Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/N_SZcKDnEW5-qgh6u5KcNUEsOfY.roa
File:                     N_SZcKDnEW5-qgh6u5KcNUEsOfY.roa (raw, json)
Hash identifier:          EEsQQQL6ZHR8MBng2IYwxzqyVffnMUgFZsMoz9Qm/eU=
Subject key identifier:   37:F4:99:70:A0:E7:11:6E:7E:AA:08:7A:BB:92:9C:35:41:2C:39:F6
Certificate issuer:       /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial:       018D143ACBC70289E86DA9F4A3714D7FE02C
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/N_SZcKDnEW5-qgh6u5KcNUEsOfY.roa
Signing time:             Tue 16 Jan 2024 21:43:34 +0000
ROA not before:           Tue 16 Jan 2024 21:43:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44571
IP address blocks:        91.202.60.0/24 maxlen: 24
                          91.202.61.0/24 maxlen: 24
                          91.202.62.0/24 maxlen: 24
                          91.202.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:14:3a:cb:c7:02:89:e8:6d:a9:f4:a3:71:4d:7f:e0:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
        Validity
            Not Before: Jan 16 21:43:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37f49970a0e7116e7eaa087abb929c35412c39f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a8:2c:5a:09:3c:a9:63:9e:92:83:66:fa:9b:
                    f5:dd:23:38:78:83:7c:e2:d1:53:4a:96:dd:5b:70:
                    82:cc:73:dd:9e:72:bb:f5:a7:b5:7b:7a:c8:90:11:
                    f6:95:ab:d2:e2:eb:de:9b:12:ba:c3:21:ce:6a:f7:
                    54:50:5c:08:46:c6:47:a3:30:ca:79:84:80:ab:f7:
                    a0:45:d7:2d:ee:f3:a3:d5:fd:59:74:20:66:ba:90:
                    80:68:ce:91:4c:ee:d7:68:6b:6c:41:ea:ad:a1:3a:
                    f5:b7:58:53:f5:cd:d3:94:19:41:2c:f3:39:3c:b8:
                    ed:e4:77:55:e8:70:cf:32:aa:05:3a:48:65:89:90:
                    09:e5:02:00:68:3b:e5:b7:1d:c0:53:a3:7c:3f:48:
                    22:a5:12:b7:4c:56:0b:11:b9:a2:9f:d3:0b:d2:9e:
                    93:fe:91:ea:9b:3b:33:1b:56:0e:34:07:9b:5e:08:
                    4e:00:4e:2d:2c:68:23:f2:e0:a5:91:c8:2c:64:7e:
                    73:ad:c9:1f:6f:7c:67:b3:fc:43:3d:27:d0:1d:2e:
                    ba:59:cd:d7:b8:12:ce:1c:f3:82:da:e2:fb:2d:1a:
                    97:96:1f:32:a3:6a:5b:c3:06:97:b8:53:e5:89:c1:
                    24:b7:4b:6f:76:13:bd:f0:db:20:85:69:47:f7:49:
                    1a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:F4:99:70:A0:E7:11:6E:7E:AA:08:7A:BB:92:9C:35:41:2C:39:F6
            X509v3 Authority Key Identifier:
                keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/N_SZcKDnEW5-qgh6u5KcNUEsOfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a4:b3:2e:58:7d:db:dd:16:a3:b9:54:3f:0f:3f:cb:78:55:5b:
         15:d7:57:9c:9e:b1:f7:7a:f4:d5:35:07:40:a5:cf:40:ed:85:
         ea:52:ca:1e:23:71:16:0b:fb:13:2c:d2:4b:f4:7a:35:80:1c:
         01:75:88:12:8e:3d:d5:44:9c:95:77:6f:5a:c6:30:15:4a:79:
         99:3f:dc:c7:29:e1:0d:48:a0:aa:14:e5:6b:13:15:df:b2:1e:
         68:1e:0a:74:d3:90:92:96:74:9b:85:41:03:17:12:bf:8b:79:
         2f:fd:fa:38:fc:c2:f6:0a:ba:cd:ed:18:dc:2d:12:5d:12:8c:
         d5:bd:fa:55:58:00:79:bd:4b:4f:59:57:59:1d:22:35:48:ad:
         3a:78:41:b8:e8:51:ba:41:df:b0:d9:1b:65:a2:06:f9:4d:63:
         5d:f8:a5:7e:5c:2e:83:16:60:ca:e4:ee:c9:14:a6:69:62:df:
         90:8b:6a:d2:56:ff:e4:3d:f8:ae:2a:97:bb:3c:4b:3a:59:6f:
         0c:5e:04:46:a2:fb:11:06:90:e1:bf:d5:3b:b9:ef:d7:e0:f5:
         be:68:44:3a:1f:50:e9:75:31:1b:7d:d6:05:25:19:ff:3e:ae:
         d0:d6:ef:af:39:4f:e3:98:3a:ff:71:59:cd:98:14:d5:11:e6:
         9a:cf:2e:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0UOsvHAonoban0o3FNf+AsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3
NDIxYTYwHhcNMjQwMTE2MjE0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Y0OTk3MGEwZTcxMTZlN2VhYTA4N2FiYjkyOWMzNTQxMmMzOWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyagsWgk8qWOekoNm+pv13SM4eIN8
4tFTSpbdW3CCzHPdnnK79ae1e3rIkBH2lavS4uvemxK6wyHOavdUUFwIRsZHozDK
eYSAq/egRdct7vOj1f1ZdCBmupCAaM6RTO7XaGtsQeqtoTr1t1hT9c3TlBlBLPM5
PLjt5HdV6HDPMqoFOkhliZAJ5QIAaDvltx3AU6N8P0gipRK3TFYLEbmin9ML0p6T
/pHqmzszG1YONAebXghOAE4tLGgj8uClkcgsZH5zrckfb3xns/xDPSfQHS66Wc3X
uBLOHPOC2uL7LRqXlh8yo2pbwwaXuFPlicEkt0tvdhO98NsghWlH90kaLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDf0mXCg5xFufqoIeruSnDVBLDn2MB8GA1UdIwQY
MBaAFA/r+/1vk3xa454+OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGIt
N2Q3MDM3NGQ3NmQyLzEvTl9TWmNLRG5FVzUtcWdoNnU1S2NOVUVzT2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQy
LzEvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8o8MA0G
CSqGSIb3DQEBCwUAA4IBAQCksy5YfdvdFqO5VD8PP8t4VVsV11ecnrH3evTVNQdA
pc9A7YXqUsoeI3EWC/sTLNJL9Ho1gBwBdYgSjj3VRJyVd29axjAVSnmZP9zHKeEN
SKCqFOVrExXfsh5oHgp005CSlnSbhUEDFxK/i3kv/fo4/ML2CrrN7RjcLRJdEozV
vfpVWAB5vUtPWVdZHSI1SK06eEG46FG6Qd+w2Rtlogb5TWNd+KV+XC6DFmDK5O7J
FKZpYt+Qi2rSVv/kPfiuKpe7PEs6WW8MXgRGovsRBpDhv9U7ue/X4PW+aEQ6H1Dp
dTEbfdYFJRn/Pq7Q1u+vOU/jmDr/cVnNmBTVEeaazy7h
-----END CERTIFICATE-----