Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/399269-5e14-4d5e-a1bc-6bdd3478d10c/1/NrM8xHr_QHb6XTbdQzlLW9PPvVQ.roa
File:                     NrM8xHr_QHb6XTbdQzlLW9PPvVQ.roa (raw, json)
Hash identifier:          NPoWHhwUOwlsF4n/KBy1YijmOV2GYH81ki2cTHyLGD8=
Subject key identifier:   36:B3:3C:C4:7A:FF:40:76:FA:5D:36:DD:43:39:4B:5B:D3:CF:BD:54
Certificate issuer:       /CN=803095683b2947ddd49eeeac0dbd9ea954aea144
Certificate serial:       018E7B882A60ABBEF2684A5E8369E00A7708
Authority key identifier: 80:30:95:68:3B:29:47:DD:D4:9E:EE:AC:0D:BD:9E:A9:54:AE:A1:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gDCVaDspR93Unu6sDb2eqVSuoUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/399269-5e14-4d5e-a1bc-6bdd3478d10c/1/NrM8xHr_QHb6XTbdQzlLW9PPvVQ.roa
Signing time:             Tue 26 Mar 2024 16:11:45 +0000
ROA not before:           Tue 26 Mar 2024 16:11:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5089
IP address blocks:        193.33.254.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/399269-5e14-4d5e-a1bc-6bdd3478d10c/1/gDCVaDspR93Unu6sDb2eqVSuoUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/399269-5e14-4d5e-a1bc-6bdd3478d10c/1/gDCVaDspR93Unu6sDb2eqVSuoUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gDCVaDspR93Unu6sDb2eqVSuoUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7b:88:2a:60:ab:be:f2:68:4a:5e:83:69:e0:0a:77:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=803095683b2947ddd49eeeac0dbd9ea954aea144
        Validity
            Not Before: Mar 26 16:11:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36b33cc47aff4076fa5d36dd43394b5bd3cfbd54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e0:06:02:94:f3:03:59:52:5e:51:e2:57:34:
                    32:6e:f3:60:21:a0:60:9c:0c:19:c5:15:a7:b8:2d:
                    3f:4c:4c:b6:8d:f6:f4:f8:99:63:4f:68:33:57:9d:
                    0f:03:e0:5a:65:ac:75:31:66:60:07:78:0d:b5:0a:
                    c4:ce:46:35:f2:db:ac:93:93:bf:36:1d:1d:19:2e:
                    35:53:7e:23:74:67:c5:cf:fc:1f:c6:19:55:c3:a3:
                    00:b5:c4:6d:d3:a9:f3:69:bc:82:e3:6c:e8:23:2f:
                    dd:07:56:80:8c:b7:29:8d:d1:db:fb:33:9e:bb:c3:
                    62:2a:34:56:89:c6:6a:e4:5b:33:5c:23:54:b4:59:
                    2f:c3:61:95:a1:1d:b4:67:d8:cf:5b:fb:d2:85:d7:
                    a7:33:21:7e:3e:c2:e0:4a:9d:e1:e2:e8:a0:e1:15:
                    2e:e9:2e:07:d6:1c:d9:55:a6:cc:33:08:89:b1:69:
                    3f:b5:72:0e:28:95:86:b7:85:00:96:93:62:fd:d5:
                    18:2b:19:73:e3:4e:57:ae:58:e6:0a:d8:2a:95:e2:
                    4b:c4:ee:c1:26:b5:26:d0:9a:ad:8a:00:7d:a6:d1:
                    64:be:4f:e2:18:d0:76:2d:16:d6:cc:74:62:d3:11:
                    06:58:22:88:4a:0d:38:92:93:7f:ab:99:3d:04:0f:
                    c8:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:B3:3C:C4:7A:FF:40:76:FA:5D:36:DD:43:39:4B:5B:D3:CF:BD:54
            X509v3 Authority Key Identifier:
                keyid:80:30:95:68:3B:29:47:DD:D4:9E:EE:AC:0D:BD:9E:A9:54:AE:A1:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gDCVaDspR93Unu6sDb2eqVSuoUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/399269-5e14-4d5e-a1bc-6bdd3478d10c/1/NrM8xHr_QHb6XTbdQzlLW9PPvVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/399269-5e14-4d5e-a1bc-6bdd3478d10c/1/gDCVaDspR93Unu6sDb2eqVSuoUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.33.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:8d:ae:9f:9e:0e:4b:6d:14:a8:30:aa:73:88:d3:ec:de:18:
         4e:53:c2:8b:70:b6:48:9a:92:ae:fa:de:b5:be:33:84:1d:50:
         6b:b1:59:b5:b2:4b:42:41:b5:ff:c6:37:03:d7:ed:78:2a:e3:
         49:5d:8d:ca:0a:ef:e5:55:09:40:60:a5:88:49:7c:c6:e2:f3:
         7a:50:01:69:ef:bf:9b:68:c9:81:06:0a:54:02:80:f9:c9:2e:
         e3:78:54:f2:dd:af:1b:18:20:29:36:43:9c:6c:43:f7:23:c2:
         77:2a:8b:b1:63:92:7b:69:f3:34:e3:49:8b:3b:c5:08:e5:a1:
         65:27:e8:5f:d3:46:d6:64:a3:50:c5:ec:1f:7f:7f:e1:63:59:
         a7:e4:15:4a:7b:27:d9:1e:84:0b:e1:3d:0a:12:a6:38:aa:1b:
         12:27:aa:37:41:0f:e4:7a:44:0a:e9:62:83:53:07:6b:7d:d0:
         ec:c9:82:36:8c:7c:f9:e3:3c:ab:68:f2:04:38:eb:d2:6d:e0:
         d7:c9:e0:b4:00:1c:e6:44:3f:f2:07:98:c7:dc:f1:ea:c8:2d:
         99:a5:de:2a:d0:cd:86:37:3c:df:cd:c1:99:ea:56:f9:a0:63:
         ba:dd:38:55:46:6f:46:4c:95:69:13:11:5b:1e:e9:d5:af:c0:
         eb:21:90:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY57iCpgq77yaEpeg2ngCncIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwMzA5NTY4M2IyOTQ3ZGRkNDllZWVhYzBkYmQ5ZWE5NTRh
ZWExNDQwHhcNMjQwMzI2MTYxMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmIzM2NjNDdhZmY0MDc2ZmE1ZDM2ZGQ0MzM5NGI1YmQzY2ZiZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOAGApTzA1lSXlHiVzQybvNgIaBg
nAwZxRWnuC0/TEy2jfb0+JljT2gzV50PA+BaZax1MWZgB3gNtQrEzkY18tusk5O/
Nh0dGS41U34jdGfFz/wfxhlVw6MAtcRt06nzabyC42zoIy/dB1aAjLcpjdHb+zOe
u8NiKjRWicZq5FszXCNUtFkvw2GVoR20Z9jPW/vShdenMyF+PsLgSp3h4uig4RUu
6S4H1hzZVabMMwiJsWk/tXIOKJWGt4UAlpNi/dUYKxlz405XrljmCtgqleJLxO7B
JrUm0JqtigB9ptFkvk/iGNB2LRbWzHRi0xEGWCKISg04kpN/q5k9BA/IEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDazPMR6/0B2+l023UM5S1vTz71UMB8GA1UdIwQY
MBaAFIAwlWg7KUfd1J7urA29nqlUrqFEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0RDVmFEc3BSOTNVbnU2c0RiMmVxVlN1b1VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8zOTkyNjktNWUxNC00ZDVlLWExYmMt
NmJkZDM0NzhkMTBjLzEvTnJNOHhIcl9RSGI2WFRiZFF6bExXOVBQdlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8zOTkyNjktNWUxNC00ZDVlLWExYmMtNmJkZDM0NzhkMTBj
LzEvZ0RDVmFEc3BSOTNVbnU2c0RiMmVxVlN1b1VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSH+MA0G
CSqGSIb3DQEBCwUAA4IBAQBwja6fng5LbRSoMKpziNPs3hhOU8KLcLZImpKu+t61
vjOEHVBrsVm1sktCQbX/xjcD1+14KuNJXY3KCu/lVQlAYKWISXzG4vN6UAFp77+b
aMmBBgpUAoD5yS7jeFTy3a8bGCApNkOcbEP3I8J3KouxY5J7afM040mLO8UI5aFl
J+hf00bWZKNQxewff3/hY1mn5BVKeyfZHoQL4T0KEqY4qhsSJ6o3QQ/kekQK6WKD
UwdrfdDsyYI2jHz54zyraPIEOOvSbeDXyeC0ABzmRD/yB5jH3PHqyC2Zpd4q0M2G
NzzfzcGZ6lb5oGO63ThVRm9GTJVpExFbHunVr8DrIZBP
-----END CERTIFICATE-----