Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/NFsldV3Oo3numLXNTrQ7jbpDpUI.roa
File:                     NFsldV3Oo3numLXNTrQ7jbpDpUI.roa (raw, json)
Hash identifier:          g1DopMTj/G3gF9Do/2YJP+zpwIHgITWXQdk99dPS2i8=
Subject key identifier:   34:5B:25:75:5D:CE:A3:79:EE:98:B5:CD:4E:B4:3B:8D:BA:43:A5:42
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018DF37D8E78D330CA950976B71288F84E52
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/NFsldV3Oo3numLXNTrQ7jbpDpUI.roa
Signing time:             Thu 29 Feb 2024 06:11:48 +0000
ROA not before:           Thu 29 Feb 2024 06:11:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        188.209.135.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f3:7d:8e:78:d3:30:ca:95:09:76:b7:12:88:f8:4e:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Feb 29 06:11:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=345b25755dcea379ee98b5cd4eb43b8dba43a542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:29:9b:1c:be:92:2a:5d:b9:b9:df:e6:f9:9e:
                    a8:ee:b2:d6:46:33:85:5e:12:74:62:4d:d8:3f:0d:
                    28:55:0c:39:0f:43:22:97:48:67:91:ba:44:7d:af:
                    68:af:33:e4:c9:63:0b:7e:a6:e8:2a:37:ef:2a:da:
                    0c:14:16:a9:20:30:45:ba:27:ff:6c:7a:3d:69:17:
                    2a:e7:4b:54:67:bd:24:93:bc:54:5e:d6:ee:e6:04:
                    e5:0e:d8:1c:80:6e:5c:a5:2e:52:b3:51:b4:15:1c:
                    4a:21:e6:bb:0a:23:11:29:fb:2d:5f:68:24:06:e4:
                    6e:16:e0:9a:f7:0b:7d:14:7c:e1:36:96:b2:90:cb:
                    69:28:34:9b:ec:34:19:77:07:bc:a7:62:e5:4f:ef:
                    5c:81:97:13:14:46:5a:1d:54:17:cd:66:66:53:e5:
                    ad:17:7e:9b:06:ce:dd:b3:0a:a4:a7:c9:34:57:01:
                    d7:05:30:05:2f:19:86:b7:c8:a5:89:dc:48:e6:8c:
                    26:c4:7c:37:1e:6d:2c:dd:eb:03:34:fd:0b:a6:ea:
                    59:5d:06:bd:4e:14:ce:4a:47:bf:bc:77:b5:3b:01:
                    7a:10:0c:91:65:51:43:5f:9c:82:92:1c:34:bd:f1:
                    e7:21:e1:97:e7:1d:40:11:b6:3f:f9:c8:0b:b9:ef:
                    33:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:5B:25:75:5D:CE:A3:79:EE:98:B5:CD:4E:B4:3B:8D:BA:43:A5:42
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/NFsldV3Oo3numLXNTrQ7jbpDpUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:72:25:75:ca:9f:dc:df:24:00:db:23:40:d6:68:2f:07:35:
         39:e9:d8:11:93:1e:86:46:d6:8f:db:23:71:65:2e:96:bf:fb:
         83:56:1f:d3:14:c3:8a:51:b1:f1:a5:9e:91:18:96:fe:30:62:
         55:40:be:91:15:41:6c:db:c1:de:23:51:e1:15:39:ae:10:56:
         23:00:7a:8b:85:4e:8b:42:be:74:89:58:5e:1d:74:ef:9a:6e:
         2e:a9:31:75:df:16:3e:7c:48:1b:70:2e:5a:15:d8:37:7e:45:
         cf:27:ca:41:ae:6b:5d:9f:e4:7f:d5:01:a7:2e:66:6a:42:df:
         5b:2e:2a:36:0d:74:2d:9d:5f:15:2b:36:d6:b3:33:f4:29:b0:
         5f:b3:3e:b9:54:1b:90:97:f8:53:27:77:d4:75:f5:2f:bb:e0:
         e9:e1:92:1c:41:a3:02:55:db:f8:91:93:b0:7c:a9:f3:fe:2c:
         23:d0:cc:c3:1a:85:f9:48:8b:c7:8f:03:17:c2:f8:69:69:46:
         5c:55:90:38:6c:bb:e8:02:8d:ef:3a:bd:cf:1e:e4:dc:5f:5c:
         0c:fc:ae:ba:46:b3:0a:81:40:57:13:fe:79:a9:eb:67:ce:e6:
         15:06:e8:d4:84:51:40:ec:e3:d9:73:fb:43:1a:17:7c:50:1c:
         7b:46:9a:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3zfY540zDKlQl2txKI+E5SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwMjI5MDYxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDViMjU3NTVkY2VhMzc5ZWU5OGI1Y2Q0ZWI0M2I4ZGJhNDNhNTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoimbHL6SKl25ud/m+Z6o7rLWRjOF
XhJ0Yk3YPw0oVQw5D0Mil0hnkbpEfa9orzPkyWMLfqboKjfvKtoMFBapIDBFuif/
bHo9aRcq50tUZ70kk7xUXtbu5gTlDtgcgG5cpS5Ss1G0FRxKIea7CiMRKfstX2gk
BuRuFuCa9wt9FHzhNpaykMtpKDSb7DQZdwe8p2LlT+9cgZcTFEZaHVQXzWZmU+Wt
F36bBs7dswqkp8k0VwHXBTAFLxmGt8ilidxI5owmxHw3Hm0s3esDNP0LpupZXQa9
ThTOSke/vHe1OwF6EAyRZVFDX5yCkhw0vfHnIeGX5x1AEbY/+cgLue8zlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRbJXVdzqN57pi1zU60O426Q6VCMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvTkZzbGRWM09vM251bUxYTlRyUTdqYnBEcFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNGHMA0G
CSqGSIb3DQEBCwUAA4IBAQCgciV1yp/c3yQA2yNA1mgvBzU56dgRkx6GRtaP2yNx
ZS6Wv/uDVh/TFMOKUbHxpZ6RGJb+MGJVQL6RFUFs28HeI1HhFTmuEFYjAHqLhU6L
Qr50iVheHXTvmm4uqTF13xY+fEgbcC5aFdg3fkXPJ8pBrmtdn+R/1QGnLmZqQt9b
Lio2DXQtnV8VKzbWszP0KbBfsz65VBuQl/hTJ3fUdfUvu+Dp4ZIcQaMCVdv4kZOw
fKnz/iwj0MzDGoX5SIvHjwMXwvhpaUZcVZA4bLvoAo3vOr3PHuTcX1wM/K66RrMK
gUBXE/55qetnzuYVBujUhFFA7OPZc/tDGhd8UBx7RpqN
-----END CERTIFICATE-----