Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/942efa-18a5-4649-9929-7be713679608/1/NIDC57TkhTsn4YKfhewZz6yjzY8.roa
File:                     NIDC57TkhTsn4YKfhewZz6yjzY8.roa (raw, json)
Hash identifier:          imWJT5DOaxVAo6JimlEEpcrZ/Jko3WUS46DXjRe/CF8=
Subject key identifier:   34:80:C2:E7:B4:E4:85:3B:27:E1:82:9F:85:EC:19:CF:AC:A3:CD:8F
Certificate issuer:       /CN=fae27b8c1de6b161c798ab7b85153d6ba379efbe
Certificate serial:       018E581F875C0C967A115F3E93BF58126FB1
Authority key identifier: FA:E2:7B:8C:1D:E6:B1:61:C7:98:AB:7B:85:15:3D:6B:A3:79:EF:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-uJ7jB3msWHHmKt7hRU9a6N5774.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/942efa-18a5-4649-9929-7be713679608/1/NIDC57TkhTsn4YKfhewZz6yjzY8.roa
Signing time:             Tue 19 Mar 2024 19:10:44 +0000
ROA not before:           Tue 19 Mar 2024 19:10:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51114
IP address blocks:        193.111.34.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/942efa-18a5-4649-9929-7be713679608/1/1-uJ7jB3msWHHmKt7hRU9a6N5774.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/942efa-18a5-4649-9929-7be713679608/1/1-uJ7jB3msWHHmKt7hRU9a6N5774.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-uJ7jB3msWHHmKt7hRU9a6N5774.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:58:1f:87:5c:0c:96:7a:11:5f:3e:93:bf:58:12:6f:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fae27b8c1de6b161c798ab7b85153d6ba379efbe
        Validity
            Not Before: Mar 19 19:10:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3480c2e7b4e4853b27e1829f85ec19cfaca3cd8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:23:d3:b0:f2:66:01:7d:0a:35:ab:71:07:d3:
                    29:8e:bb:e1:d0:09:d6:a8:71:56:38:f0:48:49:a6:
                    d3:ba:9e:1c:db:97:5b:36:53:7c:16:2c:c9:96:ee:
                    d7:d6:13:b2:77:dd:96:91:49:1b:dc:1a:01:37:5d:
                    d0:e6:51:19:24:a4:a4:7a:35:4c:51:89:2d:e6:da:
                    17:ab:46:cf:33:bc:f1:12:c1:66:b3:7c:be:47:8a:
                    c6:32:43:b7:d3:db:4c:da:d0:2a:9c:ac:97:db:2c:
                    36:76:db:3a:e3:7d:a0:e9:92:79:2c:a3:33:2a:cd:
                    da:e8:64:1d:3e:67:f2:ab:91:57:75:31:65:be:66:
                    2d:dd:c4:89:98:bb:bf:62:c4:a5:91:9c:b5:50:3a:
                    6e:8f:0e:c8:2f:3e:01:de:43:06:33:08:b3:c9:4c:
                    b5:4d:59:82:2f:4f:68:e3:9b:7b:e5:fc:c4:75:f3:
                    2b:1a:35:d7:85:a3:68:ee:91:5e:58:69:8c:88:57:
                    fc:8c:68:df:bc:bc:10:4d:a5:cd:9e:20:fe:53:96:
                    fd:2e:49:90:a3:62:0e:aa:f4:0f:14:f0:13:8e:bd:
                    0f:21:5a:29:2f:50:29:ac:a1:6e:a6:f2:10:7a:f7:
                    38:dc:11:90:6e:c1:05:6a:cd:4f:cf:ab:c7:5b:98:
                    47:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:80:C2:E7:B4:E4:85:3B:27:E1:82:9F:85:EC:19:CF:AC:A3:CD:8F
            X509v3 Authority Key Identifier:
