Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/a0ba88-4d88-4691-aa6c-b5b8f5784dfe/1/NbdzBBNdbnPn0AQgyDtAoDZTm24.roa
File:                     NbdzBBNdbnPn0AQgyDtAoDZTm24.roa (raw, json)
Hash identifier:          HMSSFkhsotr0g8jdI6A1rSrmAxhxcmdG6Gd9okhlGuE=
Subject key identifier:   35:B7:73:04:13:5D:6E:73:E7:D0:04:20:C8:3B:40:A0:36:53:9B:6E
Certificate issuer:       /CN=18b7377ce5efa3ca030ebb4dd77567fc032fcd01
Certificate serial:       018CC94E105AC0EA8D0442C9101C0D6CF1B3
Authority key identifier: 18:B7:37:7C:E5:EF:A3:CA:03:0E:BB:4D:D7:75:67:FC:03:2F:CD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GLc3fOXvo8oDDrtN13Vn_AMvzQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/a0ba88-4d88-4691-aa6c-b5b8f5784dfe/1/NbdzBBNdbnPn0AQgyDtAoDZTm24.roa
Signing time:             Tue 02 Jan 2024 08:33:05 +0000
ROA not before:           Tue 02 Jan 2024 08:33:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199638
IP address blocks:        91.245.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/a0ba88-4d88-4691-aa6c-b5b8f5784dfe/1/GLc3fOXvo8oDDrtN13Vn_AMvzQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/a0ba88-4d88-4691-aa6c-b5b8f5784dfe/1/GLc3fOXvo8oDDrtN13Vn_AMvzQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GLc3fOXvo8oDDrtN13Vn_AMvzQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:10:5a:c0:ea:8d:04:42:c9:10:1c:0d:6c:f1:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18b7377ce5efa3ca030ebb4dd77567fc032fcd01
        Validity
            Not Before: Jan  2 08:33:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35b77304135d6e73e7d00420c83b40a036539b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:ba:aa:17:fc:80:bf:2f:71:c7:92:a3:00:1f:
                    7c:a8:9b:16:42:ae:6a:e5:c5:7f:8e:4c:21:6f:0d:
                    f4:a8:46:02:97:e5:30:07:c9:b1:8d:8d:f1:51:89:
                    f7:f5:a5:e3:4c:25:39:82:d9:c9:7c:9f:0e:cc:52:
                    12:22:36:58:0c:3d:06:f5:d7:ea:2a:2b:6a:40:f0:
                    00:62:fd:87:79:d6:f2:bc:b6:1f:0c:4a:3c:db:6b:
                    bb:4e:f6:f2:82:44:27:b5:b0:82:32:4a:70:24:10:
                    34:55:6c:35:21:2b:ae:6c:2b:7e:1d:02:77:c3:df:
                    3b:24:79:8a:6b:f3:1a:1c:e6:c8:bc:f0:2f:e0:8c:
                    64:6b:f5:9f:e6:eb:5d:26:3b:fb:79:1c:ad:ec:ab:
                    31:d2:81:3a:e6:b4:57:76:7f:52:f1:f4:c2:48:15:
                    3a:c4:7a:b0:cc:df:bc:72:e5:0c:0c:f5:8d:7b:ec:
                    bb:1f:5d:be:65:8c:d1:be:72:56:44:a1:bc:f4:c8:
                    cc:a7:65:3b:4b:36:44:58:c7:73:8e:cc:31:b9:52:
                    0e:6a:9d:48:89:65:a9:40:19:0a:c3:32:4c:a3:86:
                    08:0e:d9:e1:c7:11:79:51:30:91:08:ee:7b:c7:d0:
                    dc:99:1a:2c:bd:ca:f7:22:fe:04:b1:8d:f8:42:5d:
                    68:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:B7:73:04:13:5D:6E:73:E7:D0:04:20:C8:3B:40:A0:36:53:9B:6E
            X509v3 Authority Key Identifier:
                keyid:18:B7:37:7C:E5:EF:A3:CA:03:0E:BB:4D:D7:75:67:FC:03:2F:CD:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GLc3fOXvo8oDDrtN13Vn_AMvzQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/a0ba88-4d88-4691-aa6c-b5b8f5784dfe/1/NbdzBBNdbnPn0AQgyDtAoDZTm24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/a0ba88-4d88-4691-aa6c-b5b8f5784dfe/1/GLc3fOXvo8oDDrtN13Vn_AMvzQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:90:d0:39:79:47:94:58:74:d8:d7:a2:34:c3:de:dc:e3:85:
         61:d9:c3:8d:e2:48:55:25:7a:3c:73:c6:71:4a:a1:b6:dd:00:
         2a:4e:da:11:64:2d:aa:b8:aa:cf:61:40:ee:d4:ba:ca:28:f2:
         8b:1a:68:ae:b0:98:9c:b5:38:72:0f:a7:e0:6e:29:4e:6b:3b:
         57:c2:6b:01:58:68:cf:cb:f4:85:d7:d4:70:58:c5:52:57:d8:
         c8:c0:09:75:af:80:47:78:7d:47:ec:ad:16:a6:0d:0e:78:cd:
         3d:e9:ba:b5:2a:52:b0:57:e6:09:e6:a8:29:0a:0d:2c:db:ae:
         23:d9:63:91:45:05:7e:b7:9b:70:e5:fc:37:a7:38:aa:74:23:
         9f:aa:cb:d5:0a:65:91:73:27:85:6b:2a:23:ae:ff:fc:09:b8:
         ae:c5:04:d3:fa:0a:7e:d5:95:42:a5:62:ba:43:93:ac:2b:7a:
         c5:59:09:10:0d:b3:52:b6:f2:b8:56:a6:65:e0:28:25:f2:fa:
         19:42:db:6a:2b:89:b6:df:1a:03:09:ed:aa:77:ed:17:dd:34:
         73:e0:ce:48:ab:0a:5c:27:25:ba:78:2d:d3:4b:b8:e6:44:e9:
         f0:ab:90:d3:3a:80:bb:cf:95:c7:f5:26:d6:80:27:8d:94:27:
         df:76:d5:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJThBawOqNBELJEBwNbPGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YjczNzdjZTVlZmEzY2EwMzBlYmI0ZGQ3NzU2N2ZjMDMy
ZmNkMDEwHhcNMjQwMTAyMDgzMzA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWI3NzMwNDEzNWQ2ZTczZTdkMDA0MjBjODNiNDBhMDM2NTM5YjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8bqqF/yAvy9xx5KjAB98qJsWQq5q
5cV/jkwhbw30qEYCl+UwB8mxjY3xUYn39aXjTCU5gtnJfJ8OzFISIjZYDD0G9dfq
KitqQPAAYv2HedbyvLYfDEo822u7TvbygkQntbCCMkpwJBA0VWw1ISuubCt+HQJ3
w987JHmKa/MaHObIvPAv4Ixka/Wf5utdJjv7eRyt7Ksx0oE65rRXdn9S8fTCSBU6
xHqwzN+8cuUMDPWNe+y7H12+ZYzRvnJWRKG89MjMp2U7SzZEWMdzjswxuVIOap1I
iWWpQBkKwzJMo4YIDtnhxxF5UTCRCO57x9DcmRosvcr3Iv4EsY34Ql1onQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDW3cwQTXW5z59AEIMg7QKA2U5tuMB8GA1UdIwQY
MBaAFBi3N3zl76PKAw67Tdd1Z/wDL80BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0xjM2ZPWHZvOG9ERHJ0TjEzVm5fQU12elFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9hMGJhODgtNGQ4OC00NjkxLWFhNmMt
YjViOGY1Nzg0ZGZlLzEvTmJkekJCTmRiblBuMEFRZ3lEdEFvRFpUbTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9hMGJhODgtNGQ4OC00NjkxLWFhNmMtYjViOGY1Nzg0ZGZl
LzEvR0xjM2ZPWHZvOG9ERHJ0TjEzVm5fQU12elFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/XBMA0G
CSqGSIb3DQEBCwUAA4IBAQChkNA5eUeUWHTY16I0w97c44Vh2cON4khVJXo8c8Zx
SqG23QAqTtoRZC2quKrPYUDu1LrKKPKLGmiusJictThyD6fgbilOaztXwmsBWGjP
y/SF19RwWMVSV9jIwAl1r4BHeH1H7K0Wpg0OeM096bq1KlKwV+YJ5qgpCg0s264j
2WORRQV+t5tw5fw3pziqdCOfqsvVCmWRcyeFayojrv/8CbiuxQTT+gp+1ZVCpWK6
Q5OsK3rFWQkQDbNStvK4VqZl4Cgl8voZQttqK4m23xoDCe2qd+0X3TRz4M5Iqwpc
JyW6eC3TS7jmROnwq5DTOoC7z5XH9SbWgCeNlCffdtWc
-----END CERTIFICATE-----