Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/nXfk5cslJ-ZHIxLa6SXgazsIg2Q.roa
File:                     nXfk5cslJ-ZHIxLa6SXgazsIg2Q.roa (raw, json)
Hash identifier:          3vrWmqzqSw7nIgq+pJnKe+S0Lzre04YAVymMYj6kjgQ=
Subject key identifier:   9D:77:E4:E5:CB:25:27:E6:47:23:12:DA:E9:25:E0:6B:3B:08:83:64
Certificate issuer:       /CN=3bccbc70e18b6c69e53ef52a5e925e5f4f0cdcc1
Certificate serial:       019204241DA111B694E5EBEBCEFECA2D5F0A
Authority key identifier: 3B:CC:BC:70:E1:8B:6C:69:E5:3E:F5:2A:5E:92:5E:5F:4F:0C:DC:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/nXfk5cslJ-ZHIxLa6SXgazsIg2Q.roa
Signing time:             Wed 18 Sep 2024 07:58:48 +0000
ROA not before:           Wed 18 Sep 2024 07:58:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39386
IP address blocks:        159.0.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:04:24:1d:a1:11:b6:94:e5:eb:eb:ce:fe:ca:2d:5f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bccbc70e18b6c69e53ef52a5e925e5f4f0cdcc1
        Validity
            Not Before: Sep 18 07:58:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d77e4e5cb2527e6472312dae925e06b3b088364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7b:ab:d3:4a:bc:83:31:2f:42:c5:27:e4:fd:
                    1b:c6:1d:74:c3:79:61:b0:28:bb:25:9e:69:91:82:
                    f7:54:e1:e0:71:4d:99:78:fc:b7:47:6f:20:a0:f6:
                    e7:b6:22:35:52:68:a0:fb:df:03:94:be:71:14:ff:
                    87:93:a8:2a:9b:82:ae:51:2a:52:25:2a:05:92:1c:
                    5f:1c:ad:43:6a:48:af:2a:18:bd:d6:94:2e:2d:93:
                    5c:b3:28:1b:46:1a:1c:a2:21:5d:f5:1c:9c:4f:86:
                    b2:c7:a6:db:6e:b7:6e:49:86:2b:cd:f2:6a:bd:d9:
                    dc:07:c9:6e:1c:42:91:b2:47:3b:a7:2f:37:cb:6c:
                    48:91:a4:c2:c9:21:6f:9a:83:d4:89:e9:aa:54:b2:
                    8d:9f:dd:75:60:2c:46:9c:ee:86:fd:79:c6:20:f4:
                    f6:22:31:77:3c:c1:4f:f6:cd:96:d7:d8:bc:95:a3:
                    50:00:d0:bd:f0:30:15:5f:58:73:a2:f7:65:47:e4:
                    c3:0c:3c:dc:e0:73:95:32:cd:a1:da:b0:f1:8e:9d:
                    e0:63:8b:24:67:e7:50:01:d8:c3:e9:8c:d1:8e:07:
                    1c:22:a0:c2:93:aa:e4:57:30:8c:9c:9b:ee:c3:ac:
                    d0:a6:39:70:dc:75:dd:2e:96:b4:f7:da:df:4f:cf:
                    94:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:77:E4:E5:CB:25:27:E6:47:23:12:DA:E9:25:E0:6B:3B:08:83:64
            X509v3 Authority Key Identifier:
                keyid:3B:CC:BC:70:E1:8B:6C:69:E5:3E:F5:2A:5E:92:5E:5F:4F:0C:DC:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O8y8cOGLbGnlPvUqXpJeX08M3ME.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/nXfk5cslJ-ZHIxLa6SXgazsIg2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/8a4773-a2bd-40d2-bfc8-bbe60ea222c5/1/O8y8cOGLbGnlPvUqXpJeX08M3ME.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.0.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:af:63:04:8e:1a:54:13:24:fb:19:fa:ec:21:c2:a1:15:99:
