Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/a40070-aa17-42fe-86dd-b9ae57394189/1/NyNYDDpx8IRRXwCIH0Tqp1U4rq8.roa
File:                     NyNYDDpx8IRRXwCIH0Tqp1U4rq8.roa (raw, json)
Hash identifier:          rZCYT2AFS7CO3+DdOi5eNplVJDknSQxBTxfqgzzdPCQ=
Subject key identifier:   37:23:58:0C:3A:71:F0:84:51:5F:00:88:1F:44:EA:A7:55:38:AE:AF
Certificate issuer:       /CN=6de2aab077c9eef103f97984f309d891e5a19983
Certificate serial:       018CC34959907DDBF1363A705FF28F0ECA72
Authority key identifier: 6D:E2:AA:B0:77:C9:EE:F1:03:F9:79:84:F3:09:D8:91:E5:A1:99:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/beKqsHfJ7vED-XmE8wnYkeWhmYM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/a40070-aa17-42fe-86dd-b9ae57394189/1/NyNYDDpx8IRRXwCIH0Tqp1U4rq8.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200590
IP address blocks:        91.147.98.0/24 maxlen: 24
                          91.147.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/a40070-aa17-42fe-86dd-b9ae57394189/1/beKqsHfJ7vED-XmE8wnYkeWhmYM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/a40070-aa17-42fe-86dd-b9ae57394189/1/beKqsHfJ7vED-XmE8wnYkeWhmYM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/beKqsHfJ7vED-XmE8wnYkeWhmYM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:59:90:7d:db:f1:36:3a:70:5f:f2:8f:0e:ca:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6de2aab077c9eef103f97984f309d891e5a19983
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3723580c3a71f084515f00881f44eaa75538aeaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f5:4b:f8:2a:61:93:a6:70:7a:dc:67:59:c3:
                    4b:0c:fa:9c:56:dc:a8:75:96:e2:ae:6b:8c:b0:5f:
                    bb:4c:f4:2c:a4:91:b1:87:15:ce:81:79:a1:96:13:
                    aa:ba:88:9a:fb:d2:09:0b:ee:3b:74:6d:81:97:29:
                    49:d7:34:4d:6c:15:be:8a:d0:8b:90:3a:d6:31:aa:
                    27:a1:29:c9:99:46:e0:b9:ed:bc:02:a7:5b:43:f2:
                    76:9f:5b:01:22:7a:6d:19:69:f6:2d:c5:63:08:03:
                    92:d7:4c:29:03:04:95:d0:70:0d:fb:87:79:ba:a3:
                    b1:e9:97:d5:6c:70:33:6a:67:b1:ec:d6:c0:b9:5b:
                    9a:f2:ce:6b:9c:82:6f:65:85:89:46:9f:4f:7a:76:
                    65:dc:a7:5c:88:62:be:5f:fb:97:80:e8:e9:04:09:
                    81:75:4c:99:1d:f1:c5:e8:05:5f:e2:7d:70:9a:f0:
                    d0:3e:ad:0f:db:85:08:0d:89:27:1e:d1:b4:4e:b7:
                    78:97:db:25:8f:3f:df:8b:a9:21:c8:a8:e7:3b:00:
                    e4:48:90:36:71:1b:da:0b:58:f2:f4:38:dc:c6:3a:
                    2f:97:70:d9:8c:0f:63:15:3d:86:29:c3:39:ce:7b:
                    06:d0:99:9c:59:f9:e4:d4:7d:0f:79:5c:c9:b3:bd:
                    b0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:23:58:0C:3A:71:F0:84:51:5F:00:88:1F:44:EA:A7:55:38:AE:AF
            X509v3 Authority Key Identifier:
