Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/NNsckov9kC-mP3r6PSH82FBdGZA.roa
File:                     NNsckov9kC-mP3r6PSH82FBdGZA.roa (raw, json)
Hash identifier:          6KDkfRS5DOR9feURfq2ZgY0gnH2rPlFCjZOcfk7323k=
Subject key identifier:   34:DB:1C:92:8B:FD:90:2F:A6:3F:7A:FA:3D:21:FC:D8:50:5D:19:90
Certificate issuer:       /CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
Certificate serial:       018CC793691145FA9B8F6D6E1231317F63B8
Authority key identifier: 99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/NNsckov9kC-mP3r6PSH82FBdGZA.roa
Signing time:             Tue 02 Jan 2024 00:29:35 +0000
ROA not before:           Tue 02 Jan 2024 00:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139242
IP address blocks:        2a06:98c0:1001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:11:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:69:11:45:fa:9b:8f:6d:6e:12:31:31:7f:63:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99d5bfad45d7c65a6e343028509fd1892e97b9d0
        Validity
            Not Before: Jan  2 00:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34db1c928bfd902fa63f7afa3d21fcd8505d1990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cf:d4:ee:2a:b1:9f:90:90:10:49:15:67:a6:
                    91:bd:ef:b7:6c:a8:f5:9b:01:6a:90:09:27:69:fb:
                    ce:26:5f:32:82:ee:01:f3:9e:35:0d:0c:c0:75:f5:
                    55:c4:52:65:8c:2a:b6:58:f9:d0:ff:a6:88:4a:21:
                    42:3b:9a:a8:6d:05:3a:db:7b:60:1b:0c:fe:cd:4b:
                    8d:d8:3f:b5:da:77:9b:5a:5e:7f:b1:c1:ba:fe:d5:
                    72:0f:90:39:c7:db:26:0c:c7:ff:8b:e0:4a:33:31:
                    c0:b3:e9:1c:1a:f8:b5:4e:94:87:8d:90:95:75:d2:
                    e2:31:27:90:6d:3f:97:a4:a4:ee:46:fa:59:2b:5f:
                    3f:e2:4d:f3:9a:7b:57:fa:8d:08:a8:c0:1d:fe:cc:
                    ce:d0:02:05:ad:17:5b:f8:7a:b4:8c:bb:b1:e4:da:
                    58:b8:51:73:4e:c0:ff:bb:2a:5f:fb:8c:c5:66:fa:
                    76:ed:cc:39:33:1d:47:37:4a:56:de:ff:b8:37:3c:
                    02:6d:2a:17:5a:f0:86:ff:9d:8b:de:7d:4b:35:95:
                    78:50:f6:5a:be:41:db:23:80:ad:f8:af:d5:a3:08:
                    f2:e2:fc:60:5d:11:a8:0b:20:76:91:2c:a9:0f:d5:
                    da:8f:1d:c7:b3:28:67:ef:03:3b:fb:e6:93:d0:2b:
                    11:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:DB:1C:92:8B:FD:90:2F:A6:3F:7A:FA:3D:21:FC:D8:50:5D:19:90
            X509v3 Authority Key Identifier:
