Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NNSAifCho-UUe0vHZIafiZZOutw.roa
File:                     NNSAifCho-UUe0vHZIafiZZOutw.roa (raw, json)
Hash identifier:          5pNIsgtKb7rC7ucwli04HMN0xxHWk89FaD0QlOb+ilQ=
Subject key identifier:   34:D4:80:89:F0:A1:A3:E5:14:7B:4B:C7:64:86:9F:89:96:4E:BA:DC
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A0E48EABE7CF2DA42029C830DF569
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NNSAifCho-UUe0vHZIafiZZOutw.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51121
IP address blocks:        93.170.144.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0e:48:ea:be:7c:f2:da:42:02:9c:83:0d:f5:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34d48089f0a1a3e5147b4bc764869f89964ebadc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:db:0a:cd:e6:27:fb:08:c9:de:7f:82:b9:72:
                    96:4f:28:62:2c:9f:61:fa:46:a4:03:5e:d4:92:28:
                    03:58:8a:61:27:06:cb:ff:f0:ca:78:fd:9d:87:74:
                    6c:84:ac:ca:16:8d:22:2e:47:21:18:bd:41:9e:59:
                    73:c1:63:a6:05:b9:31:6c:cc:7a:97:97:93:af:ea:
                    c3:9d:53:80:88:3a:40:8b:63:52:2a:cc:f5:25:e4:
                    d1:e5:5d:28:2f:dd:07:57:59:99:ad:c5:01:07:a2:
                    92:5f:eb:35:d6:e3:3d:d8:04:ee:50:24:72:ad:9a:
                    1b:a8:ea:82:c0:e6:81:6e:cf:5c:40:2b:15:1e:82:
                    95:ec:18:87:8c:48:d9:8e:55:92:82:c8:01:4a:6e:
                    9b:a6:fd:7a:ff:24:9c:87:c7:7c:5a:92:2e:47:ca:
                    5d:67:a2:01:6c:e9:ac:7e:90:7e:5b:3e:9e:9b:f2:
                    e0:da:2c:bb:6e:64:b1:17:2f:65:64:fb:21:70:e3:
                    7f:76:72:2f:96:b1:e8:e3:41:27:1a:2f:0b:94:f6:
                    ba:c5:bc:a2:0f:33:0a:a9:00:ff:cd:46:5b:7f:39:
                    88:24:c1:c3:a5:a9:dc:f3:a0:3d:c2:4d:58:1e:52:
                    2b:43:d9:7e:0e:3b:ef:c5:a9:85:3e:3d:57:f8:6b:
                    53:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D4:80:89:F0:A1:A3:E5:14:7B:4B:C7:64:86:9F:89:96:4E:BA:DC
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NNSAifCho-UUe0vHZIafiZZOutw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.170.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b1:e8:65:f4:96:32:36:fc:33:ac:ee:07:5d:8f:b3:90:7a:28:
         77:58:a1:b9:d2:c3:49:f0:a0:42:89:8e:90:59:2c:28:52:82:
         b0:01:9b:ee:91:1c:cb:22:9d:ea:86:2b:40:9d:87:7d:ee:32:
         7a:4d:d1:3c:ee:cd:ff:66:f9:b1:b3:9c:de:6c:83:1c:0b:e4:
         92:60:fc:09:d3:25:af:39:1e:5b:6d:bc:18:1b:27:fd:d5:f6:
         b4:df:2b:35:41:0f:3b:c9:32:41:57:e6:58:43:6f:d3:20:da:
         05:84:a1:0d:08:6f:9e:65:20:fe:4e:42:f3:c3:16:8d:7d:04:
         11:c8:10:08:e4:52:c0:e9:7f:d3:35:86:08:ff:4a:5c:3d:62:
         0f:c4:8d:2d:59:03:05:88:e3:20:2b:a4:98:42:79:ce:8c:7d:
         31:2f:64:2c:d2:66:79:17:0a:ae:0b:60:ed:2c:f4:03:8a:01:
         2f:05:da:be:58:71:d7:a7:fa:1e:7a:f3:2a:cf:12:a3:be:d6:
         8f:56:19:54:2f:7b:15:59:5c:ae:e1:6d:4b:e5:28:e5:30:59:
         e8:d5:ce:3f:a4:03:21:44:6b:e5:cb:51:0b:cb:c0:9b:33:32:
         ef:af:df:dc:50:83:8b:bb:0f:46:18:a3:a8:13:f3:b5:c0:42:
         0b:16:67:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKg5I6r588tpCApyDDfVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQ0ODA4OWYwYTFhM2U1MTQ3YjRiYzc2NDg2OWY4OTk2NGViYWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3dsKzeYn+wjJ3n+CuXKWTyhiLJ9h
+kakA17UkigDWIphJwbL//DKeP2dh3RshKzKFo0iLkchGL1BnllzwWOmBbkxbMx6
l5eTr+rDnVOAiDpAi2NSKsz1JeTR5V0oL90HV1mZrcUBB6KSX+s11uM92ATuUCRy
rZobqOqCwOaBbs9cQCsVHoKV7BiHjEjZjlWSgsgBSm6bpv16/ySch8d8WpIuR8pd
Z6IBbOmsfpB+Wz6em/Lg2iy7bmSxFy9lZPshcON/dnIvlrHo40EnGi8LlPa6xbyi
DzMKqQD/zUZbfzmIJMHDpanc86A9wk1YHlIrQ9l+DjvvxamFPj1X+GtTHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTUgInwoaPlFHtLx2SGn4mWTrrcMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTk5TQWlmQ2hvLVVVZTB2SFpJYWZpWlpPdXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEXaqQMA0G
CSqGSIb3DQEBCwUAA4IBAQCx6GX0ljI2/DOs7gddj7OQeih3WKG50sNJ8KBCiY6Q
WSwoUoKwAZvukRzLIp3qhitAnYd97jJ6TdE87s3/Zvmxs5zebIMcC+SSYPwJ0yWv
OR5bbbwYGyf91fa03ys1QQ87yTJBV+ZYQ2/TINoFhKENCG+eZSD+TkLzwxaNfQQR
yBAI5FLA6X/TNYYI/0pcPWIPxI0tWQMFiOMgK6SYQnnOjH0xL2Qs0mZ5FwquC2Dt
LPQDigEvBdq+WHHXp/oeevMqzxKjvtaPVhlUL3sVWVyu4W1L5SjlMFno1c4/pAMh
RGvly1ELy8CbMzLvr9/cUIOLuw9GGKOoE/O1wEILFmdK
-----END CERTIFICATE-----