Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/NOVczOQ409h2PMpzuvf5oWXO3l0.roa
File:                     NOVczOQ409h2PMpzuvf5oWXO3l0.roa (raw, json)
Hash identifier:          RzQ9Ao6w1Z1a47DzMVsfGHOEHnSMz6LlIslTdLyOQB0=
Subject key identifier:   34:E5:5C:CC:E4:38:D3:D8:76:3C:CA:73:BA:F7:F9:A1:65:CE:DE:5D
Certificate issuer:       /CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
Certificate serial:       018E86291CBA081F94AB21B3096988B93DFB
Authority key identifier: 57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/NOVczOQ409h2PMpzuvf5oWXO3l0.roa
Signing time:             Thu 28 Mar 2024 17:43:45 +0000
ROA not before:           Thu 28 Mar 2024 17:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211373
IP address blocks:        194.4.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:86:29:1c:ba:08:1f:94:ab:21:b3:09:69:88:b9:3d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=570fb0f1d8b8c198b0dc86158afbcbc529cf16be
        Validity
            Not Before: Mar 28 17:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34e55ccce438d3d8763cca73baf7f9a165cede5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:cc:63:77:fc:ae:2c:a3:4c:69:80:c5:f1:16:
                    3c:1d:19:be:00:4f:63:59:7d:2c:06:27:ea:e4:13:
                    50:80:5b:77:8d:82:6b:24:3d:da:83:87:24:d3:7a:
                    59:8f:4f:21:99:e4:43:4f:89:42:42:f7:3b:38:71:
                    b6:19:ed:39:e7:1e:60:7d:2a:74:b5:bd:79:92:e9:
                    62:9d:18:8b:a0:eb:2e:eb:8b:94:a2:d6:d2:de:27:
                    89:8f:1d:88:cf:2a:69:1b:9c:92:55:e0:81:67:bc:
                    31:b2:e6:2b:d6:95:c4:37:93:54:3c:54:2d:4a:c0:
                    cc:d2:f5:40:b6:0b:fa:ae:1c:08:1a:b2:da:21:ec:
                    12:e8:63:24:96:b2:4f:72:3c:2b:16:99:00:27:0b:
                    33:97:c1:c0:ee:b7:ae:a7:3d:51:11:60:d1:04:c3:
                    38:e0:23:20:66:fb:23:29:13:4a:ac:d0:a7:e1:aa:
                    f7:49:fe:c8:fd:2e:c2:64:02:a7:39:70:d3:96:2b:
                    cb:5f:e5:13:69:26:73:42:68:e8:eb:81:d9:e2:90:
                    86:3c:2f:85:7e:af:df:bd:f7:72:85:6c:c3:59:29:
                    d6:65:87:f8:80:6d:b1:52:4f:a0:80:ba:e0:e1:33:
                    56:26:75:89:f1:92:06:ce:42:89:f3:b2:a0:43:b4:
                    0e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E5:5C:CC:E4:38:D3:D8:76:3C:CA:73:BA:F7:F9:A1:65:CE:DE:5D
            X509v3 Authority Key Identifier:
