Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/3NarCVNHjxOAyRD78C0PQv0xNZ8.roa
File:                     3NarCVNHjxOAyRD78C0PQv0xNZ8.roa (raw, json)
Hash identifier:          dWvkRQ6G1+Jl95b1I79bkT+0ni1ttJCq7HGhugZC+Mg=
Subject key identifier:   DC:D6:AB:09:53:47:8F:13:80:C9:10:FB:F0:2D:0F:42:FD:31:35:9F
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       0194236A273C675628E2A296CEF5D39B9D32
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/3NarCVNHjxOAyRD78C0PQv0xNZ8.roa
Signing time:             Wed 01 Jan 2025 19:49:06 +0000
ROA not before:           Wed 01 Jan 2025 19:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31117
IP address blocks:        195.168.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:27:3c:67:56:28:e2:a2:96:ce:f5:d3:9b:9d:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  1 19:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcd6ab0953478f1380c910fbf02d0f42fd31359f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fb:ef:66:57:7f:a4:d1:66:af:6e:72:78:da:
                    51:57:b1:7f:a2:35:66:a8:92:da:47:86:ee:9b:b9:
                    d8:02:74:20:7e:20:06:96:6e:c4:25:2e:38:57:a8:
                    87:24:08:75:95:e5:a8:f9:04:10:8b:62:49:f9:ac:
                    47:19:0b:bc:f8:c8:8b:ea:c9:60:f7:a1:a3:68:8f:
                    41:0c:b3:9c:22:83:a4:68:53:fb:64:8c:f7:f5:29:
                    23:10:00:5c:5b:46:f8:33:f7:31:f3:bb:a5:53:30:
                    15:9c:3a:ec:7f:aa:94:f2:60:20:c2:c6:e0:0f:e0:
                    49:0a:44:09:74:42:d3:88:c3:0f:7c:f6:a6:09:b3:
                    c3:fc:ab:5d:6c:c3:6d:a7:dc:5d:89:51:22:e3:72:
                    b0:20:96:a2:49:92:54:17:7d:42:cf:3d:37:c1:52:
                    0d:bf:95:c5:c2:7b:b2:c8:23:4d:3a:1e:1a:9d:53:
                    54:6a:8e:a8:18:60:e5:7c:39:fb:0a:0b:14:43:19:
                    6c:23:d6:cd:b9:4a:39:27:70:8b:c3:14:43:5d:df:
                    c7:93:8e:f5:40:ef:22:fe:23:53:51:a1:8d:a0:0a:
                    92:83:de:64:83:38:06:e1:61:9c:65:67:ed:06:26:
                    9e:f2:83:76:d5:90:7a:e3:42:36:da:80:40:15:72:
                    2e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:D6:AB:09:53:47:8F:13:80:C9:10:FB:F0:2D:0F:42:FD:31:35:9F
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/3NarCVNHjxOAyRD78C0PQv0xNZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.168.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:50:0d:bb:9b:bc:65:64:03:f0:76:dc:db:28:54:64:b5:5b:
         dc:dc:b1:56:5d:16:da:9a:0f:ef:24:2d:2f:ac:fe:0f:35:4d:
         1b:95:39:75:69:27:ef:58:62:62:a9:67:5b:8e:2f:b6:b7:62:
         a2:3d:12:80:39:8a:c6:53:23:e2:6a:29:3b:96:2a:d9:5e:ea:
         cc:7a:b4:1c:46:92:14:fa:1e:84:6e:6b:2f:9e:0b:18:95:4d:
         25:a0:15:06:9c:d4:7b:a3:5d:4d:93:c7:fc:a9:df:72:d9:71:
         a0:e5:1b:e3:da:7f:43:3f:b1:43:a4:2e:e9:ab:15:9a:26:6a:
         f7:4c:c1:d6:19:11:35:4c:ab:92:0e:12:8f:29:26:0c:1d:8e:
         43:fe:0f:a6:a9:8d:3a:7e:f7:92:15:e3:8b:d0:a9:d8:4a:99:
         b5:db:0a:d4:85:1d:7e:17:43:1f:ec:7e:7b:3d:d0:c7:33:7f:
         c8:22:35:44:d5:ba:60:be:72:6f:28:d5:18:57:a2:05:28:50:
         0b:88:00:41:6a:af:0b:34:1f:43:6e:bd:ba:37:be:e4:90:b9:
         da:55:5e:f8:61:0a:c9:b8:6a:54:3f:c6:a8:7e:e7:e2:6b:8b:
         cc:9a:11:a4:82:76:c8:8d:00:34:d7:9a:75:b2:b7:b5:8e:2e:
         bd:24:5d:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaic8Z1Yo4qKWzvXTm50yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjUwMTAxMTk0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Q2YWIwOTUzNDc4ZjEzODBjOTEwZmJmMDJkMGY0MmZkMzEzNTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvvvZld/pNFmr25yeNpRV7F/ojVm
qJLaR4bum7nYAnQgfiAGlm7EJS44V6iHJAh1leWo+QQQi2JJ+axHGQu8+MiL6slg
96GjaI9BDLOcIoOkaFP7ZIz39SkjEABcW0b4M/cx87ulUzAVnDrsf6qU8mAgwsbg
D+BJCkQJdELTiMMPfPamCbPD/KtdbMNtp9xdiVEi43KwIJaiSZJUF31Czz03wVIN
v5XFwnuyyCNNOh4anVNUao6oGGDlfDn7CgsUQxlsI9bNuUo5J3CLwxRDXd/Hk471
QO8i/iNTUaGNoAqSg95kgzgG4WGcZWftBiae8oN21ZB640I22oBAFXIuXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzWqwlTR48TgMkQ+/AtD0L9MTWfMB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvM05hckNWTkhqeE9BeVJENzhDMFBRdjB4Tlo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw6jYMA0G
CSqGSIb3DQEBCwUAA4IBAQCkUA27m7xlZAPwdtzbKFRktVvc3LFWXRbamg/vJC0v
rP4PNU0blTl1aSfvWGJiqWdbji+2t2KiPRKAOYrGUyPiaik7lirZXurMerQcRpIU
+h6EbmsvngsYlU0loBUGnNR7o11Nk8f8qd9y2XGg5Rvj2n9DP7FDpC7pqxWaJmr3
TMHWGRE1TKuSDhKPKSYMHY5D/g+mqY06fveSFeOL0KnYSpm12wrUhR1+F0Mf7H57
PdDHM3/IIjVE1bpgvnJvKNUYV6IFKFALiABBaq8LNB9Dbr26N77kkLnaVV74YQrJ
uGpUP8aofufia4vMmhGkgnbIjQA015p1sre1ji69JF2O
-----END CERTIFICATE-----