                keyid:FA:E2:7B:8C:1D:E6:B1:61:C7:98:AB:7B:85:15:3D:6B:A3:79:EF:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-uJ7jB3msWHHmKt7hRU9a6N5774.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/942efa-18a5-4649-9929-7be713679608/1/NIDC57TkhTsn4YKfhewZz6yjzY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/942efa-18a5-4649-9929-7be713679608/1/1-uJ7jB3msWHHmKt7hRU9a6N5774.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:15:5a:87:0b:d8:9f:91:11:26:02:41:ae:7f:31:ea:3d:f7:
         fa:7a:f3:0c:6c:11:5c:f8:cf:01:11:04:4a:7d:5a:77:fb:9f:
         a1:56:6d:c0:ff:6a:a9:f7:69:83:f0:0b:db:54:26:63:c1:71:
         f0:af:f0:17:b6:73:d6:a6:6e:48:3c:c3:ad:76:50:9c:6f:53:
         6c:7c:f9:c3:9b:6f:a9:a7:bd:7c:c6:2e:98:ff:26:53:e2:1c:
         b0:76:21:6e:91:d9:50:77:86:11:4c:03:83:a3:f2:b6:71:22:
         83:cb:71:6b:2f:f2:bb:4c:2c:45:c9:f0:b2:cc:15:af:83:4e:
         a6:4a:9f:5f:34:2a:f0:70:f7:8b:1f:48:42:e5:a3:30:10:b0:
         07:4a:6f:59:53:29:43:ab:f2:7a:c8:89:d6:11:57:da:36:26:
         fa:8b:0c:91:ff:05:a1:9f:4a:fb:61:b3:40:9c:97:c0:ca:51:
         dd:82:4c:08:0c:37:ba:29:88:46:3c:84:7a:7a:a8:8c:da:5f:
         0b:92:fe:a5:94:d2:f6:b7:c8:b6:d7:41:25:c8:4f:6e:97:d9:
         fe:85:58:46:f9:50:99:b5:a6:4b:8e:ab:f6:1e:c4:d2:ca:a8:
         cb:cd:cf:8f:4c:5c:0a:92:af:9b:84:b7:ca:f5:e8:12:17:2b:
         26:8b:c5:b3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY5YH4dcDJZ6EV8+k79YEm+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZTI3YjhjMWRlNmIxNjFjNzk4YWI3Yjg1MTUzZDZiYTM3
OWVmYmUwHhcNMjQwMzE5MTkxMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDgwYzJlN2I0ZTQ4NTNiMjdlMTgyOWY4NWVjMTljZmFjYTNjZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyPTsPJmAX0KNatxB9Mpjrvh0AnW
qHFWOPBISabTup4c25dbNlN8FizJlu7X1hOyd92WkUkb3BoBN13Q5lEZJKSkejVM
UYkt5toXq0bPM7zxEsFms3y+R4rGMkO309tM2tAqnKyX2yw2dts6432g6ZJ5LKMz
Ks3a6GQdPmfyq5FXdTFlvmYt3cSJmLu/YsSlkZy1UDpujw7ILz4B3kMGMwizyUy1
TVmCL09o45t75fzEdfMrGjXXhaNo7pFeWGmMiFf8jGjfvLwQTaXNniD+U5b9LkmQ
o2IOqvQPFPATjr0PIVopL1AprKFupvIQevc43BGQbsEFas1Pz6vHW5hHFQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDSAwue05IU7J+GCn4XsGc+so82PMB8GA1UdIwQY
MBaAFPrie4wd5rFhx5ire4UVPWujee++MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS11SjdqQjNtc1dISG1LdDdoUlU5YTZONTc3NC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDgvOTQyZWZhLTE4YTUtNDY0OS05OTI5
LTdiZTcxMzY3OTYwOC8xL05JREM1N1RraFRzbjRZS2ZoZXdaejZ5anpZOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDgvOTQyZWZhLTE4YTUtNDY0OS05OTI5LTdiZTcxMzY3OTYw
OC8xLzEtdUo3akIzbXNXSEhtS3Q3aFJVOWE2TjU3NzQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADBbyIw
DQYJKoZIhvcNAQELBQADggEBADYVWocL2J+RESYCQa5/Meo99/p68wxsEVz4zwER
BEp9Wnf7n6FWbcD/aqn3aYPwC9tUJmPBcfCv8Be2c9ambkg8w612UJxvU2x8+cOb
b6mnvXzGLpj/JlPiHLB2IW6R2VB3hhFMA4Oj8rZxIoPLcWsv8rtMLEXJ8LLMFa+D
TqZKn180KvBw94sfSELlozAQsAdKb1lTKUOr8nrIidYRV9o2JvqLDJH/BaGfSvth
s0Ccl8DKUd2CTAgMN7opiEY8hHp6qIzaXwuS/qWU0va3yLbXQSXIT26X2f6FWEb5
UJm1pkuOq/YexNLKqMvNz49MXAqSr5uEt8r16BIXKyaLxbM=
-----END CERTIFICATE-----