Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/2f10ee-7531-4f22-b1a8-d323fbdbb687/1/nv7UngFz5jdDP8VTJKh-qVojstQ.roa
File:                     nv7UngFz5jdDP8VTJKh-qVojstQ.roa (raw, json)
Hash identifier:          QGoaD/GxS712cxoi5tezt1xHx6PvHRsea1z7337wzIg=
Subject key identifier:   9E:FE:D4:9E:01:73:E6:37:43:3F:C5:53:24:A8:7E:A9:5A:23:B2:D4
Certificate issuer:       /CN=1530a6eb523969da92c8844c0dfb40ed820bd6c4
Certificate serial:       018CC4250AEE159E1331687ACB3A67AFB138
Authority key identifier: 15:30:A6:EB:52:39:69:DA:92:C8:84:4C:0D:FB:40:ED:82:0B:D6:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FTCm61I5adqSyIRMDftA7YIL1sQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/2f10ee-7531-4f22-b1a8-d323fbdbb687/1/nv7UngFz5jdDP8VTJKh-qVojstQ.roa
Signing time:             Mon 01 Jan 2024 08:30:11 +0000
ROA not before:           Mon 01 Jan 2024 08:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47903
IP address blocks:        91.208.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/2f10ee-7531-4f22-b1a8-d323fbdbb687/1/FTCm61I5adqSyIRMDftA7YIL1sQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/2f10ee-7531-4f22-b1a8-d323fbdbb687/1/FTCm61I5adqSyIRMDftA7YIL1sQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FTCm61I5adqSyIRMDftA7YIL1sQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:01:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:0a:ee:15:9e:13:31:68:7a:cb:3a:67:af:b1:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1530a6eb523969da92c8844c0dfb40ed820bd6c4
        Validity
            Not Before: Jan  1 08:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9efed49e0173e637433fc55324a87ea95a23b2d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:74:01:6d:2c:f0:cd:66:97:a2:93:40:de:fc:
                    ed:f5:b6:2f:13:fc:3b:00:0b:77:f7:cc:d9:86:91:
                    b2:82:c3:9e:de:7f:a8:1b:0c:ef:6b:1d:23:01:37:
                    37:c3:8c:53:df:4b:e2:bd:2c:73:80:6f:91:18:0e:
                    e5:d7:c7:32:8c:c1:6d:4d:de:15:b9:7a:6b:a9:cf:
                    76:23:87:61:b9:1d:a0:f9:64:b6:30:d3:cc:94:9f:
                    90:cc:c0:2c:18:23:90:42:0e:99:98:27:e7:26:d8:
                    bb:a3:e4:22:75:9e:b0:5d:de:63:21:b5:4d:a2:41:
                    fa:7b:8b:c2:e5:8f:2e:a7:da:ea:17:07:f5:54:ef:
                    47:4a:48:70:0a:69:29:ff:29:bf:48:cb:7c:3b:b1:
                    20:f6:03:6c:39:83:60:85:ae:1c:23:07:15:89:e5:
                    f3:ac:0c:31:41:65:05:b1:2a:41:86:fd:50:fb:00:
                    71:55:65:6f:2b:98:46:b1:6b:40:69:97:4b:dd:d3:
                    a6:30:12:cd:37:39:f1:e5:a0:a3:79:b8:dc:c5:ae:
                    56:da:ef:08:fe:59:e9:0c:4d:38:e0:79:51:d8:0b:
                    30:21:5a:f6:34:f2:a9:18:33:0b:fe:90:84:21:e3:
                    51:56:85:77:1e:fb:f4:33:a7:e9:df:80:c0:8a:8c:
                    c2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:FE:D4:9E:01:73:E6:37:43:3F:C5:53:24:A8:7E:A9:5A:23:B2:D4
            X509v3 Authority Key Identifier:
                keyid:15:30:A6:EB:52:39:69:DA:92:C8:84:4C:0D:FB:40:ED:82:0B:D6:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FTCm61I5adqSyIRMDftA7YIL1sQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2f10ee-7531-4f22-b1a8-d323fbdbb687/1/nv7UngFz5jdDP8VTJKh-qVojstQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/2f10ee-7531-4f22-b1a8-d323fbdbb687/1/FTCm61I5adqSyIRMDftA7YIL1sQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:e2:6f:04:f8:d1:7d:20:93:e4:ea:86:59:36:52:08:57:20:
         7a:6c:49:3b:ec:3b:79:f2:38:a4:c5:29:9d:e3:a7:e5:0c:94:
         3f:40:75:26:1e:d5:55:c9:db:8c:88:15:2d:2a:27:d7:18:a2:
         c5:c6:80:91:26:6e:8f:05:26:0b:4a:33:5b:b0:d5:66:5f:a1:
         ee:ce:be:d3:e4:7c:37:ef:67:38:ed:e2:9d:a4:5f:04:69:29:
         6c:02:10:c2:cd:f7:8d:25:cb:11:c2:1e:53:b0:2e:ca:6e:df:
         b3:3f:75:6b:2c:6c:b0:ba:18:94:79:24:67:6c:a6:69:30:f5:
         58:34:86:a8:6f:a5:44:ef:42:d6:1b:ad:05:e0:b7:8a:27:e4:
         ce:93:05:72:5f:a4:ee:8e:16:1e:0f:32:06:68:c4:b9:3f:93:
         7a:ae:45:59:90:bd:e1:0b:e4:83:43:2c:dc:fc:c4:b9:07:fe:
         7c:e5:0f:95:df:8b:31:23:5b:e5:38:f7:33:ce:26:57:25:e0:
         65:f5:1e:b0:fe:eb:87:e7:96:a3:1e:6e:b6:36:ab:f5:fd:25:
         eb:ce:91:52:c8:21:34:af:e8:43:d7:64:8d:15:2f:47:c3:d9:
         14:1e:b4:02:ab:fb:22:64:e4:ce:4d:5b:bb:bb:35:d9:a0:ff:
         57:0e:22:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJQruFZ4TMWh6yzpnr7E4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1MzBhNmViNTIzOTY5ZGE5MmM4ODQ0YzBkZmI0MGVkODIw
YmQ2YzQwHhcNMjQwMTAxMDgzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWZlZDQ5ZTAxNzNlNjM3NDMzZmM1NTMyNGE4N2VhOTVhMjNiMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3QBbSzwzWaXopNA3vzt9bYvE/w7
AAt398zZhpGygsOe3n+oGwzvax0jATc3w4xT30vivSxzgG+RGA7l18cyjMFtTd4V
uXprqc92I4dhuR2g+WS2MNPMlJ+QzMAsGCOQQg6ZmCfnJti7o+QidZ6wXd5jIbVN
okH6e4vC5Y8up9rqFwf1VO9HSkhwCmkp/ym/SMt8O7Eg9gNsOYNgha4cIwcVieXz
rAwxQWUFsSpBhv1Q+wBxVWVvK5hGsWtAaZdL3dOmMBLNNznx5aCjebjcxa5W2u8I
/lnpDE044HlR2AswIVr2NPKpGDML/pCEIeNRVoV3Hvv0M6fp34DAiozCFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7+1J4Bc+Y3Qz/FUySofqlaI7LUMB8GA1UdIwQY
MBaAFBUwputSOWnaksiETA37QO2CC9bEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlRDbTYxSTVhZHFTeUlSTURmdEE3WUlMMXNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My8yZjEwZWUtNzUzMS00ZjIyLWIxYTgt
ZDMyM2ZiZGJiNjg3LzEvbnY3VW5nRno1amREUDhWVEpLaC1xVm9qc3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My8yZjEwZWUtNzUzMS00ZjIyLWIxYTgtZDMyM2ZiZGJiNjg3
LzEvRlRDbTYxSTVhZHFTeUlSTURmdEE3WUlMMXNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9DIMA0G
CSqGSIb3DQEBCwUAA4IBAQBf4m8E+NF9IJPk6oZZNlIIVyB6bEk77Dt58jikxSmd
46flDJQ/QHUmHtVVyduMiBUtKifXGKLFxoCRJm6PBSYLSjNbsNVmX6Huzr7T5Hw3
72c47eKdpF8EaSlsAhDCzfeNJcsRwh5TsC7Kbt+zP3VrLGywuhiUeSRnbKZpMPVY
NIaob6VE70LWG60F4LeKJ+TOkwVyX6TujhYeDzIGaMS5P5N6rkVZkL3hC+SDQyzc
/MS5B/585Q+V34sxI1vlOPczziZXJeBl9R6w/uuH55ajHm62Nqv1/SXrzpFSyCE0
r+hD12SNFS9Hw9kUHrQCq/siZOTOTVu7uzXZoP9XDiLR
-----END CERTIFICATE-----