Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/NVPcAFQwDibaV8fRokrpopVd_mg.roa
File:                     NVPcAFQwDibaV8fRokrpopVd_mg.roa (raw, json)
Hash identifier:          UHppue+96YwEk9a3EUUqjOn17WgYLM8R7fOaustLZHE=
Subject key identifier:   35:53:DC:00:54:30:0E:26:DA:57:C7:D1:A2:4A:E9:A2:95:5D:FE:68
Certificate issuer:       /CN=54bbdb2d980ac0a827c0cc6ed0f906749cb2cea1
Certificate serial:       0192D3A8EFAC1F7AC678CB641CF94C6BD0F7
Authority key identifier: 54:BB:DB:2D:98:0A:C0:A8:27:C0:CC:6E:D0:F9:06:74:9C:B2:CE:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VLvbLZgKwKgnwMxu0PkGdJyyzqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/NVPcAFQwDibaV8fRokrpopVd_mg.roa
Signing time:             Mon 28 Oct 2024 15:05:16 +0000
ROA not before:           Mon 28 Oct 2024 15:05:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21100
IP address blocks:        93.187.64.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/VLvbLZgKwKgnwMxu0PkGdJyyzqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/VLvbLZgKwKgnwMxu0PkGdJyyzqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VLvbLZgKwKgnwMxu0PkGdJyyzqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:a8:ef:ac:1f:7a:c6:78:cb:64:1c:f9:4c:6b:d0:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54bbdb2d980ac0a827c0cc6ed0f906749cb2cea1
        Validity
            Not Before: Oct 28 15:05:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3553dc0054300e26da57c7d1a24ae9a2955dfe68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fd:b6:5d:1b:4f:8e:dc:d9:ea:0b:03:a2:6e:
                    d2:38:83:a8:75:94:4d:08:61:69:49:12:33:62:a6:
                    9c:5d:fc:ad:a3:87:e4:98:1d:8a:00:32:50:46:9e:
                    f8:3c:b9:60:7c:b0:e1:86:ea:c0:1e:be:e5:5c:1c:
                    72:ea:e6:e4:99:1f:8c:06:14:11:ad:50:57:8d:ac:
                    a7:fb:27:6a:f6:51:5e:50:75:fe:2d:8d:e6:ca:cf:
                    63:21:e9:e4:64:8a:3b:e1:02:6b:50:86:44:54:68:
                    14:6e:dd:ee:ca:a6:52:14:52:0a:65:90:5c:99:a5:
                    8a:1d:80:0f:3d:ce:d2:ab:00:07:4a:04:69:b3:18:
                    eb:e0:64:a6:73:cc:cc:7f:2a:4a:dc:a7:e7:e3:71:
                    78:2c:6a:b9:bb:6e:c9:e5:5a:52:8f:8b:52:09:c8:
                    89:83:11:d2:01:cc:99:b4:8d:39:d4:fd:2b:a7:4b:
                    02:a6:ed:a7:0b:96:eb:84:82:99:9c:8f:ac:5f:d3:
                    2b:68:3d:a0:0d:7d:6a:3c:3c:77:23:f0:36:78:90:
                    85:95:14:b3:6c:72:f8:31:1e:07:96:f9:6b:97:2f:
                    5f:6e:79:69:77:51:b8:56:52:8c:3d:6f:29:be:24:
                    8d:f8:15:49:05:48:5a:60:47:1b:50:40:91:15:4b:
                    48:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:53:DC:00:54:30:0E:26:DA:57:C7:D1:A2:4A:E9:A2:95:5D:FE:68
            X509v3 Authority Key Identifier:
                keyid:54:BB:DB:2D:98:0A:C0:A8:27:C0:CC:6E:D0:F9:06:74:9C:B2:CE:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VLvbLZgKwKgnwMxu0PkGdJyyzqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/NVPcAFQwDibaV8fRokrpopVd_mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/462ae4-fedb-4940-99d4-f38559be80e9/1/VLvbLZgKwKgnwMxu0PkGdJyyzqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:8b:36:89:66:0e:89:40:79:bd:31:3e:15:14:78:cc:e0:25:
         24:74:31:dd:9d:27:c7:43:6e:8b:60:da:16:88:ee:7a:b1:05:
         f6:a2:51:95:51:26:73:dd:b0:1f:93:15:28:ff:67:84:de:cd:
         fe:5d:f5:a6:0a:52:ab:c8:2a:2b:c7:4f:aa:88:b3:2e:1e:ff:
         eb:84:b1:bf:b3:f1:b2:28:7d:46:fe:0a:f8:0c:d2:02:d7:d3:
         fe:b0:fc:9b:ef:63:b7:39:2f:42:44:89:9d:c4:14:6d:3a:bf:
         41:28:36:fe:78:6b:92:45:d1:30:f8:82:11:cc:be:ff:dd:3d:
         1e:28:6c:ad:64:cd:fe:fe:da:de:9c:d2:60:45:e8:da:ee:21:
         7a:96:98:f6:9f:91:a9:31:ff:41:a4:bc:2e:57:92:8f:cd:0b:
         6d:a2:ba:23:d9:3f:79:56:7a:24:fe:7e:77:1e:d6:60:b3:f3:
         5a:06:5e:b8:b8:0a:75:fe:ff:60:c4:26:c7:ae:50:0c:d7:51:
         2d:ee:e4:6a:e6:54:4b:70:36:2e:ae:a4:35:32:84:39:25:a5:
         4b:7b:b7:8b:45:32:da:33:a0:12:85:90:d5:f2:ef:6d:ba:72:
         3b:e8:ea:40:0d:bb:6f:01:c4:21:4e:af:6a:a6:ca:0b:29:98:
         10:1d:a1:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLTqO+sH3rGeMtkHPlMa9D3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YmJkYjJkOTgwYWMwYTgyN2MwY2M2ZWQwZjkwNjc0OWNi
MmNlYTEwHhcNMjQxMDI4MTUwNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTUzZGMwMDU0MzAwZTI2ZGE1N2M3ZDFhMjRhZTlhMjk1NWRmZTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf22XRtPjtzZ6gsDom7SOIOodZRN
CGFpSRIzYqacXfyto4fkmB2KADJQRp74PLlgfLDhhurAHr7lXBxy6ubkmR+MBhQR
rVBXjayn+ydq9lFeUHX+LY3mys9jIenkZIo74QJrUIZEVGgUbt3uyqZSFFIKZZBc
maWKHYAPPc7SqwAHSgRpsxjr4GSmc8zMfypK3Kfn43F4LGq5u27J5VpSj4tSCciJ
gxHSAcyZtI051P0rp0sCpu2nC5brhIKZnI+sX9MraD2gDX1qPDx3I/A2eJCFlRSz
bHL4MR4Hlvlrly9fbnlpd1G4VlKMPW8pviSN+BVJBUhaYEcbUECRFUtIWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVT3ABUMA4m2lfH0aJK6aKVXf5oMB8GA1UdIwQY
MBaAFFS72y2YCsCoJ8DMbtD5BnScss6hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkx2YkxaZ0t3S2dud014dTBQa0dkSnl5enFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC80NjJhZTQtZmVkYi00OTQwLTk5ZDQt
ZjM4NTU5YmU4MGU5LzEvTlZQY0FGUXdEaWJhVjhmUm9rcnBvcFZkX21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC80NjJhZTQtZmVkYi00OTQwLTk5ZDQtZjM4NTU5YmU4MGU5
LzEvVkx2YkxaZ0t3S2dud014dTBQa0dkSnl5enFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXbtAMA0G
CSqGSIb3DQEBCwUAA4IBAQB8izaJZg6JQHm9MT4VFHjM4CUkdDHdnSfHQ26LYNoW
iO56sQX2olGVUSZz3bAfkxUo/2eE3s3+XfWmClKryCorx0+qiLMuHv/rhLG/s/Gy
KH1G/gr4DNIC19P+sPyb72O3OS9CRImdxBRtOr9BKDb+eGuSRdEw+IIRzL7/3T0e
KGytZM3+/trenNJgReja7iF6lpj2n5GpMf9BpLwuV5KPzQttoroj2T95Vnok/n53
HtZgs/NaBl64uAp1/v9gxCbHrlAM11Et7uRq5lRLcDYurqQ1MoQ5JaVLe7eLRTLa
M6AShZDV8u9tunI76OpADbtvAcQhTq9qpsoLKZgQHaFY
-----END CERTIFICATE-----