Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/npSaXPnPmHOxbnysjgbxNrVnCpw.roa
File:                     npSaXPnPmHOxbnysjgbxNrVnCpw.roa (raw, json)
Hash identifier:          TnxMMNwGqOilQHE6HEKmdap1wEGUHEkrFDwHkTmAUdE=
Subject key identifier:   9E:94:9A:5C:F9:CF:98:73:B1:6E:7C:AC:8E:06:F1:36:B5:67:0A:9C
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       018DEB0A2A07BBE2D0CE8E4B26690708F4A5
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/npSaXPnPmHOxbnysjgbxNrVnCpw.roa
Signing time:             Tue 27 Feb 2024 14:48:48 +0000
ROA not before:           Tue 27 Feb 2024 14:48:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215535
IP address blocks:        185.41.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 02:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:0a:2a:07:bb:e2:d0:ce:8e:4b:26:69:07:08:f4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Feb 27 14:48:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e949a5cf9cf9873b16e7cac8e06f136b5670a9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:25:65:a2:c6:9d:ed:61:f1:24:bb:04:41:0a:
                    99:ee:57:1a:3a:be:e6:2b:5d:3b:cc:18:71:e6:10:
                    75:b5:fb:41:c1:33:15:ef:ce:7f:4a:ba:89:cd:ef:
                    2d:6f:0e:43:38:23:29:b1:65:3a:c9:ef:de:82:ec:
                    3e:32:7d:95:0f:7e:82:21:d9:84:5a:bd:d1:93:ae:
                    10:cf:ab:25:9d:ec:81:64:50:42:1f:ca:2b:0f:7d:
                    f0:8f:8e:b3:38:1f:5a:7a:ce:9b:0e:c2:13:d9:c4:
                    ce:b9:e3:b4:ab:a4:bc:7c:e6:d7:06:58:cd:0b:ad:
                    33:36:18:9b:fb:55:8e:fb:fc:46:9c:73:ab:17:a2:
                    87:ad:b6:17:b4:fa:a3:bb:58:a2:92:cd:5e:64:f2:
                    a7:19:db:b7:17:0a:d8:5b:63:8e:90:d6:c6:48:52:
                    e2:21:4b:e3:a3:de:4b:7d:04:79:cc:54:2f:03:d9:
                    14:60:ac:e5:06:2c:a7:7c:9e:f4:db:78:46:8f:5a:
                    7f:43:7f:e8:55:b7:f9:0a:9a:bf:b2:6b:91:0b:a0:
                    e8:ad:db:b3:90:85:df:33:4a:60:43:66:3d:94:66:
                    ed:5d:a7:2f:9c:07:64:cf:d4:81:b7:b4:78:c9:26:
                    97:c5:16:2e:39:f3:2a:0e:e4:0f:31:f1:82:48:a4:
                    29:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:94:9A:5C:F9:CF:98:73:B1:6E:7C:AC:8E:06:F1:36:B5:67:0A:9C
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/npSaXPnPmHOxbnysjgbxNrVnCpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.41.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:e7:3c:c5:07:cd:57:ab:33:81:84:30:f7:b8:ee:ac:a1:4d:
         b4:a8:8c:2f:05:e5:1b:38:a4:4c:bc:6f:8c:5b:f2:5f:45:ea:
         a2:fe:fa:68:63:bd:34:1c:2d:20:20:bc:25:22:1c:22:07:27:
         ed:8e:89:ea:c4:3b:30:4f:08:b9:a4:f4:f7:69:b3:7e:c3:6f:
         47:6c:93:ea:19:58:95:85:98:2d:df:a0:1d:bd:02:6c:8c:57:
         ef:b1:e4:16:6c:a7:90:f2:e3:45:f5:23:65:17:ae:26:f9:9c:
         18:f1:40:3c:7d:cd:ea:97:28:03:69:c9:66:a4:ae:44:b4:80:
         84:15:d9:6b:b6:24:60:f3:41:31:28:06:cd:8d:bc:8e:25:f5:
         b1:0a:38:90:5b:8f:7d:0c:aa:f0:3a:e9:30:d9:50:55:9c:f3:
         a9:c6:80:43:dd:37:86:ff:74:ec:a2:ec:14:e8:dd:a6:68:00:
         1f:f9:83:85:7b:0c:8f:1b:4a:2e:56:da:ef:58:1c:48:05:77:
         c2:2b:7e:91:38:07:03:e7:b3:05:01:99:6c:ac:79:3b:a1:8a:
         a8:76:32:79:bc:61:6a:a6:2a:70:88:5f:6a:90:34:6f:99:9d:
         71:96:60:c6:eb:12:91:ca:f8:63:d1:0e:df:c3:4c:1a:6b:6e:
         19:b1:7c:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3rCioHu+LQzo5LJmkHCPSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwMjI3MTQ0ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTk0OWE1Y2Y5Y2Y5ODczYjE2ZTdjYWM4ZTA2ZjEzNmI1NjcwYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyVlosad7WHxJLsEQQqZ7lcaOr7m
K107zBhx5hB1tftBwTMV785/SrqJze8tbw5DOCMpsWU6ye/eguw+Mn2VD36CIdmE
Wr3Rk64Qz6slneyBZFBCH8orD33wj46zOB9aes6bDsIT2cTOueO0q6S8fObXBljN
C60zNhib+1WO+/xGnHOrF6KHrbYXtPqju1iiks1eZPKnGdu3FwrYW2OOkNbGSFLi
IUvjo95LfQR5zFQvA9kUYKzlBiynfJ7023hGj1p/Q3/oVbf5Cpq/smuRC6Dorduz
kIXfM0pgQ2Y9lGbtXacvnAdkz9SBt7R4ySaXxRYuOfMqDuQPMfGCSKQpHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6Umlz5z5hzsW58rI4G8Ta1ZwqcMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvbnBTYVhQblBtSE94Ym55c2pnYnhOclZuQ3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSkDMA0G
CSqGSIb3DQEBCwUAA4IBAQCM5zzFB81XqzOBhDD3uO6soU20qIwvBeUbOKRMvG+M
W/JfReqi/vpoY700HC0gILwlIhwiByftjonqxDswTwi5pPT3abN+w29HbJPqGViV
hZgt36AdvQJsjFfvseQWbKeQ8uNF9SNlF64m+ZwY8UA8fc3qlygDaclmpK5EtICE
FdlrtiRg80ExKAbNjbyOJfWxCjiQW499DKrwOukw2VBVnPOpxoBD3TeG/3TsouwU
6N2maAAf+YOFewyPG0ouVtrvWBxIBXfCK36ROAcD57MFAZlsrHk7oYqodjJ5vGFq
pipwiF9qkDRvmZ1xlmDG6xKRyvhj0Q7fw0waa24ZsXyL
-----END CERTIFICATE-----