Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/nQlDv9Nnj3DEn-SorGDbXwit5lI.roa
File:                     nQlDv9Nnj3DEn-SorGDbXwit5lI.roa (raw, json)
Hash identifier:          k9882G6y1TgrhT5UmkQzqcClNSYyiMP1Ezq1A2ObPqc=
Subject key identifier:   9D:09:43:BF:D3:67:8F:70:C4:9F:E4:A8:AC:60:DB:5F:08:AD:E6:52
Certificate issuer:       /CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
Certificate serial:       018CC87106F6189691238D1B9C405F52F1F5
Authority key identifier: 79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/nQlDv9Nnj3DEn-SorGDbXwit5lI.roa
Signing time:             Tue 02 Jan 2024 04:31:39 +0000
ROA not before:           Tue 02 Jan 2024 04:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204755
IP address blocks:        185.241.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:06:f6:18:96:91:23:8d:1b:9c:40:5f:52:f1:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7979863cea82aeb8e9df384b39aa5176f4bcfa61
        Validity
            Not Before: Jan  2 04:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d0943bfd3678f70c49fe4a8ac60db5f08ade652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:33:94:69:a4:8a:01:2b:47:b4:75:f8:c4:d1:
                    1a:5b:09:b2:ce:29:e7:67:18:9c:43:32:48:94:6c:
                    3f:0d:a1:10:fb:ce:8a:7c:1b:53:be:48:34:8d:e7:
                    b0:90:2a:c5:e1:d6:e0:7c:94:4a:e3:08:1b:5a:d5:
                    20:36:fa:1b:f2:7f:43:02:fb:b0:8a:0d:ff:09:94:
                    6a:58:0b:2c:a3:25:80:75:c3:71:21:15:cc:97:14:
                    28:94:44:d7:56:87:59:60:80:f6:e9:9d:56:ee:1f:
                    20:43:f9:92:fe:54:f2:da:20:2f:94:bd:c2:d1:e7:
                    e0:d1:c6:67:c1:f8:cf:7c:cb:70:95:2d:59:32:b1:
                    84:b5:00:83:63:eb:4e:5f:60:5a:4d:c3:df:91:3f:
                    44:c2:4c:56:59:29:7f:41:59:39:cd:24:5e:b1:dd:
                    b4:87:93:52:c8:77:3f:c8:82:ed:10:d4:6e:c0:20:
                    dd:c0:b5:fa:79:42:5e:ad:2e:36:0f:bc:08:e6:fd:
                    77:3f:b0:66:85:b5:49:1c:c8:3c:c5:9b:64:e7:f7:
                    ad:3b:b8:5f:84:e6:82:e8:29:d7:30:90:6b:96:97:
                    08:ed:88:24:d7:a8:95:e3:3a:cb:c0:9c:04:68:48:
                    b9:cb:d3:76:8c:81:d2:fb:cd:22:d8:02:30:32:43:
                    26:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:09:43:BF:D3:67:8F:70:C4:9F:E4:A8:AC:60:DB:5F:08:AD:E6:52
            X509v3 Authority Key Identifier:
