Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/6aec6a-3683-405a-9e61-db2368271913/1/RNalS1_7NPF3ykiENovV1vJ-YSs.roa
File:                     RNalS1_7NPF3ykiENovV1vJ-YSs.roa (raw, json)
Hash identifier:          +KwiRClXanUWUtIK3X2ihy0Z6gH4MSzYDhzA6rdjRzw=
Subject key identifier:   44:D6:A5:4B:5F:FB:34:F1:77:CA:48:84:36:8B:D5:D6:F2:7E:61:2B
Certificate issuer:       /CN=ca434d399d93a19d8a8108456c5575096c2ae588
Certificate serial:       018CC80162CC0CA11A84A0825E13BA6E3B5B
Authority key identifier: CA:43:4D:39:9D:93:A1:9D:8A:81:08:45:6C:55:75:09:6C:2A:E5:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ykNNOZ2ToZ2KgQhFbFV1CWwq5Yg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/6aec6a-3683-405a-9e61-db2368271913/1/RNalS1_7NPF3ykiENovV1vJ-YSs.roa
Signing time:             Tue 02 Jan 2024 02:29:43 +0000
ROA not before:           Tue 02 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196970
IP address blocks:        195.191.228.0/24 maxlen: 24
                          195.191.228.0/23 maxlen: 23
                          195.191.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/6aec6a-3683-405a-9e61-db2368271913/1/ykNNOZ2ToZ2KgQhFbFV1CWwq5Yg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/6aec6a-3683-405a-9e61-db2368271913/1/ykNNOZ2ToZ2KgQhFbFV1CWwq5Yg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ykNNOZ2ToZ2KgQhFbFV1CWwq5Yg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:62:cc:0c:a1:1a:84:a0:82:5e:13:ba:6e:3b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca434d399d93a19d8a8108456c5575096c2ae588
        Validity
            Not Before: Jan  2 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44d6a54b5ffb34f177ca4884368bd5d6f27e612b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d6:43:b7:d5:10:c9:07:a5:0f:59:d3:b7:a5:
                    92:28:8c:b3:62:7f:b0:87:53:3c:81:3f:54:18:da:
                    15:1a:43:b5:bc:fb:da:63:58:66:78:a5:4b:35:a4:
                    fe:6c:b1:3a:9f:c3:23:76:d7:c3:09:96:b0:ee:0c:
                    e3:c1:ff:12:d9:d2:fe:3d:68:64:6c:9b:57:ac:75:
                    1c:a6:d5:c9:36:99:b7:b1:43:90:4c:a6:d5:9b:be:
                    ec:f5:dc:79:60:66:d3:0f:f2:c9:8e:66:a5:ca:71:
                    8e:43:1b:99:ec:9f:26:8a:be:24:be:fa:37:36:bf:
                    13:41:2c:ea:30:0a:fd:60:63:0a:d2:d8:1a:b7:ed:
                    aa:c7:26:7e:7d:00:3f:b3:fc:4c:b5:3f:1d:92:51:
                    21:4b:3b:4f:d5:40:ad:79:fc:7b:31:c1:27:59:6c:
                    ab:f3:32:3c:2c:3e:7c:e4:18:fd:fa:e3:46:af:90:
                    0d:4e:3e:20:f2:2c:01:c1:b0:ff:00:65:36:6a:7a:
                    b1:d9:bf:be:69:08:d7:39:62:d8:bb:2f:bd:d4:5d:
                    32:72:db:11:97:89:b5:4b:7b:ed:78:ec:0b:76:97:
                    c2:0f:e5:b0:d7:47:e6:38:07:f4:47:da:43:c8:c6:
                    eb:91:80:11:8c:97:e7:e5:57:f9:58:90:4a:70:34:
                    9b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D6:A5:4B:5F:FB:34:F1:77:CA:48:84:36:8B:D5:D6:F2:7E:61:2B
            X509v3 Authority Key Identifier:
                keyid:CA:43:4D:39:9D:93:A1:9D:8A:81:08:45:6C:55:75:09:6C:2A:E5:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ykNNOZ2ToZ2KgQhFbFV1CWwq5Yg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/6aec6a-3683-405a-9e61-db2368271913/1/RNalS1_7NPF3ykiENovV1vJ-YSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/6aec6a-3683-405a-9e61-db2368271913/1/ykNNOZ2ToZ2KgQhFbFV1CWwq5Yg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:b3:ad:3d:ce:18:73:b8:9a:13:1d:3a:3c:00:1b:5c:ad:f7:
         8a:80:fe:a9:1f:50:2d:61:06:54:1e:50:99:f3:a1:54:53:d6:
         00:42:f2:46:5a:0b:a5:a0:5a:0f:76:99:b1:6d:6c:a8:cd:db:
         4c:9d:9f:83:13:c0:fb:9e:51:8e:02:f8:27:bc:f4:b5:ef:f0:
         c7:80:3b:24:10:21:03:2b:6a:6e:5f:10:5e:34:23:5e:4e:13:
         78:fe:d2:c3:b3:77:4e:c8:27:1a:8d:b3:54:98:2f:7c:ea:fd:
         b2:f1:30:08:43:6d:37:f7:65:95:91:a7:85:21:9a:dd:e3:3b:
         31:80:4c:21:f6:ef:18:7b:8f:12:b2:fc:87:39:60:7c:b0:0f:
         57:ac:3e:e4:c3:28:d6:8e:0a:c6:76:09:4c:03:e5:08:0e:bf:
         9d:8b:fa:73:e8:01:97:74:01:26:e9:9d:48:e2:20:71:dd:90:
         97:da:29:e4:aa:81:8c:5a:51:d0:0c:4e:e5:74:01:80:ef:48:
         93:e3:51:e7:66:70:e5:5c:ea:3d:0c:2f:44:06:cb:e0:a1:4a:
         34:ca:72:fb:9e:b5:08:88:0a:69:4a:90:89:9b:76:7c:fb:94:
         ac:24:83:c3:1d:9f:39:51:ae:fe:01:a3:01:73:24:4c:e3:4d:
         da:44:02:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAWLMDKEahKCCXhO6bjtbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNDM0ZDM5OWQ5M2ExOWQ4YTgxMDg0NTZjNTU3NTA5NmMy
YWU1ODgwHhcNMjQwMTAyMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGQ2YTU0YjVmZmIzNGYxNzdjYTQ4ODQzNjhiZDVkNmYyN2U2MTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dZDt9UQyQelD1nTt6WSKIyzYn+w
h1M8gT9UGNoVGkO1vPvaY1hmeKVLNaT+bLE6n8MjdtfDCZaw7gzjwf8S2dL+PWhk
bJtXrHUcptXJNpm3sUOQTKbVm77s9dx5YGbTD/LJjmalynGOQxuZ7J8mir4kvvo3
Nr8TQSzqMAr9YGMK0tgat+2qxyZ+fQA/s/xMtT8dklEhSztP1UCtefx7McEnWWyr
8zI8LD585Bj9+uNGr5ANTj4g8iwBwbD/AGU2anqx2b++aQjXOWLYuy+91F0yctsR
l4m1S3vteOwLdpfCD+Ww10fmOAf0R9pDyMbrkYARjJfn5Vf5WJBKcDSbrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETWpUtf+zTxd8pIhDaL1dbyfmErMB8GA1UdIwQY
MBaAFMpDTTmdk6GdioEIRWxVdQlsKuWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWtOTk9aMlRvWjJLZ1FoRmJGVjFDV3dxNVlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC82YWVjNmEtMzY4My00MDVhLTllNjEt
ZGIyMzY4MjcxOTEzLzEvUk5hbFMxXzdOUEYzeWtpRU5vdlYxdkotWVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC82YWVjNmEtMzY4My00MDVhLTllNjEtZGIyMzY4MjcxOTEz
LzEveWtOTk9aMlRvWjJLZ1FoRmJGVjFDV3dxNVlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7/kMA0G
CSqGSIb3DQEBCwUAA4IBAQBes609zhhzuJoTHTo8ABtcrfeKgP6pH1AtYQZUHlCZ
86FUU9YAQvJGWguloFoPdpmxbWyozdtMnZ+DE8D7nlGOAvgnvPS17/DHgDskECED
K2puXxBeNCNeThN4/tLDs3dOyCcajbNUmC986v2y8TAIQ20392WVkaeFIZrd4zsx
gEwh9u8Ye48SsvyHOWB8sA9XrD7kwyjWjgrGdglMA+UIDr+di/pz6AGXdAEm6Z1I
4iBx3ZCX2inkqoGMWlHQDE7ldAGA70iT41HnZnDlXOo9DC9EBsvgoUo0ynL7nrUI
iAppSpCJm3Z8+5SsJIPDHZ85Ua7+AaMBcyRM403aRAJz
-----END CERTIFICATE-----