Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/NdSpJ4XYuJod2OWjMPxiXgOcw1M.roa
File:                     NdSpJ4XYuJod2OWjMPxiXgOcw1M.roa (raw, json)
Hash identifier:          MW8VqP19npNGZ0bZLadX0cAR6KWcVntPfqJTJFqZxVI=
Subject key identifier:   35:D4:A9:27:85:D8:B8:9A:1D:D8:E5:A3:30:FC:62:5E:03:9C:C3:53
Certificate issuer:       /CN=89da60f049dfba34be4b4e8418b9ff492125c449
Certificate serial:       018CC9BC6725FEC3328E444FA84299404F09
Authority key identifier: 89:DA:60:F0:49:DF:BA:34:BE:4B:4E:84:18:B9:FF:49:21:25:C4:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/NdSpJ4XYuJod2OWjMPxiXgOcw1M.roa
Signing time:             Tue 02 Jan 2024 10:33:36 +0000
ROA not before:           Tue 02 Jan 2024 10:33:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1
IP address blocks:        94.206.108.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:67:25:fe:c3:32:8e:44:4f:a8:42:99:40:4f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89da60f049dfba34be4b4e8418b9ff492125c449
        Validity
            Not Before: Jan  2 10:33:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35d4a92785d8b89a1dd8e5a330fc625e039cc353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6b:be:42:dc:2c:9f:d9:60:d7:69:43:2f:63:
                    c7:83:e0:a4:86:f3:29:ab:ff:b2:95:56:14:37:82:
                    0e:55:11:af:a6:d7:c8:94:8f:97:52:a4:c5:91:53:
                    ea:f3:fb:b4:24:0c:1c:46:d2:f1:73:ca:90:ec:f0:
                    a4:96:c6:f0:b4:16:07:b5:66:b5:83:fd:9a:88:59:
                    eb:1c:62:19:aa:d9:1d:ac:80:3c:0d:99:b7:49:a2:
                    98:e5:ea:5a:a6:6d:dd:46:f4:1d:23:a1:24:13:51:
                    fd:f1:f1:fe:76:d2:2d:22:ed:8b:e4:15:6e:b9:cf:
                    4d:c5:e2:66:3f:f2:c2:35:1a:21:89:55:00:d4:63:
                    f7:84:d3:41:1b:26:89:f6:d9:57:21:ce:45:3c:7d:
                    56:b8:66:8b:1d:c9:55:ea:32:34:f3:f8:27:60:0f:
                    40:f6:98:14:a8:9d:9b:39:09:e2:cd:03:35:ed:2c:
                    26:b0:7f:0c:4d:da:95:f5:b0:a2:e5:48:d8:bd:c9:
                    92:52:1e:03:15:fd:96:98:e5:6a:26:5e:57:86:1d:
                    4d:07:5b:2f:6b:6b:60:31:59:38:99:bd:3a:97:ee:
                    0e:e2:13:e3:ce:b0:14:45:48:98:4d:6e:22:55:bc:
                    d5:85:a2:5f:52:08:e0:65:ce:ac:9a:3c:81:45:24:
                    77:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D4:A9:27:85:D8:B8:9A:1D:D8:E5:A3:30:FC:62:5E:03:9C:C3:53
            X509v3 Authority Key Identifier:
                keyid:89:DA:60:F0:49:DF:BA:34:BE:4B:4E:84:18:B9:FF:49:21:25:C4:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/idpg8EnfujS-S06EGLn_SSElxEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/NdSpJ4XYuJod2OWjMPxiXgOcw1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de477f-0785-4026-83be-69890c829e33/1/idpg8EnfujS-S06EGLn_SSElxEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.206.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:11:5e:71:78:9c:b6:82:d3:f2:30:5a:d8:3a:9d:eb:d8:91:
