Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/k8xjJo9zY4NR-rLPtlfj-SWeyjk.roa
File:                     k8xjJo9zY4NR-rLPtlfj-SWeyjk.roa (raw, json)
Hash identifier:          tBZUKti2YzPVqm+G3eO0LRmISdtpLK81zs2VnKHEgYA=
Subject key identifier:   93:CC:63:26:8F:73:63:83:51:FA:B2:CF:B6:57:E3:F9:25:9E:CA:39
Certificate issuer:       /CN=3414a06dac854dbee60984588dec7b3284b5aa50
Certificate serial:       018CC34913B144366A42515D9B4A60A50CFC
Authority key identifier: 34:14:A0:6D:AC:85:4D:BE:E6:09:84:58:8D:EC:7B:32:84:B5:AA:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NBSgbayFTb7mCYRYjex7MoS1qlA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/k8xjJo9zY4NR-rLPtlfj-SWeyjk.roa
Signing time:             Mon 01 Jan 2024 04:29:55 +0000
ROA not before:           Mon 01 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20853
IP address blocks:        193.104.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/NBSgbayFTb7mCYRYjex7MoS1qlA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/NBSgbayFTb7mCYRYjex7MoS1qlA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NBSgbayFTb7mCYRYjex7MoS1qlA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:13:b1:44:36:6a:42:51:5d:9b:4a:60:a5:0c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3414a06dac854dbee60984588dec7b3284b5aa50
        Validity
            Not Before: Jan  1 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93cc63268f73638351fab2cfb657e3f9259eca39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8c:ae:c4:72:4d:b2:61:df:8a:da:89:d1:79:
                    99:ce:98:03:ad:ce:94:31:63:32:7d:4e:3e:5f:6b:
                    db:e8:83:0d:2f:65:54:c1:d6:61:fd:ee:90:51:67:
                    84:f3:a4:65:34:ce:2f:d9:29:2f:18:96:56:3d:38:
                    74:a9:6d:25:7a:1b:6a:b6:79:ed:b0:96:1c:d3:02:
                    10:67:2b:e4:4e:6c:88:81:b4:f1:a5:e3:a9:96:b0:
                    a5:60:32:4d:2d:ea:f5:54:b5:0d:5e:7a:8e:cd:86:
                    52:d5:53:76:19:f8:c5:17:bd:b4:1e:91:30:9b:bf:
                    d2:94:d2:98:cc:87:07:8d:a1:cc:a2:f0:b6:fe:7c:
                    53:e5:c6:2f:c3:c6:ce:c1:99:b7:53:77:b6:1e:b2:
                    ca:82:32:7a:91:78:c2:5f:e5:64:f7:e3:15:89:25:
                    7d:0d:b1:88:dc:59:ef:28:5d:d4:64:ee:b3:78:4f:
                    83:74:65:e6:3b:2b:79:c3:25:be:38:91:0d:24:31:
                    e2:d9:8a:f5:c1:ad:7c:fe:c9:18:81:02:81:2e:66:
                    d0:8a:f4:11:71:45:8e:ff:b5:ec:7a:ae:cd:76:53:
                    d1:e9:ba:6a:c9:3a:70:0b:0b:b2:4c:60:04:2b:83:
                    34:f2:4d:20:22:75:fb:a2:2d:7d:5e:cf:2f:15:79:
                    2e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CC:63:26:8F:73:63:83:51:FA:B2:CF:B6:57:E3:F9:25:9E:CA:39
            X509v3 Authority Key Identifier:
