Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/1befb9-c103-40af-8970-93c4568b103b/1/NI1ZisdV4usNS72gA1jrZliYmaQ.roa
File:                     NI1ZisdV4usNS72gA1jrZliYmaQ.roa (raw, json)
Hash identifier:          QVxHBbOqdR36E7dn11DRd8DkSST7RcZoXy9BbtYPDi8=
Subject key identifier:   34:8D:59:8A:C7:55:E2:EB:0D:4B:BD:A0:03:58:EB:66:58:98:99:A4
Certificate issuer:       /CN=6ac34e49fba9640b83eabaafba9c4ab96c8c3544
Certificate serial:       018CC2DB61226878C00143E40270AB1E3ED1
Authority key identifier: 6A:C3:4E:49:FB:A9:64:0B:83:EA:BA:AF:BA:9C:4A:B9:6C:8C:35:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/asNOSfupZAuD6rqvupxKuWyMNUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/1befb9-c103-40af-8970-93c4568b103b/1/NI1ZisdV4usNS72gA1jrZliYmaQ.roa
Signing time:             Mon 01 Jan 2024 02:30:06 +0000
ROA not before:           Mon 01 Jan 2024 02:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5518
IP address blocks:        193.41.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/1befb9-c103-40af-8970-93c4568b103b/1/asNOSfupZAuD6rqvupxKuWyMNUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/1befb9-c103-40af-8970-93c4568b103b/1/asNOSfupZAuD6rqvupxKuWyMNUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/asNOSfupZAuD6rqvupxKuWyMNUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:61:22:68:78:c0:01:43:e4:02:70:ab:1e:3e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ac34e49fba9640b83eabaafba9c4ab96c8c3544
        Validity
            Not Before: Jan  1 02:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=348d598ac755e2eb0d4bbda00358eb66589899a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:20:7c:13:1b:6b:67:99:79:c0:43:bf:96:98:
                    ca:da:5d:e7:0f:e4:85:43:a6:73:03:e0:a2:35:bc:
                    30:2f:bf:25:db:59:c6:b1:a5:60:2f:1a:bd:51:f5:
                    1c:f3:57:b7:6b:be:d3:48:32:8b:2d:77:80:a3:bc:
                    fd:09:d5:5d:40:54:fa:05:e5:b2:d6:b2:93:2d:38:
                    fb:f7:60:db:b6:ca:4c:01:5a:71:54:40:96:7c:ad:
                    f9:23:59:b0:d8:0f:a0:b6:55:b4:27:45:83:bd:9d:
                    63:e0:08:b5:d0:c8:04:83:16:b2:71:cf:f0:39:f0:
                    99:33:c9:9c:5f:d9:e0:a7:64:2a:88:cd:50:22:a8:
                    20:b2:43:83:42:31:a9:36:f2:63:fb:69:96:26:54:
                    df:f7:ac:24:2c:27:98:46:30:05:37:7f:d6:2c:73:
                    b6:ef:ca:85:7a:a3:53:01:ac:43:e1:e9:3c:4e:3e:
                    68:0e:c3:c3:78:5f:97:13:9e:7d:34:42:22:3f:37:
                    89:fd:12:3c:5f:4c:7d:0c:4b:f0:13:c9:ed:88:50:
                    6a:9c:ec:fa:4c:36:27:55:ec:d3:5c:04:62:0a:1b:
                    5f:37:74:9d:2f:21:8f:9d:eb:81:dc:43:d4:ab:df:
                    cd:7d:7b:c8:9e:9e:c7:d5:fa:03:2a:41:35:1d:1d:
                    f5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8D:59:8A:C7:55:E2:EB:0D:4B:BD:A0:03:58:EB:66:58:98:99:A4
            X509v3 Authority Key Identifier:
                keyid:6A:C3:4E:49:FB:A9:64:0B:83:EA:BA:AF:BA:9C:4A:B9:6C:8C:35:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/asNOSfupZAuD6rqvupxKuWyMNUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1befb9-c103-40af-8970-93c4568b103b/1/NI1ZisdV4usNS72gA1jrZliYmaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1befb9-c103-40af-8970-93c4568b103b/1/asNOSfupZAuD6rqvupxKuWyMNUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.41.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:a8:0b:fb:1f:d1:54:8b:de:1d:e0:03:4c:dc:09:1b:eb:54:
         33:fa:30:85:07:03:67:c4:ba:4d:41:44:30:33:1a:c5:c9:76:
         da:4e:f4:ad:e9:24:76:67:b6:10:ed:48:b1:dd:bc:4d:4d:12:
         45:d7:9f:3c:5b:6b:77:d8:63:9b:b4:52:0c:89:8f:d4:df:12:
         23:f9:ee:ee:a9:de:93:fd:43:68:b9:a3:f8:d3:30:01:7e:b5:
         b8:97:18:93:d6:ed:69:33:b4:f2:25:6f:ed:28:97:70:46:36:
         c8:ca:01:4a:c5:04:6e:36:6c:75:95:85:94:b1:77:ae:ea:90:
         bd:f8:69:c7:f6:75:72:e6:b4:d4:83:25:ff:ee:ef:27:6c:e6:
         28:83:e2:18:e6:95:88:80:1a:f1:87:53:27:bc:ba:74:62:8d:
         16:42:b1:93:7b:24:9f:6a:10:71:cd:85:24:80:71:ae:e6:41:
         41:05:44:9e:53:c3:5a:e3:8c:a7:84:55:ee:57:0f:25:25:e8:
         a3:fd:f3:55:79:ac:bc:8a:7f:9c:16:f0:3f:59:ca:a0:86:5d:
         c1:df:db:4d:a4:1c:97:c4:c0:73:0f:cc:a2:e3:03:a1:ce:fb:
         7e:65:f4:97:c9:67:ea:6d:db:00:e5:8a:13:08:e0:54:d0:42:
         7a:53:f7:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC22EiaHjAAUPkAnCrHj7RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYzM0ZTQ5ZmJhOTY0MGI4M2VhYmFhZmJhOWM0YWI5NmM4
YzM1NDQwHhcNMjQwMTAxMDIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhkNTk4YWM3NTVlMmViMGQ0YmJkYTAwMzU4ZWI2NjU4OTg5OWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriB8ExtrZ5l5wEO/lpjK2l3nD+SF
Q6ZzA+CiNbwwL78l21nGsaVgLxq9UfUc81e3a77TSDKLLXeAo7z9CdVdQFT6BeWy
1rKTLTj792DbtspMAVpxVECWfK35I1mw2A+gtlW0J0WDvZ1j4Ai10MgEgxaycc/w
OfCZM8mcX9ngp2QqiM1QIqggskODQjGpNvJj+2mWJlTf96wkLCeYRjAFN3/WLHO2
78qFeqNTAaxD4ek8Tj5oDsPDeF+XE559NEIiPzeJ/RI8X0x9DEvwE8ntiFBqnOz6
TDYnVezTXARiChtfN3SdLyGPneuB3EPUq9/NfXvInp7H1foDKkE1HR31CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSNWYrHVeLrDUu9oANY62ZYmJmkMB8GA1UdIwQY
MBaAFGrDTkn7qWQLg+q6r7qcSrlsjDVEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXNOT1NmdXBaQXVENnJxdnVweEt1V3lNTlVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xYmVmYjktYzEwMy00MGFmLTg5NzAt
OTNjNDU2OGIxMDNiLzEvTkkxWmlzZFY0dXNOUzcyZ0ExanJabGlZbWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xYmVmYjktYzEwMy00MGFmLTg5NzAtOTNjNDU2OGIxMDNi
LzEvYXNOT1NmdXBaQXVENnJxdnVweEt1V3lNTlVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSktMA0G
CSqGSIb3DQEBCwUAA4IBAQBYqAv7H9FUi94d4ANM3Akb61Qz+jCFBwNnxLpNQUQw
MxrFyXbaTvSt6SR2Z7YQ7Uix3bxNTRJF1588W2t32GObtFIMiY/U3xIj+e7uqd6T
/UNouaP40zABfrW4lxiT1u1pM7TyJW/tKJdwRjbIygFKxQRuNmx1lYWUsXeu6pC9
+GnH9nVy5rTUgyX/7u8nbOYog+IY5pWIgBrxh1MnvLp0Yo0WQrGTeySfahBxzYUk
gHGu5kFBBUSeU8Na44ynhFXuVw8lJeij/fNVeay8in+cFvA/Wcqghl3B39tNpByX
xMBzD8yi4wOhzvt+ZfSXyWfqbdsA5YoTCOBU0EJ6U/cu
-----END CERTIFICATE-----