Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/DNq1NO3Wnmql62j0oQNjD8eZt48.roa
File:                     DNq1NO3Wnmql62j0oQNjD8eZt48.roa (raw, json)
Hash identifier:          MW7OZEOk1jGR2x7yDL+gxliLl5bsGDpyRB+5G0REdOY=
Subject key identifier:   0C:DA:B5:34:ED:D6:9E:6A:A5:EB:68:F4:A1:03:63:0F:C7:99:B7:8F
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       018CC86FC48829F051FD14D5FAAA22D66420
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/DNq1NO3Wnmql62j0oQNjD8eZt48.roa
Signing time:             Tue 02 Jan 2024 04:30:17 +0000
ROA not before:           Tue 02 Jan 2024 04:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205842
IP address blocks:        91.246.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:c4:88:29:f0:51:fd:14:d5:fa:aa:22:d6:64:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 04:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cdab534edd69e6aa5eb68f4a103630fc799b78f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c2:c8:87:95:60:0a:5e:4a:df:23:e8:0d:25:
                    30:df:c9:35:b2:dc:b2:76:a5:c5:f1:7e:c7:10:29:
                    c3:84:86:5f:06:05:ff:e1:ea:fe:82:c5:69:58:60:
                    5f:1b:c7:0f:c3:c8:d1:4a:06:d8:96:cb:81:f8:cc:
                    f6:de:53:b5:ba:54:65:50:5a:09:35:78:b9:07:b2:
                    61:bb:b1:89:0e:1e:91:49:4b:60:e1:0a:90:b7:1f:
                    c7:7a:6c:2d:fb:40:fe:0f:4b:ab:d6:a0:9b:18:51:
                    f0:08:b3:1f:29:e3:f8:30:d9:e7:72:a1:c9:32:ab:
                    7b:f7:cb:8f:30:b1:d4:46:7e:a1:b2:03:25:a2:28:
                    11:6f:c4:87:d5:14:83:02:11:21:d6:d0:c2:d4:92:
                    da:b2:f1:86:6c:73:40:50:47:83:18:68:4b:37:ad:
                    a1:c1:0f:68:49:4d:e9:3d:fc:3f:08:64:2b:5a:9f:
                    b4:c5:53:68:85:1d:1a:ff:6f:12:cb:bb:c5:a1:52:
                    5b:d6:c6:21:04:8f:d0:92:e6:05:b5:04:3b:ab:0c:
                    45:02:96:e9:40:3e:ea:f1:0e:a3:b5:a6:cb:dd:e2:
                    86:2c:79:68:89:ce:1c:89:e3:f1:0e:b2:6e:4e:fb:
                    88:db:51:bc:34:21:41:df:cc:0c:96:29:4b:a6:20:
                    b3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DA:B5:34:ED:D6:9E:6A:A5:EB:68:F4:A1:03:63:0F:C7:99:B7:8F
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/DNq1NO3Wnmql62j0oQNjD8eZt48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:ca:f6:8f:6c:e3:93:56:db:47:b4:b2:8d:ed:8d:fb:03:93:
         b0:8e:5a:49:1e:c6:60:49:49:76:6f:c9:26:bb:67:e9:a8:71:
         6a:37:73:82:eb:39:be:b4:57:8a:93:56:5f:d5:38:85:fa:1b:
         9b:71:5c:80:54:46:11:76:26:24:76:82:fc:ad:3c:ab:8f:c5:
         3f:9d:49:84:3c:8d:20:7e:0a:2a:fc:fe:0b:68:72:20:a6:ad:
         44:67:a3:65:a4:b6:f7:b2:a1:b9:db:51:b0:bd:aa:c7:c5:97:
         e9:49:54:07:06:ed:73:19:e0:46:2e:73:fe:58:bd:b0:61:0b:
         1a:fc:14:8f:01:38:be:c8:0f:c6:f8:a6:29:94:63:f8:85:a6:
         9a:b1:c5:7a:51:d6:83:28:e0:79:fc:45:43:51:60:41:cb:66:
         6f:da:a3:b1:b4:e5:99:46:80:db:13:41:be:30:09:7e:8c:9d:
         ba:35:b6:f8:da:e8:46:cc:72:14:6f:8e:51:52:a7:6f:0a:91:
         bd:09:bf:50:96:e8:30:0f:39:ac:93:8e:a6:bd:5e:d0:67:a2:
         35:b1:8f:92:9e:61:83:8d:26:14:6c:e2:e2:01:13:bc:5f:0b:
         a4:c1:6d:4e:49:2b:a2:d3:a9:a9:40:e4:47:33:b1:96:7f:4a:
         68:42:3c:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb8SIKfBR/RTV+qoi1mQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RhYjUzNGVkZDY5ZTZhYTVlYjY4ZjRhMTAzNjMwZmM3OTliNzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjcLIh5VgCl5K3yPoDSUw38k1styy
dqXF8X7HECnDhIZfBgX/4er+gsVpWGBfG8cPw8jRSgbYlsuB+Mz23lO1ulRlUFoJ
NXi5B7Jhu7GJDh6RSUtg4QqQtx/Hemwt+0D+D0ur1qCbGFHwCLMfKeP4MNnncqHJ
Mqt798uPMLHURn6hsgMloigRb8SH1RSDAhEh1tDC1JLasvGGbHNAUEeDGGhLN62h
wQ9oSU3pPfw/CGQrWp+0xVNohR0a/28Sy7vFoVJb1sYhBI/QkuYFtQQ7qwxFApbp
QD7q8Q6jtabL3eKGLHloic4ciePxDrJuTvuI21G8NCFB38wMlilLpiCz4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzatTTt1p5qpeto9KEDYw/HmbePMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvRE5xMU5PM1dubXFsNjJqMG9RTmpEOGVadDQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/bZMA0G
CSqGSIb3DQEBCwUAA4IBAQASyvaPbOOTVttHtLKN7Y37A5OwjlpJHsZgSUl2b8km
u2fpqHFqN3OC6zm+tFeKk1Zf1TiF+hubcVyAVEYRdiYkdoL8rTyrj8U/nUmEPI0g
fgoq/P4LaHIgpq1EZ6NlpLb3sqG521GwvarHxZfpSVQHBu1zGeBGLnP+WL2wYQsa
/BSPATi+yA/G+KYplGP4haaascV6UdaDKOB5/EVDUWBBy2Zv2qOxtOWZRoDbE0G+
MAl+jJ26Nbb42uhGzHIUb45RUqdvCpG9Cb9QlugwDzmsk46mvV7QZ6I1sY+SnmGD
jSYUbOLiARO8XwukwW1OSSui06mpQORHM7GWf0poQjxo
-----END CERTIFICATE-----