Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/NXLXZR8fD2xu-zy-BujbmHYaeNY.roa
File:                     NXLXZR8fD2xu-zy-BujbmHYaeNY.roa (raw, json)
Hash identifier:          slvTK+DWUPox0p82rJbE83xwLUJDwipsNceqpVp1RZ4=
Subject key identifier:   35:72:D7:65:1F:1F:0F:6C:6E:FB:3C:BE:06:E8:DB:98:76:1A:78:D6
Certificate issuer:       /CN=31836010eedef15f76adeba9f729a828bf2be8cb
Certificate serial:       018CC2DB30F3EC056F47937AF8097A7AF6ED
Authority key identifier: 31:83:60:10:EE:DE:F1:5F:76:AD:EB:A9:F7:29:A8:28:BF:2B:E8:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYNgEO7e8V92reup9ymoKL8r6Ms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/NXLXZR8fD2xu-zy-BujbmHYaeNY.roa
Signing time:             Mon 01 Jan 2024 02:29:53 +0000
ROA not before:           Mon 01 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8820
IP address blocks:        91.239.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/MYNgEO7e8V92reup9ymoKL8r6Ms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/MYNgEO7e8V92reup9ymoKL8r6Ms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYNgEO7e8V92reup9ymoKL8r6Ms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:30:f3:ec:05:6f:47:93:7a:f8:09:7a:7a:f6:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31836010eedef15f76adeba9f729a828bf2be8cb
        Validity
            Not Before: Jan  1 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3572d7651f1f0f6c6efb3cbe06e8db98761a78d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:72:aa:bc:12:c5:fa:56:5b:2a:c4:74:21:2b:
                    b2:83:04:b7:35:98:35:f2:d1:93:37:6d:80:77:64:
                    8c:47:c6:20:e6:1c:93:a1:4f:87:08:fd:30:d7:30:
                    b4:a9:d9:51:f6:a2:3d:52:0b:45:17:09:18:06:be:
                    34:d4:77:d5:70:00:3b:6d:b5:aa:77:e2:5e:05:db:
                    f9:69:c6:92:a0:70:26:fd:12:45:87:3e:80:51:d8:
                    a1:cd:c7:35:91:40:17:9e:59:21:6c:d5:85:a3:48:
                    f0:2a:b7:37:65:95:51:3e:ba:8c:14:e7:90:5a:17:
                    7d:ed:cd:55:a0:0a:b5:b5:c4:d2:41:f1:57:73:5a:
                    d8:9b:95:50:79:4b:95:26:33:63:6b:b6:27:55:31:
                    09:87:c2:0f:53:52:b9:0c:2b:a5:ec:21:55:0e:66:
                    d4:f0:ea:c3:b9:91:21:80:74:f5:f5:93:d8:2c:7d:
                    9b:a6:db:e6:6a:bb:d3:10:0a:2a:a2:e5:e9:10:bf:
                    62:a3:b5:1a:94:6a:5d:1a:ab:8f:0e:c2:0e:35:f8:
                    1f:4c:8d:69:94:62:55:f3:ee:a4:4a:28:0d:25:53:
                    d7:5b:64:34:0f:57:06:fb:16:d9:eb:4e:9f:08:22:
                    de:8b:a8:a9:a1:c5:e2:f2:5d:73:64:67:d6:eb:54:
                    c7:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:72:D7:65:1F:1F:0F:6C:6E:FB:3C:BE:06:E8:DB:98:76:1A:78:D6
            X509v3 Authority Key Identifier:
                keyid:31:83:60:10:EE:DE:F1:5F:76:AD:EB:A9:F7:29:A8:28:BF:2B:E8:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYNgEO7e8V92reup9ymoKL8r6Ms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/NXLXZR8fD2xu-zy-BujbmHYaeNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/1912e8-0d6b-4ed6-8ae4-7d482aa48c68/1/MYNgEO7e8V92reup9ymoKL8r6Ms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:3f:30:3a:49:30:67:b0:3a:a1:ab:cb:1e:56:82:8b:dd:26:
         c1:7b:65:de:f7:0d:0c:a4:14:5f:3f:33:fb:d0:ae:8d:75:65:
         6e:cf:9b:a2:1d:57:dc:44:89:a2:7c:07:8a:09:7c:19:c4:6d:
         aa:33:da:af:cb:e7:a1:f8:26:74:4b:2a:38:c3:24:f7:1f:d2:
         d1:e6:ca:72:e2:d7:18:8f:58:86:90:b7:09:45:00:20:9a:70:
         b0:f9:a0:2c:08:66:d4:ca:b7:6f:ec:e1:c5:eb:bf:a4:ab:3e:
         65:15:3f:f5:59:04:6b:54:08:3b:ca:55:d9:a2:7d:02:48:85:
         81:0d:35:10:d2:b2:84:5d:c1:29:ee:26:2c:8c:15:e7:ec:d6:
         08:f2:f5:bc:dd:e8:9d:3e:f1:dd:30:42:ce:5f:62:22:65:d2:
         05:b9:cb:71:2f:64:e7:cb:4c:96:3b:07:f1:f8:e9:56:cb:2f:
         5a:3f:b4:51:c5:38:61:a3:c9:46:59:91:da:c8:ab:01:56:c5:
         1a:0a:b8:a0:26:3d:69:6d:80:d6:3b:37:f7:2c:01:8d:f3:48:
         a5:65:90:55:90:b4:b1:0e:08:9b:3b:2b:f5:85:84:e3:f4:f7:
         5b:d9:30:99:0f:10:70:1f:3a:36:19:e6:f2:df:b0:66:cf:9d:
         8d:89:b7:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zDz7AVvR5N6+Al6evbtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM2MDEwZWVkZWYxNWY3NmFkZWJhOWY3MjlhODI4YmYy
YmU4Y2IwHhcNMjQwMTAxMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTcyZDc2NTFmMWYwZjZjNmVmYjNjYmUwNmU4ZGI5ODc2MWE3OGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnKqvBLF+lZbKsR0ISuygwS3NZg1
8tGTN22Ad2SMR8Yg5hyToU+HCP0w1zC0qdlR9qI9UgtFFwkYBr401HfVcAA7bbWq
d+JeBdv5acaSoHAm/RJFhz6AUdihzcc1kUAXnlkhbNWFo0jwKrc3ZZVRPrqMFOeQ
Whd97c1VoAq1tcTSQfFXc1rYm5VQeUuVJjNja7YnVTEJh8IPU1K5DCul7CFVDmbU
8OrDuZEhgHT19ZPYLH2bptvmarvTEAoqouXpEL9io7UalGpdGquPDsIONfgfTI1p
lGJV8+6kSigNJVPXW2Q0D1cG+xbZ606fCCLei6ipocXi8l1zZGfW61THaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVy12UfHw9sbvs8vgbo25h2GnjWMB8GA1UdIwQY
MBaAFDGDYBDu3vFfdq3rqfcpqCi/K+jLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlOZ0VPN2U4VjkycmV1cDl5bW9LTDhyNk1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8xOTEyZTgtMGQ2Yi00ZWQ2LThhZTQt
N2Q0ODJhYTQ4YzY4LzEvTlhMWFpSOGZEMnh1LXp5LUJ1amJtSFlhZU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8xOTEyZTgtMGQ2Yi00ZWQ2LThhZTQtN2Q0ODJhYTQ4YzY4
LzEvTVlOZ0VPN2U4VjkycmV1cDl5bW9LTDhyNk1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/TMA0G
CSqGSIb3DQEBCwUAA4IBAQBAPzA6STBnsDqhq8seVoKL3SbBe2Xe9w0MpBRfPzP7
0K6NdWVuz5uiHVfcRImifAeKCXwZxG2qM9qvy+eh+CZ0Syo4wyT3H9LR5spy4tcY
j1iGkLcJRQAgmnCw+aAsCGbUyrdv7OHF67+kqz5lFT/1WQRrVAg7ylXZon0CSIWB
DTUQ0rKEXcEp7iYsjBXn7NYI8vW83eidPvHdMELOX2IiZdIFuctxL2Tny0yWOwfx
+OlWyy9aP7RRxThho8lGWZHayKsBVsUaCrigJj1pbYDWOzf3LAGN80ilZZBVkLSx
DgibOyv1hYTj9Pdb2TCZDxBwHzo2Geby37Bmz52Nibed
-----END CERTIFICATE-----