Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/311fe5-3885-4c3f-8ca0-9bcf6cadaad6/1/NN74X72IwSUNR3yQFSH0hwYDSgc.roa
File:                     NN74X72IwSUNR3yQFSH0hwYDSgc.roa (raw, json)
Hash identifier:          SvCeizUp0Mkqnbsk2qjsnMi7MhnT60HuOJZnpKjboCU=
Subject key identifier:   34:DE:F8:5F:BD:88:C1:25:0D:47:7C:90:15:21:F4:87:06:03:4A:07
Certificate issuer:       /CN=3576dfd9bc98c613b84327d34062075acc56272f
Certificate serial:       018CC26D5B892D3E0A71FA80015F16796320
Authority key identifier: 35:76:DF:D9:BC:98:C6:13:B8:43:27:D3:40:62:07:5A:CC:56:27:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NXbf2byYxhO4QyfTQGIHWsxWJy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/311fe5-3885-4c3f-8ca0-9bcf6cadaad6/1/NN74X72IwSUNR3yQFSH0hwYDSgc.roa
Signing time:             Mon 01 Jan 2024 00:29:55 +0000
ROA not before:           Mon 01 Jan 2024 00:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58075
IP address blocks:        91.210.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/311fe5-3885-4c3f-8ca0-9bcf6cadaad6/1/NXbf2byYxhO4QyfTQGIHWsxWJy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/311fe5-3885-4c3f-8ca0-9bcf6cadaad6/1/NXbf2byYxhO4QyfTQGIHWsxWJy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NXbf2byYxhO4QyfTQGIHWsxWJy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:5b:89:2d:3e:0a:71:fa:80:01:5f:16:79:63:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3576dfd9bc98c613b84327d34062075acc56272f
        Validity
            Not Before: Jan  1 00:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34def85fbd88c1250d477c901521f48706034a07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:94:3d:c9:60:fe:43:41:b5:cb:dc:5a:c5:01:
                    e9:06:df:fa:83:d9:97:2b:0c:9a:15:04:6a:72:e8:
                    a8:48:60:a1:dd:48:bf:c2:9f:fa:2d:5d:4d:c9:51:
                    07:f1:24:df:a0:35:c7:52:a5:48:39:e0:d7:99:e6:
                    51:56:34:e8:30:f4:62:dc:3f:56:e8:59:92:b0:5c:
                    fe:8b:4c:27:d4:6b:5a:e6:75:75:49:f9:98:7f:63:
                    57:18:5f:0d:ba:2f:f9:9f:c9:92:0c:2a:84:fc:85:
                    ea:09:78:ed:6a:e3:fd:f4:57:bc:1a:8c:e6:07:1c:
                    4f:bc:3d:19:ef:bf:07:8b:a2:75:b1:26:bb:d3:c4:
                    a7:e0:1a:67:90:c7:80:ca:46:07:bf:8f:a1:10:c9:
                    6b:30:ea:7c:49:d3:84:1a:4b:b3:05:84:60:72:39:
                    c2:37:31:46:78:d2:ec:d7:7e:ec:be:a9:b7:b5:24:
                    a4:34:af:ec:9e:f2:79:0e:6d:06:64:17:ec:e3:f3:
                    ba:b4:5e:f1:2f:88:ef:6b:6b:c2:34:16:c6:4a:f2:
                    8e:34:ce:84:54:f2:93:ba:e0:e2:f5:b6:2e:f5:73:
                    15:ec:aa:f8:19:26:ac:81:ca:e4:96:e2:ce:dd:4d:
                    ea:9e:4a:ba:a1:89:7c:85:26:3e:d6:8a:7e:59:8f:
                    ba:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:DE:F8:5F:BD:88:C1:25:0D:47:7C:90:15:21:F4:87:06:03:4A:07
            X509v3 Authority Key Identifier:
                keyid:35:76:DF:D9:BC:98:C6:13:B8:43:27:D3:40:62:07:5A:CC:56:27:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NXbf2byYxhO4QyfTQGIHWsxWJy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/311fe5-3885-4c3f-8ca0-9bcf6cadaad6/1/NN74X72IwSUNR3yQFSH0hwYDSgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/311fe5-3885-4c3f-8ca0-9bcf6cadaad6/1/NXbf2byYxhO4QyfTQGIHWsxWJy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:08:a5:d0:67:21:46:84:67:cb:7b:f0:0a:5f:18:c4:fa:10:
         c8:07:22:6c:73:5c:b6:fe:0e:f4:36:d2:84:2e:e3:c2:cd:21:
         de:09:f2:32:6a:c1:97:e9:85:b7:71:af:2d:78:74:fb:a1:a0:
         b2:07:37:ed:1d:d4:1c:72:40:94:91:79:b3:5d:90:e7:96:51:
         5b:32:eb:61:11:b3:5b:26:86:f9:ef:50:a8:3d:cc:0c:ae:96:
         85:11:ff:61:80:d8:3c:f7:ed:63:fe:31:0d:59:9c:99:cb:eb:
         d8:a0:c7:0e:71:fe:d8:b0:6a:96:b4:89:14:d9:14:f1:fd:3b:
         15:50:07:49:63:76:cc:6a:fe:cc:f2:05:98:48:71:20:4a:36:
         2b:bb:80:53:b3:4b:8e:31:fb:d0:d4:bb:01:a0:34:8c:bc:d0:
         09:80:5b:c4:db:f2:fe:4a:27:84:c8:00:5c:e5:93:38:1b:ab:
         6a:03:96:5b:41:5b:ae:17:b6:2d:fc:78:06:13:e8:bc:03:15:
         d4:88:e1:90:36:dc:2a:4d:ac:05:33:2d:a2:67:79:ad:bb:e5:
         0b:99:54:36:16:bd:bc:41:a1:1e:b6:91:83:e5:58:c9:0c:0f:
         f6:7a:ac:d5:e4:40:81:15:d6:09:c0:3a:98:d9:fa:a1:1d:ce:
         70:d4:35:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVuJLT4KcfqAAV8WeWMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NzZkZmQ5YmM5OGM2MTNiODQzMjdkMzQwNjIwNzVhY2M1
NjI3MmYwHhcNMjQwMTAxMDAyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGRlZjg1ZmJkODhjMTI1MGQ0NzdjOTAxNTIxZjQ4NzA2MDM0YTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZQ9yWD+Q0G1y9xaxQHpBt/6g9mX
KwyaFQRqcuioSGCh3Ui/wp/6LV1NyVEH8STfoDXHUqVIOeDXmeZRVjToMPRi3D9W
6FmSsFz+i0wn1Gta5nV1SfmYf2NXGF8Nui/5n8mSDCqE/IXqCXjtauP99Fe8Gozm
BxxPvD0Z778Hi6J1sSa708Sn4BpnkMeAykYHv4+hEMlrMOp8SdOEGkuzBYRgcjnC
NzFGeNLs137svqm3tSSkNK/snvJ5Dm0GZBfs4/O6tF7xL4jva2vCNBbGSvKONM6E
VPKTuuDi9bYu9XMV7Kr4GSasgcrkluLO3U3qnkq6oYl8hSY+1op+WY+6gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTe+F+9iMElDUd8kBUh9IcGA0oHMB8GA1UdIwQY
MBaAFDV239m8mMYTuEMn00BiB1rMVicvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlhiZjJieVl4aE80UXlmVFFHSUhXc3hXSnk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8zMTFmZTUtMzg4NS00YzNmLThjYTAt
OWJjZjZjYWRhYWQ2LzEvTk43NFg3Mkl3U1VOUjN5UUZTSDBod1lEU2djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8zMTFmZTUtMzg4NS00YzNmLThjYTAtOWJjZjZjYWRhYWQ2
LzEvTlhiZjJieVl4aE80UXlmVFFHSUhXc3hXSnk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9J9MA0G
CSqGSIb3DQEBCwUAA4IBAQBQCKXQZyFGhGfLe/AKXxjE+hDIByJsc1y2/g70NtKE
LuPCzSHeCfIyasGX6YW3ca8teHT7oaCyBzftHdQcckCUkXmzXZDnllFbMuthEbNb
Job571CoPcwMrpaFEf9hgNg89+1j/jENWZyZy+vYoMcOcf7YsGqWtIkU2RTx/TsV
UAdJY3bMav7M8gWYSHEgSjYru4BTs0uOMfvQ1LsBoDSMvNAJgFvE2/L+SieEyABc
5ZM4G6tqA5ZbQVuuF7Yt/HgGE+i8AxXUiOGQNtwqTawFMy2iZ3mtu+ULmVQ2Fr28
QaEetpGD5VjJDA/2eqzV5ECBFdYJwDqY2fqhHc5w1DU+
-----END CERTIFICATE-----