
MBaAFLCFgE2xU+tyTFhVfHk1nEQIIFVQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0lXQVRiRlQ2M0pNV0ZWOGVUV2NSQWdnVlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC8yOWFhOTYtMTIzZi00MGVhLTk1ZDUt
ZDI1YjdjYTNkYjg5LzEvbm1iQXcwUEZfOXV2bU5EVmM0c1VqWGtrRjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC8yOWFhOTYtMTIzZi00MGVhLTk1ZDUtZDI1YjdjYTNkYjg5
LzEvc0lXQVRiRlQ2M0pNV0ZWOGVUV2NSQWdnVlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwzaoMA0G
CSqGSIb3DQEBCwUAA4IBAQAy+jPRgthFkuUEs5TyhD8BmUHT6s47aGrZ+g/MOGNr
eMnSQhTkodHSsVxwLTmc8NKsJJkg6CGzMW/4iEzEA1BYLvfq9zPfy/62hbamYpno
Xwoi4a2UUjlb0s7e13jdQffTJG7hGP0Mpkg8i+49gI7JHq2yjqcrMk4W9qnqLs2U
1jGdKhqnyYKlDNZmqwVsiBwCUjc5rYfFd6c2/M+6w/XM35/jaOm3osdzcDH57vW7
JZnlRBK3f0gtMYJf07WPb3eEzxIVpDXZ/Sho1sS0/XWZbV/fmd0zgwQz/b6aaPJq
CR/wAZqQ7ZMGy4RM12Ogmc6b8Nh4mkcJUCkrmSeakc+Z
-----END CERTIFICATE-----