Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Nb-IlMViJGkgh11me9jMyCUr69w.roa
File:                     Nb-IlMViJGkgh11me9jMyCUr69w.roa (raw, json)
Hash identifier:          GB6nWrL109g5l55AOtbhlMGMXJFwI/eyv6clZk5rdl8=
Subject key identifier:   35:BF:88:94:C5:62:24:69:20:87:5D:66:7B:D8:CC:C8:25:2B:EB:DC
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DE00437CF9404218BDFB50D9B54FA
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Nb-IlMViJGkgh11me9jMyCUr69w.roa
Signing time:             Mon 01 Jan 2024 14:29:21 +0000
ROA not before:           Mon 01 Jan 2024 14:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16321
IP address blocks:        84.204.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e0:04:37:cf:94:04:21:8b:df:b5:0d:9b:54:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35bf8894c562246920875d667bd8ccc8252bebdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f5:36:01:a6:29:f8:68:99:56:87:d5:4d:85:
                    11:0b:66:d1:53:c6:d6:98:09:71:d8:b5:dd:5c:f4:
                    34:4d:c9:05:5b:e9:c1:fa:c2:70:13:95:9f:42:f1:
                    64:47:fa:d7:45:1d:70:82:a5:21:21:ae:3a:74:ed:
                    26:3a:cc:5f:4b:9f:bc:9f:42:c0:17:1b:78:ac:d8:
                    f6:91:9a:b9:a1:d3:f0:1f:b4:d8:1b:91:97:14:a9:
                    90:a5:ef:9c:02:9c:6f:44:d1:b3:12:c0:31:4c:14:
                    45:98:a0:60:58:4b:68:b2:c6:5f:f5:7a:08:54:27:
                    7c:7e:eb:fb:9c:ce:3f:e4:9d:90:bb:dc:32:c6:69:
                    fb:f3:56:5d:88:e0:56:55:c9:2d:1d:e4:9e:ec:bf:
                    0b:8c:49:cb:6d:3d:f9:a7:a1:cc:05:c8:16:d5:9b:
                    53:cb:de:0a:2c:63:72:17:62:c8:c2:07:5c:96:9d:
                    61:0f:b0:af:56:9e:07:63:17:78:10:69:71:fb:fd:
                    63:13:72:8d:4f:ce:5b:bf:25:bd:aa:21:9b:db:c7:
                    02:51:b4:38:52:2a:3d:15:07:20:c2:13:ea:84:28:
                    61:4a:d9:8c:57:8d:61:19:98:d8:3b:86:f4:be:e3:
                    49:9e:11:9d:70:92:d3:d3:d1:c9:70:d5:8a:30:91:
                    be:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:BF:88:94:C5:62:24:69:20:87:5D:66:7B:D8:CC:C8:25:2B:EB:DC
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/Nb-IlMViJGkgh11me9jMyCUr69w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.204.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:85:48:9c:1f:df:80:ce:a4:6d:8e:91:3c:96:64:dd:e0:2c:
         7a:e6:af:07:b6:6c:7f:b8:c1:2f:f8:a1:f6:6b:21:29:1e:5f:
         41:b0:62:aa:4c:73:34:a9:15:9d:2b:d3:c8:b1:2a:ab:2e:24:
         94:04:40:cf:2b:08:42:47:bd:67:67:95:82:8b:d5:c8:c9:39:
         17:2e:57:d7:0e:84:d9:4f:0f:93:ab:82:36:c4:d3:66:95:bd:
         52:61:0e:46:09:1b:80:e2:6b:ca:5f:35:4f:71:b9:19:2a:22:
         60:1e:56:4b:90:3f:74:65:83:2d:62:7d:08:d9:bd:f8:51:16:
         44:aa:a8:cb:05:e3:e5:c0:77:17:5a:c2:a5:15:2c:e9:18:f4:
         9e:27:fd:7c:ce:92:d1:ad:47:15:7d:50:79:be:98:d4:22:3f:
         b9:5e:bc:82:5b:45:ce:20:9c:c6:f1:a2:7e:dc:5e:b0:a2:cc:
         b3:22:e4:cd:67:6a:07:9c:cf:e9:f9:ea:75:84:52:a9:df:86:
         1c:12:f3:cd:b4:76:b1:0b:40:75:0e:b7:74:70:c6:8b:b6:2b:
         75:af:5b:b6:4f:3f:a8:6c:b3:ad:0b:ee:4c:30:fe:93:9e:f1:
         45:78:bd:ad:83:dd:6c:38:d5:76:6f:69:db:f9:e6:cd:7d:e0:
         08:17:b8:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeAEN8+UBCGL37UNm1T6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWJmODg5NGM1NjIyNDY5MjA4NzVkNjY3YmQ4Y2NjODI1MmJlYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvU2AaYp+GiZVofVTYURC2bRU8bW
mAlx2LXdXPQ0TckFW+nB+sJwE5WfQvFkR/rXRR1wgqUhIa46dO0mOsxfS5+8n0LA
Fxt4rNj2kZq5odPwH7TYG5GXFKmQpe+cApxvRNGzEsAxTBRFmKBgWEtossZf9XoI
VCd8fuv7nM4/5J2Qu9wyxmn781ZdiOBWVcktHeSe7L8LjEnLbT35p6HMBcgW1ZtT
y94KLGNyF2LIwgdclp1hD7CvVp4HYxd4EGlx+/1jE3KNT85bvyW9qiGb28cCUbQ4
Uio9FQcgwhPqhChhStmMV41hGZjYO4b0vuNJnhGdcJLT09HJcNWKMJG+IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDW/iJTFYiRpIIddZnvYzMglK+vcMB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvTmItSWxNVmlKR2tnaDExbWU5ak15Q1VyNjl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVMzhMA0G
CSqGSIb3DQEBCwUAA4IBAQAlhUicH9+AzqRtjpE8lmTd4Cx65q8Htmx/uMEv+KH2
ayEpHl9BsGKqTHM0qRWdK9PIsSqrLiSUBEDPKwhCR71nZ5WCi9XIyTkXLlfXDoTZ
Tw+Tq4I2xNNmlb1SYQ5GCRuA4mvKXzVPcbkZKiJgHlZLkD90ZYMtYn0I2b34URZE
qqjLBePlwHcXWsKlFSzpGPSeJ/18zpLRrUcVfVB5vpjUIj+5XryCW0XOIJzG8aJ+
3F6wosyzIuTNZ2oHnM/p+ep1hFKp34YcEvPNtHaxC0B1Drd0cMaLtit1r1u2Tz+o
bLOtC+5MMP6TnvFFeL2tg91sONV2b2nb+ebNfeAIF7ig
-----END CERTIFICATE-----