Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/NAFWH-6HZko-2jXV8t7oA0HzSIU.roa
File:                     NAFWH-6HZko-2jXV8t7oA0HzSIU.roa (raw, json)
Hash identifier:          evlx0SvXozysnwaGLeRFiaf3O6MnrQAS3vJN/CS0+Og=
Subject key identifier:   34:01:56:1F:EE:87:66:4A:3E:DA:35:D5:F2:DE:E8:03:41:F3:48:85
Certificate issuer:       /CN=24350aa8a94af666099fd073ec621cd15d04b316
Certificate serial:       01942444BA8B3EB83EDFDBE165C2A7FBB3ED
Authority key identifier: 24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/NAFWH-6HZko-2jXV8t7oA0HzSIU.roa
Signing time:             Wed 01 Jan 2025 23:47:51 +0000
ROA not before:           Wed 01 Jan 2025 23:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8307
IP address blocks:        195.250.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ba:8b:3e:b8:3e:df:db:e1:65:c2:a7:fb:b3:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=24350aa8a94af666099fd073ec621cd15d04b316
        Validity
            Not Before: Jan  1 23:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3401561fee87664a3eda35d5f2dee80341f34885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:22:af:59:c5:7f:e3:4e:ab:51:fc:46:62:2a:
                    2a:d8:cd:01:ba:d2:b2:b1:76:d6:ca:85:da:9f:77:
                    6b:96:9f:ed:de:fc:0d:37:d7:74:3b:d7:fd:8f:3a:
                    82:66:83:a5:72:d8:8e:02:47:e3:9d:be:24:44:f0:
                    e0:86:9c:ad:14:11:ff:d6:92:de:4a:c0:d6:b8:f0:
                    47:0c:15:98:c3:57:d8:db:db:44:6c:2b:f3:7d:d7:
                    d1:88:95:17:e6:05:ce:49:cb:3a:39:df:40:07:b5:
                    ec:dc:fc:22:54:6b:11:26:2f:7e:76:4b:6c:3b:27:
                    cb:1d:a1:03:87:8e:18:93:23:cc:05:85:72:ae:ea:
                    23:0f:03:db:1a:37:41:5a:ae:fc:94:b4:0a:e6:2e:
                    9d:97:35:6a:9e:16:f4:41:32:cc:7b:16:c0:9d:5c:
                    a7:db:5e:f8:a8:e3:93:b0:ac:4c:f6:20:24:53:2d:
                    bc:56:5f:42:63:da:5f:89:b7:4f:71:5b:27:0f:12:
                    b8:37:f3:8c:ec:5f:3c:d1:6d:7b:d8:6f:5f:54:9a:
                    71:18:51:b5:e4:79:63:dc:c6:f6:fc:3f:5c:85:68:
                    cb:5e:79:c3:2e:74:5a:a7:6a:3d:d9:4e:37:11:2c:
                    99:8d:d3:38:13:f5:13:01:16:e0:79:b3:4e:68:84:
                    5d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:01:56:1F:EE:87:66:4A:3E:DA:35:D5:F2:DE:E8:03:41:F3:48:85
            X509v3 Authority Key Identifier:
