Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/NIzz7Di7LXBgc8I1JV0gjH1xyPE.roa
File:                     NIzz7Di7LXBgc8I1JV0gjH1xyPE.roa (raw, json)
Hash identifier:          7zvmI56A2FaryHXyxSBIUWh8sG5nAK5McFFY4bRN82I=
Subject key identifier:   34:8C:F3:EC:38:BB:2D:70:60:73:C2:35:25:5D:20:8C:7D:71:C8:F1
Certificate issuer:       /CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
Certificate serial:       0191367999C801B9F0B0B934F7217B925C06
Authority key identifier: 93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/NIzz7Di7LXBgc8I1JV0gjH1xyPE.roa
Signing time:             Fri 09 Aug 2024 09:30:24 +0000
ROA not before:           Fri 09 Aug 2024 09:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        193.37.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:36:79:99:c8:01:b9:f0:b0:b9:34:f7:21:7b:92:5c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93677d7cb9271ce361256e9833cc7b14fd023ebe
        Validity
            Not Before: Aug  9 09:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=348cf3ec38bb2d706073c235255d208c7d71c8f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0f:4f:c8:b4:04:a0:c9:59:8b:9c:80:63:41:
                    88:d3:2f:eb:c4:96:c9:6f:17:bf:62:64:da:f0:d4:
                    7a:fd:fb:d7:72:a8:7e:9e:bf:4b:e7:34:5c:29:a2:
                    cd:dc:9d:fd:3e:c4:d2:57:75:7d:67:a4:a1:c6:91:
                    b7:0d:91:c2:16:52:fa:eb:11:b7:3e:42:e7:04:0d:
                    8c:09:7e:3a:cb:06:61:4d:a2:1d:40:a6:f1:6a:95:
                    fe:34:c0:97:9f:9b:47:15:78:c3:5f:2e:48:9d:64:
                    5e:60:90:bc:f1:8f:62:32:a0:fe:c9:4b:a8:f6:91:
                    7a:77:2a:ad:6d:4c:bb:ce:eb:d6:5f:42:49:80:b9:
                    ea:58:f6:59:34:88:ca:ee:62:62:78:f5:9d:c6:86:
                    09:d5:a3:1c:e1:c1:a2:66:44:92:41:d3:00:ac:2b:
                    6b:35:c2:03:a0:c4:f0:db:ed:14:11:65:10:14:74:
                    53:f0:2a:7a:0b:0a:e9:75:94:fd:9d:b9:55:8f:b8:
                    5d:2a:eb:c2:61:e6:f6:06:bc:bc:04:a0:a7:9c:14:
                    9c:32:3c:7a:db:ea:76:4c:fe:df:05:dc:39:df:89:
                    83:4e:b3:ca:bf:4a:76:d2:7e:5a:3c:85:2a:f3:e6:
                    61:15:63:17:c0:94:ac:a5:ea:3f:48:df:cd:4d:8b:
                    be:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8C:F3:EC:38:BB:2D:70:60:73:C2:35:25:5D:20:8C:7D:71:C8:F1
            X509v3 Authority Key Identifier:
                keyid:93:67:7D:7C:B9:27:1C:E3:61:25:6E:98:33:CC:7B:14:FD:02:3E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2d9fLknHONhJW6YM8x7FP0CPr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/NIzz7Di7LXBgc8I1JV0gjH1xyPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/a9c6da-8ea0-46b7-a1a6-99acb99ce754/1/k2d9fLknHONhJW6YM8x7FP0CPr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:48:b4:9f:3a:f8:3f:19:21:a5:72:75:8a:4a:60:aa:bd:4a:
         21:60:aa:5d:f4:c3:bb:b2:af:83:ac:05:d1:35:ad:e2:14:66:
         53:d2:65:cb:45:c7:f0:96:13:0f:49:64:b8:a8:b2:14:67:1d:
         25:01:6b:60:bc:30:4e:44:76:ae:3c:ec:0b:13:93:85:c9:ee:
         91:c5:90:c8:21:b4:b5:f1:3b:e3:8f:44:74:03:5d:39:e0:d8:
         87:f4:2f:ce:67:fd:dd:d2:05:d6:9e:8b:98:69:dd:3b:e6:dd:
         32:27:63:e6:22:79:56:39:88:cc:85:5b:8a:89:aa:cc:75:ea:
         b2:cf:39:a9:cf:e9:41:4e:64:9c:d8:fc:0a:c7:43:7e:81:a5:
         f0:68:ea:88:ff:9a:bc:93:89:13:88:7c:24:4c:5e:9a:7d:1d:
         0f:40:01:7b:42:5d:73:2b:26:01:2c:aa:9b:22:93:7d:03:c4:
         00:96:84:57:b3:34:ce:d9:70:4a:bc:1b:6b:db:51:b2:41:86:
         8c:2b:6a:3e:e1:9c:86:9a:dc:62:15:67:62:bf:25:16:ca:96:
         3b:6d:95:c9:91:cd:be:ec:c2:79:eb:c0:e1:fb:e7:14:06:4e:
         78:21:25:d9:aa:80:fd:4a:36:d5:3f:44:8c:f9:82:24:59:43:
         03:f9:e6:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZE2eZnIAbnwsLk09yF7klwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjc3ZDdjYjkyNzFjZTM2MTI1NmU5ODMzY2M3YjE0ZmQw
MjNlYmUwHhcNMjQwODA5MDkzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhjZjNlYzM4YmIyZDcwNjA3M2MyMzUyNTVkMjA4YzdkNzFjOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg9PyLQEoMlZi5yAY0GI0y/rxJbJ
bxe/YmTa8NR6/fvXcqh+nr9L5zRcKaLN3J39PsTSV3V9Z6ShxpG3DZHCFlL66xG3
PkLnBA2MCX46ywZhTaIdQKbxapX+NMCXn5tHFXjDXy5InWReYJC88Y9iMqD+yUuo
9pF6dyqtbUy7zuvWX0JJgLnqWPZZNIjK7mJiePWdxoYJ1aMc4cGiZkSSQdMArCtr
NcIDoMTw2+0UEWUQFHRT8Cp6CwrpdZT9nblVj7hdKuvCYeb2Bry8BKCnnBScMjx6
2+p2TP7fBdw534mDTrPKv0p20n5aPIUq8+ZhFWMXwJSspeo/SN/NTYu+wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSM8+w4uy1wYHPCNSVdIIx9ccjxMB8GA1UdIwQY
MBaAFJNnfXy5JxzjYSVumDPMexT9Aj6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYt
OTlhY2I5OWNlNzU0LzEvTkl6ejdEaTdMWEJnYzhJMUpWMGdqSDF4eVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hOWM2ZGEtOGVhMC00NmI3LWExYTYtOTlhY2I5OWNlNzU0
LzEvazJkOWZMa25IT05oSlc2WU04eDdGUDBDUHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSXEMA0G
CSqGSIb3DQEBCwUAA4IBAQBKSLSfOvg/GSGlcnWKSmCqvUohYKpd9MO7sq+DrAXR
Na3iFGZT0mXLRcfwlhMPSWS4qLIUZx0lAWtgvDBORHauPOwLE5OFye6RxZDIIbS1
8Tvjj0R0A1054NiH9C/OZ/3d0gXWnouYad075t0yJ2PmInlWOYjMhVuKiarMdeqy
zzmpz+lBTmSc2PwKx0N+gaXwaOqI/5q8k4kTiHwkTF6afR0PQAF7Ql1zKyYBLKqb
IpN9A8QAloRXszTO2XBKvBtr21GyQYaMK2o+4ZyGmtxiFWdivyUWypY7bZXJkc2+
7MJ568Dh++cUBk54ISXZqoD9SjbVP0SM+YIkWUMD+eYu
-----END CERTIFICATE-----