Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/Nb7Qhw-3_RkiehRYzB7YOYhzs4I.roa
File:                     Nb7Qhw-3_RkiehRYzB7YOYhzs4I.roa (raw, json)
Hash identifier:          3hoQDB9rBGroRZJbahEJ2i88Gup8jCXmqicyYiPOvF8=
Subject key identifier:   35:BE:D0:87:0F:B7:FD:19:22:7A:14:58:CC:1E:D8:39:88:73:B3:82
Certificate issuer:       /CN=a79f3ad3142a2c02f992b96ab0b9b6390af7fe02
Certificate serial:       018CC348CA9487308F068E0B338A37B4D08A
Authority key identifier: A7:9F:3A:D3:14:2A:2C:02:F9:92:B9:6A:B0:B9:B6:39:0A:F7:FE:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5860xQqLAL5krlqsLm2OQr3_gI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/Nb7Qhw-3_RkiehRYzB7YOYhzs4I.roa
Signing time:             Mon 01 Jan 2024 04:29:36 +0000
ROA not before:           Mon 01 Jan 2024 04:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14907
IP address blocks:        193.46.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/p5860xQqLAL5krlqsLm2OQr3_gI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/p5860xQqLAL5krlqsLm2OQr3_gI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p5860xQqLAL5krlqsLm2OQr3_gI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ca:94:87:30:8f:06:8e:0b:33:8a:37:b4:d0:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79f3ad3142a2c02f992b96ab0b9b6390af7fe02
        Validity
            Not Before: Jan  1 04:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35bed0870fb7fd19227a1458cc1ed8398873b382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2f:1f:2d:81:52:0b:b6:dd:8b:69:e9:b1:11:
                    91:8f:de:df:63:ee:4b:da:ec:89:85:1d:f9:ea:fa:
                    9d:81:a1:d2:28:c6:17:37:5e:c9:02:4d:ec:ac:b1:
                    47:e4:d0:25:64:45:89:0b:9d:1d:db:1f:8a:17:fc:
                    8f:c1:f9:6a:51:31:bc:fa:87:95:b7:74:84:fb:d8:
                    8a:a2:a9:88:fe:a4:64:30:98:41:b2:05:d7:98:b0:
                    e7:ce:35:3b:41:0c:50:a5:ad:e4:17:14:bf:c0:45:
                    b4:f8:14:e9:8e:e8:c9:fe:21:99:04:3d:da:c2:8d:
                    68:0a:33:6a:ae:f2:81:c2:ff:b8:09:83:82:3d:49:
                    0a:db:7f:40:11:1b:eb:c1:08:19:6c:a2:85:7b:fd:
                    7c:6e:19:f3:c6:53:d1:e7:d6:02:53:bf:7c:bd:89:
                    d3:e4:46:65:8f:74:93:ae:68:4e:b0:36:eb:c3:4d:
                    6e:4c:e6:f3:94:5e:f4:b3:70:9c:ee:1c:41:21:8e:
                    42:c0:9a:07:77:c9:19:38:a2:22:72:35:12:52:5f:
                    ed:a5:ad:9a:72:96:c1:c2:3d:e5:0b:11:70:3c:1f:
                    d6:57:6d:f3:9c:20:b7:dc:34:dd:d7:06:b0:3c:68:
                    31:4e:48:d2:e6:36:1d:b8:42:ef:e0:08:e9:4e:95:
                    7e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:BE:D0:87:0F:B7:FD:19:22:7A:14:58:CC:1E:D8:39:88:73:B3:82
            X509v3 Authority Key Identifier:
                keyid:A7:9F:3A:D3:14:2A:2C:02:F9:92:B9:6A:B0:B9:B6:39:0A:F7:FE:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5860xQqLAL5krlqsLm2OQr3_gI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/Nb7Qhw-3_RkiehRYzB7YOYhzs4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6363ce-c8a0-4961-ae80-d5a785517bbf/1/p5860xQqLAL5krlqsLm2OQr3_gI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:af:7c:b7:cd:cc:9e:3f:a3:c9:6a:f1:39:25:9d:f2:79:5b:
         cc:3a:75:9f:f2:44:f8:af:0b:7b:34:e7:d8:a9:48:05:25:65:
         34:31:e7:57:69:25:d3:0e:5c:86:24:af:3b:17:c5:78:76:83:
         a8:94:05:87:b9:07:3f:21:55:7f:bc:fd:81:d2:6e:aa:e7:f4:
         33:e7:88:ed:ad:1b:cd:71:5c:41:7b:8e:35:67:ec:db:5a:9c:
         fe:1b:5c:9e:df:53:96:13:e7:54:af:d2:52:2e:41:c1:52:ad:
         92:d9:9f:c3:22:2d:c7:b7:ac:04:07:69:28:1d:e8:e7:85:e6:
         c5:5b:ca:65:e6:bf:e8:cd:82:d6:b9:f6:e5:b6:41:87:bf:d2:
         0a:e3:21:71:21:36:2d:ec:a0:21:5f:f8:8a:5b:2e:52:02:0b:
         a3:54:a2:18:99:20:3d:59:8a:1b:16:06:0f:0e:ef:79:f8:60:
         20:89:3c:18:9d:51:10:bf:84:2e:2e:9a:90:be:0a:a6:a7:d5:
         d7:58:a3:13:95:5b:ac:67:a7:30:47:73:2f:fc:98:4c:7c:f2:
         b0:4e:9b:21:2a:a5:69:8b:7d:d6:08:85:92:1b:b9:46:b3:b6:
         4a:6a:7f:43:0b:6e:0d:44:b2:d3:d9:42:bd:96:a3:34:05:76:
         e5:81:3c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMqUhzCPBo4LM4o3tNCKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWYzYWQzMTQyYTJjMDJmOTkyYjk2YWIwYjliNjM5MGFm
N2ZlMDIwHhcNMjQwMTAxMDQyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWJlZDA4NzBmYjdmZDE5MjI3YTE0NThjYzFlZDgzOTg4NzNiMzgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC8fLYFSC7bdi2npsRGRj97fY+5L
2uyJhR356vqdgaHSKMYXN17JAk3srLFH5NAlZEWJC50d2x+KF/yPwflqUTG8+oeV
t3SE+9iKoqmI/qRkMJhBsgXXmLDnzjU7QQxQpa3kFxS/wEW0+BTpjujJ/iGZBD3a
wo1oCjNqrvKBwv+4CYOCPUkK239AERvrwQgZbKKFe/18bhnzxlPR59YCU798vYnT
5EZlj3STrmhOsDbrw01uTObzlF70s3Cc7hxBIY5CwJoHd8kZOKIicjUSUl/tpa2a
cpbBwj3lCxFwPB/WV23znCC33DTd1wawPGgxTkjS5jYduELv4AjpTpV+6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDW+0IcPt/0ZInoUWMwe2DmIc7OCMB8GA1UdIwQY
MBaAFKefOtMUKiwC+ZK5arC5tjkK9/4CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDU4NjB4UXFMQUw1a3JscXNMbTJPUXIzX2dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82MzYzY2UtYzhhMC00OTYxLWFlODAt
ZDVhNzg1NTE3YmJmLzEvTmI3UWh3LTNfUmtpZWhSWXpCN1lPWWh6czRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82MzYzY2UtYzhhMC00OTYxLWFlODAtZDVhNzg1NTE3YmJm
LzEvcDU4NjB4UXFMQUw1a3JscXNMbTJPUXIzX2dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS5aMA0G
CSqGSIb3DQEBCwUAA4IBAQBwr3y3zcyeP6PJavE5JZ3yeVvMOnWf8kT4rwt7NOfY
qUgFJWU0MedXaSXTDlyGJK87F8V4doOolAWHuQc/IVV/vP2B0m6q5/Qz54jtrRvN
cVxBe441Z+zbWpz+G1ye31OWE+dUr9JSLkHBUq2S2Z/DIi3Ht6wEB2koHejnhebF
W8pl5r/ozYLWufbltkGHv9IK4yFxITYt7KAhX/iKWy5SAgujVKIYmSA9WYobFgYP
Du95+GAgiTwYnVEQv4QuLpqQvgqmp9XXWKMTlVusZ6cwR3Mv/JhMfPKwTpshKqVp
i33WCIWSG7lGs7ZKan9DC24NRLLT2UK9lqM0BXblgTxK
-----END CERTIFICATE-----