Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NvR24CUQtJXYVHZQRNb-GCWKt5s.roa
File:                     NvR24CUQtJXYVHZQRNb-GCWKt5s.roa (raw, json)
Hash identifier:          2zxXAmDy9QOiftgD3M/6unwKn5GgghSH7EgBfWC1FZI=
Subject key identifier:   36:F4:76:E0:25:10:B4:95:D8:54:76:50:44:D6:FE:18:25:8A:B7:9B
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       018CC86FF584FDF285955B10F608306ECFBB
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NvR24CUQtJXYVHZQRNb-GCWKt5s.roa
Signing time:             Tue 02 Jan 2024 04:30:29 +0000
ROA not before:           Tue 02 Jan 2024 04:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203445
IP address blocks:        213.14.248.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:f5:84:fd:f2:85:95:5b:10:f6:08:30:6e:cf:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  2 04:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36f476e02510b495d854765044d6fe18258ab79b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7d:32:0c:d3:60:92:22:cd:68:60:cf:65:8e:
                    3a:9b:85:e7:e9:ea:10:45:18:4e:01:bb:95:68:07:
                    b5:fd:bb:f2:1d:69:45:ae:8f:9b:37:ed:93:66:85:
                    8a:bb:38:01:3d:fc:f2:82:16:2d:7e:06:af:4a:e3:
                    1e:14:a4:07:32:c9:52:46:af:1e:d6:b6:bb:4a:b3:
                    28:1f:99:35:5b:2a:c2:52:02:3b:7e:7a:d1:23:35:
                    fd:4f:c2:7e:ae:7b:41:14:4e:c2:d7:2f:10:5e:e0:
                    7b:15:e5:a4:6f:31:f1:e2:7f:7a:79:b0:06:f8:59:
                    94:a2:cf:0b:0e:ee:83:de:6c:72:0c:82:78:cd:bf:
                    61:eb:84:3d:8f:e7:14:74:9d:8f:a2:77:27:2f:73:
                    9c:05:19:94:af:2f:34:b7:3c:3d:97:e3:0f:d5:fe:
                    6a:58:43:e5:7f:c6:ba:45:c0:97:02:9f:57:cc:b6:
                    fb:34:d6:1c:50:b1:44:22:8f:40:96:0a:fc:ad:0f:
                    71:0d:21:01:1b:3c:c7:12:17:e5:43:48:2b:95:6f:
                    b1:4a:8a:76:10:9b:d0:a3:d1:1a:0f:07:86:56:55:
                    18:04:c6:8c:5b:34:74:1c:b7:67:98:08:bd:a4:2b:
                    11:f5:77:62:06:6e:9e:a7:e5:27:30:19:c3:8c:24:
                    60:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:F4:76:E0:25:10:B4:95:D8:54:76:50:44:D6:FE:18:25:8A:B7:9B
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/NvR24CUQtJXYVHZQRNb-GCWKt5s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ee:46:02:96:32:50:06:65:93:ef:60:90:2c:93:36:4a:08:
         21:14:0d:16:f3:d5:cd:7c:b6:95:86:9c:41:39:ad:c9:69:c8:
         13:f7:58:2a:ee:e0:eb:f4:56:1b:30:8a:4a:09:cd:1a:2c:db:
         85:42:50:4f:97:45:05:4d:37:61:fb:60:93:b0:d1:1e:47:65:
         c6:f2:6c:8d:13:e8:ae:f8:ae:b6:cc:27:3a:1f:01:41:37:28:
         2c:9f:9b:c8:9a:e5:be:e0:7f:6d:c8:15:f9:10:11:78:55:70:
         aa:44:a0:ef:51:21:12:89:47:78:f5:d0:0f:6e:92:4b:02:7f:
         8c:8f:59:7a:b3:9e:87:ab:a8:1d:b0:74:42:31:43:fd:ed:77:
         46:2b:27:3a:d6:fb:da:21:4d:9f:85:4b:41:07:a4:ec:d0:c9:
         51:b6:2a:a9:cc:d6:6f:a6:e9:f2:bc:91:27:3d:8a:ef:5b:be:
         10:0d:fa:3c:45:f7:c6:29:6d:4d:d8:d1:1e:11:0e:7d:fc:24:
         eb:16:b5:13:71:96:1a:8a:4c:81:a2:64:e2:80:8d:9b:db:01:
         a4:56:9b:ff:15:20:71:71:c8:fa:fb:b0:33:e3:f9:a4:d6:00:
         f4:70:99:37:87:c0:d5:1a:5d:90:1d:ec:37:53:d8:db:70:eb:
         37:12:87:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb/WE/fKFlVsQ9ggwbs+7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmY0NzZlMDI1MTBiNDk1ZDg1NDc2NTA0NGQ2ZmUxODI1OGFiNzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlX0yDNNgkiLNaGDPZY46m4Xn6eoQ
RRhOAbuVaAe1/bvyHWlFro+bN+2TZoWKuzgBPfzyghYtfgavSuMeFKQHMslSRq8e
1ra7SrMoH5k1WyrCUgI7fnrRIzX9T8J+rntBFE7C1y8QXuB7FeWkbzHx4n96ebAG
+FmUos8LDu6D3mxyDIJ4zb9h64Q9j+cUdJ2PoncnL3OcBRmUry80tzw9l+MP1f5q
WEPlf8a6RcCXAp9XzLb7NNYcULFEIo9Algr8rQ9xDSEBGzzHEhflQ0grlW+xSop2
EJvQo9EaDweGVlUYBMaMWzR0HLdnmAi9pCsR9XdiBm6ep+UnMBnDjCRgqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDb0duAlELSV2FR2UETW/hglirebMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvTnZSMjRDVVF0SlhZVkhaUVJOYi1HQ1dLdDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q74MA0G
CSqGSIb3DQEBCwUAA4IBAQBz7kYCljJQBmWT72CQLJM2SgghFA0W89XNfLaVhpxB
Oa3JacgT91gq7uDr9FYbMIpKCc0aLNuFQlBPl0UFTTdh+2CTsNEeR2XG8myNE+iu
+K62zCc6HwFBNygsn5vImuW+4H9tyBX5EBF4VXCqRKDvUSESiUd49dAPbpJLAn+M
j1l6s56Hq6gdsHRCMUP97XdGKyc61vvaIU2fhUtBB6Ts0MlRtiqpzNZvpunyvJEn
PYrvW74QDfo8RffGKW1N2NEeEQ59/CTrFrUTcZYaikyBomTigI2b2wGkVpv/FSBx
ccj6+7Az4/mk1gD0cJk3h8DVGl2QHew3U9jbcOs3EofJ
-----END CERTIFICATE-----