Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/NF5dCK3ro94upZ4jxfRhAfO6zcw.roa
File:                     NF5dCK3ro94upZ4jxfRhAfO6zcw.roa (raw, json)
Hash identifier:          KbcOrVdni201rwCjhihrhI5cxPkdnYBOFHx8VTZXzpA=
Subject key identifier:   34:5E:5D:08:AD:EB:A3:DE:2E:A5:9E:23:C5:F4:61:01:F3:BA:CD:CC
Certificate issuer:       /CN=c4ff23b1c371352f39b73d39a4e07f8ca98ccd67
Certificate serial:       018CC6B925B1641150E3E432FFCD408A0C77
Authority key identifier: C4:FF:23:B1:C3:71:35:2F:39:B7:3D:39:A4:E0:7F:8C:A9:8C:CD:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/NF5dCK3ro94upZ4jxfRhAfO6zcw.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201461
IP address blocks:        93.191.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 01:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:25:b1:64:11:50:e3:e4:32:ff:cd:40:8a:0c:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ff23b1c371352f39b73d39a4e07f8ca98ccd67
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=345e5d08adeba3de2ea59e23c5f46101f3bacdcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:22:c5:35:00:cb:18:9e:4f:e1:3f:e0:62:92:
                    3a:f8:93:39:15:b8:cb:4a:c3:81:95:a3:4e:54:dd:
                    a7:f8:09:1c:c0:8c:5d:89:ae:2e:7a:81:d2:ad:bf:
                    de:1f:c8:8f:30:e2:01:1a:2c:62:f4:3b:3a:10:90:
                    84:22:bb:bd:6f:30:3f:ee:04:38:d3:16:69:e2:0f:
                    72:24:e9:b2:4f:0c:f8:2f:5c:4c:b7:eb:c3:66:16:
                    5c:21:6e:5b:96:c7:f4:9a:4d:ca:60:26:fb:d1:38:
                    46:51:51:b5:c4:19:4e:8e:43:c6:2f:c3:6a:24:ed:
                    a2:0f:c6:2b:bd:f1:05:67:2f:9d:a2:ec:1a:88:be:
                    fa:24:36:63:7b:0e:2a:56:0d:9b:fb:ed:3b:8a:07:
                    e4:45:da:0a:8d:41:ab:14:ca:ba:c1:56:e6:7c:44:
                    c3:98:d7:a4:25:76:46:7a:dd:b5:ba:3e:9e:bb:8a:
                    52:ef:82:37:34:b8:aa:6d:c7:2c:52:a7:f2:1a:61:
                    55:b7:ee:50:6a:4d:27:fe:06:22:2e:18:ab:b3:c6:
                    eb:94:33:5b:90:db:80:dc:f1:ae:c8:3e:57:54:6b:
                    8e:9f:2b:74:53:6d:d4:27:20:c8:14:3d:00:ca:e2:
                    d1:0c:47:f0:a7:24:c6:4b:f4:90:0c:91:bc:f0:c3:
                    b2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:5E:5D:08:AD:EB:A3:DE:2E:A5:9E:23:C5:F4:61:01:F3:BA:CD:CC
            X509v3 Authority Key Identifier:
                keyid:C4:FF:23:B1:C3:71:35:2F:39:B7:3D:39:A4:E0:7F:8C:A9:8C:CD:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xP8jscNxNS85tz05pOB_jKmMzWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/NF5dCK3ro94upZ4jxfRhAfO6zcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c65aab-8a52-476f-9e32-10959aaa8b3e/1/xP8jscNxNS85tz05pOB_jKmMzWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:c3:0c:3d:aa:17:aa:e3:7e:0b:52:74:b7:39:a6:f8:62:db:
