Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/NV60B8QJEoizW7nRjhAGRTyQrT0.roa
File:                     NV60B8QJEoizW7nRjhAGRTyQrT0.roa (raw, json)
Hash identifier:          epWMWKQghgSj94Xf3vM8wAeYulPn2VqXH4Np6d7ksXY=
Subject key identifier:   35:5E:B4:07:C4:09:12:88:B3:5B:B9:D1:8E:10:06:45:3C:90:AD:3D
Certificate issuer:       /CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
Certificate serial:       018EBDEDA7A8F84323161E2EA9FCBAE5BEBE
Authority key identifier: E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/NV60B8QJEoizW7nRjhAGRTyQrT0.roa
Signing time:             Mon 08 Apr 2024 13:37:32 +0000
ROA not before:           Mon 08 Apr 2024 13:37:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52209
IP address blocks:        185.93.89.0/24 maxlen: 24
                          2a13:9dc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:ed:a7:a8:f8:43:23:16:1e:2e:a9:fc:ba:e5:be:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d73ffc3f37c4fec4bd35ad1c595cd056baecfd
        Validity
            Not Before: Apr  8 13:37:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=355eb407c4091288b35bb9d18e1006453c90ad3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:60:6e:98:9f:34:70:de:6f:b8:ae:f5:dd:e3:
                    3a:54:6e:41:99:5e:94:bf:3d:56:fe:a6:c6:1a:bd:
                    43:b5:fe:90:92:2e:0b:aa:6a:93:52:d6:c6:71:4f:
                    ad:ee:95:11:07:24:88:96:60:bf:1f:ad:1b:f8:56:
                    82:68:48:57:07:77:80:5f:00:1c:3c:87:fc:83:1c:
                    86:f7:f8:aa:20:e6:af:24:05:d0:df:c3:dd:8c:fb:
                    60:ac:27:55:84:9d:41:51:83:ae:98:3f:05:c8:04:
                    bf:d3:46:8d:63:d3:15:ab:ff:5c:60:9a:21:81:37:
                    07:d0:9a:2b:8c:77:ae:a5:01:24:fe:97:ec:81:f6:
                    f9:d8:b5:6e:43:79:89:34:b1:8a:43:91:7b:44:2f:
                    94:0c:54:d7:62:c0:b8:33:1d:c5:19:d2:4e:4d:72:
                    d5:e2:05:52:36:20:4d:bd:f2:a7:78:85:53:41:d7:
                    dd:e0:b9:44:de:32:be:8c:f0:cd:b2:48:0c:8c:5e:
                    93:a4:0a:ac:40:f8:84:ab:d9:9a:1a:de:58:f2:f7:
                    bf:7d:37:a8:a0:29:27:bb:fd:c7:f4:3d:35:6a:40:
                    af:1a:53:55:91:ea:4e:db:88:49:49:95:12:db:4e:
                    67:d9:86:4e:45:aa:ae:c7:01:4e:d5:f9:91:65:7b:
                    f2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:5E:B4:07:C4:09:12:88:B3:5B:B9:D1:8E:10:06:45:3C:90:AD:3D
            X509v3 Authority Key Identifier:
                keyid:E2:D7:3F:FC:3F:37:C4:FE:C4:BD:35:AD:1C:59:5C:D0:56:BA:EC:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tc__D83xP7EvTWtHFlc0Fa67P0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/NV60B8QJEoizW7nRjhAGRTyQrT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/e5cf00-55b8-4359-ac1e-aa0c4dc03222/1/4tc__D83xP7EvTWtHFlc0Fa67P0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.89.0/24
