Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/NPsrua8WabVeIKadxXLl_tBOaAw.roa
File:                     NPsrua8WabVeIKadxXLl_tBOaAw.roa (raw, json)
Hash identifier:          dZty7PU56/v9+ngGlSOcFjwbt08JE1IPkHQqWqjdElQ=
Subject key identifier:   34:FB:2B:B9:AF:16:69:B5:5E:20:A6:9D:C5:72:E5:FE:D0:4E:68:0C
Certificate issuer:       /CN=7741d13a15a987dd60019c0265d2ecec4840944a
Certificate serial:       018CC9BC03DF744BEBB4085734FCF545BFEC
Authority key identifier: 77:41:D1:3A:15:A9:87:DD:60:01:9C:02:65:D2:EC:EC:48:40:94:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d0HROhWph91gAZwCZdLs7EhAlEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/NPsrua8WabVeIKadxXLl_tBOaAw.roa
Signing time:             Tue 02 Jan 2024 10:33:11 +0000
ROA not before:           Tue 02 Jan 2024 10:33:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.227.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/d0HROhWph91gAZwCZdLs7EhAlEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/d0HROhWph91gAZwCZdLs7EhAlEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d0HROhWph91gAZwCZdLs7EhAlEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:03:df:74:4b:eb:b4:08:57:34:fc:f5:45:bf:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7741d13a15a987dd60019c0265d2ecec4840944a
        Validity
            Not Before: Jan  2 10:33:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34fb2bb9af1669b55e20a69dc572e5fed04e680c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e2:b9:bd:3b:a6:33:a8:8a:cd:38:c9:f6:cc:
                    cc:52:e1:17:8f:dc:0f:1e:c1:ac:ba:a5:40:32:69:
                    06:0c:f2:3f:cc:a0:a2:da:48:fe:b4:f8:3e:56:3c:
                    d4:d7:58:be:4c:94:6d:93:bc:26:9a:b8:38:da:f4:
                    26:c4:a7:13:a9:6c:d4:70:e2:04:4b:3e:27:15:87:
                    7e:21:45:a9:50:fb:2f:27:9b:75:c9:54:31:e3:09:
                    c0:0f:34:d8:7b:e6:56:da:02:0f:de:d0:fc:63:a0:
                    f9:1a:3d:82:24:81:a3:4e:d6:35:15:12:17:6e:d2:
                    b3:9c:fd:eb:28:d8:48:75:ab:6f:81:4b:87:b9:0c:
                    c6:bf:d7:e2:97:95:a7:88:64:a0:86:df:ad:c3:5e:
                    60:21:72:23:2a:45:79:78:f8:4d:e7:4b:7f:4f:a0:
                    9e:7b:11:82:44:94:c6:be:ee:72:4a:83:b2:e4:f9:
                    53:c3:03:d1:12:c4:f3:10:2b:89:a1:c9:59:88:3d:
                    78:ad:fd:21:fd:a5:82:03:3d:7b:c6:65:25:3a:65:
                    90:2f:21:59:93:06:77:36:07:6a:33:d5:59:54:ac:
                    e2:a1:62:d4:91:7a:1b:dd:ce:24:5b:85:da:19:0c:
                    cf:e1:f0:4e:61:f7:e4:ca:83:a6:58:06:37:82:0e:
                    1e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:FB:2B:B9:AF:16:69:B5:5E:20:A6:9D:C5:72:E5:FE:D0:4E:68:0C
            X509v3 Authority Key Identifier:
                keyid:77:41:D1:3A:15:A9:87:DD:60:01:9C:02:65:D2:EC:EC:48:40:94:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0HROhWph91gAZwCZdLs7EhAlEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/NPsrua8WabVeIKadxXLl_tBOaAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/0be9d0-999a-449a-8519-3523e3030be4/1/d0HROhWph91gAZwCZdLs7EhAlEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:e8:16:bc:a6:b5:80:6e:b7:f0:53:21:d2:b3:e7:ee:c7:29:
         97:60:04:23:89:b8:b2:b2:a8:75:cc:55:b6:9e:71:aa:25:88:
         81:72:ac:4f:0e:8c:ab:1a:d2:54:b9:de:c2:d0:f1:0d:9b:3e:
         2e:51:65:3e:21:9c:3e:38:02:43:fb:d7:1d:01:53:51:b4:9c:
         ee:58:15:dc:cc:ee:a5:7c:b5:f6:cd:42:af:bb:94:f6:5f:88:
         b6:7b:04:b3:58:67:49:2e:68:96:75:4f:58:ce:d0:b8:9e:b5:
         0e:27:59:86:71:d7:f0:ec:47:56:b7:aa:38:22:8a:3c:0b:ce:
         c3:56:a5:31:e6:ff:70:ce:65:98:95:5e:0b:0a:96:08:01:c9:
         4d:19:ab:07:ed:de:e2:5d:c1:16:e5:42:87:14:41:ec:24:bc:
         90:88:a6:ee:aa:a7:3c:ab:63:6b:7a:c4:74:c6:33:2d:33:a1:
         39:01:e5:d5:ee:9b:2b:46:67:08:3c:90:d1:98:36:68:63:f7:
         54:3d:b5:69:06:1f:43:44:f6:11:32:e9:c6:e2:4c:83:77:e3:
         9a:29:0c:d6:3c:20:06:4b:ec:c9:f9:14:c6:35:bb:79:11:80:
         0c:0e:17:42:4d:7e:b7:80:88:bc:1a:79:17:0b:69:4f:9c:03:
         fe:52:0c:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvAPfdEvrtAhXNPz1Rb/sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NDFkMTNhMTVhOTg3ZGQ2MDAxOWMwMjY1ZDJlY2VjNDg0
MDk0NGEwHhcNMjQwMTAyMTAzMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGZiMmJiOWFmMTY2OWI1NWUyMGE2OWRjNTcyZTVmZWQwNGU2ODBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluK5vTumM6iKzTjJ9szMUuEXj9wP
HsGsuqVAMmkGDPI/zKCi2kj+tPg+VjzU11i+TJRtk7wmmrg42vQmxKcTqWzUcOIE
Sz4nFYd+IUWpUPsvJ5t1yVQx4wnADzTYe+ZW2gIP3tD8Y6D5Gj2CJIGjTtY1FRIX
btKznP3rKNhIdatvgUuHuQzGv9fil5WniGSght+tw15gIXIjKkV5ePhN50t/T6Ce
exGCRJTGvu5ySoOy5PlTwwPREsTzECuJoclZiD14rf0h/aWCAz17xmUlOmWQLyFZ
kwZ3NgdqM9VZVKzioWLUkXob3c4kW4XaGQzP4fBOYffkyoOmWAY3gg4eaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDT7K7mvFmm1XiCmncVy5f7QTmgMMB8GA1UdIwQY
MBaAFHdB0ToVqYfdYAGcAmXS7OxIQJRKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDBIUk9oV3BoOTFnQVp3Q1pkTHM3RWhBbEVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8wYmU5ZDAtOTk5YS00NDlhLTg1MTkt
MzUyM2UzMDMwYmU0LzEvTlBzcnVhOFdhYlZlSUthZHhYTGxfdEJPYUF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8wYmU5ZDAtOTk5YS00NDlhLTg1MTktMzUyM2UzMDMwYmU0
LzEvZDBIUk9oV3BoOTFnQVp3Q1pkTHM3RWhBbEVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+PBMA0G
CSqGSIb3DQEBCwUAA4IBAQC56Ba8prWAbrfwUyHSs+fuxymXYAQjibiysqh1zFW2
nnGqJYiBcqxPDoyrGtJUud7C0PENmz4uUWU+IZw+OAJD+9cdAVNRtJzuWBXczO6l
fLX2zUKvu5T2X4i2ewSzWGdJLmiWdU9YztC4nrUOJ1mGcdfw7EdWt6o4Ioo8C87D
VqUx5v9wzmWYlV4LCpYIAclNGasH7d7iXcEW5UKHFEHsJLyQiKbuqqc8q2NresR0
xjMtM6E5AeXV7psrRmcIPJDRmDZoY/dUPbVpBh9DRPYRMunG4kyDd+OaKQzWPCAG
S+zJ+RTGNbt5EYAMDhdCTX63gIi8GnkXC2lPnAP+Ugzn
-----END CERTIFICATE-----