Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NPg8EQ5wwpID-0vZCohMGEXRPEg.roa
File:                     NPg8EQ5wwpID-0vZCohMGEXRPEg.roa (raw, json)
Hash identifier:          6xYkHRRHXZSfB7CfdYyQ+mvW8MSWHpqd/T3y2E4X968=
Subject key identifier:   34:F8:3C:11:0E:70:C2:92:03:FB:4B:D9:0A:88:4C:18:45:D1:3C:48
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF9E28236156A078C3DF474378B9C6
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NPg8EQ5wwpID-0vZCohMGEXRPEg.roa
Signing time:             Tue 02 Jan 2024 06:32:27 +0000
ROA not before:           Tue 02 Jan 2024 06:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57371
IP address blocks:        185.200.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9e:28:23:61:56:a0:78:c3:df:47:43:78:b9:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34f83c110e70c29203fb4bd90a884c1845d13c48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:7e:ad:a8:78:15:a2:f9:2f:50:d6:f4:84:07:
                    d6:d0:e2:97:a4:15:e0:50:9e:bc:bf:56:43:b0:7d:
                    f3:f0:9a:59:05:08:ce:d7:21:43:d2:99:52:53:92:
                    a4:e3:d2:12:3e:75:26:c0:c0:ab:21:54:98:c8:2b:
                    4f:84:c1:b8:dd:52:d5:7b:04:fc:a7:52:84:b4:6c:
                    45:a8:da:16:c5:5b:bf:87:40:a9:03:8a:1b:49:99:
                    95:e3:82:ed:18:90:f3:b6:d9:73:9f:43:96:47:7b:
                    7c:84:c6:e8:d6:8c:59:95:cc:a1:bb:6b:89:48:3c:
                    66:e6:10:ac:5d:c7:07:89:0e:bc:f4:b1:8f:d4:35:
                    8e:a7:49:7c:a7:cf:5b:41:d0:48:13:10:08:ee:b5:
                    fe:d7:83:d3:dc:91:03:2f:73:5b:54:88:19:c2:4c:
                    da:7e:78:ee:41:14:0c:66:85:b2:8a:31:b7:84:7b:
                    81:4f:17:e3:8b:b0:4e:f3:9f:46:96:ad:0e:29:ac:
                    3a:76:c1:a9:7f:b3:9c:20:30:5d:00:6a:3b:14:10:
                    c8:9a:f3:03:8a:5f:64:e4:06:4c:8a:e3:8d:6d:54:
                    1f:af:b2:90:44:1f:fb:5d:a1:83:71:a5:5e:e0:72:
                    74:96:da:65:56:cd:1a:37:e4:17:ad:a7:59:25:10:
                    9e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F8:3C:11:0E:70:C2:92:03:FB:4B:D9:0A:88:4C:18:45:D1:3C:48
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NPg8EQ5wwpID-0vZCohMGEXRPEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:45:40:57:6e:19:ae:ea:57:3a:12:a1:00:5d:a2:19:cc:97:
         31:6c:ac:53:62:2f:17:99:06:0d:cf:82:86:b2:7d:da:40:de:
         77:22:8a:ae:ac:62:cb:31:86:8d:18:1c:f8:1c:11:06:23:1c:
         50:a6:6b:ca:cc:72:c8:e3:b9:d4:37:4a:c2:32:cc:9a:eb:7a:
         ea:b6:71:3d:c4:35:45:64:39:4a:d2:21:8c:60:e3:3b:e6:48:
         9c:54:e9:67:ca:d7:a7:84:64:4f:01:09:b4:91:c8:48:18:47:
         33:bd:d4:0c:b7:dc:e2:a9:50:48:d8:64:81:65:90:f0:19:dd:
         75:89:25:49:01:57:a5:18:0c:b8:24:76:2e:50:6f:98:15:4d:
         17:66:0a:ed:bd:03:0d:c9:92:5d:a8:51:07:2f:07:7a:2f:65:
         9e:30:2e:70:8c:9e:74:22:54:3a:fe:7f:d2:ec:e3:f7:20:2a:
         64:ba:92:9f:8e:d3:6e:45:c1:14:0b:a3:08:84:53:aa:d2:49:
         cb:f2:50:61:8e:0a:e7:b4:10:e4:a5:ec:1c:31:ce:a5:0b:ef:
         57:a7:1c:bd:38:74:c6:4a:47:0a:d9:17:d4:a4:3d:d6:54:ea:
         1c:6d:bd:21:05:63:ec:df:65:47:e0:52:84:9d:28:51:cf:da:
         c6:c6:9a:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI354oI2FWoHjD30dDeLnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGY4M2MxMTBlNzBjMjkyMDNmYjRiZDkwYTg4NGMxODQ1ZDEzYzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhn6tqHgVovkvUNb0hAfW0OKXpBXg
UJ68v1ZDsH3z8JpZBQjO1yFD0plSU5Kk49ISPnUmwMCrIVSYyCtPhMG43VLVewT8
p1KEtGxFqNoWxVu/h0CpA4obSZmV44LtGJDzttlzn0OWR3t8hMbo1oxZlcyhu2uJ
SDxm5hCsXccHiQ689LGP1DWOp0l8p89bQdBIExAI7rX+14PT3JEDL3NbVIgZwkza
fnjuQRQMZoWyijG3hHuBTxfji7BO859Glq0OKaw6dsGpf7OcIDBdAGo7FBDImvMD
il9k5AZMiuONbVQfr7KQRB/7XaGDcaVe4HJ0ltplVs0aN+QXradZJRCenQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDT4PBEOcMKSA/tL2QqITBhF0TxIMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTlBnOEVRNXd3cElELTB2WkNvaE1HRVhSUEVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuci9MA0G
CSqGSIb3DQEBCwUAA4IBAQArRUBXbhmu6lc6EqEAXaIZzJcxbKxTYi8XmQYNz4KG
sn3aQN53IoqurGLLMYaNGBz4HBEGIxxQpmvKzHLI47nUN0rCMsya63rqtnE9xDVF
ZDlK0iGMYOM75kicVOlnytenhGRPAQm0kchIGEczvdQMt9ziqVBI2GSBZZDwGd11
iSVJAVelGAy4JHYuUG+YFU0XZgrtvQMNyZJdqFEHLwd6L2WeMC5wjJ50IlQ6/n/S
7OP3ICpkupKfjtNuRcEUC6MIhFOq0knL8lBhjgrntBDkpewcMc6lC+9Xpxy9OHTG
SkcK2RfUpD3WVOocbb0hBWPs32VH4FKEnShRz9rGxpqB
-----END CERTIFICATE-----