                keyid:34:14:A0:6D:AC:85:4D:BE:E6:09:84:58:8D:EC:7B:32:84:B5:AA:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NBSgbayFTb7mCYRYjex7MoS1qlA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/k8xjJo9zY4NR-rLPtlfj-SWeyjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/03dc6e-8524-45d7-acc5-e659fde05289/1/NBSgbayFTb7mCYRYjex7MoS1qlA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:40:8b:0e:13:f6:29:0f:0d:c8:18:2c:d7:56:53:ed:46:1d:
         6c:c4:b9:b1:b5:65:f0:18:61:b0:ad:74:25:f4:f2:4c:88:2f:
         9f:03:93:69:66:de:fc:27:5b:67:95:f6:1c:3c:0d:8a:72:69:
         fe:94:b9:d0:07:16:69:30:30:01:70:54:dd:9a:db:73:fa:d4:
         65:1a:3d:ad:51:ce:e5:04:89:36:56:ab:66:fe:a2:85:97:10:
         7c:b1:6c:19:b7:ec:27:f3:c3:99:5b:56:e4:cf:3b:46:01:9f:
         e3:a1:fd:1e:6a:e8:13:34:93:ab:2e:b2:5f:76:0c:15:be:0c:
         a9:f1:4c:33:7a:8b:5d:23:f6:37:53:b4:20:e4:77:bd:0e:f8:
         c9:83:07:d2:4f:2c:ca:d2:0f:1c:27:e2:e6:d1:ba:fb:55:dd:
         83:5c:7d:9f:57:11:53:65:74:26:51:1d:db:85:c4:39:9e:6d:
         46:5f:a0:02:3f:85:09:8f:f2:0c:b7:95:13:6c:5b:33:be:f7:
         66:b3:74:0f:54:e0:d7:d9:32:6e:d2:26:5e:a0:9f:a0:3c:d8:
         ff:94:26:64:6b:13:4b:24:38:ba:35:da:97:aa:49:77:01:bb:
         d6:2b:7c:f3:14:22:2e:a6:62:0a:d2:ae:75:73:9b:ad:6a:bf:
         09:71:20:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSROxRDZqQlFdm0pgpQz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MTRhMDZkYWM4NTRkYmVlNjA5ODQ1ODhkZWM3YjMyODRi
NWFhNTAwHhcNMjQwMTAxMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2NjNjMyNjhmNzM2MzgzNTFmYWIyY2ZiNjU3ZTNmOTI1OWVjYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4yuxHJNsmHfitqJ0XmZzpgDrc6U
MWMyfU4+X2vb6IMNL2VUwdZh/e6QUWeE86RlNM4v2SkvGJZWPTh0qW0lehtqtnnt
sJYc0wIQZyvkTmyIgbTxpeOplrClYDJNLer1VLUNXnqOzYZS1VN2GfjFF720HpEw
m7/SlNKYzIcHjaHMovC2/nxT5cYvw8bOwZm3U3e2HrLKgjJ6kXjCX+Vk9+MViSV9
DbGI3FnvKF3UZO6zeE+DdGXmOyt5wyW+OJENJDHi2Yr1wa18/skYgQKBLmbQivQR
cUWO/7Xseq7NdlPR6bpqyTpwCwuyTGAEK4M08k0gInX7oi19Xs8vFXkuUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPMYyaPc2ODUfqyz7ZX4/klnso5MB8GA1UdIwQY
MBaAFDQUoG2shU2+5gmEWI3sezKEtapQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkJTZ2JheUZUYjdtQ1lSWWpleDdNb1MxcWxBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8wM2RjNmUtODUyNC00NWQ3LWFjYzUt
ZTY1OWZkZTA1Mjg5LzEvazh4akpvOXpZNE5SLXJMUHRsZmotU1dleWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8wM2RjNmUtODUyNC00NWQ3LWFjYzUtZTY1OWZkZTA1Mjg5
LzEvTkJTZ2JheUZUYjdtQ1lSWWpleDdNb1MxcWxBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWhjMA0G
CSqGSIb3DQEBCwUAA4IBAQB5QIsOE/YpDw3IGCzXVlPtRh1sxLmxtWXwGGGwrXQl
9PJMiC+fA5NpZt78J1tnlfYcPA2Kcmn+lLnQBxZpMDABcFTdmttz+tRlGj2tUc7l
BIk2Vqtm/qKFlxB8sWwZt+wn88OZW1bkzztGAZ/jof0eaugTNJOrLrJfdgwVvgyp
8UwzeotdI/Y3U7Qg5He9DvjJgwfSTyzK0g8cJ+Lm0br7Vd2DXH2fVxFTZXQmUR3b
hcQ5nm1GX6ACP4UJj/IMt5UTbFszvvdms3QPVODX2TJu0iZeoJ+gPNj/lCZkaxNL
JDi6NdqXqkl3AbvWK3zzFCIupmIK0q51c5utar8JcSB+
-----END CERTIFICATE-----