Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/NWUftztBrG96_y2EzypECwRaWiE.roa
File:                     NWUftztBrG96_y2EzypECwRaWiE.roa (raw, json)
Hash identifier:          iB3abFntFNLTwV5YoQUMjYIpTV58Rd0ggjc38BexLcc=
Subject key identifier:   35:65:1F:B7:3B:41:AC:6F:7A:FF:2D:84:CF:2A:44:0B:04:5A:5A:21
Certificate issuer:       /CN=9546465ca5b86c25a02e52ecbf04c4cfbc07654d
Certificate serial:       019424B3653BB2298CC53E8898C4D7E1803D
Authority key identifier: 95:46:46:5C:A5:B8:6C:25:A0:2E:52:EC:BF:04:C4:CF:BC:07:65:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/NWUftztBrG96_y2EzypECwRaWiE.roa
Signing time:             Thu 02 Jan 2025 01:48:44 +0000
ROA not before:           Thu 02 Jan 2025 01:48:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60893
IP address blocks:        109.94.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:65:3b:b2:29:8c:c5:3e:88:98:c4:d7:e1:80:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9546465ca5b86c25a02e52ecbf04c4cfbc07654d
        Validity
            Not Before: Jan  2 01:48:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35651fb73b41ac6f7aff2d84cf2a440b045a5a21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:1a:fd:4c:ec:11:10:e4:f8:d7:aa:76:63:e1:
                    b9:ee:64:5c:ca:d6:fd:06:5f:b7:e1:ac:7c:a5:a7:
                    17:a2:9e:f1:2e:90:bd:2f:92:b4:4d:e2:a6:63:2a:
                    81:71:a2:25:53:4d:4d:55:2a:87:62:e6:37:ad:ce:
                    55:44:ef:cd:1d:c0:ec:39:98:9b:86:c1:21:16:c5:
                    8d:08:98:51:a8:a2:50:67:f2:9d:b9:72:14:47:21:
                    21:59:9a:cf:c1:08:08:f3:5e:3f:cd:29:c7:2f:8b:
                    f6:19:df:1f:08:7d:5d:30:f7:ef:8d:e5:9c:16:27:
                    d2:df:5e:d6:29:93:b3:25:fd:84:9d:be:b0:67:58:
                    df:ce:b0:ff:99:3f:a2:ae:92:2f:fe:77:56:1b:d6:
                    44:ff:3d:5d:04:41:7d:08:b2:6b:af:53:ae:33:d8:
                    f2:a8:cf:1f:c2:1d:6a:26:b6:75:1e:d9:9a:35:12:
                    da:46:c5:1c:c7:96:40:15:dc:34:ff:45:40:00:b8:
                    25:a8:59:f7:32:b2:69:05:7d:cc:65:37:cb:58:55:
                    7c:e5:71:5b:04:7f:a0:51:98:43:5a:92:4e:60:57:
                    15:33:30:37:91:42:e6:3a:04:29:0b:c0:6c:88:78:
                    0f:52:f2:6a:d7:9e:f4:5e:7a:50:7f:ba:be:57:29:
                    54:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:65:1F:B7:3B:41:AC:6F:7A:FF:2D:84:CF:2A:44:0B:04:5A:5A:21
            X509v3 Authority Key Identifier:
                keyid:95:46:46:5C:A5:B8:6C:25:A0:2E:52:EC:BF:04:C4:CF:BC:07:65:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUZGXKW4bCWgLlLsvwTEz7wHZU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/NWUftztBrG96_y2EzypECwRaWiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c48b4c-0221-4646-bb72-05cf9db430b3/1/lUZGXKW4bCWgLlLsvwTEz7wHZU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.94.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:2f:3d:8b:85:ee:fa:f4:08:cb:55:8d:b7:2c:96:1f:a0:b2:
         3d:02:f5:b0:c4:0a:b5:ee:eb:e6:fb:64:27:76:46:2c:38:3d:
         80:b3:62:12:1a:59:71:2f:1b:2f:eb:83:6b:fa:df:e1:dc:1d:
         27:f3:e6:a0:08:21:e9:1a:d7:fe:a3:f2:1e:02:de:b0:46:21:
         e2:a9:bc:4b:83:a1:b9:f4:ee:c0:01:62:77:a8:af:75:66:3c:
         ee:99:49:82:45:ab:3a:55:42:ee:6f:44:a4:ad:22:73:1d:00:
         cf:2c:8c:94:ca:ef:45:ff:29:e8:fe:6e:4c:06:e7:5d:d9:ce:
         63:46:b0:7d:32:6d:ca:f4:2a:8f:6f:bb:84:9d:0d:23:8a:59:
         23:de:06:f1:f3:b5:a5:70:8e:6a:b4:27:f6:54:e8:76:5e:de:
         80:81:35:44:55:4b:d4:94:22:51:ea:38:55:f1:a2:44:85:2b:
         4a:ff:ff:d9:57:1c:39:69:31:5e:92:66:d0:fb:d8:43:52:b5:
         33:1c:0f:c6:d9:3d:b7:f0:4d:19:95:62:b0:43:b7:e9:c0:bc:
         5f:e0:ee:c8:39:7b:15:5f:cd:51:b2:60:af:74:5c:88:13:0c:
         e4:2a:28:a3:c4:d5:6f:2e:68:b7:67:57:6b:37:6b:46:9f:8c:
         e9:49:c6:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks2U7simMxT6ImMTX4YA9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NDY0NjVjYTViODZjMjVhMDJlNTJlY2JmMDRjNGNmYmMw
NzY1NGQwHhcNMjUwMTAyMDE0ODQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTY1MWZiNzNiNDFhYzZmN2FmZjJkODRjZjJhNDQwYjA0NWE1YTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hr9TOwREOT416p2Y+G57mRcytb9
Bl+34ax8pacXop7xLpC9L5K0TeKmYyqBcaIlU01NVSqHYuY3rc5VRO/NHcDsOZib
hsEhFsWNCJhRqKJQZ/KduXIURyEhWZrPwQgI814/zSnHL4v2Gd8fCH1dMPfvjeWc
FifS317WKZOzJf2Enb6wZ1jfzrD/mT+irpIv/ndWG9ZE/z1dBEF9CLJrr1OuM9jy
qM8fwh1qJrZ1HtmaNRLaRsUcx5ZAFdw0/0VAALglqFn3MrJpBX3MZTfLWFV85XFb
BH+gUZhDWpJOYFcVMzA3kULmOgQpC8BsiHgPUvJq1570XnpQf7q+VylUxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVlH7c7Qaxvev8thM8qRAsEWlohMB8GA1UdIwQY
MBaAFJVGRlyluGwloC5S7L8ExM+8B2VNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVaR1hLVzRiQ1dnTGxMc3Z3VEV6N3dIWlUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9jNDhiNGMtMDIyMS00NjQ2LWJiNzIt
MDVjZjlkYjQzMGIzLzEvTldVZnR6dEJyRzk2X3kyRXp5cEVDd1JhV2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9jNDhiNGMtMDIyMS00NjQ2LWJiNzItMDVjZjlkYjQzMGIz
LzEvbFVaR1hLVzRiQ1dnTGxMc3Z3VEV6N3dIWlUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbV6gMA0G
CSqGSIb3DQEBCwUAA4IBAQCkLz2Lhe769AjLVY23LJYfoLI9AvWwxAq17uvm+2Qn
dkYsOD2As2ISGllxLxsv64Nr+t/h3B0n8+agCCHpGtf+o/IeAt6wRiHiqbxLg6G5
9O7AAWJ3qK91ZjzumUmCRas6VULub0SkrSJzHQDPLIyUyu9F/yno/m5MBudd2c5j
RrB9Mm3K9CqPb7uEnQ0jilkj3gbx87WlcI5qtCf2VOh2Xt6AgTVEVUvUlCJR6jhV
8aJEhStK///ZVxw5aTFekmbQ+9hDUrUzHA/G2T238E0ZlWKwQ7fpwLxf4O7IOXsV
X81RsmCvdFyIEwzkKiijxNVvLmi3Z1drN2tGn4zpScY7
-----END CERTIFICATE-----