Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/NV6RmVmAwe-U5y-lncTZqi9FW_0.roa
File:                     NV6RmVmAwe-U5y-lncTZqi9FW_0.roa (raw, json)
Hash identifier:          wRzWC/xvmMxDKkPJApKlHx7FL4sX2+jTZKUrBWB82Mk=
Subject key identifier:   35:5E:91:99:59:80:C1:EF:94:E7:2F:A5:9D:C4:D9:AA:2F:45:5B:FD
Certificate issuer:       /CN=6745314516483fe27c0530ccb9707c376d20e7f0
Certificate serial:       018CC8DE6FBB19048403EE2504E6BED5BC8E
Authority key identifier: 67:45:31:45:16:48:3F:E2:7C:05:30:CC:B9:70:7C:37:6D:20:E7:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0UxRRZIP-J8BTDMuXB8N20g5_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/NV6RmVmAwe-U5y-lncTZqi9FW_0.roa
Signing time:             Tue 02 Jan 2024 06:31:09 +0000
ROA not before:           Tue 02 Jan 2024 06:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399668
IP address blocks:        193.3.178.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/Z0UxRRZIP-J8BTDMuXB8N20g5_A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/Z0UxRRZIP-J8BTDMuXB8N20g5_A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0UxRRZIP-J8BTDMuXB8N20g5_A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:6f:bb:19:04:84:03:ee:25:04:e6:be:d5:bc:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6745314516483fe27c0530ccb9707c376d20e7f0
        Validity
            Not Before: Jan  2 06:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=355e91995980c1ef94e72fa59dc4d9aa2f455bfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f1:29:db:e7:26:93:1f:9b:a7:d7:80:50:22:
                    fc:f9:b7:30:c9:b3:43:4d:bf:18:26:59:3d:ae:6d:
                    9f:d5:af:79:ac:c8:5a:1a:91:15:1a:bb:ed:cb:43:
                    4b:02:3a:7e:89:0c:56:a4:ad:8b:7b:35:c1:76:6a:
                    20:25:4f:8b:12:04:ce:5d:08:5c:f1:19:98:b5:8e:
                    61:84:e8:c4:c8:ac:8c:61:30:cb:96:d0:47:08:79:
                    0f:6d:e6:61:96:a4:0b:a1:3f:f7:ff:69:b6:e3:3f:
                    a1:e6:ae:1e:82:5e:92:06:d1:74:28:28:51:b8:52:
                    d8:7c:21:73:18:97:b1:68:1a:c4:b2:02:1f:3b:52:
                    38:75:91:17:cf:ea:c1:28:d7:58:0f:99:9f:bc:34:
                    ab:6b:58:63:37:37:2d:c9:e5:43:f7:ec:70:85:c5:
                    71:1c:e6:01:53:98:4e:f3:ec:40:4e:40:03:4a:c8:
                    1e:64:0c:9b:3b:46:c7:0b:62:b3:c9:de:44:18:4f:
                    dd:13:c4:7e:14:e0:ad:30:74:67:b4:06:13:d6:29:
                    c7:3b:45:0b:e7:93:01:81:c4:1d:79:09:cf:bb:9f:
                    09:72:51:61:65:6e:32:20:01:e4:9f:f2:bc:31:56:
                    81:0b:19:c2:5a:24:3b:f3:81:39:de:93:a3:16:1c:
                    51:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:5E:91:99:59:80:C1:EF:94:E7:2F:A5:9D:C4:D9:AA:2F:45:5B:FD
            X509v3 Authority Key Identifier:
                keyid:67:45:31:45:16:48:3F:E2:7C:05:30:CC:B9:70:7C:37:6D:20:E7:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0UxRRZIP-J8BTDMuXB8N20g5_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/NV6RmVmAwe-U5y-lncTZqi9FW_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/fb48fd-4ec5-43f1-93cc-8654786e20a9/1/Z0UxRRZIP-J8BTDMuXB8N20g5_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:6d:ac:72:4e:7b:70:95:58:5b:f1:91:d8:82:6f:61:59:b1:
         7d:cc:34:30:76:e0:d4:f6:2a:72:53:60:3c:77:77:4d:ac:54:
         e1:05:12:f8:fe:a0:89:c6:1f:2c:62:21:91:58:27:6a:28:81:
         fc:05:cf:57:7a:a6:0b:d3:ea:d1:f5:de:16:c0:cf:ff:3f:67:
         f5:7b:96:34:06:87:da:d3:30:12:42:64:29:3c:4a:13:ab:2d:
         cc:6a:b3:0e:04:c1:de:45:d8:83:59:3a:21:a3:1a:5a:bd:43:
         21:27:16:e7:7f:2d:c8:1c:dd:9d:8c:7a:d3:d1:aa:8d:11:66:
         62:9e:04:0d:ed:31:62:9a:0a:2a:99:b1:2a:a8:2f:41:55:8b:
         2e:30:ab:d7:5a:e1:97:52:c3:cb:b4:9a:77:48:48:85:f4:78:
         e7:2e:b6:50:bc:47:04:1b:c3:b6:e0:cf:a9:0c:72:90:5b:e3:
         37:db:9f:51:7f:95:d1:f1:95:d2:95:b7:3e:7a:f3:94:76:13:
         11:61:40:29:4c:69:b4:dd:df:5d:8e:34:68:17:b9:9b:cb:04:
         b4:f8:f6:d1:db:d7:55:bd:f2:14:97:e3:36:3b:b5:6b:cc:60:
         ce:00:6b:f3:18:d0:e9:33:b5:3d:d1:99:2a:9c:9e:e0:1d:8d:
         e0:c7:b8:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3m+7GQSEA+4lBOa+1byOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDUzMTQ1MTY0ODNmZTI3YzA1MzBjY2I5NzA3YzM3NmQy
MGU3ZjAwHhcNMjQwMTAyMDYzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTVlOTE5OTU5ODBjMWVmOTRlNzJmYTU5ZGM0ZDlhYTJmNDU1YmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfEp2+cmkx+bp9eAUCL8+bcwybND
Tb8YJlk9rm2f1a95rMhaGpEVGrvty0NLAjp+iQxWpK2LezXBdmogJU+LEgTOXQhc
8RmYtY5hhOjEyKyMYTDLltBHCHkPbeZhlqQLoT/3/2m24z+h5q4egl6SBtF0KChR
uFLYfCFzGJexaBrEsgIfO1I4dZEXz+rBKNdYD5mfvDSra1hjNzctyeVD9+xwhcVx
HOYBU5hO8+xATkADSsgeZAybO0bHC2Kzyd5EGE/dE8R+FOCtMHRntAYT1inHO0UL
55MBgcQdeQnPu58JclFhZW4yIAHkn/K8MVaBCxnCWiQ784E53pOjFhxRjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVekZlZgMHvlOcvpZ3E2aovRVv9MB8GA1UdIwQY
MBaAFGdFMUUWSD/ifAUwzLlwfDdtIOfwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBVeFJSWklQLUo4QlRETXVYQjhOMjBnNV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9mYjQ4ZmQtNGVjNS00M2YxLTkzY2Mt
ODY1NDc4NmUyMGE5LzEvTlY2Um1WbUF3ZS1VNXktbG5jVFpxaTlGV18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9mYjQ4ZmQtNGVjNS00M2YxLTkzY2MtODY1NDc4NmUyMGE5
LzEvWjBVeFJSWklQLUo4QlRETXVYQjhOMjBnNV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQOyMA0G
CSqGSIb3DQEBCwUAA4IBAQARbaxyTntwlVhb8ZHYgm9hWbF9zDQwduDU9ipyU2A8
d3dNrFThBRL4/qCJxh8sYiGRWCdqKIH8Bc9XeqYL0+rR9d4WwM//P2f1e5Y0Bofa
0zASQmQpPEoTqy3MarMOBMHeRdiDWTohoxpavUMhJxbnfy3IHN2djHrT0aqNEWZi
ngQN7TFimgoqmbEqqC9BVYsuMKvXWuGXUsPLtJp3SEiF9HjnLrZQvEcEG8O24M+p
DHKQW+M3259Rf5XR8ZXSlbc+evOUdhMRYUApTGm03d9djjRoF7mbywS0+PbR29dV
vfIUl+M2O7VrzGDOAGvzGNDpM7U90ZkqnJ7gHY3gx7j2
-----END CERTIFICATE-----