                keyid:24:35:0A:A8:A9:4A:F6:66:09:9F:D0:73:EC:62:1C:D1:5D:04:B3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/NAFWH-6HZko-2jXV8t7oA0HzSIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/ab62e7-7367-4bde-934a-b42522d05895/1/JDUKqKlK9mYJn9Bz7GIc0V0EsxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.250.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:8d:38:0e:e0:8a:77:54:c1:d0:74:64:52:3f:a7:93:0b:1e:
         4d:94:c8:d8:ef:d0:87:d8:03:9c:2d:89:42:d9:20:d9:58:bd:
         83:ab:40:19:48:96:7e:20:58:2b:e4:7f:4d:83:e9:20:83:93:
         73:3e:cf:ff:ba:58:e8:ff:89:8f:a4:6f:1b:01:49:91:51:cd:
         b2:62:96:b0:44:34:15:75:b3:4c:d2:f6:5b:21:97:3b:54:89:
         73:be:1a:08:c7:7f:38:b2:be:8a:98:fd:00:7d:f3:14:d9:89:
         35:cc:75:62:51:b3:ee:87:cf:ff:37:a1:0d:e7:df:70:eb:df:
         72:5a:bc:d4:a4:84:7f:dc:e8:74:11:90:d1:0a:62:67:e7:d6:
         da:b2:40:7b:ba:10:fa:12:37:3b:3b:d5:81:7c:fc:87:0a:9b:
         8e:e2:97:82:f1:e2:f2:b0:82:f9:9d:5b:c5:e5:f8:38:30:b0:
         98:2d:5a:a0:da:f1:8d:31:64:96:ca:e1:77:e0:e4:58:99:4c:
         4d:1d:e1:08:25:0a:a0:75:b7:5b:bd:ff:5c:c7:35:94:a7:1b:
         48:39:e4:0b:27:89:4b:80:76:ed:e9:12:14:94:2a:3b:87:f1:
         cc:fc:3e:c1:2f:45:f2:65:0b:b2:2a:79:26:e7:a4:37:c8:75:
         31:9b:85:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRLqLPrg+39vhZcKn+7PtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MzUwYWE4YTk0YWY2NjYwOTlmZDA3M2VjNjIxY2QxNWQw
NGIzMTYwHhcNMjUwMTAxMjM0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDAxNTYxZmVlODc2NjRhM2VkYTM1ZDVmMmRlZTgwMzQxZjM0ODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2iKvWcV/406rUfxGYioq2M0ButKy
sXbWyoXan3drlp/t3vwNN9d0O9f9jzqCZoOlctiOAkfjnb4kRPDghpytFBH/1pLe
SsDWuPBHDBWYw1fY29tEbCvzfdfRiJUX5gXOScs6Od9AB7Xs3PwiVGsRJi9+dkts
OyfLHaEDh44YkyPMBYVyruojDwPbGjdBWq78lLQK5i6dlzVqnhb0QTLMexbAnVyn
2174qOOTsKxM9iAkUy28Vl9CY9pfibdPcVsnDxK4N/OM7F880W172G9fVJpxGFG1
5Hlj3Mb2/D9chWjLXnnDLnRap2o92U43ESyZjdM4E/UTARbgebNOaIRdiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQBVh/uh2ZKPto11fLe6ANB80iFMB8GA1UdIwQY
MBaAFCQ1CqipSvZmCZ/Qc+xiHNFdBLMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEt
YjQyNTIyZDA1ODk1LzEvTkFGV0gtNkhaa28tMmpYVjh0N29BMEh6U0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9hYjYyZTctNzM2Ny00YmRlLTkzNGEtYjQyNTIyZDA1ODk1
LzEvSkRVS3FLbEs5bVlKbjlCejdHSWMwVjBFc3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/rAMA0G
CSqGSIb3DQEBCwUAA4IBAQBbjTgO4Ip3VMHQdGRSP6eTCx5NlMjY79CH2AOcLYlC
2SDZWL2Dq0AZSJZ+IFgr5H9Ng+kgg5NzPs//uljo/4mPpG8bAUmRUc2yYpawRDQV
dbNM0vZbIZc7VIlzvhoIx384sr6KmP0AffMU2Yk1zHViUbPuh8//N6EN599w699y
WrzUpIR/3Oh0EZDRCmJn59baskB7uhD6Ejc7O9WBfPyHCpuO4peC8eLysIL5nVvF
5fg4MLCYLVqg2vGNMWSWyuF34ORYmUxNHeEIJQqgdbdbvf9cxzWUpxtIOeQLJ4lL
gHbt6RIUlCo7h/HM/D7BL0XyZQuyKnkm56Q3yHUxm4Xi
-----END CERTIFICATE-----