Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/NP08pz_FABM2pKG2F9tUDIbGvnQ.roa
File:                     NP08pz_FABM2pKG2F9tUDIbGvnQ.roa (raw, json)
Hash identifier:          JuwVvNRx9/uPTnHMrdQ/of9PjzB81I8V7Nnxgvxx+BE=
Subject key identifier:   34:FD:3C:A7:3F:C5:00:13:36:A4:A1:B6:17:DB:54:0C:86:C6:BE:74
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       018CC6B93D46BD4FB4CD5077E06B3B520099
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/NP08pz_FABM2pKG2F9tUDIbGvnQ.roa
Signing time:             Mon 01 Jan 2024 20:31:17 +0000
ROA not before:           Mon 01 Jan 2024 20:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42232
IP address blocks:        213.163.9.0/24 maxlen: 24
                          91.83.112.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:3d:46:bd:4f:b4:cd:50:77:e0:6b:3b:52:00:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Jan  1 20:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34fd3ca73fc5001336a4a1b617db540c86c6be74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:1c:5a:9e:70:9e:0d:17:d1:82:5f:9c:9e:c4:
                    22:65:e2:a2:29:06:0d:49:86:16:2f:b6:f4:00:45:
                    11:8b:66:e8:da:66:dd:7e:2e:39:af:a6:ab:d7:61:
                    28:87:f3:05:c7:db:15:c3:3e:16:58:c2:ee:26:11:
                    84:62:7d:77:a7:b4:4d:d7:ea:96:db:36:90:49:1d:
                    cf:40:5e:e1:e0:7e:61:d5:4d:73:0e:f0:8f:f1:a0:
                    07:0d:79:b3:5e:a2:66:84:0b:5d:22:f9:35:16:93:
                    2c:26:c4:68:f1:5e:88:f9:f9:57:6a:98:b9:81:70:
                    49:3b:60:45:2a:78:df:e3:ff:c4:d9:16:9d:c3:48:
                    25:d9:96:23:df:7c:f7:2f:af:3d:bc:8b:32:37:8a:
                    86:c5:9b:2b:e1:3e:51:02:1c:cd:42:28:21:6c:79:
                    e2:92:4f:98:16:73:8b:83:5d:b1:5c:16:95:f0:e6:
                    b9:de:ec:d1:6b:60:b6:bb:9b:aa:be:7c:6c:bd:42:
                    f4:ee:9c:57:6f:e4:ee:dd:0a:d1:30:88:04:a1:4d:
                    f6:b5:36:e5:c6:df:23:54:cf:ad:ce:83:17:10:ac:
                    11:cc:f8:0e:24:c1:10:d5:20:8b:bc:83:25:1a:a8:
                    30:fd:9c:13:24:84:dd:37:c6:e3:e5:13:01:0d:b0:
                    b3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:FD:3C:A7:3F:C5:00:13:36:A4:A1:B6:17:DB:54:0C:86:C6:BE:74
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/NP08pz_FABM2pKG2F9tUDIbGvnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.83.112.0/21
                  213.163.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:63:04:6c:48:e7:12:24:ee:25:95:2a:0c:d9:55:32:e7:88:
         e1:68:1c:8e:8c:b1:37:8c:2e:d3:b9:e8:8e:dd:0e:70:f4:61:
         3d:5e:6c:32:90:f7:34:fe:31:dc:8d:6c:9c:ff:d2:48:87:5b:
         1a:a8:a5:51:11:2d:e8:ec:85:08:00:7f:27:92:10:97:ba:41:
         38:12:a3:43:e2:f9:1f:4f:ed:dd:73:61:d0:a3:a6:4b:b0:e0:
         8c:cd:e1:b6:fa:91:61:5d:a5:e6:a9:26:4f:61:65:90:8d:a9:
         d8:18:4f:e4:e8:cc:72:a8:78:29:8f:dd:fe:67:22:39:84:ed:
         99:35:46:c7:a8:5b:a1:b1:3f:14:d4:3c:08:60:65:2c:a2:58:
         25:39:35:ce:24:a6:73:0a:9a:4d:ba:97:5a:07:83:a6:11:f9:
         48:41:ed:c7:24:cb:6d:0a:b0:7e:8b:63:80:28:d8:ad:e9:17:
         51:e5:20:6c:a3:8f:b6:bb:89:56:9a:59:ca:5a:ac:0e:9d:87:
         17:b2:e6:a0:2d:a2:63:8d:41:d2:ed:08:a2:de:13:c8:75:ed:
         df:5f:c0:fe:1b:db:a0:94:11:96:a3:67:44:83:cf:73:a3:19:
         7d:e6:29:0b:78:e8:8a:0b:65:a0:71:d1:27:87:82:cd:eb:61:
         16:2b:7e:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuT1GvU+0zVB34Gs7UgCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjQwMTAxMjAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGZkM2NhNzNmYzUwMDEzMzZhNGExYjYxN2RiNTQwYzg2YzZiZTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBxannCeDRfRgl+cnsQiZeKiKQYN
SYYWL7b0AEURi2bo2mbdfi45r6ar12Eoh/MFx9sVwz4WWMLuJhGEYn13p7RN1+qW
2zaQSR3PQF7h4H5h1U1zDvCP8aAHDXmzXqJmhAtdIvk1FpMsJsRo8V6I+flXapi5
gXBJO2BFKnjf4//E2Radw0gl2ZYj33z3L689vIsyN4qGxZsr4T5RAhzNQighbHni
kk+YFnOLg12xXBaV8Oa53uzRa2C2u5uqvnxsvUL07pxXb+Tu3QrRMIgEoU32tTbl
xt8jVM+tzoMXEKwRzPgOJMEQ1SCLvIMlGqgw/ZwTJITdN8bj5RMBDbCzbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDT9PKc/xQATNqShthfbVAyGxr50MB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvTlAwOHB6X0ZBQk0ycEtHMkY5dFVESWJHdm5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDW1NwAwQA
1aMJMA0GCSqGSIb3DQEBCwUAA4IBAQAaYwRsSOcSJO4llSoM2VUy54jhaByOjLE3
jC7TueiO3Q5w9GE9XmwykPc0/jHcjWyc/9JIh1saqKVRES3o7IUIAH8nkhCXukE4
EqND4vkfT+3dc2HQo6ZLsOCMzeG2+pFhXaXmqSZPYWWQjanYGE/k6MxyqHgpj93+
ZyI5hO2ZNUbHqFuhsT8U1DwIYGUsolglOTXOJKZzCppNupdaB4OmEflIQe3HJMtt
CrB+i2OAKNit6RdR5SBso4+2u4lWmlnKWqwOnYcXsuagLaJjjUHS7Qii3hPIde3f
X8D+G9uglBGWo2dEg89zoxl95ikLeOiKC2WgcdEnh4LN62EWK37I
-----END CERTIFICATE-----