         7d:5f:2b:09:51:cc:25:e0:96:fd:2e:3c:13:6a:20:ff:b7:14:
         1f:de:b2:47:62:d4:b2:3d:0d:b6:37:61:64:8e:fd:e7:d0:60:
         02:b2:87:20:86:75:61:7e:42:35:aa:ae:e8:9a:2f:5d:f7:57:
         49:14:71:fb:18:50:63:c9:48:49:ed:68:13:a1:20:7f:8b:55:
         31:a4:40:f7:5c:9d:5d:76:73:f0:83:a4:aa:33:d0:f9:f7:34:
         77:29:40:87:5d:d4:66:f3:ae:a6:a8:b0:a7:16:2c:4c:15:9b:
         b4:b8:96:cd:4b:d6:aa:c0:24:a2:d5:e5:b2:85:5f:e2:db:3b:
         af:fe:19:3d:9d:a4:1b:1f:6b:45:c8:a5:53:00:b2:fa:af:5f:
         aa:c3:91:31:d1:39:a9:fc:3d:65:2e:e8:14:d7:9e:12:13:85:
         81:32:88:4f:c6:bf:16:3b:1a:64:31:21:e4:58:ff:53:e3:ad:
         ca:7a:43:bb:ee:6a:d3:32:ee:e1:ac:26:89:ef:1b:43:90:ca:
         9a:17:99:32:de:7a:62:ac:c9:75:ed:a2:56:9c:ac:62:d5:4e:
         2d:fa:b4:c2:8a:b7:58:1a:41:f6:d3:f2:18:a6:ff:8f:b4:c5:
         4e:79:1b:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIEJB2hEbaU5evrzv7KLV8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2NiYzcwZTE4YjZjNjllNTNlZjUyYTVlOTI1ZTVmNGYw
Y2RjYzEwHhcNMjQwOTE4MDc1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDc3ZTRlNWNiMjUyN2U2NDcyMzEyZGFlOTI1ZTA2YjNiMDg4MzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXur00q8gzEvQsUn5P0bxh10w3lh
sCi7JZ5pkYL3VOHgcU2ZePy3R28goPbntiI1Umig+98DlL5xFP+Hk6gqm4KuUSpS
JSoFkhxfHK1DakivKhi91pQuLZNcsygbRhocoiFd9RycT4ayx6bbbrduSYYrzfJq
vdncB8luHEKRskc7py83y2xIkaTCySFvmoPUiemqVLKNn911YCxGnO6G/XnGIPT2
IjF3PMFP9s2W19i8laNQANC98DAVX1hzovdlR+TDDDzc4HOVMs2h2rDxjp3gY4sk
Z+dQAdjD6YzRjgccIqDCk6rkVzCMnJvuw6zQpjlw3HXdLpa099rfT8+UFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ135OXLJSfmRyMS2ukl4Gs7CINkMB8GA1UdIwQY
MBaAFDvMvHDhi2xp5T71Kl6SXl9PDNzBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzh5OGNPR0xiR25sUHZVcVhwSmVYMDhNM01FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS84YTQ3NzMtYTJiZC00MGQyLWJmYzgt
YmJlNjBlYTIyMmM1LzEvblhmazVjc2xKLVpISXhMYTZTWGdhenNJZzJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS84YTQ3NzMtYTJiZC00MGQyLWJmYzgtYmJlNjBlYTIyMmM1
LzEvTzh5OGNPR0xiR25sUHZVcVhwSmVYMDhNM01FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnwC4MA0G
CSqGSIb3DQEBCwUAA4IBAQCJr2MEjhpUEyT7GfrsIcKhFZl9XysJUcwl4Jb9LjwT
aiD/txQf3rJHYtSyPQ22N2Fkjv3n0GACsocghnVhfkI1qq7omi9d91dJFHH7GFBj
yUhJ7WgToSB/i1UxpED3XJ1ddnPwg6SqM9D59zR3KUCHXdRm866mqLCnFixMFZu0
uJbNS9aqwCSi1eWyhV/i2zuv/hk9naQbH2tFyKVTALL6r1+qw5Ex0Tmp/D1lLugU
154SE4WBMohPxr8WOxpkMSHkWP9T463KekO77mrTMu7hrCaJ7xtDkMqaF5ky3npi
rMl17aJWnKxi1U4t+rTCirdYGkH20/IYpv+PtMVOeRtz
-----END CERTIFICATE-----