Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/993d38-2188-4a7b-bc37-a04762095ee6/1/NohbiBsJhXy5XtsfVO2V83EO7Uo.roa
File:                     NohbiBsJhXy5XtsfVO2V83EO7Uo.roa (raw, json)
Hash identifier:          QhW/RC4U84uO2jVH+eMksMz22jNKhmAdJpQawuI4ztw=
Subject key identifier:   36:88:5B:88:1B:09:85:7C:B9:5E:DB:1F:54:ED:95:F3:71:0E:ED:4A
Certificate issuer:       /CN=874c3dcccbf02ba8501ab1c706d31e137fddf41d
Certificate serial:       0191032C0E624C431EF8BAFB4EA52D18E93E
Authority key identifier: 87:4C:3D:CC:CB:F0:2B:A8:50:1A:B1:C7:06:D3:1E:13:7F:DD:F4:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0w9zMvwK6hQGrHHBtMeE3_d9B0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/993d38-2188-4a7b-bc37-a04762095ee6/1/NohbiBsJhXy5XtsfVO2V83EO7Uo.roa
Signing time:             Tue 30 Jul 2024 10:25:04 +0000
ROA not before:           Tue 30 Jul 2024 10:25:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47819
IP address blocks:        91.208.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/993d38-2188-4a7b-bc37-a04762095ee6/1/h0w9zMvwK6hQGrHHBtMeE3_d9B0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/993d38-2188-4a7b-bc37-a04762095ee6/1/h0w9zMvwK6hQGrHHBtMeE3_d9B0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0w9zMvwK6hQGrHHBtMeE3_d9B0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:03:2c:0e:62:4c:43:1e:f8:ba:fb:4e:a5:2d:18:e9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874c3dcccbf02ba8501ab1c706d31e137fddf41d
        Validity
            Not Before: Jul 30 10:25:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36885b881b09857cb95edb1f54ed95f3710eed4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:09:57:e9:cc:b7:ee:73:12:ef:53:61:b5:2d:
                    45:4f:11:f0:b4:b0:45:9a:ed:bd:45:6b:49:16:36:
                    ed:f6:15:27:6f:f8:19:03:d9:a6:5c:ac:5d:ce:17:
                    b7:96:e0:b5:3a:94:71:ea:23:7b:c9:c6:b7:38:48:
                    dd:e7:a6:63:b8:f9:5d:3b:cf:8c:00:7e:77:db:a1:
                    2c:e6:88:fb:f8:67:fc:1c:1f:8e:9e:b4:3f:16:b0:
                    69:51:1e:13:3e:75:a5:1d:03:0a:6e:3c:f5:d8:ff:
                    27:14:c7:6b:db:a5:b5:a0:bd:ad:85:b7:c5:b7:d3:
                    d0:e8:32:db:56:7f:c8:19:3b:56:c5:89:96:12:e6:
                    eb:84:ff:72:86:2f:fe:3c:b1:45:ba:90:ce:41:ec:
                    f6:59:02:a0:6d:90:c5:11:04:28:32:c5:2e:09:8e:
                    76:48:56:6d:7a:30:9d:a0:a8:0e:7f:ac:47:82:2f:
                    19:8c:7d:8c:69:0d:20:a7:45:93:8b:82:96:b6:c4:
                    9a:2b:c2:00:74:40:b4:93:7e:7c:4c:40:8d:ae:89:
                    57:cb:2d:fc:b5:d5:d7:fd:e6:26:9e:8f:e1:e7:01:
                    1f:97:94:14:c1:8f:14:f2:ed:c9:fd:bf:fd:04:d6:
                    fe:15:94:05:c9:fd:41:1b:7b:03:88:84:ab:a8:ac:
                    e8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:88:5B:88:1B:09:85:7C:B9:5E:DB:1F:54:ED:95:F3:71:0E:ED:4A
            X509v3 Authority Key Identifier:
                keyid:87:4C:3D:CC:CB:F0:2B:A8:50:1A:B1:C7:06:D3:1E:13:7F:DD:F4:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0w9zMvwK6hQGrHHBtMeE3_d9B0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/993d38-2188-4a7b-bc37-a04762095ee6/1/NohbiBsJhXy5XtsfVO2V83EO7Uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/993d38-2188-4a7b-bc37-a04762095ee6/1/h0w9zMvwK6hQGrHHBtMeE3_d9B0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:02:5c:4e:af:fa:29:e8:8c:5a:fa:5a:7f:0b:95:35:23:35:
         94:6d:18:98:2e:49:62:88:aa:6a:61:01:33:1a:3e:60:48:e4:
         aa:25:7d:11:9c:09:31:87:4e:5b:e0:22:72:5e:cd:ba:83:fe:
         2b:ed:75:56:00:27:b2:e6:6c:c0:ec:ab:4e:95:c4:2a:06:73:
         01:38:02:0e:1b:e4:6c:d5:41:ff:3d:18:ce:bb:a2:ea:f3:4f:
         1a:f2:d4:b5:de:c4:ba:e0:41:22:d8:57:42:2f:08:4a:ec:24:
         c1:99:af:fd:cc:4d:ac:9f:07:e5:54:7e:31:82:5d:5a:9c:72:
         45:8f:4b:7f:d4:da:f4:ef:e2:89:0b:cd:d3:8b:46:21:a3:cb:
         0b:9a:a5:b6:86:cc:e3:e5:64:51:59:c0:76:aa:af:49:f8:1c:
         83:b1:eb:83:5a:71:ff:16:ee:fc:bd:65:61:c0:2b:ee:53:24:
         76:35:22:19:3d:b5:4d:3b:80:4f:c5:0f:98:91:d1:2b:79:37:
         71:3a:3d:8d:d4:36:28:1d:71:fb:5f:f6:35:bd:3f:b6:2e:57:
         92:c2:cf:e2:bd:fe:55:a3:e1:16:d9:49:1b:51:d8:0a:e3:ba:
         5c:36:a6:a3:5a:f4:72:a9:e6:e2:ce:76:e8:fa:ba:3c:a8:23:
         e2:51:f2:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEDLA5iTEMe+Lr7TqUtGOk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGMzZGNjY2JmMDJiYTg1MDFhYjFjNzA2ZDMxZTEzN2Zk
ZGY0MWQwHhcNMjQwNzMwMTAyNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjg4NWI4ODFiMDk4NTdjYjk1ZWRiMWY1NGVkOTVmMzcxMGVlZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4AlX6cy37nMS71NhtS1FTxHwtLBF
mu29RWtJFjbt9hUnb/gZA9mmXKxdzhe3luC1OpRx6iN7yca3OEjd56ZjuPldO8+M
AH5326Es5oj7+Gf8HB+OnrQ/FrBpUR4TPnWlHQMKbjz12P8nFMdr26W1oL2thbfF
t9PQ6DLbVn/IGTtWxYmWEubrhP9yhi/+PLFFupDOQez2WQKgbZDFEQQoMsUuCY52
SFZtejCdoKgOf6xHgi8ZjH2MaQ0gp0WTi4KWtsSaK8IAdEC0k358TECNrolXyy38
tdXX/eYmno/h5wEfl5QUwY8U8u3J/b/9BNb+FZQFyf1BG3sDiISrqKzodQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaIW4gbCYV8uV7bH1TtlfNxDu1KMB8GA1UdIwQY
MBaAFIdMPczL8CuoUBqxxwbTHhN/3fQdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB3OXpNdndLNmhRR3JISEJ0TWVFM19kOUIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy85OTNkMzgtMjE4OC00YTdiLWJjMzct
YTA0NzYyMDk1ZWU2LzEvTm9oYmlCc0poWHk1WHRzZlZPMlY4M0VPN1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy85OTNkMzgtMjE4OC00YTdiLWJjMzctYTA0NzYyMDk1ZWU2
LzEvaDB3OXpNdndLNmhRR3JISEJ0TWVFM19kOUIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AXMA0G
CSqGSIb3DQEBCwUAA4IBAQAVAlxOr/op6Ixa+lp/C5U1IzWUbRiYLkliiKpqYQEz
Gj5gSOSqJX0RnAkxh05b4CJyXs26g/4r7XVWACey5mzA7KtOlcQqBnMBOAIOG+Rs
1UH/PRjOu6Lq808a8tS13sS64EEi2FdCLwhK7CTBma/9zE2snwflVH4xgl1anHJF
j0t/1Nr07+KJC83Ti0Yho8sLmqW2hszj5WRRWcB2qq9J+ByDseuDWnH/Fu78vWVh
wCvuUyR2NSIZPbVNO4BPxQ+YkdEreTdxOj2N1DYoHXH7X/Y1vT+2LleSws/ivf5V
o+EW2UkbUdgK47pcNqajWvRyqebiznbo+ro8qCPiUfIf
-----END CERTIFICATE-----