                keyid:79:79:86:3C:EA:82:AE:B8:E9:DF:38:4B:39:AA:51:76:F4:BC:FA:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXmGPOqCrrjp3zhLOapRdvS8-mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/nQlDv9Nnj3DEn-SorGDbXwit5lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/1ccf25-20de-4b2e-a0e1-de4acf447fae/1/eXmGPOqCrrjp3zhLOapRdvS8-mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.241.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:91:e3:b4:fd:96:67:6d:01:b4:c7:44:93:ee:29:60:e6:b0:
         3b:29:22:99:28:8a:17:26:e8:cf:ce:ec:d2:fe:78:19:ab:b0:
         76:c9:5c:0d:a5:70:66:48:c4:0c:af:58:bd:e4:b1:f8:d7:d8:
         7c:b4:91:4b:7e:64:f4:4b:5d:13:c5:af:a2:73:7d:f6:d2:f8:
         88:af:7a:c9:bc:14:26:50:21:99:48:9f:01:4a:fd:07:63:96:
         ae:af:90:09:2f:08:5c:3f:da:76:64:43:f1:ac:95:af:d6:82:
         22:84:0f:8f:ed:ff:19:04:fa:35:69:c1:30:8c:26:0b:95:cc:
         05:27:bc:27:79:eb:4f:76:f7:a6:1f:f0:cc:ee:da:e9:5a:68:
         d1:30:23:68:5d:f3:84:1c:64:6a:b7:a5:79:46:b3:2a:99:a0:
         47:f8:ca:83:68:23:1c:c1:f8:d9:9b:80:76:fb:3a:4b:e8:3c:
         8b:68:e3:ab:ae:2e:3b:c1:11:51:8c:3f:29:33:07:d5:d7:b4:
         06:da:50:36:88:4c:fd:59:1b:7f:14:6f:33:79:04:10:46:d8:
         8c:cf:c3:3d:be:44:8f:13:01:31:cc:69:48:8b:9e:5e:0f:da:
         f6:8f:e6:bd:b1:b7:f8:1d:40:ed:b1:3f:1a:a6:92:b9:a8:49:
         ca:59:37:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcQb2GJaRI40bnEBfUvH1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5Nzk4NjNjZWE4MmFlYjhlOWRmMzg0YjM5YWE1MTc2ZjRi
Y2ZhNjEwHhcNMjQwMTAyMDQzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDA5NDNiZmQzNjc4ZjcwYzQ5ZmU0YThhYzYwZGI1ZjA4YWRlNjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzOUaaSKAStHtHX4xNEaWwmyzinn
ZxicQzJIlGw/DaEQ+86KfBtTvkg0jeewkCrF4dbgfJRK4wgbWtUgNvob8n9DAvuw
ig3/CZRqWAssoyWAdcNxIRXMlxQolETXVodZYID26Z1W7h8gQ/mS/lTy2iAvlL3C
0efg0cZnwfjPfMtwlS1ZMrGEtQCDY+tOX2BaTcPfkT9EwkxWWSl/QVk5zSResd20
h5NSyHc/yILtENRuwCDdwLX6eUJerS42D7wI5v13P7BmhbVJHMg8xZtk5/etO7hf
hOaC6CnXMJBrlpcI7Ygk16iV4zrLwJwEaEi5y9N2jIHS+80i2AIwMkMmSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ0JQ7/TZ49wxJ/kqKxg218IreZSMB8GA1UdIwQY
MBaAFHl5hjzqgq646d84SzmqUXb0vPphMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEt
ZGU0YWNmNDQ3ZmFlLzEvblFsRHY5Tm5qM0RFbi1Tb3JHRGJYd2l0NWxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC8xY2NmMjUtMjBkZS00YjJlLWEwZTEtZGU0YWNmNDQ3ZmFl
LzEvZVhtR1BPcUNycmpwM3poTE9hcFJkdlM4LW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufGwMA0G
CSqGSIb3DQEBCwUAA4IBAQBRkeO0/ZZnbQG0x0ST7ilg5rA7KSKZKIoXJujPzuzS
/ngZq7B2yVwNpXBmSMQMr1i95LH419h8tJFLfmT0S10Txa+ic3320viIr3rJvBQm
UCGZSJ8BSv0HY5aur5AJLwhcP9p2ZEPxrJWv1oIihA+P7f8ZBPo1acEwjCYLlcwF
J7wneetPdvemH/DM7trpWmjRMCNoXfOEHGRqt6V5RrMqmaBH+MqDaCMcwfjZm4B2
+zpL6DyLaOOrri47wRFRjD8pMwfV17QG2lA2iEz9WRt/FG8zeQQQRtiMz8M9vkSP
EwExzGlIi55eD9r2j+a9sbf4HUDtsT8appK5qEnKWTdU
-----END CERTIFICATE-----