                keyid:6D:E2:AA:B0:77:C9:EE:F1:03:F9:79:84:F3:09:D8:91:E5:A1:99:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/beKqsHfJ7vED-XmE8wnYkeWhmYM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/a40070-aa17-42fe-86dd-b9ae57394189/1/NyNYDDpx8IRRXwCIH0Tqp1U4rq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/a40070-aa17-42fe-86dd-b9ae57394189/1/beKqsHfJ7vED-XmE8wnYkeWhmYM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.147.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:01:c7:9c:14:01:88:57:ff:c7:51:28:10:be:dd:fb:f1:29:
         d8:ee:07:1f:1f:c1:f2:02:ad:47:05:11:49:0b:48:b3:51:32:
         d0:41:37:8f:4e:48:8c:5d:18:d3:ae:6f:56:51:96:70:d6:fd:
         c7:d6:e7:3f:cd:41:8d:7b:49:b7:1d:02:73:93:04:85:0d:11:
         59:ef:b6:83:75:4a:ac:0c:6c:aa:e4:00:29:e7:b7:c7:3d:05:
         42:96:f6:50:77:5f:a2:59:6d:0c:34:ae:fa:04:51:25:46:97:
         53:db:00:09:f4:9b:55:33:87:38:eb:fc:1d:72:4a:cb:fe:87:
         b3:3a:fa:06:97:60:9c:8d:72:0b:d9:2b:59:6d:d5:e2:c6:f4:
         51:a6:5c:ac:1c:9e:56:37:21:66:a0:3b:9e:d6:bc:8d:c3:8a:
         7c:6a:4e:85:9e:a5:fb:63:38:67:f9:f2:c1:6d:95:e3:8e:35:
         6a:31:62:bf:da:b2:11:4f:84:9b:dd:03:5d:29:e2:11:34:64:
         d4:b4:85:60:ab:ff:31:45:ce:3c:a5:51:4a:99:60:4f:91:42:
         c8:51:de:c3:55:2c:2f:69:85:64:10:bc:38:04:36:6f:f8:aa:
         25:b1:a5:39:8a:86:3b:62:1c:32:b4:a3:e1:4d:d5:02:62:70:
         5f:e7:db:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVmQfdvxNjpwX/KPDspyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZTJhYWIwNzdjOWVlZjEwM2Y5Nzk4NGYzMDlkODkxZTVh
MTk5ODMwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzIzNTgwYzNhNzFmMDg0NTE1ZjAwODgxZjQ0ZWFhNzU1MzhhZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifVL+Cphk6ZwetxnWcNLDPqcVtyo
dZbirmuMsF+7TPQspJGxhxXOgXmhlhOquoia+9IJC+47dG2BlylJ1zRNbBW+itCL
kDrWMaonoSnJmUbgue28AqdbQ/J2n1sBInptGWn2LcVjCAOS10wpAwSV0HAN+4d5
uqOx6ZfVbHAzamex7NbAuVua8s5rnIJvZYWJRp9PenZl3KdciGK+X/uXgOjpBAmB
dUyZHfHF6AVf4n1wmvDQPq0P24UIDYknHtG0Trd4l9sljz/fi6khyKjnOwDkSJA2
cRvaC1jy9Djcxjovl3DZjA9jFT2GKcM5znsG0JmcWfnk1H0PeVzJs72wlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcjWAw6cfCEUV8AiB9E6qdVOK6vMB8GA1UdIwQY
MBaAFG3iqrB3ye7xA/l5hPMJ2JHloZmDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmVLcXNIZko3dkVELVhtRTh3bllrZVdobVlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9hNDAwNzAtYWExNy00MmZlLTg2ZGQt
YjlhZTU3Mzk0MTg5LzEvTnlOWUREcHg4SVJSWHdDSUgwVHFwMVU0cnE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9hNDAwNzAtYWExNy00MmZlLTg2ZGQtYjlhZTU3Mzk0MTg5
LzEvYmVLcXNIZko3dkVELVhtRTh3bllrZVdobVlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW5NiMA0G
CSqGSIb3DQEBCwUAA4IBAQBcAcecFAGIV//HUSgQvt378SnY7gcfH8HyAq1HBRFJ
C0izUTLQQTePTkiMXRjTrm9WUZZw1v3H1uc/zUGNe0m3HQJzkwSFDRFZ77aDdUqs
DGyq5AAp57fHPQVClvZQd1+iWW0MNK76BFElRpdT2wAJ9JtVM4c46/wdckrL/oez
OvoGl2CcjXIL2StZbdXixvRRplysHJ5WNyFmoDue1ryNw4p8ak6FnqX7Yzhn+fLB
bZXjjjVqMWK/2rIRT4Sb3QNdKeIRNGTUtIVgq/8xRc48pVFKmWBPkULIUd7DVSwv
aYVkELw4BDZv+KolsaU5ioY7YhwytKPhTdUCYnBf59tg
-----END CERTIFICATE-----