         84:60:26:34:41:d0:3b:be:89:3c:51:de:0a:65:2d:e9:f1:3e:
         20:65:d5:62:9e:37:a2:04:a5:0d:27:5c:20:ad:24:00:27:b4:
         d1:cc:0a:11:2e:2a:8e:d8:ad:a7:26:eb:26:aa:dc:f6:19:ef:
         02:aa:58:7b:9c:be:a3:f4:3f:d6:f5:33:4b:74:14:28:43:c1:
         c7:f9:eb:34:2d:ba:23:81:34:84:73:9c:06:98:65:62:54:3a:
         b1:b1:d3:cd:9d:ce:43:bf:b2:95:a0:29:8a:80:26:65:9c:18:
         59:4a:0f:8d:21:cc:38:88:f0:4a:4e:de:b5:f0:63:7a:e9:b5:
         fa:6a:91:eb:9c:fd:46:87:e7:44:ac:2c:95:eb:d3:d3:c3:9d:
         62:c3:00:fa:06:1a:40:9e:08:d2:89:66:59:f1:02:34:ff:10:
         bd:76:98:4e:ad:b2:65:b0:81:4d:4a:2e:fc:ca:48:de:35:9b:
         e4:fc:11:02:fd:74:96:84:d8:ef:38:0c:80:76:b7:e0:77:80:
         51:c6:5a:fe:cc:3a:91:82:7d:99:d3:a2:d9:83:36:4a:76:ad:
         02:c6:c1:72:0d:03:e4:b3:c1:57:1c:85:fe:b0:02:20:e4:2b:
         51:0c:26:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGcl/sMyjkRPqEKZQE8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5ZGE2MGYwNDlkZmJhMzRiZTRiNGU4NDE4YjlmZjQ5MjEy
NWM0NDkwHhcNMjQwMTAyMTAzMzM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQ0YTkyNzg1ZDhiODlhMWRkOGU1YTMzMGZjNjI1ZTAzOWNjMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArWu+Qtwsn9lg12lDL2PHg+CkhvMp
q/+ylVYUN4IOVRGvptfIlI+XUqTFkVPq8/u0JAwcRtLxc8qQ7PCklsbwtBYHtWa1
g/2aiFnrHGIZqtkdrIA8DZm3SaKY5epapm3dRvQdI6EkE1H98fH+dtItIu2L5BVu
uc9NxeJmP/LCNRohiVUA1GP3hNNBGyaJ9tlXIc5FPH1WuGaLHclV6jI08/gnYA9A
9pgUqJ2bOQnizQM17SwmsH8MTdqV9bCi5UjYvcmSUh4DFf2WmOVqJl5Xhh1NB1sv
a2tgMVk4mb06l+4O4hPjzrAURUiYTW4iVbzVhaJfUgjgZc6smjyBRSR37QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXUqSeF2LiaHdjlozD8Yl4DnMNTMB8GA1UdIwQY
MBaAFInaYPBJ37o0vktOhBi5/0khJcRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWRwZzhFbmZ1alMtUzA2RUdMbl9TU0VseEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTQ3N2YtMDc4NS00MDI2LTgzYmUt
Njk4OTBjODI5ZTMzLzEvTmRTcEo0WFl1Sm9kMk9Xak1QeGlYZ09jdzFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTQ3N2YtMDc4NS00MDI2LTgzYmUtNjk4OTBjODI5ZTMz
LzEvaWRwZzhFbmZ1alMtUzA2RUdMbl9TU0VseEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXs5sMA0G
CSqGSIb3DQEBCwUAA4IBAQBFEV5xeJy2gtPyMFrYOp3r2JGEYCY0QdA7vok8Ud4K
ZS3p8T4gZdVinjeiBKUNJ1wgrSQAJ7TRzAoRLiqO2K2nJusmqtz2Ge8Cqlh7nL6j
9D/W9TNLdBQoQ8HH+es0LbojgTSEc5wGmGViVDqxsdPNnc5Dv7KVoCmKgCZlnBhZ
Sg+NIcw4iPBKTt618GN66bX6apHrnP1Gh+dErCyV69PTw51iwwD6BhpAngjSiWZZ
8QI0/xC9dphOrbJlsIFNSi78ykjeNZvk/BEC/XSWhNjvOAyAdrfgd4BRxlr+zDqR
gn2Z06LZgzZKdq0CxsFyDQPks8FXHIX+sAIg5CtRDCYP
-----END CERTIFICATE-----