Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/naMSbDv-cUa-1XhcA3K0TIQqW-M.roa
File:                     naMSbDv-cUa-1XhcA3K0TIQqW-M.roa (raw, json)
Hash identifier:          L7fQwTpl65CT5Ryogsv/z/cqit/r+GKOhjfriryreh4=
Subject key identifier:   9D:A3:12:6C:3B:FE:71:46:BE:D5:78:5C:03:72:B4:4C:84:2A:5B:E3
Certificate issuer:       /CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
Certificate serial:       018CC64B6F31D45BC7FA0155AD380EA30DA0
Authority key identifier: E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/naMSbDv-cUa-1XhcA3K0TIQqW-M.roa
Signing time:             Mon 01 Jan 2024 18:31:21 +0000
ROA not before:           Mon 01 Jan 2024 18:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60918
IP address blocks:        81.17.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:6f:31:d4:5b:c7:fa:01:55:ad:38:0e:a3:0d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0574c2878d6b536139b895f08c9c6db18e12a9b
        Validity
            Not Before: Jan  1 18:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9da3126c3bfe7146bed5785c0372b44c842a5be3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:93:e7:38:9a:f8:ba:5e:bb:2c:2c:fc:78:23:
                    66:aa:b2:ec:9b:bf:e0:9b:7e:89:f0:ed:e0:7a:91:
                    13:71:f0:53:d9:18:53:95:f0:84:d9:a7:d3:96:34:
                    58:8a:ee:d3:b8:d3:20:b8:43:11:08:4c:99:17:00:
                    c0:cf:b6:65:94:02:bd:5b:69:9d:77:69:8d:a2:cc:
                    be:05:dd:4f:8c:61:cd:ab:ba:ae:db:d9:a2:6f:20:
                    53:29:b5:13:32:8a:94:53:74:d8:86:c6:0a:09:35:
                    dc:fc:2c:92:e1:8e:79:97:fb:d4:b5:08:33:d2:8b:
                    b2:34:e1:6f:27:b4:be:62:8c:61:e5:4b:ea:be:0a:
                    f4:84:b6:da:33:68:42:14:a9:8d:b7:a4:8c:91:0f:
                    2f:9b:f0:7b:83:6c:f6:02:ef:9b:43:fb:ec:b9:08:
                    d0:3c:b8:53:48:a9:6f:64:da:60:7e:c0:8e:d3:f8:
                    ac:5a:20:78:a3:50:dd:43:cc:e9:4a:52:fe:79:4d:
                    f4:84:29:80:00:c3:25:92:62:a0:93:6e:8e:74:98:
                    c9:39:8d:09:a8:8f:3c:e2:7d:5b:cb:35:5e:4a:6e:
                    5b:4b:3c:a2:65:a5:81:af:ed:8f:03:d7:87:cd:1a:
                    7e:b3:70:74:0e:27:d3:69:2e:a0:76:ff:44:23:fa:
                    13:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:A3:12:6C:3B:FE:71:46:BE:D5:78:5C:03:72:B4:4C:84:2A:5B:E3
            X509v3 Authority Key Identifier:
                keyid:E0:57:4C:28:78:D6:B5:36:13:9B:89:5F:08:C9:C6:DB:18:E1:2A:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4FdMKHjWtTYTm4lfCMnG2xjhKps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/naMSbDv-cUa-1XhcA3K0TIQqW-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/28d600-a869-4ab1-9b2e-446019966a19/1/4FdMKHjWtTYTm4lfCMnG2xjhKps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.17.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:58:34:99:6c:99:80:1a:a2:91:5c:47:79:59:2c:a0:2d:89:
         54:70:92:75:01:c9:ab:4c:ec:66:e1:e9:9f:d7:3a:23:1a:13:
         17:b3:3d:ba:2c:6e:f2:9b:aa:99:1b:ae:6b:35:50:48:72:50:
         1f:df:da:89:67:6d:70:90:c3:b4:6c:cb:a5:fc:23:ca:39:5b:
         b4:e6:c0:ab:d9:18:23:1f:79:81:5f:fe:fa:2b:ab:00:cd:94:
         b6:1a:68:8d:d3:89:3a:af:5d:25:1e:80:59:ea:d1:19:ce:30:
         0d:a6:05:67:de:c5:9e:a5:b2:ac:ec:54:9c:3d:5d:7e:26:d9:
         56:50:e6:08:ef:60:c7:3f:46:d7:fb:17:51:d8:9d:bd:b3:68:
         ee:2a:a0:19:52:e4:14:6f:cc:f5:9b:7d:92:1c:4b:77:f9:17:
         d0:69:13:cd:58:84:39:a0:29:44:cd:9e:13:13:40:a4:87:44:
         fb:2e:9f:d2:cc:24:e3:3c:99:39:1f:7f:b0:dd:02:a8:65:f8:
         89:78:7b:01:a6:25:cd:c9:0c:88:e6:c2:fa:87:8c:d1:7d:ba:
         12:72:8b:06:bb:34:b7:59:9f:45:21:00:0b:e1:42:78:4e:08:
         32:61:66:96:2c:df:8d:6f:25:f4:f2:1e:a5:33:57:33:65:03:
         29:4c:a6:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS28x1FvH+gFVrTgOow2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNTc0YzI4NzhkNmI1MzYxMzliODk1ZjA4YzljNmRiMThl
MTJhOWIwHhcNMjQwMTAxMTgzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGEzMTI2YzNiZmU3MTQ2YmVkNTc4NWMwMzcyYjQ0Yzg0MmE1YmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpPnOJr4ul67LCz8eCNmqrLsm7/g
m36J8O3gepETcfBT2RhTlfCE2afTljRYiu7TuNMguEMRCEyZFwDAz7ZllAK9W2md
d2mNosy+Bd1PjGHNq7qu29mibyBTKbUTMoqUU3TYhsYKCTXc/CyS4Y55l/vUtQgz
0ouyNOFvJ7S+Yoxh5Uvqvgr0hLbaM2hCFKmNt6SMkQ8vm/B7g2z2Au+bQ/vsuQjQ
PLhTSKlvZNpgfsCO0/isWiB4o1DdQ8zpSlL+eU30hCmAAMMlkmKgk26OdJjJOY0J
qI884n1byzVeSm5bSzyiZaWBr+2PA9eHzRp+s3B0DifTaS6gdv9EI/oTJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2jEmw7/nFGvtV4XANytEyEKlvjMB8GA1UdIwQY
MBaAFOBXTCh41rU2E5uJXwjJxtsY4SqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUt
NDQ2MDE5OTY2YTE5LzEvbmFNU2JEdi1jVWEtMVhoY0EzSzBUSVFxVy1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8yOGQ2MDAtYTg2OS00YWIxLTliMmUtNDQ2MDE5OTY2YTE5
LzEvNEZkTUtIald0VFlUbTRsZkNNbkcyeGpoS3BzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURGNMA0G
CSqGSIb3DQEBCwUAA4IBAQAqWDSZbJmAGqKRXEd5WSygLYlUcJJ1AcmrTOxm4emf
1zojGhMXsz26LG7ym6qZG65rNVBIclAf39qJZ21wkMO0bMul/CPKOVu05sCr2Rgj
H3mBX/76K6sAzZS2GmiN04k6r10lHoBZ6tEZzjANpgVn3sWepbKs7FScPV1+JtlW
UOYI72DHP0bX+xdR2J29s2juKqAZUuQUb8z1m32SHEt3+RfQaRPNWIQ5oClEzZ4T
E0Ckh0T7Lp/SzCTjPJk5H3+w3QKoZfiJeHsBpiXNyQyI5sL6h4zRfboScosGuzS3
WZ9FIQAL4UJ4TggyYWaWLN+NbyX08h6lM1czZQMpTKYx
-----END CERTIFICATE-----