                keyid:99:D5:BF:AD:45:D7:C6:5A:6E:34:30:28:50:9F:D1:89:2E:97:B9:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mdW_rUXXxlpuNDAoUJ_RiS6XudA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/NNsckov9kC-mP3r6PSH82FBdGZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/8171e3-2d29-4cb6-8a94-7551809cb731/1/mdW_rUXXxlpuNDAoUJ_RiS6XudA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:98c0:1001::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:80:97:ed:b2:3d:bf:be:73:d5:9a:87:e8:6c:19:1d:67:fd:
         0b:b0:e5:d2:a2:89:64:dd:0f:0e:d3:3d:24:be:fa:be:21:1a:
         78:cd:55:ad:f5:31:09:7d:ff:51:7b:38:0d:e9:de:d5:85:5c:
         77:c5:04:a6:03:b4:ef:ab:2e:04:6f:e2:d0:0d:8e:f4:c7:53:
         ff:77:5e:7f:c1:4e:97:47:f4:2a:65:3a:97:42:ad:0c:1b:5f:
         db:ca:bf:e2:95:10:ba:39:14:31:99:0d:0a:8b:3e:42:b4:23:
         42:30:d6:78:4a:8d:7b:bb:76:41:93:ef:2e:a3:e8:df:80:be:
         f5:35:14:ea:94:41:64:18:d3:57:4f:d9:46:a9:84:f8:d0:6e:
         cf:d9:f1:f1:d9:5c:54:30:9f:4d:59:86:5e:92:95:7a:71:8d:
         59:bb:c1:00:28:3c:7a:f9:64:ef:c6:e1:19:eb:a8:44:5a:ff:
         6f:14:a6:b6:42:b7:2c:da:f1:0a:53:c9:dd:6e:05:42:6a:62:
         82:73:af:22:7b:44:60:1b:dd:5f:c6:e2:e8:07:2a:bf:b0:12:
         93:1e:89:54:2b:73:e3:d9:be:bd:a6:83:1f:17:c5:35:c4:13:
         39:90:e2:44:2c:8f:a7:a8:af:2b:6d:21:e2:ee:5f:96:ef:6f:
         2d:9b:ef:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHk2kRRfqbj21uEjExf2O4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZDViZmFkNDVkN2M2NWE2ZTM0MzAyODUwOWZkMTg5MmU5
N2I5ZDAwHhcNMjQwMTAyMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRiMWM5MjhiZmQ5MDJmYTYzZjdhZmEzZDIxZmNkODUwNWQxOTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwM/U7iqxn5CQEEkVZ6aRve+3bKj1
mwFqkAknafvOJl8ygu4B8541DQzAdfVVxFJljCq2WPnQ/6aISiFCO5qobQU623tg
Gwz+zUuN2D+12nebWl5/scG6/tVyD5A5x9smDMf/i+BKMzHAs+kcGvi1TpSHjZCV
ddLiMSeQbT+XpKTuRvpZK18/4k3zmntX+o0IqMAd/szO0AIFrRdb+Hq0jLux5NpY
uFFzTsD/uypf+4zFZvp27cw5Mx1HN0pW3v+4NzwCbSoXWvCG/52L3n1LNZV4UPZa
vkHbI4Ct+K/Vowjy4vxgXRGoCyB2kSypD9Xajx3Hsyhn7wM7++aT0CsRcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDTbHJKL/ZAvpj96+j0h/NhQXRmQMB8GA1UdIwQY
MBaAFJnVv61F18ZabjQwKFCf0Ykul7nQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQt
NzU1MTgwOWNiNzMxLzEvTk5zY2tvdjlrQy1tUDNyNlBTSDgyRkJkR1pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC84MTcxZTMtMmQyOS00Y2I2LThhOTQtNzU1MTgwOWNiNzMx
LzEvbWRXX3JVWFh4bHB1TkRBb1VKX1JpUzZYdWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYwBAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBXgJftsj2/vnPVmofobBkdZ/0LsOXSoolk3Q8O
0z0kvvq+IRp4zVWt9TEJff9RezgN6d7VhVx3xQSmA7Tvqy4Eb+LQDY70x1P/d15/
wU6XR/QqZTqXQq0MG1/byr/ilRC6ORQxmQ0Kiz5CtCNCMNZ4So17u3ZBk+8uo+jf
gL71NRTqlEFkGNNXT9lGqYT40G7P2fHx2VxUMJ9NWYZekpV6cY1Zu8EAKDx6+WTv
xuEZ66hEWv9vFKa2Qrcs2vEKU8ndbgVCamKCc68ie0RgG91fxuLoByq/sBKTHolU
K3Pj2b69poMfF8U1xBM5kOJELI+nqK8rbSHi7l+W728tm+9F
-----END CERTIFICATE-----