                IPv6:
                  2a13:9dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:b9:ac:33:fc:e7:36:e9:e8:80:b0:c6:5c:35:75:0b:21:53:
         7f:83:3f:31:2c:1b:0e:c5:2f:bd:2b:cf:30:bd:e4:a4:a9:e2:
         61:1b:8f:9f:cc:78:9c:4e:ef:8c:4a:ec:73:07:cd:4c:4c:e0:
         84:38:93:39:bc:ae:02:54:4c:c3:eb:d6:07:23:83:49:f1:ff:
         56:7e:d5:5d:5a:35:f0:10:fb:71:34:4d:ce:45:90:1d:54:01:
         45:07:bd:db:94:be:d5:46:1f:19:85:a4:16:49:8f:c0:73:ad:
         e1:ca:3c:3a:1a:05:de:f0:07:46:e7:4f:a5:e8:30:7e:f9:24:
         9e:9d:87:88:7e:ed:1a:86:fd:9e:39:0b:f9:d1:06:fa:4a:f6:
         c9:6f:55:9d:1e:72:46:6b:64:82:ff:08:6a:52:5c:8c:7f:6c:
         79:f1:1e:b8:75:7d:bf:e5:4b:6e:7b:1b:c4:d2:d0:82:95:16:
         f1:1a:4f:e6:2d:66:22:4d:03:98:45:5b:95:c9:a0:0c:c9:6f:
         4c:8b:0b:a7:4d:34:b0:04:b6:5f:d9:1c:e3:43:18:1b:8b:8d:
         03:91:e7:d8:b3:72:d8:20:99:27:75:a7:fb:e1:e3:d1:5e:47:
         dc:7c:0e:92:0f:bd:37:43:b2:0f:2f:60:45:44:b1:b5:22:a3:
         7c:b1:42:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY697aeo+EMjFh4uqfy65b6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDczZmZjM2YzN2M0ZmVjNGJkMzVhZDFjNTk1Y2QwNTZi
YWVjZmQwHhcNMjQwNDA4MTMzNzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTVlYjQwN2M0MDkxMjg4YjM1YmI5ZDE4ZTEwMDY0NTNjOTBhZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2BumJ80cN5vuK713eM6VG5BmV6U
vz1W/qbGGr1Dtf6Qki4LqmqTUtbGcU+t7pURBySIlmC/H60b+FaCaEhXB3eAXwAc
PIf8gxyG9/iqIOavJAXQ38PdjPtgrCdVhJ1BUYOumD8FyAS/00aNY9MVq/9cYJoh
gTcH0JorjHeupQEk/pfsgfb52LVuQ3mJNLGKQ5F7RC+UDFTXYsC4Mx3FGdJOTXLV
4gVSNiBNvfKneIVTQdfd4LlE3jK+jPDNskgMjF6TpAqsQPiEq9maGt5Y8ve/fTeo
oCknu/3H9D01akCvGlNVkepO24hJSZUS205n2YZORaquxwFO1fmRZXvy8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDVetAfECRKIs1u50Y4QBkU8kK09MB8GA1UdIwQY
MBaAFOLXP/w/N8T+xL01rRxZXNBWuuz9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUt
YWEwYzRkYzAzMjIyLzEvTlY2MEI4UUpFb2l6VzduUmpoQUdSVHlRclQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9lNWNmMDAtNTViOC00MzU5LWFjMWUtYWEwYzRkYzAzMjIy
LzEvNHRjX19EODN4UDdFdlRXdEhGbGMwRmE2N1AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuV1ZMA0E
AgACMAcDBQMqE53AMA0GCSqGSIb3DQEBCwUAA4IBAQBGuawz/Oc26eiAsMZcNXUL
IVN/gz8xLBsOxS+9K88wveSkqeJhG4+fzHicTu+MSuxzB81MTOCEOJM5vK4CVEzD
69YHI4NJ8f9WftVdWjXwEPtxNE3ORZAdVAFFB73blL7VRh8ZhaQWSY/Ac63hyjw6
GgXe8AdG50+l6DB++SSenYeIfu0ahv2eOQv50Qb6SvbJb1WdHnJGa2SC/whqUlyM
f2x58R64dX2/5UtuexvE0tCClRbxGk/mLWYiTQOYRVuVyaAMyW9MiwunTTSwBLZf
2RzjQxgbi40DkefYs3LYIJkndaf74ePRXkfcfA6SD703Q7IPL2BFRLG1IqN8sUK6
-----END CERTIFICATE-----