Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/Nb59MG_3IXUcQ9NkX9Gsm13YORc.roa
File:                     Nb59MG_3IXUcQ9NkX9Gsm13YORc.roa (raw, json)
Hash identifier:          juV8Px0Gn2F6afIapQZfWNuJdUvYbE42Tm7DtY3k2Uo=
Subject key identifier:   35:BE:7D:30:6F:F7:21:75:1C:43:D3:64:5F:D1:AC:9B:5D:D8:39:17
Certificate issuer:       /CN=3fafd07dc086dd7feec69e64e094dee5f49cea7d
Certificate serial:       018CC9BC51EE35DACB9E9103270957F64A62
Authority key identifier: 3F:AF:D0:7D:C0:86:DD:7F:EE:C6:9E:64:E0:94:DE:E5:F4:9C:EA:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P6_QfcCG3X_uxp5k4JTe5fSc6n0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/Nb59MG_3IXUcQ9NkX9Gsm13YORc.roa
Signing time:             Tue 02 Jan 2024 10:33:31 +0000
ROA not before:           Tue 02 Jan 2024 10:33:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201814
IP address blocks:        193.35.110.0/24 maxlen: 24
                          195.128.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/P6_QfcCG3X_uxp5k4JTe5fSc6n0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/P6_QfcCG3X_uxp5k4JTe5fSc6n0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P6_QfcCG3X_uxp5k4JTe5fSc6n0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:51:ee:35:da:cb:9e:91:03:27:09:57:f6:4a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fafd07dc086dd7feec69e64e094dee5f49cea7d
        Validity
            Not Before: Jan  2 10:33:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35be7d306ff721751c43d3645fd1ac9b5dd83917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:1a:58:f9:57:25:6f:61:71:08:c9:b6:ea:33:
                    7e:e0:de:3c:66:14:00:b7:dd:86:21:42:77:a9:c2:
                    05:5d:a1:c9:55:11:b1:01:68:9d:a3:2c:0d:1b:91:
                    3b:70:b3:1b:63:2e:4a:b1:a0:bc:33:db:d7:57:7d:
                    98:4c:40:30:14:be:6d:b6:96:02:41:80:45:1f:a6:
                    57:c0:35:19:7e:5d:aa:6a:88:3a:fb:ae:a5:6b:e9:
                    10:ee:f9:28:3a:d5:3c:75:70:c7:ec:53:09:a9:03:
                    f2:4c:f0:54:3e:09:87:f6:80:83:1b:12:69:28:48:
                    a6:f4:a9:55:74:2b:57:cd:67:86:87:94:bb:3b:94:
                    06:9b:7d:83:8d:10:f2:db:16:26:a1:a5:da:95:b7:
                    5d:e3:04:ea:7a:12:5b:e8:43:c9:86:34:76:94:21:
                    04:f8:8f:df:4c:90:b1:a1:15:49:ab:ec:de:b4:25:
                    0b:c9:32:ce:ed:ac:c8:4d:20:1b:3e:4a:4f:44:8f:
                    c8:43:bb:1e:6c:b6:2f:27:2f:e2:bb:2b:bc:53:9d:
                    54:fd:c4:ce:b8:30:99:5a:22:1f:14:3e:e6:aa:dd:
                    3a:6e:2a:84:0c:b3:c7:03:3d:6a:77:ee:4c:e4:3d:
                    d4:93:d2:6d:05:2b:a7:17:00:b4:9e:81:bc:4a:bd:
                    f1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:BE:7D:30:6F:F7:21:75:1C:43:D3:64:5F:D1:AC:9B:5D:D8:39:17
            X509v3 Authority Key Identifier:
                keyid:3F:AF:D0:7D:C0:86:DD:7F:EE:C6:9E:64:E0:94:DE:E5:F4:9C:EA:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P6_QfcCG3X_uxp5k4JTe5fSc6n0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/Nb59MG_3IXUcQ9NkX9Gsm13YORc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/fb823f-7296-4279-9721-92e08ba5e2bf/1/P6_QfcCG3X_uxp5k4JTe5fSc6n0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.110.0/24
                  195.128.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:4c:07:27:69:09:69:be:78:04:d7:ac:3f:e6:75:aa:b6:6a:
         67:19:39:7b:50:6e:22:8d:b1:2f:4b:76:56:a9:04:84:b1:00:
         c0:bb:b7:8f:69:03:45:74:b6:06:ec:8b:fa:93:79:f6:85:29:
         ab:c2:1a:6d:4f:d3:94:4e:81:fb:be:a4:21:54:7a:62:e3:28:
         63:4b:b6:37:8e:a3:89:79:29:51:a8:57:3f:e9:b7:7b:9d:df:
         28:47:fb:2e:0f:08:bd:31:ae:bf:c6:f4:7e:36:7b:4d:d9:a1:
         3e:51:76:a1:c1:ee:2e:33:c7:33:84:e7:a5:44:19:9e:e5:c8:
         46:d6:68:24:b8:a3:75:9d:7a:4f:2c:5d:b1:5f:06:73:9e:c9:
         3d:67:cd:7c:cd:ff:4d:13:e8:fb:bb:21:a6:3f:bc:db:bc:94:
         cb:45:f2:3f:d5:55:2b:c6:f3:a8:8d:a5:3f:de:ef:26:18:05:
         49:0f:39:a3:82:86:fe:9b:4b:03:66:a8:4e:d3:50:56:e6:8f:
         55:2d:b1:65:c9:5a:7e:49:32:20:66:b1:96:60:eb:db:0d:4b:
         9f:24:41:b0:15:de:c4:27:0b:3d:04:bb:06:f9:b6:2b:b5:b3:
         f5:9d:d9:4c:80:db:1e:c1:7b:46:9a:85:cb:c5:19:d7:91:0c:
         f8:c2:ea:88
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvFHuNdrLnpEDJwlX9kpiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmYWZkMDdkYzA4NmRkN2ZlZWM2OWU2NGUwOTRkZWU1ZjQ5
Y2VhN2QwHhcNMjQwMTAyMTAzMzMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWJlN2QzMDZmZjcyMTc1MWM0M2QzNjQ1ZmQxYWM5YjVkZDgzOTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BpY+Vclb2FxCMm26jN+4N48ZhQA
t92GIUJ3qcIFXaHJVRGxAWidoywNG5E7cLMbYy5KsaC8M9vXV32YTEAwFL5ttpYC
QYBFH6ZXwDUZfl2qaog6+66la+kQ7vkoOtU8dXDH7FMJqQPyTPBUPgmH9oCDGxJp
KEim9KlVdCtXzWeGh5S7O5QGm32DjRDy2xYmoaXalbdd4wTqehJb6EPJhjR2lCEE
+I/fTJCxoRVJq+zetCULyTLO7azITSAbPkpPRI/IQ7sebLYvJy/iuyu8U51U/cTO
uDCZWiIfFD7mqt06biqEDLPHAz1qd+5M5D3Uk9JtBSunFwC0noG8Sr3xFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDW+fTBv9yF1HEPTZF/RrJtd2DkXMB8GA1UdIwQY
MBaAFD+v0H3Aht1/7saeZOCU3uX0nOp9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDZfUWZjQ0czWF91eHA1azRKVGU1ZlNjNm4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9mYjgyM2YtNzI5Ni00Mjc5LTk3MjEt
OTJlMDhiYTVlMmJmLzEvTmI1OU1HXzNJWFVjUTlOa1g5R3NtMTNZT1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9mYjgyM2YtNzI5Ni00Mjc5LTk3MjEtOTJlMDhiYTVlMmJm
LzEvUDZfUWZjQ0czWF91eHA1azRKVGU1ZlNjNm4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSNuAwQA
w4CaMA0GCSqGSIb3DQEBCwUAA4IBAQC2TAcnaQlpvngE16w/5nWqtmpnGTl7UG4i
jbEvS3ZWqQSEsQDAu7ePaQNFdLYG7Iv6k3n2hSmrwhptT9OUToH7vqQhVHpi4yhj
S7Y3jqOJeSlRqFc/6bd7nd8oR/suDwi9Ma6/xvR+NntN2aE+UXahwe4uM8czhOel
RBme5chG1mgkuKN1nXpPLF2xXwZznsk9Z818zf9NE+j7uyGmP7zbvJTLRfI/1VUr
xvOojaU/3u8mGAVJDzmjgob+m0sDZqhO01BW5o9VLbFlyVp+STIgZrGWYOvbDUuf
JEGwFd7EJws9BLsG+bYrtbP1ndlMgNsewXtGmoXLxRnXkQz4wuqI
-----END CERTIFICATE-----