Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/784838-0e3b-46ba-8595-d8f6ab83b533/1/NbNDJUzQH3dtWjDzVWxuRPVMYyo.roa
File:                     NbNDJUzQH3dtWjDzVWxuRPVMYyo.roa (raw, json)
Hash identifier:          zPXQLLkqUR2q+otq95xoxuS3o0Oaha6YRs1J0+I7cCM=
Subject key identifier:   35:B3:43:25:4C:D0:1F:77:6D:5A:30:F3:55:6C:6E:44:F5:4C:63:2A
Certificate issuer:       /CN=e5b1de7443eaf18ceb06888d7ef93a5635a4ae1e
Certificate serial:       018CC801A1C4DC499457E67F695743CF356D
Authority key identifier: E5:B1:DE:74:43:EA:F1:8C:EB:06:88:8D:7E:F9:3A:56:35:A4:AE:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5bHedEPq8YzrBoiNfvk6VjWkrh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/784838-0e3b-46ba-8595-d8f6ab83b533/1/NbNDJUzQH3dtWjDzVWxuRPVMYyo.roa
Signing time:             Tue 02 Jan 2024 02:29:59 +0000
ROA not before:           Tue 02 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43473
IP address blocks:        91.195.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/784838-0e3b-46ba-8595-d8f6ab83b533/1/5bHedEPq8YzrBoiNfvk6VjWkrh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/784838-0e3b-46ba-8595-d8f6ab83b533/1/5bHedEPq8YzrBoiNfvk6VjWkrh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5bHedEPq8YzrBoiNfvk6VjWkrh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 01:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a1:c4:dc:49:94:57:e6:7f:69:57:43:cf:35:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5b1de7443eaf18ceb06888d7ef93a5635a4ae1e
        Validity
            Not Before: Jan  2 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35b343254cd01f776d5a30f3556c6e44f54c632a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:df:48:f1:c8:33:16:fa:92:e8:b1:8d:af:70:
                    ba:4a:4f:0b:43:6e:d3:2d:c1:ba:b8:da:9a:34:0e:
                    23:ab:c6:2c:11:76:61:11:19:b8:a9:f7:0d:20:24:
                    44:d7:61:9f:07:d5:d4:73:c8:1b:be:6c:ab:37:9b:
                    3f:45:90:92:8f:af:bd:98:7e:dd:bc:ca:78:4d:c7:
                    22:d1:9d:62:fd:0f:9a:04:4e:4d:28:bc:b1:fc:c8:
                    1a:af:9f:9a:55:07:f5:1a:f6:6b:82:24:87:15:81:
                    16:1c:56:b4:0b:50:35:08:aa:46:69:6f:04:00:21:
                    db:23:ca:62:11:2c:61:70:b6:a8:5d:e6:7f:82:85:
                    f4:7c:5a:13:2f:80:ed:40:e6:eb:21:90:67:88:1d:
                    d7:b6:6f:bf:df:54:c1:58:bd:33:fb:e1:3a:37:ab:
                    68:79:9f:bb:53:46:09:0e:66:1c:37:0a:86:a1:90:
                    f8:7b:55:7b:33:af:4c:ea:54:85:3d:dc:df:56:30:
                    25:0d:2e:08:28:10:a7:bd:11:a7:08:6f:9c:a4:5e:
                    89:13:a9:a0:6d:47:93:42:2d:43:19:85:46:5f:aa:
                    5b:6c:05:32:ab:c0:78:49:58:6a:82:82:da:12:46:
                    6b:28:b4:8b:4c:be:0c:95:3f:13:94:23:f1:4a:a7:
                    a1:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:B3:43:25:4C:D0:1F:77:6D:5A:30:F3:55:6C:6E:44:F5:4C:63:2A
            X509v3 Authority Key Identifier:
                keyid:E5:B1:DE:74:43:EA:F1:8C:EB:06:88:8D:7E:F9:3A:56:35:A4:AE:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5bHedEPq8YzrBoiNfvk6VjWkrh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/784838-0e3b-46ba-8595-d8f6ab83b533/1/NbNDJUzQH3dtWjDzVWxuRPVMYyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/784838-0e3b-46ba-8595-d8f6ab83b533/1/5bHedEPq8YzrBoiNfvk6VjWkrh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:33:f5:d8:9a:28:87:28:ee:78:dc:14:46:ce:b7:80:7d:c4:
         ff:b0:cc:20:e9:6c:95:90:b8:24:33:41:d6:6e:ac:a8:ce:06:
         d7:d3:2a:12:c5:b7:bf:5c:ed:49:24:ae:68:88:37:d8:39:ab:
         92:51:9a:00:d1:8f:ba:6a:b8:90:0f:1e:ad:5a:67:5c:b3:1a:
         51:22:6f:dc:59:ed:50:c1:a2:de:d9:f6:8f:03:3b:42:ff:6f:
         58:08:93:c3:81:3a:34:be:5b:e9:99:2e:7d:81:1a:77:80:8c:
         d8:44:7c:fd:b2:16:4d:71:fa:c2:2f:4b:59:e9:90:16:9c:27:
         77:12:41:de:cb:1e:c9:6b:0a:39:4d:12:f3:1b:d0:ed:74:a4:
         ba:da:8f:89:13:c4:22:29:db:6b:5a:20:3c:61:33:86:3f:97:
         c1:70:10:12:74:0f:7e:3a:b2:c3:93:22:ab:d8:7e:c4:65:c1:
         1a:65:9c:32:0c:0c:75:a2:78:b5:6f:de:21:91:6e:dc:7f:ee:
         bf:92:80:f9:92:40:f6:c3:55:d4:3d:db:d5:fd:1d:72:db:29:
         ae:05:ce:ee:6f:4c:bd:63:f1:b0:6e:d0:d2:c0:a1:7b:dd:37:
         c5:63:9d:30:27:db:7d:28:81:b2:01:92:f2:11:b2:0b:bb:0b:
         42:0e:7a:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAaHE3EmUV+Z/aVdDzzVtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YjFkZTc0NDNlYWYxOGNlYjA2ODg4ZDdlZjkzYTU2MzVh
NGFlMWUwHhcNMjQwMTAyMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWIzNDMyNTRjZDAxZjc3NmQ1YTMwZjM1NTZjNmU0NGY1NGM2MzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi99I8cgzFvqS6LGNr3C6Sk8LQ27T
LcG6uNqaNA4jq8YsEXZhERm4qfcNICRE12GfB9XUc8gbvmyrN5s/RZCSj6+9mH7d
vMp4Tcci0Z1i/Q+aBE5NKLyx/Mgar5+aVQf1GvZrgiSHFYEWHFa0C1A1CKpGaW8E
ACHbI8piESxhcLaoXeZ/goX0fFoTL4DtQObrIZBniB3Xtm+/31TBWL0z++E6N6to
eZ+7U0YJDmYcNwqGoZD4e1V7M69M6lSFPdzfVjAlDS4IKBCnvRGnCG+cpF6JE6mg
bUeTQi1DGYVGX6pbbAUyq8B4SVhqgoLaEkZrKLSLTL4MlT8TlCPxSqehZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWzQyVM0B93bVow81VsbkT1TGMqMB8GA1UdIwQY
MBaAFOWx3nRD6vGM6waIjX75OlY1pK4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWJIZWRFUHE4WXpyQm9pTmZ2azZWaldrcmg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODQ4MzgtMGUzYi00NmJhLTg1OTUt
ZDhmNmFiODNiNTMzLzEvTmJOREpVelFIM2R0V2pEelZXeHVSUFZNWXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODQ4MzgtMGUzYi00NmJhLTg1OTUtZDhmNmFiODNiNTMz
LzEvNWJIZWRFUHE4WXpyQm9pTmZ2azZWaldrcmg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8MOMA0G
CSqGSIb3DQEBCwUAA4IBAQCaM/XYmiiHKO543BRGzreAfcT/sMwg6WyVkLgkM0HW
bqyozgbX0yoSxbe/XO1JJK5oiDfYOauSUZoA0Y+6ariQDx6tWmdcsxpRIm/cWe1Q
waLe2faPAztC/29YCJPDgTo0vlvpmS59gRp3gIzYRHz9shZNcfrCL0tZ6ZAWnCd3
EkHeyx7Jawo5TRLzG9DtdKS62o+JE8QiKdtrWiA8YTOGP5fBcBASdA9+OrLDkyKr
2H7EZcEaZZwyDAx1oni1b94hkW7cf+6/koD5kkD2w1XUPdvV/R1y2ymuBc7ub0y9
Y/GwbtDSwKF73TfFY50wJ9t9KIGyAZLyEbILuwtCDnra
-----END CERTIFICATE-----