Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/NkVN5FPJZ0GhjJTIaKmDaVb0zXE.roa
File:                     NkVN5FPJZ0GhjJTIaKmDaVb0zXE.roa (raw, json)
Hash identifier:          P7MfoDxZ8ARWgsm0/Z6HVBvxsPTtXvgYsdO1jVeqv2w=
Subject key identifier:   36:45:4D:E4:53:C9:67:41:A1:8C:94:C8:68:A9:83:69:56:F4:CD:71
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F5B6C85D9478851D38192DBFBB34
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/NkVN5FPJZ0GhjJTIaKmDaVb0zXE.roa
Signing time:             Mon 01 Jan 2024 08:30:05 +0000
ROA not before:           Mon 01 Jan 2024 08:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201079
IP address blocks:        91.194.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 May 2024 13:40:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f5:b6:c8:5d:94:78:85:1d:38:19:2d:bf:bb:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36454de453c96741a18c94c868a9836956f4cd71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:36:04:b6:3b:de:97:65:c2:13:5a:00:ad:15:
                    f7:92:83:1b:69:61:34:84:30:9b:f1:60:54:d8:95:
                    4d:f6:a7:d0:9a:8c:43:be:30:d5:b9:92:15:0f:20:
                    a0:4d:2e:2e:0e:1e:83:63:d4:97:1d:21:46:83:5d:
                    09:28:81:8d:b8:03:09:de:85:88:b8:87:4a:af:ca:
                    a0:8a:60:19:78:68:47:64:c0:84:45:5f:5d:ca:bf:
                    2c:3c:e5:8b:c2:0b:7d:af:ba:b5:4c:15:44:c3:22:
                    60:ab:7a:4a:29:5d:5b:0e:12:bf:0d:0b:4e:1d:b0:
                    82:3b:af:ff:f2:9e:22:9e:a6:08:54:b8:e8:c5:27:
                    72:dd:84:d5:bb:8a:dc:59:b9:82:07:a5:3a:c8:45:
                    79:0e:88:34:bf:eb:aa:8e:3c:10:4f:6f:3f:35:e6:
                    b1:33:42:85:19:41:a6:76:e1:d0:e0:26:18:e5:d7:
                    f3:d6:bc:8c:1e:d9:cc:95:b0:68:ea:d0:fd:f6:c4:
                    5c:98:b6:49:7a:3b:cc:b6:2b:bf:72:ca:e0:0f:19:
                    96:dc:8c:54:40:db:1e:57:2e:87:b5:24:51:98:32:
                    92:52:e1:3c:61:de:76:ea:f9:ee:b5:dd:f8:9b:b6:
                    7d:15:65:e6:79:c1:a7:b8:ca:2e:dc:9e:30:f0:00:
                    fc:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:45:4D:E4:53:C9:67:41:A1:8C:94:C8:68:A9:83:69:56:F4:CD:71
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/NkVN5FPJZ0GhjJTIaKmDaVb0zXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:d1:6e:3e:0d:13:6b:0a:96:fa:ef:f8:ef:7c:32:60:62:38:
         85:47:5e:3d:4e:60:cb:b5:9d:a1:a9:82:c3:29:4b:83:43:a5:
         c0:0a:e3:5a:73:8f:2b:d4:75:0c:79:ed:90:e8:b1:92:df:69:
         60:c6:06:f4:48:30:03:c5:5f:2c:e8:11:0d:a3:00:45:6b:e7:
         e0:69:a0:a1:b9:e9:d7:76:61:34:61:4b:3f:53:4e:98:b6:53:
         97:e7:12:26:77:a7:d3:46:0e:47:20:e0:12:8c:7f:85:68:c4:
         87:1e:b1:f3:74:9f:3d:9e:57:46:8a:2a:39:89:50:84:d2:0a:
         90:ae:82:bd:16:2d:ab:27:5d:ba:09:d7:9d:57:65:d2:88:e3:
         3d:fc:c6:ac:5d:0f:dc:4a:2e:07:4c:29:e6:5d:be:55:c8:01:
         15:82:0e:fe:f3:3f:d4:df:d6:02:24:a1:67:b8:67:f8:a3:cf:
         b9:02:f3:d6:f2:54:94:de:2f:7c:56:7c:44:26:d6:e3:a1:bb:
         56:93:f6:ab:db:e7:80:e2:29:5e:20:b9:df:39:01:eb:8a:fc:
         b9:a3:41:ee:53:f8:1f:2d:62:1d:b4:d9:1c:2a:79:f4:a5:94:
         78:02:4b:57:e3:f6:91:84:2c:86:30:c7:be:f4:3a:37:0a:94:
         b2:ca:93:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJPW2yF2UeIUdOBktv7s0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjQ1NGRlNDUzYzk2NzQxYTE4Yzk0Yzg2OGE5ODM2OTU2ZjRjZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDYEtjvel2XCE1oArRX3koMbaWE0
hDCb8WBU2JVN9qfQmoxDvjDVuZIVDyCgTS4uDh6DY9SXHSFGg10JKIGNuAMJ3oWI
uIdKr8qgimAZeGhHZMCERV9dyr8sPOWLwgt9r7q1TBVEwyJgq3pKKV1bDhK/DQtO
HbCCO6//8p4inqYIVLjoxSdy3YTVu4rcWbmCB6U6yEV5Dog0v+uqjjwQT28/Neax
M0KFGUGmduHQ4CYY5dfz1ryMHtnMlbBo6tD99sRcmLZJejvMtiu/csrgDxmW3IxU
QNseVy6HtSRRmDKSUuE8Yd526vnutd34m7Z9FWXmecGnuMou3J4w8AD84QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZFTeRTyWdBoYyUyGipg2lW9M1xMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvTmtWTjVGUEpaMEdoakpUSWFLbURhVmIwelhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8I1MA0G
CSqGSIb3DQEBCwUAA4IBAQBA0W4+DRNrCpb67/jvfDJgYjiFR149TmDLtZ2hqYLD
KUuDQ6XACuNac48r1HUMee2Q6LGS32lgxgb0SDADxV8s6BENowBFa+fgaaChuenX
dmE0YUs/U06YtlOX5xImd6fTRg5HIOASjH+FaMSHHrHzdJ89nldGiio5iVCE0gqQ
roK9Fi2rJ126CdedV2XSiOM9/MasXQ/cSi4HTCnmXb5VyAEVgg7+8z/U39YCJKFn
uGf4o8+5AvPW8lSU3i98VnxEJtbjobtWk/ar2+eA4ileILnfOQHrivy5o0HuU/gf
LWIdtNkcKnn0pZR4AktX4/aRhCyGMMe+9Do3CpSyypPB
-----END CERTIFICATE-----