Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/NNKajPIF7Scq8J_nMw8GF2r7Aqk.roa
File:                     NNKajPIF7Scq8J_nMw8GF2r7Aqk.roa (raw, json)
Hash identifier:          OGADpk8mU4NwJlQEXX1U5nodPECQr7fwPujf31ccqfc=
Subject key identifier:   34:D2:9A:8C:F2:05:ED:27:2A:F0:9F:E7:33:0F:06:17:6A:FB:02:A9
Certificate issuer:       /CN=2bf2fae380c5d4c1e281810a34db9883c9d9ff2f
Certificate serial:       018D9D6FBB71C4660D5EEDCDCE82D28A01FE
Authority key identifier: 2B:F2:FA:E3:80:C5:D4:C1:E2:81:81:0A:34:DB:98:83:C9:D9:FF:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K_L644DF1MHigYEKNNuYg8nZ_y8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/NNKajPIF7Scq8J_nMw8GF2r7Aqk.roa
Signing time:             Mon 12 Feb 2024 13:09:21 +0000
ROA not before:           Mon 12 Feb 2024 13:09:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        91.223.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/K_L644DF1MHigYEKNNuYg8nZ_y8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/K_L644DF1MHigYEKNNuYg8nZ_y8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K_L644DF1MHigYEKNNuYg8nZ_y8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:6f:bb:71:c4:66:0d:5e:ed:cd:ce:82:d2:8a:01:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bf2fae380c5d4c1e281810a34db9883c9d9ff2f
        Validity
            Not Before: Feb 12 13:09:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34d29a8cf205ed272af09fe7330f06176afb02a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a1:32:d1:6d:d1:ca:be:59:d1:db:e0:43:07:
                    ce:10:6f:8c:5b:16:c1:55:54:2d:85:9b:03:e2:d8:
                    9e:50:32:b3:97:42:cd:b7:86:b1:51:26:09:8f:13:
                    85:8f:9c:11:5a:0b:7a:61:49:d4:85:bf:94:e2:35:
                    5e:36:71:b7:da:00:96:80:23:48:8f:96:13:b9:a7:
                    2e:39:15:78:2a:1a:99:ae:ec:d2:82:3f:92:ab:ae:
                    39:a6:e5:47:ab:e3:a3:a8:1d:df:f0:68:39:15:d1:
                    90:2a:4b:3b:5a:87:6e:d8:9e:78:9b:37:6e:a4:17:
                    cf:d1:96:48:e7:44:aa:a9:f0:a0:a8:2a:6c:5a:62:
                    0b:83:ed:d9:89:25:24:38:1b:54:10:f6:a1:b4:f4:
                    c9:7a:ee:09:d9:05:cb:2a:8b:e3:06:eb:2d:92:1c:
                    1d:36:7b:95:a1:43:d7:a1:21:a2:8a:fa:f0:d3:21:
                    05:18:37:c5:e9:cf:ec:67:ba:87:27:86:d9:7f:b6:
                    9e:a0:1f:af:7f:7f:d0:0f:42:1d:b2:a1:9b:ee:72:
                    2c:92:e9:6b:d6:65:3c:1c:ff:83:59:07:7f:5c:64:
                    a7:11:79:3e:e3:76:ad:99:2c:f9:10:24:c5:0a:d1:
                    e8:0b:8d:24:e7:9f:65:e3:8c:5e:22:2e:85:b6:45:
                    45:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D2:9A:8C:F2:05:ED:27:2A:F0:9F:E7:33:0F:06:17:6A:FB:02:A9
            X509v3 Authority Key Identifier:
                keyid:2B:F2:FA:E3:80:C5:D4:C1:E2:81:81:0A:34:DB:98:83:C9:D9:FF:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K_L644DF1MHigYEKNNuYg8nZ_y8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/NNKajPIF7Scq8J_nMw8GF2r7Aqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/K_L644DF1MHigYEKNNuYg8nZ_y8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:9c:b7:03:e0:e8:16:d4:2d:bd:b6:4a:db:f2:00:66:f9:16:
         af:78:d0:2a:7c:18:b0:4c:7a:61:4e:fb:b1:d2:e9:65:98:e4:
         32:0b:63:75:26:e4:89:0b:6a:c1:20:73:ec:a3:bd:98:d2:49:
         69:cd:b0:d0:3f:e0:82:65:bb:3b:7c:1e:05:8b:a2:b9:74:4f:
         ab:75:cf:c5:37:0d:58:75:87:66:00:e8:b7:99:61:83:36:40:
         21:fa:6b:b1:0f:76:35:69:32:9a:d1:6f:3b:56:b7:be:25:eb:
         a4:2e:a9:17:ff:9d:76:b2:bf:70:0d:32:71:69:d2:b1:e4:bf:
         07:2f:65:36:a1:d4:c9:e7:e0:f9:71:0b:b2:be:54:b2:82:ad:
         ba:59:01:de:71:43:9b:a9:38:5d:4f:dd:3d:4a:fb:e0:23:62:
         1e:b2:cd:9d:78:f1:9d:75:c8:e0:ff:24:e0:b8:a3:f7:30:22:
         de:ab:a2:61:aa:d9:46:33:6f:e6:ce:fc:17:6b:8a:fc:cb:1a:
         fd:17:34:0f:fc:98:5d:0f:8b:8e:97:1d:d8:3f:40:05:64:31:
         1e:75:2f:71:22:3e:3b:2d:70:99:63:90:8a:04:02:33:bb:79:
         a0:01:3f:0e:5c:e6:b4:53:d4:4c:6b:4f:97:15:02:b1:1b:03:
         49:b2:64:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2db7txxGYNXu3NzoLSigH+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZjJmYWUzODBjNWQ0YzFlMjgxODEwYTM0ZGI5ODgzYzlk
OWZmMmYwHhcNMjQwMjEyMTMwOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQyOWE4Y2YyMDVlZDI3MmFmMDlmZTczMzBmMDYxNzZhZmIwMmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKEy0W3Ryr5Z0dvgQwfOEG+MWxbB
VVQthZsD4tieUDKzl0LNt4axUSYJjxOFj5wRWgt6YUnUhb+U4jVeNnG32gCWgCNI
j5YTuacuORV4KhqZruzSgj+Sq645puVHq+OjqB3f8Gg5FdGQKks7Wodu2J54mzdu
pBfP0ZZI50SqqfCgqCpsWmILg+3ZiSUkOBtUEPahtPTJeu4J2QXLKovjBustkhwd
NnuVoUPXoSGiivrw0yEFGDfF6c/sZ7qHJ4bZf7aeoB+vf3/QD0IdsqGb7nIskulr
1mU8HP+DWQd/XGSnEXk+43atmSz5ECTFCtHoC40k559l44xeIi6FtkVFWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTSmozyBe0nKvCf5zMPBhdq+wKpMB8GA1UdIwQY
MBaAFCvy+uOAxdTB4oGBCjTbmIPJ2f8vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS19MNjQ0REYxTUhpZ1lFS05OdVlnOG5aX3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xM2UxZmYtYTVkMy00NGNkLWIxYmUt
ZmJmMGVkM2Y5MTU3LzEvTk5LYWpQSUY3U2NxOEpfbk13OEdGMnI3QXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xM2UxZmYtYTVkMy00NGNkLWIxYmUtZmJmMGVkM2Y5MTU3
LzEvS19MNjQ0REYxTUhpZ1lFS05OdVlnOG5aX3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+7MA0G
CSqGSIb3DQEBCwUAA4IBAQAQnLcD4OgW1C29tkrb8gBm+RaveNAqfBiwTHphTvux
0ullmOQyC2N1JuSJC2rBIHPso72Y0klpzbDQP+CCZbs7fB4Fi6K5dE+rdc/FNw1Y
dYdmAOi3mWGDNkAh+muxD3Y1aTKa0W87Vre+JeukLqkX/512sr9wDTJxadKx5L8H
L2U2odTJ5+D5cQuyvlSygq26WQHecUObqThdT909SvvgI2Iess2dePGddcjg/yTg
uKP3MCLeq6JhqtlGM2/mzvwXa4r8yxr9FzQP/JhdD4uOlx3YP0AFZDEedS9xIj47
LXCZY5CKBAIzu3mgAT8OXOa0U9RMa0+XFQKxGwNJsmRx
-----END CERTIFICATE-----