Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/npo5SnhoWNZGfr73lN75Jbe3A1E.roa
File:                     npo5SnhoWNZGfr73lN75Jbe3A1E.roa (raw, json)
Hash identifier:          cxJr9P+O31culDyC+gM0qlOyUWoBGRe84IOfXn6Xb0Y=
Subject key identifier:   9E:9A:39:4A:78:68:58:D6:46:7E:BE:F7:94:DE:F9:25:B7:B7:03:51
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       018CC8DE2A04F1FB30385CE6CE070B4A7D2F
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/npo5SnhoWNZGfr73lN75Jbe3A1E.roa
Signing time:             Tue 02 Jan 2024 06:30:51 +0000
ROA not before:           Tue 02 Jan 2024 06:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48024
IP address blocks:        192.169.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:2a:04:f1:fb:30:38:5c:e6:ce:07:0b:4a:7d:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: Jan  2 06:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e9a394a786858d6467ebef794def925b7b70351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4e:8c:bd:d0:e6:dd:4d:06:be:a2:36:2f:f5:
                    e2:ae:b5:73:21:03:fc:df:37:3b:89:2d:ef:b3:7d:
                    b4:7d:36:a0:4e:24:a5:8d:81:6b:8a:95:d2:53:68:
                    67:36:25:b4:3a:82:e7:0d:24:c6:e4:47:50:24:00:
                    bb:77:91:29:97:14:b4:0b:11:98:89:fc:f9:40:2d:
                    2f:6e:08:c1:ec:c6:9a:35:93:66:f1:ac:61:ee:fa:
                    31:fd:74:d5:e6:54:4f:d7:f7:6e:b7:6e:ad:19:57:
                    fd:b8:3d:e9:43:30:37:94:20:8c:e7:21:38:3e:7a:
                    a9:86:89:c4:48:5f:bd:9d:28:07:84:0d:02:28:7c:
                    22:17:6a:9f:24:95:a2:11:e1:54:88:c5:6e:42:53:
                    82:e3:c3:ba:65:49:5c:32:69:af:22:7b:7f:3a:23:
                    9e:76:93:07:83:c7:2e:e6:70:d9:49:f2:01:0e:84:
                    2e:7b:ad:87:a7:b2:46:bb:c5:a2:1f:55:55:2f:39:
                    49:23:6d:a1:67:e5:85:bc:86:df:1c:20:14:e8:44:
                    af:e0:2e:8a:bd:ee:f8:40:12:61:8c:75:51:ad:a9:
                    66:6b:1e:c2:56:10:e1:f8:f3:a3:b4:d6:12:20:30:
                    57:df:9c:24:b3:11:e3:4d:85:f0:22:e0:01:33:1e:
                    54:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:9A:39:4A:78:68:58:D6:46:7E:BE:F7:94:DE:F9:25:B7:B7:03:51
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/npo5SnhoWNZGfr73lN75Jbe3A1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.169.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:d7:13:0d:4c:8e:10:17:39:a2:a6:d2:82:1f:34:fd:54:86:
         b1:ab:d7:3e:39:ba:e0:11:26:e8:32:6b:09:cf:1d:66:c5:6c:
         92:64:9b:c2:7d:77:3b:3c:aa:fc:78:0b:a7:6e:74:77:24:c5:
         ce:77:0e:15:27:36:10:20:eb:07:e2:b2:e9:15:07:c5:d3:2e:
         c3:65:93:16:fd:f2:02:ca:4f:43:39:f1:91:49:12:b6:60:7d:
         ad:97:49:af:f6:82:e4:35:22:fd:d5:98:87:37:19:52:c1:e4:
         56:78:11:38:2c:fc:8e:c8:ac:fe:ee:0e:a3:fe:5e:43:96:64:
         ba:67:c3:cb:7f:63:04:ad:e9:2f:d3:d3:5d:e2:6b:82:af:96:
         18:9c:2a:d3:50:9f:90:5e:50:32:d0:44:9a:df:71:5c:22:dc:
         8c:c5:37:b4:31:ad:fd:98:f9:3d:a8:3b:78:7a:b3:bc:b6:b9:
         f7:8d:c0:94:e6:48:b2:d4:c8:9b:97:e6:cb:52:7a:41:91:f9:
         f1:e3:e2:b1:1f:fa:e8:ca:c4:35:ed:26:bd:d9:4d:70:08:f9:
         4f:7b:de:cb:24:63:19:81:2f:f2:0d:03:6a:21:b1:00:4d:1d:
         22:75:39:05:be:dc:11:3c:53:3a:53:51:68:93:0b:31:5b:05:
         1d:b5:c4:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ioE8fswOFzmzgcLSn0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjQwMTAyMDYzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTlhMzk0YTc4Njg1OGQ2NDY3ZWJlZjc5NGRlZjkyNWI3YjcwMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgk6MvdDm3U0GvqI2L/XirrVzIQP8
3zc7iS3vs320fTagTiSljYFripXSU2hnNiW0OoLnDSTG5EdQJAC7d5EplxS0CxGY
ifz5QC0vbgjB7MaaNZNm8axh7vox/XTV5lRP1/dut26tGVf9uD3pQzA3lCCM5yE4
PnqphonESF+9nSgHhA0CKHwiF2qfJJWiEeFUiMVuQlOC48O6ZUlcMmmvInt/OiOe
dpMHg8cu5nDZSfIBDoQue62Hp7JGu8WiH1VVLzlJI22hZ+WFvIbfHCAU6ESv4C6K
ve74QBJhjHVRralmax7CVhDh+POjtNYSIDBX35wksxHjTYXwIuABMx5UBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6aOUp4aFjWRn6+95Te+SW3twNRMB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvbnBvNVNuaG9XTlpHZnI3M2xONzVKYmUzQTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKlgMA0G
CSqGSIb3DQEBCwUAA4IBAQAF1xMNTI4QFzmiptKCHzT9VIaxq9c+ObrgESboMmsJ
zx1mxWySZJvCfXc7PKr8eAunbnR3JMXOdw4VJzYQIOsH4rLpFQfF0y7DZZMW/fIC
yk9DOfGRSRK2YH2tl0mv9oLkNSL91ZiHNxlSweRWeBE4LPyOyKz+7g6j/l5DlmS6
Z8PLf2MErekv09Nd4muCr5YYnCrTUJ+QXlAy0ESa33FcItyMxTe0Ma39mPk9qDt4
erO8trn3jcCU5kiy1Mibl+bLUnpBkfnx4+KxH/roysQ17Sa92U1wCPlPe97LJGMZ
gS/yDQNqIbEATR0idTkFvtwRPFM6U1FokwsxWwUdtcRl
-----END CERTIFICATE-----