Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/NANvvd_V7iIUj7mJYMTOqque3Po.roa
File:                     NANvvd_V7iIUj7mJYMTOqque3Po.roa (raw, json)
Hash identifier:          z7IZKlxruCsipOwPt42pcffU0s1l9uB/ojQdv9l2AxM=
Subject key identifier:   34:03:6F:BD:DF:D5:EE:22:14:8F:B9:89:60:C4:CE:AA:AB:9E:DC:FA
Certificate issuer:       /CN=a63c6dbaf2bcf52f27e58c2d89c6c1c55b95df26
Certificate serial:       019424B3E3EAD25862A73D46C0B9ECBEF687
Authority key identifier: A6:3C:6D:BA:F2:BC:F5:2F:27:E5:8C:2D:89:C6:C1:C5:5B:95:DF:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pjxtuvK89S8n5YwticbBxVuV3yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/NANvvd_V7iIUj7mJYMTOqque3Po.roa
Signing time:             Thu 02 Jan 2025 01:49:16 +0000
ROA not before:           Thu 02 Jan 2025 01:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        193.17.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/pjxtuvK89S8n5YwticbBxVuV3yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/pjxtuvK89S8n5YwticbBxVuV3yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pjxtuvK89S8n5YwticbBxVuV3yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e3:ea:d2:58:62:a7:3d:46:c0:b9:ec:be:f6:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a63c6dbaf2bcf52f27e58c2d89c6c1c55b95df26
        Validity
            Not Before: Jan  2 01:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34036fbddfd5ee22148fb98960c4ceaaab9edcfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:36:42:8f:a3:50:93:b0:3f:39:b3:16:60:f2:
                    04:8d:dd:aa:cc:4b:1d:d7:0d:db:bc:d8:ed:46:0c:
                    de:5d:5d:55:2a:63:7c:e6:25:a5:c3:a8:db:05:e5:
                    3f:c1:7b:3b:4b:75:62:0e:8f:5c:98:16:13:30:29:
                    b4:4c:3a:b5:f9:a6:3a:05:11:a7:6f:2e:63:11:48:
                    b4:88:90:02:d7:c4:ea:42:6c:df:ec:1c:c9:16:d5:
                    cf:88:38:89:e1:f0:c2:bb:9e:fc:fe:a8:71:d0:29:
                    ba:ef:e0:b2:de:c3:a1:40:61:5a:2b:e8:9b:0c:bb:
                    c0:23:76:69:57:2f:22:ec:66:df:35:ff:8b:15:20:
                    8d:e8:ca:9e:58:82:95:98:59:36:6f:35:b7:8a:16:
                    37:e3:40:09:e3:37:ef:c2:94:ac:34:5e:6d:ab:b3:
                    91:1e:c5:8f:97:70:d3:0d:e4:59:27:ea:f2:47:45:
                    16:09:b3:45:60:33:ce:99:b0:69:28:cf:68:df:7c:
                    8e:30:a1:17:e3:15:51:71:62:1c:3b:62:8a:78:57:
                    fb:3e:0e:65:af:1c:9a:5e:85:c6:ab:04:79:4e:d4:
                    41:c1:18:20:a0:d7:01:43:8a:8a:ed:ea:68:20:4c:
                    e2:6a:15:38:37:ab:c7:14:ec:02:21:69:3b:8d:04:
                    5c:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:03:6F:BD:DF:D5:EE:22:14:8F:B9:89:60:C4:CE:AA:AB:9E:DC:FA
            X509v3 Authority Key Identifier:
                keyid:A6:3C:6D:BA:F2:BC:F5:2F:27:E5:8C:2D:89:C6:C1:C5:5B:95:DF:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pjxtuvK89S8n5YwticbBxVuV3yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/NANvvd_V7iIUj7mJYMTOqque3Po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/33d71a-9350-4345-b6b8-a83d6c3cf053/1/pjxtuvK89S8n5YwticbBxVuV3yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:1c:5c:33:55:e8:eb:22:7c:84:75:ff:b4:85:b9:aa:ab:04:
         1f:fd:ee:d6:be:33:35:94:d1:c3:c2:01:7f:4a:a7:be:ac:21:
         c5:7b:03:3d:90:c0:ac:23:50:69:b6:88:f3:05:81:ac:ee:e9:
         57:e2:66:b5:e5:61:28:31:43:36:3b:88:f1:9f:30:8d:b7:6f:
         df:5c:10:23:ed:e9:2d:86:01:7a:b0:d3:0c:a2:c0:85:44:e8:
         7e:da:32:4e:ed:a4:3b:43:6b:49:6c:1a:8b:55:06:5d:be:18:
         b3:3a:dd:90:ea:95:14:91:46:51:03:a2:b5:2a:62:c9:ac:4d:
         f8:cb:2d:7f:8c:0b:42:ed:ce:b6:72:e6:97:24:4f:a9:75:35:
         77:4c:e2:ba:a3:97:b4:cf:37:c0:1f:57:14:f6:e1:3e:7b:3b:
         dc:85:99:dd:67:27:8c:d1:4d:67:43:d1:89:59:a9:16:22:21:
         9f:ed:47:6d:bf:ff:4a:16:98:a2:9d:87:07:b1:01:85:da:bc:
         8b:fb:e9:82:19:22:de:6a:2f:d3:fa:03:59:21:73:bb:08:1f:
         9f:53:e5:d3:53:8f:ad:5a:88:7a:d1:45:fe:55:6c:52:11:47:
         e8:b4:b3:dc:4d:fe:58:02:bb:8a:f6:b7:6d:01:29:7b:52:34:
         ce:2a:39:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks+Pq0lhipz1GwLnsvvaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2M2M2ZGJhZjJiY2Y1MmYyN2U1OGMyZDg5YzZjMWM1NWI5
NWRmMjYwHhcNMjUwMTAyMDE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDAzNmZiZGRmZDVlZTIyMTQ4ZmI5ODk2MGM0Y2VhYWFiOWVkY2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDZCj6NQk7A/ObMWYPIEjd2qzEsd
1w3bvNjtRgzeXV1VKmN85iWlw6jbBeU/wXs7S3ViDo9cmBYTMCm0TDq1+aY6BRGn
by5jEUi0iJAC18TqQmzf7BzJFtXPiDiJ4fDCu578/qhx0Cm67+Cy3sOhQGFaK+ib
DLvAI3ZpVy8i7GbfNf+LFSCN6MqeWIKVmFk2bzW3ihY340AJ4zfvwpSsNF5tq7OR
HsWPl3DTDeRZJ+ryR0UWCbNFYDPOmbBpKM9o33yOMKEX4xVRcWIcO2KKeFf7Pg5l
rxyaXoXGqwR5TtRBwRggoNcBQ4qK7epoIEziahU4N6vHFOwCIWk7jQRcIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQDb73f1e4iFI+5iWDEzqqrntz6MB8GA1UdIwQY
MBaAFKY8bbryvPUvJ+WMLYnGwcVbld8mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGp4dHV2Szg5UzhuNVl3dGljYkJ4VnVWM3lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zM2Q3MWEtOTM1MC00MzQ1LWI2Yjgt
YTgzZDZjM2NmMDUzLzEvTkFOdnZkX1Y3aUlVajdtSllNVE9xcXVlM1BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zM2Q3MWEtOTM1MC00MzQ1LWI2YjgtYTgzZDZjM2NmMDUz
LzEvcGp4dHV2Szg5UzhuNVl3dGljYkJ4VnVWM3lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRHRMA0G
CSqGSIb3DQEBCwUAA4IBAQBMHFwzVejrInyEdf+0hbmqqwQf/e7WvjM1lNHDwgF/
Sqe+rCHFewM9kMCsI1BptojzBYGs7ulX4ma15WEoMUM2O4jxnzCNt2/fXBAj7ekt
hgF6sNMMosCFROh+2jJO7aQ7Q2tJbBqLVQZdvhizOt2Q6pUUkUZRA6K1KmLJrE34
yy1/jAtC7c62cuaXJE+pdTV3TOK6o5e0zzfAH1cU9uE+ezvchZndZyeM0U1nQ9GJ
WakWIiGf7Udtv/9KFpiinYcHsQGF2ryL++mCGSLeai/T+gNZIXO7CB+fU+XTU4+t
Woh60UX+VWxSEUfotLPcTf5YAruK9rdtASl7UjTOKjl0
-----END CERTIFICATE-----