                keyid:57:0F:B0:F1:D8:B8:C1:98:B0:DC:86:15:8A:FB:CB:C5:29:CF:16:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vw-w8di4wZiw3IYVivvLxSnPFr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/NOVczOQ409h2PMpzuvf5oWXO3l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0949fc-accd-471f-a9cd-97243e316272/1/Vw-w8di4wZiw3IYVivvLxSnPFr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.4.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:b5:97:f8:1f:9b:c4:4c:ed:c1:10:c8:11:30:81:82:91:9c:
         0e:4d:ae:23:4c:dc:06:16:33:f8:9b:0e:37:df:67:6f:91:90:
         89:c1:9a:2f:76:c2:cd:82:47:52:9d:87:5a:07:04:56:c0:0a:
         fa:6b:12:bf:4f:42:fa:13:fd:87:de:df:d6:74:70:a3:23:ee:
         c9:93:2f:a2:db:c4:51:f8:da:b7:1e:a7:79:06:6c:4a:3e:33:
         eb:6e:ef:f6:a6:1e:d0:77:da:17:29:a0:4e:3d:92:0d:0e:be:
         5f:8b:b1:74:4b:e6:72:33:68:e2:05:6a:1c:0a:02:d0:6b:6a:
         5f:d8:b0:2a:68:61:62:72:87:67:1f:b5:0c:75:78:35:ee:12:
         11:66:51:9e:fd:f3:5e:f4:85:1e:18:e2:ca:02:61:be:cf:4c:
         b3:e3:8e:ef:8e:06:50:b7:0f:b9:e2:6a:01:f4:ad:1b:d7:1e:
         a1:2f:d2:c5:6d:a9:22:86:bc:b6:26:2c:48:4b:c9:31:03:dd:
         12:1c:b6:e8:e0:ad:27:92:f6:ea:3a:1b:79:0f:46:b0:b1:e4:
         0b:97:2b:50:01:2f:37:85:2f:b0:92:fb:4c:9f:2c:19:03:a1:
         78:b5:05:bb:87:41:53:e5:23:07:09:80:d6:c6:6a:d9:db:d0:
         24:07:4d:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6GKRy6CB+UqyGzCWmIuT37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MGZiMGYxZDhiOGMxOThiMGRjODYxNThhZmJjYmM1Mjlj
ZjE2YmUwHhcNMjQwMzI4MTc0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGU1NWNjY2U0MzhkM2Q4NzYzY2NhNzNiYWY3ZjlhMTY1Y2VkZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8xjd/yuLKNMaYDF8RY8HRm+AE9j
WX0sBifq5BNQgFt3jYJrJD3ag4ck03pZj08hmeRDT4lCQvc7OHG2Ge055x5gfSp0
tb15kulinRiLoOsu64uUotbS3ieJjx2IzyppG5ySVeCBZ7wxsuYr1pXEN5NUPFQt
SsDM0vVAtgv6rhwIGrLaIewS6GMklrJPcjwrFpkAJwszl8HA7reupz1REWDRBMM4
4CMgZvsjKRNKrNCn4ar3Sf7I/S7CZAKnOXDTlivLX+UTaSZzQmjo64HZ4pCGPC+F
fq/fvfdyhWzDWSnWZYf4gG2xUk+ggLrg4TNWJnWJ8ZIGzkKJ87KgQ7QOzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTlXMzkONPYdjzKc7r3+aFlzt5dMB8GA1UdIwQY
MBaAFFcPsPHYuMGYsNyGFYr7y8Upzxa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2Qt
OTcyNDNlMzE2MjcyLzEvTk9WY3pPUTQwOWgyUE1wenV2ZjVvV1hPM2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wOTQ5ZmMtYWNjZC00NzFmLWE5Y2QtOTcyNDNlMzE2Mjcy
LzEvVnctdzhkaTR3Wml3M0lZVml2dkx4U25QRnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgQ1MA0G
CSqGSIb3DQEBCwUAA4IBAQBWtZf4H5vETO3BEMgRMIGCkZwOTa4jTNwGFjP4mw43
32dvkZCJwZovdsLNgkdSnYdaBwRWwAr6axK/T0L6E/2H3t/WdHCjI+7Jky+i28RR
+Nq3Hqd5BmxKPjPrbu/2ph7Qd9oXKaBOPZINDr5fi7F0S+ZyM2jiBWocCgLQa2pf
2LAqaGFicodnH7UMdXg17hIRZlGe/fNe9IUeGOLKAmG+z0yz447vjgZQtw+54moB
9K0b1x6hL9LFbakihry2JixIS8kxA90SHLbo4K0nkvbqOht5D0awseQLlytQAS83
hS+wkvtMnywZA6F4tQW7h0FT5SMHCYDWxmrZ29AkB01R
-----END CERTIFICATE-----