Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/c4ce32-c220-40c9-8be8-0dbcba275417/1/nNjYfWH4ZKvN9tM6WZw9fzKIMGE.roa
File:                     nNjYfWH4ZKvN9tM6WZw9fzKIMGE.roa (raw, json)
Hash identifier:          /34OAhU2qXeFNZwKL0A5oNJLdBT3r2t/hDdx/MPeI5s=
Subject key identifier:   9C:D8:D8:7D:61:F8:64:AB:CD:F6:D3:3A:59:9C:3D:7F:32:88:30:61
Certificate issuer:       /CN=5e6140f17312784ef62ae3be030c0c2cc661a702
Certificate serial:       018CC7933A0CF4E19F1A4B1C9B3C493C0CA8
Authority key identifier: 5E:61:40:F1:73:12:78:4E:F6:2A:E3:BE:03:0C:0C:2C:C6:61:A7:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XmFA8XMSeE72KuO-AwwMLMZhpwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/c4ce32-c220-40c9-8be8-0dbcba275417/1/nNjYfWH4ZKvN9tM6WZw9fzKIMGE.roa
Signing time:             Tue 02 Jan 2024 00:29:23 +0000
ROA not before:           Tue 02 Jan 2024 00:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        91.211.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/c4ce32-c220-40c9-8be8-0dbcba275417/1/XmFA8XMSeE72KuO-AwwMLMZhpwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/c4ce32-c220-40c9-8be8-0dbcba275417/1/XmFA8XMSeE72KuO-AwwMLMZhpwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XmFA8XMSeE72KuO-AwwMLMZhpwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:3a:0c:f4:e1:9f:1a:4b:1c:9b:3c:49:3c:0c:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e6140f17312784ef62ae3be030c0c2cc661a702
        Validity
            Not Before: Jan  2 00:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cd8d87d61f864abcdf6d33a599c3d7f32883061
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:27:8c:52:96:f8:ed:76:8c:22:d0:8b:bf:3f:
                    cc:ad:89:f2:54:a8:d5:1c:97:94:84:e5:ad:84:f0:
                    f2:57:ca:e9:c3:0c:26:1a:0a:a8:c3:c4:74:1c:f6:
                    91:46:ff:16:80:38:4e:74:bb:03:f2:ff:5b:ea:2a:
                    e3:a0:25:3a:be:d9:86:02:cb:1c:fd:a6:a4:85:cb:
                    84:6b:84:dc:93:f6:ae:11:b7:56:38:14:04:f6:e5:
                    14:10:04:b1:ef:be:d9:18:83:2d:00:25:28:ff:79:
                    12:c2:a2:98:5e:6c:bc:8c:11:a1:bf:26:ea:b2:bb:
                    05:22:4d:0a:96:af:be:13:64:b4:f9:f9:b6:31:ed:
                    22:25:d2:73:ef:ab:94:cb:0a:46:12:42:1b:e5:0a:
                    3a:fb:09:f9:df:bf:65:af:bc:3c:58:33:af:8a:f0:
                    fc:10:97:b4:d5:91:13:d8:7a:08:4e:5d:18:66:f7:
                    cf:f7:b8:74:ec:95:18:f7:80:a7:4e:65:6c:fb:2b:
                    45:3a:1c:c7:b5:cd:1a:c4:b2:f6:05:f2:b5:11:2a:
                    18:a0:3e:7f:46:30:e1:ac:90:a5:29:77:c6:88:bd:
                    ad:f2:ac:5b:94:bf:5c:18:e3:35:ab:a6:a0:b4:b6:
                    51:81:7b:8b:fb:9c:c2:6e:1b:b7:dd:dd:00:ef:a5:
                    2e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D8:D8:7D:61:F8:64:AB:CD:F6:D3:3A:59:9C:3D:7F:32:88:30:61
            X509v3 Authority Key Identifier:
                keyid:5E:61:40:F1:73:12:78:4E:F6:2A:E3:BE:03:0C:0C:2C:C6:61:A7:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XmFA8XMSeE72KuO-AwwMLMZhpwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/c4ce32-c220-40c9-8be8-0dbcba275417/1/nNjYfWH4ZKvN9tM6WZw9fzKIMGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/c4ce32-c220-40c9-8be8-0dbcba275417/1/XmFA8XMSeE72KuO-AwwMLMZhpwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:85:62:91:50:de:df:7a:03:6a:2d:2a:6d:c9:ec:32:22:ec:
         e5:64:08:7b:a8:66:d8:f9:f1:5e:4a:d2:5d:30:5d:39:6c:e8:
         71:da:21:5c:33:c9:23:32:4f:82:4a:0a:31:3c:45:d7:9b:8e:
         b0:82:04:b3:54:0a:30:f3:f2:c1:f2:e5:f2:86:b4:6b:43:76:
         a4:1c:ff:63:14:88:e0:54:67:0b:ea:80:28:fb:64:0e:2a:08:
         12:22:35:0e:b1:93:23:d4:d2:7d:6d:a1:f4:d8:ee:5e:f3:77:
         0b:b4:89:87:a6:aa:f5:ed:e1:99:11:c1:47:54:8f:d4:a9:b1:
         f2:92:5a:6b:84:e4:1e:14:3c:8f:45:51:00:3d:a1:fd:8b:06:
         a3:ac:62:24:d4:06:55:aa:eb:77:d2:63:0b:4a:5d:ef:ef:8e:
         9b:7b:46:b3:62:81:e9:b5:03:e3:79:32:80:ac:ca:b9:c1:00:
         c2:11:bb:ec:9b:36:f7:42:c1:0b:af:33:3b:31:ff:38:9d:e0:
         67:ae:c8:2d:b3:70:0c:59:15:79:8f:1f:32:bd:5e:6c:ee:3e:
         e6:47:55:14:1a:5f:b6:fd:81:b5:e2:3d:92:59:03:f8:cf:d5:
         1f:ad:d4:d1:77:9a:bb:ae:ee:2a:da:55:57:81:8a:6e:28:0d:
         95:7d:50:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzoM9OGfGkscmzxJPAyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlNjE0MGYxNzMxMjc4NGVmNjJhZTNiZTAzMGMwYzJjYzY2
MWE3MDIwHhcNMjQwMTAyMDAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Q4ZDg3ZDYxZjg2NGFiY2RmNmQzM2E1OTljM2Q3ZjMyODgzMDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCeMUpb47XaMItCLvz/MrYnyVKjV
HJeUhOWthPDyV8rpwwwmGgqow8R0HPaRRv8WgDhOdLsD8v9b6irjoCU6vtmGAssc
/aakhcuEa4Tck/auEbdWOBQE9uUUEASx777ZGIMtACUo/3kSwqKYXmy8jBGhvybq
srsFIk0Klq++E2S0+fm2Me0iJdJz76uUywpGEkIb5Qo6+wn5379lr7w8WDOvivD8
EJe01ZET2HoITl0YZvfP97h07JUY94CnTmVs+ytFOhzHtc0axLL2BfK1ESoYoD5/
RjDhrJClKXfGiL2t8qxblL9cGOM1q6agtLZRgXuL+5zCbhu33d0A76UuCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzY2H1h+GSrzfbTOlmcPX8yiDBhMB8GA1UdIwQY
MBaAFF5hQPFzEnhO9irjvgMMDCzGYacCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG1GQThYTVNlRTcyS3VPLUF3d01MTVpocHdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9jNGNlMzItYzIyMC00MGM5LThiZTgt
MGRiY2JhMjc1NDE3LzEvbk5qWWZXSDRaS3ZOOXRNNldadzlmektJTUdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9jNGNlMzItYzIyMC00MGM5LThiZTgtMGRiY2JhMjc1NDE3
LzEvWG1GQThYTVNlRTcyS3VPLUF3d01MTVpocHdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9NZMA0G
CSqGSIb3DQEBCwUAA4IBAQA7hWKRUN7fegNqLSptyewyIuzlZAh7qGbY+fFeStJd
MF05bOhx2iFcM8kjMk+CSgoxPEXXm46wggSzVAow8/LB8uXyhrRrQ3akHP9jFIjg
VGcL6oAo+2QOKggSIjUOsZMj1NJ9baH02O5e83cLtImHpqr17eGZEcFHVI/UqbHy
klprhOQeFDyPRVEAPaH9iwajrGIk1AZVqut30mMLSl3v746be0azYoHptQPjeTKA
rMq5wQDCEbvsmzb3QsELrzM7Mf84neBnrsgts3AMWRV5jx8yvV5s7j7mR1UUGl+2
/YG14j2SWQP4z9UfrdTRd5q7ru4q2lVXgYpuKA2VfVD0
-----END CERTIFICATE-----