Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/fc8cb4-ce84-43e4-aa2a-f391dc117fe9/1/NJUeQRFEt3F-7A-9gI1cilrq7XE.roa
File:                     NJUeQRFEt3F-7A-9gI1cilrq7XE.roa (raw, json)
Hash identifier:          gTWfLJjFGi8EkyBtLeJkNnU11kh97GXLQH53CUNgVjU=
Subject key identifier:   34:95:1E:41:11:44:B7:71:7E:EC:0F:BD:80:8D:5C:8A:5A:EA:ED:71
Certificate issuer:       /CN=63b5072a0701221e1d291f02deb8cd5169e6ac32
Certificate serial:       018D210D895ABD25B0C68CCC36B18FEB3CF7
Authority key identifier: 63:B5:07:2A:07:01:22:1E:1D:29:1F:02:DE:B8:CD:51:69:E6:AC:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y7UHKgcBIh4dKR8C3rjNUWnmrDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/fc8cb4-ce84-43e4-aa2a-f391dc117fe9/1/NJUeQRFEt3F-7A-9gI1cilrq7XE.roa
Signing time:             Fri 19 Jan 2024 09:29:11 +0000
ROA not before:           Fri 19 Jan 2024 09:29:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215770
IP address blocks:        91.238.217.0/24 maxlen: 24
                          2a14:6280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/fc8cb4-ce84-43e4-aa2a-f391dc117fe9/1/Y7UHKgcBIh4dKR8C3rjNUWnmrDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/fc8cb4-ce84-43e4-aa2a-f391dc117fe9/1/Y7UHKgcBIh4dKR8C3rjNUWnmrDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y7UHKgcBIh4dKR8C3rjNUWnmrDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:21:0d:89:5a:bd:25:b0:c6:8c:cc:36:b1:8f:eb:3c:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63b5072a0701221e1d291f02deb8cd5169e6ac32
        Validity
            Not Before: Jan 19 09:29:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34951e411144b7717eec0fbd808d5c8a5aeaed71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b8:13:01:6f:3d:00:33:6c:89:3a:3e:6f:42:
                    06:11:14:6c:92:dd:e5:af:ff:8b:98:ce:b8:14:82:
                    d2:aa:ae:44:e7:82:22:5d:5f:cc:33:c9:9b:6d:1a:
                    4b:b2:f9:0d:c5:22:d8:6a:77:44:e1:52:2c:be:26:
                    e1:1e:8f:77:31:51:4a:57:b6:b5:51:72:75:ba:61:
                    8c:88:6a:4d:fa:7b:d1:b2:fd:42:c1:5d:b7:4e:46:
                    b3:c4:03:39:d6:d7:e5:57:3d:e9:4a:9d:e3:0f:a4:
                    78:b2:3c:ff:8a:b2:66:5c:97:d5:c0:1a:c1:17:9a:
                    03:cf:fc:da:93:cb:74:b8:e7:a8:a9:43:2e:45:38:
                    24:06:4d:ae:09:8a:5c:50:4a:16:e6:36:a3:18:ba:
                    b9:91:85:5f:79:c2:c8:06:77:a1:5e:a0:ad:f9:a2:
                    c1:e2:2f:b8:4b:77:54:46:f8:a5:6c:7a:f4:33:27:
                    e1:01:e7:22:20:69:87:80:cb:c1:2d:41:a4:1a:18:
                    c5:72:c6:4b:80:85:9d:d2:bc:db:b4:7c:48:47:fb:
                    b6:c5:d5:4a:67:5b:4f:c7:e0:93:28:44:2c:9a:9a:
                    56:28:a9:46:60:ac:9a:67:6b:b9:e7:2f:b9:5d:b6:
                    c0:01:41:a7:7b:52:f5:e7:38:eb:2c:c9:70:be:65:
                    3c:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:95:1E:41:11:44:B7:71:7E:EC:0F:BD:80:8D:5C:8A:5A:EA:ED:71
            X509v3 Authority Key Identifier:
                keyid:63:B5:07:2A:07:01:22:1E:1D:29:1F:02:DE:B8:CD:51:69:E6:AC:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y7UHKgcBIh4dKR8C3rjNUWnmrDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fc8cb4-ce84-43e4-aa2a-f391dc117fe9/1/NJUeQRFEt3F-7A-9gI1cilrq7XE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/fc8cb4-ce84-43e4-aa2a-f391dc117fe9/1/Y7UHKgcBIh4dKR8C3rjNUWnmrDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.217.0/24
                IPv6:
                  2a14:6280::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:a9:1e:0f:71:53:6d:70:92:d1:df:f3:15:82:e3:2a:4e:89:
         be:da:8a:12:37:f3:35:34:27:b7:29:87:d8:8d:c5:d5:4a:20:
         7f:b0:6a:c4:c4:b7:42:a2:32:c5:29:9d:b8:f3:03:43:6f:bd:
         87:1f:92:6b:ee:e5:41:bc:0b:71:22:50:04:67:35:c5:2b:44:
         7d:2c:e6:72:ca:57:42:d8:0f:d0:2a:b5:41:1e:a0:67:35:bf:
         fe:33:39:5b:95:6d:81:4c:47:f9:8e:c2:ce:b8:0a:fc:d5:eb:
         c7:ee:99:4f:d8:6b:c4:53:cf:db:ba:b4:b6:ae:b0:c1:00:04:
         f8:9d:14:09:76:53:8b:d3:31:72:66:54:be:8e:1e:36:ca:98:
         19:ec:f8:54:c9:05:96:4b:db:16:ec:1c:04:e3:f7:93:6c:f2:
         60:ef:85:8f:18:a3:29:13:d7:a7:19:49:c8:00:f7:33:52:f8:
         bd:1b:60:9f:67:5b:1f:1a:d1:8d:04:63:3f:0e:cc:5c:4f:40:
         a2:a5:9a:78:cd:b0:91:8b:7b:84:00:00:3c:93:17:f7:04:b6:
         f7:b1:aa:bf:53:aa:d5:d3:9f:72:f2:cd:c1:b9:ec:3c:5d:c8:
         92:32:cc:94:d2:9f:cb:c7:60:a6:86:5d:04:ed:f1:41:8a:fc:
         a1:bf:02:15
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY0hDYlavSWwxozMNrGP6zz3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYjUwNzJhMDcwMTIyMWUxZDI5MWYwMmRlYjhjZDUxNjll
NmFjMzIwHhcNMjQwMTE5MDkyOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDk1MWU0MTExNDRiNzcxN2VlYzBmYmQ4MDhkNWM4YTVhZWFlZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobgTAW89ADNsiTo+b0IGERRskt3l
r/+LmM64FILSqq5E54IiXV/MM8mbbRpLsvkNxSLYandE4VIsvibhHo93MVFKV7a1
UXJ1umGMiGpN+nvRsv1CwV23TkazxAM51tflVz3pSp3jD6R4sjz/irJmXJfVwBrB
F5oDz/zak8t0uOeoqUMuRTgkBk2uCYpcUEoW5jajGLq5kYVfecLIBnehXqCt+aLB
4i+4S3dURvilbHr0MyfhAeciIGmHgMvBLUGkGhjFcsZLgIWd0rzbtHxIR/u2xdVK
Z1tPx+CTKEQsmppWKKlGYKyaZ2u55y+5XbbAAUGne1L15zjrLMlwvmU8wQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDSVHkERRLdxfuwPvYCNXIpa6u1xMB8GA1UdIwQY
MBaAFGO1ByoHASIeHSkfAt64zVFp5qwyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTdVSEtnY0JJaDRkS1I4QzNyak5VV25tckRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mYzhjYjQtY2U4NC00M2U0LWFhMmEt
ZjM5MWRjMTE3ZmU5LzEvTkpVZVFSRkV0M0YtN0EtOWdJMWNpbHJxN1hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mYzhjYjQtY2U4NC00M2U0LWFhMmEtZjM5MWRjMTE3ZmU5
LzEvWTdVSEtnY0JJaDRkS1I4QzNyak5VV25tckRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+7ZMA0E
AgACMAcDBQMqFGKAMA0GCSqGSIb3DQEBCwUAA4IBAQAxqR4PcVNtcJLR3/MVguMq
Tom+2ooSN/M1NCe3KYfYjcXVSiB/sGrExLdCojLFKZ248wNDb72HH5Jr7uVBvAtx
IlAEZzXFK0R9LOZyyldC2A/QKrVBHqBnNb/+MzlblW2BTEf5jsLOuAr81evH7plP
2GvEU8/burS2rrDBAAT4nRQJdlOL0zFyZlS+jh42ypgZ7PhUyQWWS9sW7BwE4/eT
bPJg74WPGKMpE9enGUnIAPczUvi9G2CfZ1sfGtGNBGM/DsxcT0CipZp4zbCRi3uE
AAA8kxf3BLb3saq/U6rV059y8s3Buew8XciSMsyU0p/Lx2Cmhl0E7fFBivyhvwIV
-----END CERTIFICATE-----