Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/nTvm7CMJvHXt3QLnX4gIxcKtVzE.roa
File:                     nTvm7CMJvHXt3QLnX4gIxcKtVzE.roa (raw, json)
Hash identifier:          6geIl+0+4sleg/k2+XsFC1T4ArfuiUpA+bCiJ77RdLA=
Subject key identifier:   9D:3B:E6:EC:23:09:BC:75:ED:DD:02:E7:5F:88:08:C5:C2:AD:57:31
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       018CC86F3410D99152A24DDA07EBD8C3A111
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/nTvm7CMJvHXt3QLnX4gIxcKtVzE.roa
Signing time:             Tue 02 Jan 2024 04:29:40 +0000
ROA not before:           Tue 02 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     17018
IP address blocks:        91.221.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:34:10:d9:91:52:a2:4d:da:07:eb:d8:c3:a1:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d3be6ec2309bc75eddd02e75f8808c5c2ad5731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e3:90:53:e6:17:a2:eb:a4:76:e3:0b:e5:6e:
                    b4:dd:ad:ba:dd:8a:3a:d2:ab:e9:d8:30:b6:49:05:
                    8d:80:45:bf:ee:03:ba:42:94:d9:08:dd:79:60:95:
                    28:52:cb:c5:29:dc:4b:fc:ee:56:af:ad:d3:1b:61:
                    e1:39:92:22:39:fa:01:d7:e8:3d:30:e4:e2:4d:de:
                    f6:2c:c4:d5:28:97:d7:53:82:50:ab:fb:ff:2e:f0:
                    71:86:50:6c:a6:90:74:8b:d4:68:50:7a:87:e2:9e:
                    2c:0c:a2:9d:70:a2:96:42:8f:18:1d:cd:b7:cd:ab:
                    d0:b7:65:47:3e:6a:c5:70:54:60:91:07:8e:b4:a9:
                    a5:ad:4f:3b:1c:15:b5:c9:d4:81:e2:16:7f:33:5b:
                    2b:de:d3:16:f7:4a:76:31:3a:61:dd:4c:df:ea:77:
                    fc:34:92:7b:c9:ee:5f:9c:83:4c:cf:0c:a8:64:bc:
                    3c:86:d4:61:7e:89:09:ae:56:19:91:4f:14:9a:ce:
                    c5:d0:b0:dc:c2:9e:9d:34:d5:94:b6:e9:5d:03:7f:
                    27:9c:b9:fe:a7:d0:ff:ef:06:d5:5d:b1:03:18:e3:
                    ae:df:d0:cb:ee:83:08:af:aa:38:fc:74:a4:70:ec:
                    d2:ff:36:e1:37:b3:db:d7:ce:5f:e5:79:31:ad:fd:
                    95:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3B:E6:EC:23:09:BC:75:ED:DD:02:E7:5F:88:08:C5:C2:AD:57:31
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/nTvm7CMJvHXt3QLnX4gIxcKtVzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:a9:e0:ff:36:28:9d:3c:ea:2e:1a:ec:a9:00:f8:fe:6f:67:
         f2:19:32:b3:57:52:03:a4:40:72:b7:03:75:30:a7:b0:9c:28:
         fc:a8:68:aa:7a:c3:7c:fc:8b:03:f5:69:32:35:1d:c5:49:71:
         26:56:0f:a3:c8:4a:a4:b9:5d:a0:a8:8e:c3:1a:72:10:22:fe:
         05:af:b1:6e:cb:9c:27:c4:a7:d9:5c:2d:d7:69:23:f0:de:58:
         ac:7a:50:e7:41:9d:60:b4:4b:a8:e7:5a:b7:7e:21:fd:25:97:
         ef:b7:f6:83:0e:e7:42:42:7b:5f:eb:0a:3a:72:b0:16:2e:51:
         bd:8b:d2:44:3b:a2:d4:51:53:6c:a3:93:1d:44:91:57:bc:6d:
         ab:a3:33:e8:1d:2a:b4:9a:5a:14:20:a6:2c:53:cc:65:03:4a:
         8e:33:8d:02:34:56:8d:b1:8a:aa:b8:e3:4b:33:cc:75:2f:26:
         5b:29:10:d1:e5:f5:fe:cd:50:df:a0:f3:bd:9b:8a:97:f0:6f:
         83:f1:31:47:3e:01:6a:5e:f1:dd:8b:a1:91:84:2a:e0:28:fa:
         93:48:21:48:b6:19:60:0f:80:63:74:6c:60:37:6a:e5:45:9e:
         98:62:ae:42:4a:2f:b8:3a:6a:7d:20:c6:bb:35:c5:5a:b9:8c:
         5f:94:8a:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbzQQ2ZFSok3aB+vYw6ERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjQwMTAyMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDNiZTZlYzIzMDliYzc1ZWRkZDAyZTc1Zjg4MDhjNWMyYWQ1NzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+OQU+YXouukduML5W603a263Yo6
0qvp2DC2SQWNgEW/7gO6QpTZCN15YJUoUsvFKdxL/O5Wr63TG2HhOZIiOfoB1+g9
MOTiTd72LMTVKJfXU4JQq/v/LvBxhlBsppB0i9RoUHqH4p4sDKKdcKKWQo8YHc23
zavQt2VHPmrFcFRgkQeOtKmlrU87HBW1ydSB4hZ/M1sr3tMW90p2MTph3Uzf6nf8
NJJ7ye5fnINMzwyoZLw8htRhfokJrlYZkU8Ums7F0LDcwp6dNNWUtuldA38nnLn+
p9D/7wbVXbEDGOOu39DL7oMIr6o4/HSkcOzS/zbhN7Pb185f5Xkxrf2VDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ075uwjCbx17d0C51+ICMXCrVcxMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvblR2bTdDTUp2SFh0M1FMblg0Z0l4Y0t0VnpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW93pMA0G
CSqGSIb3DQEBCwUAA4IBAQAeqeD/NiidPOouGuypAPj+b2fyGTKzV1IDpEBytwN1
MKewnCj8qGiqesN8/IsD9WkyNR3FSXEmVg+jyEqkuV2gqI7DGnIQIv4Fr7Fuy5wn
xKfZXC3XaSPw3liselDnQZ1gtEuo51q3fiH9JZfvt/aDDudCQntf6wo6crAWLlG9
i9JEO6LUUVNso5MdRJFXvG2rozPoHSq0mloUIKYsU8xlA0qOM40CNFaNsYqquONL
M8x1LyZbKRDR5fX+zVDfoPO9m4qX8G+D8TFHPgFqXvHdi6GRhCrgKPqTSCFIthlg
D4BjdGxgN2rlRZ6YYq5CSi+4Omp9IMa7NcVauYxflIoT
-----END CERTIFICATE-----