         1e:6a:67:40:2b:34:da:06:56:ac:27:80:2c:3e:b6:06:a6:2e:
         e9:21:b6:1a:aa:3b:4a:44:26:d0:ef:0b:f2:1b:10:e6:6e:38:
         68:36:a1:db:a5:ed:8a:60:8e:26:78:e2:dd:fb:b0:09:52:83:
         d8:d4:22:04:a0:d9:ec:70:76:9f:99:ff:96:ef:e0:5a:bb:0c:
         48:b8:dd:26:8b:89:96:d2:33:99:c8:75:10:a2:71:82:e4:51:
         50:41:c8:54:9b:50:42:a6:df:0c:f3:00:c0:fa:8f:3a:75:eb:
         3b:fe:f5:b5:43:7c:5f:78:ba:30:01:85:a8:29:c1:a3:ca:18:
         ea:4b:2f:34:07:80:1d:34:e6:9d:5f:6b:59:6e:f3:ad:8c:4d:
         17:77:65:a3:8c:1b:dd:3c:7a:1e:38:61:4b:81:f8:20:c1:0b:
         69:60:d6:19:98:1c:35:77:85:2f:61:62:b7:5d:35:a7:95:c2:
         7a:24:94:35:cb:39:88:48:3e:6b:2d:01:b3:49:1f:20:d4:c0:
         38:aa:c2:d9:a2:1b:39:b0:d4:cb:70:09:c0:6b:4e:92:96:0d:
         b2:81:b9:28:f5:b6:a9:2f:ab:09:31:d1:86:11:89:d1:de:9c:
         4e:2e:39:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSWxZBFQ4+Qy/81Aigx3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZmYyM2IxYzM3MTM1MmYzOWI3M2QzOWE0ZTA3ZjhjYTk4
Y2NkNjcwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDVlNWQwOGFkZWJhM2RlMmVhNTllMjNjNWY0NjEwMWYzYmFjZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhCLFNQDLGJ5P4T/gYpI6+JM5FbjL
SsOBlaNOVN2n+AkcwIxdia4ueoHSrb/eH8iPMOIBGixi9Ds6EJCEIru9bzA/7gQ4
0xZp4g9yJOmyTwz4L1xMt+vDZhZcIW5blsf0mk3KYCb70ThGUVG1xBlOjkPGL8Nq
JO2iD8YrvfEFZy+douwaiL76JDZjew4qVg2b++07igfkRdoKjUGrFMq6wVbmfETD
mNekJXZGet21uj6eu4pS74I3NLiqbccsUqfyGmFVt+5Qak0n/gYiLhirs8brlDNb
kNuA3PGuyD5XVGuOnyt0U23UJyDIFD0AyuLRDEfwpyTGS/SQDJG88MOyhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDReXQit66PeLqWeI8X0YQHzus3MMB8GA1UdIwQY
MBaAFMT/I7HDcTUvObc9OaTgf4ypjM1nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFA4anNjTnhOUzg1dHowNXBPQl9qS21NeldjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jNjVhYWItOGE1Mi00NzZmLTllMzIt
MTA5NTlhYWE4YjNlLzEvTkY1ZENLM3JvOTR1cFo0anhmUmhBZk82emN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jNjVhYWItOGE1Mi00NzZmLTllMzItMTA5NTlhYWE4YjNl
LzEveFA4anNjTnhOUzg1dHowNXBPQl9qS21NeldjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb/GMA0G
CSqGSIb3DQEBCwUAA4IBAQBywww9qheq434LUnS3Oab4YtseamdAKzTaBlasJ4As
PrYGpi7pIbYaqjtKRCbQ7wvyGxDmbjhoNqHbpe2KYI4meOLd+7AJUoPY1CIEoNns
cHafmf+W7+BauwxIuN0mi4mW0jOZyHUQonGC5FFQQchUm1BCpt8M8wDA+o86des7
/vW1Q3xfeLowAYWoKcGjyhjqSy80B4AdNOadX2tZbvOtjE0Xd2WjjBvdPHoeOGFL
gfggwQtpYNYZmBw1d4UvYWK3XTWnlcJ6JJQ1yzmISD5rLQGzSR8g1MA4qsLZohs5
sNTLcAnAa06Slg2ygbko9bapL6sJMdGGEYnR3pxOLjm9
-----END CERTIFICATE-----