Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/nhv3AxOS2hT56nddRX0Rqq786v4.roa
File:                     nhv3AxOS2hT56nddRX0Rqq786v4.roa (raw, json)
Hash identifier:          kx26YIONs0EPo0xRhrd+b0oqKnAPvCd/zKT7412sbas=
Subject key identifier:   9E:1B:F7:03:13:92:DA:14:F9:EA:77:5D:45:7D:11:AA:AE:FC:EA:FE
Certificate issuer:       /CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
Certificate serial:       018CC94E3FA6CDB931531F939087B67F2AE8
Authority key identifier: D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/nhv3AxOS2hT56nddRX0Rqq786v4.roa
Signing time:             Tue 02 Jan 2024 08:33:17 +0000
ROA not before:           Tue 02 Jan 2024 08:33:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        91.208.21.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:3f:a6:cd:b9:31:53:1f:93:90:87:b6:7f:2a:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
        Validity
            Not Before: Jan  2 08:33:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e1bf7031392da14f9ea775d457d11aaaefceafe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6a:38:6e:de:3a:76:98:81:eb:18:16:e8:b8:
                    d3:c0:3a:b5:0b:01:cb:f4:09:8b:6b:f8:a9:03:c2:
                    f9:0b:20:23:5e:4a:93:18:49:0c:21:31:3f:d0:97:
                    e8:e2:08:f9:22:42:f2:c1:41:12:b7:b9:3f:0c:20:
                    d7:7a:bb:ec:24:01:45:1b:05:6f:a3:a3:f6:fa:bc:
                    60:e7:b0:19:50:71:69:6c:b3:6f:ed:8b:22:16:67:
                    03:69:56:88:c4:56:81:9f:89:47:a8:aa:56:f6:18:
                    de:e0:f6:9a:92:eb:90:48:8f:4a:e7:63:02:c3:70:
                    e8:e6:d2:71:47:f8:40:3a:5d:a3:9b:c6:72:10:6f:
                    ae:fe:51:fd:93:61:52:02:13:0c:e0:a8:c2:ca:dc:
                    c1:57:c7:10:63:38:6f:da:26:26:d4:34:20:86:1f:
                    fa:f4:dd:c1:4e:c1:7d:52:e1:66:81:ee:be:85:e5:
                    d7:c2:1f:ef:1a:e6:fa:63:fe:6d:1c:dd:da:50:96:
                    61:c0:1b:2b:1e:3f:d5:16:50:bf:07:ac:4b:02:b5:
                    9e:cd:32:05:5d:c8:fc:29:d1:30:a0:e5:43:2a:07:
                    ee:0b:df:89:ae:83:eb:71:86:76:db:40:c7:0f:4a:
                    37:a5:8c:2b:20:e9:a4:71:3e:a0:3b:e7:51:28:44:
                    1d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:1B:F7:03:13:92:DA:14:F9:EA:77:5D:45:7D:11:AA:AE:FC:EA:FE
            X509v3 Authority Key Identifier:
                keyid:D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/nhv3AxOS2hT56nddRX0Rqq786v4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:26:e3:69:62:68:32:e6:92:7a:a7:f4:f0:7d:71:5b:58:3b:
         1c:cc:94:36:99:c3:17:e4:1f:c5:57:ec:d3:4c:db:96:94:0c:
         99:b2:31:db:b3:ad:0b:57:b1:53:6a:59:54:e3:3b:f6:f3:b0:
         6d:ff:e7:a0:32:86:23:47:53:7d:44:54:84:70:5c:34:38:63:
         ec:86:e6:5f:65:09:9e:25:ed:31:7c:45:56:df:45:17:92:ac:
         7c:ae:86:0f:a4:c2:90:32:40:01:6f:a6:0e:1a:82:3a:62:f2:
         60:d7:1d:bf:27:dc:2b:6b:84:07:64:33:f0:f4:d7:f1:5f:11:
         af:f4:5d:01:df:59:a1:48:30:8f:05:da:60:54:c8:c2:ec:18:
         8a:c1:ba:38:8b:a5:95:6d:d3:14:a4:92:7f:4c:b6:c7:94:19:
         3e:c7:b0:63:59:4a:50:6a:13:a2:9c:c9:d4:79:41:ef:70:25:
         ae:5a:f8:79:49:a6:03:2f:18:cd:03:81:7f:96:92:fd:4d:3e:
         65:3f:bf:f2:e9:c0:10:96:68:86:b8:05:eb:38:20:3c:d8:40:
         b9:c2:5f:01:5f:8d:ef:da:b5:df:b6:5a:a3:18:1b:48:ae:1f:
         8b:35:f3:a8:ac:fd:93:87:36:a1:1f:7c:0c:98:ec:4b:43:34:
         be:2a:63:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTj+mzbkxUx+TkIe2fyroMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZGJhYTFiNTJmM2E3MzI4OWZmNzY4YWNiN2JhYTdmMzg3
Zjk1NWYwHhcNMjQwMTAyMDgzMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTFiZjcwMzEzOTJkYTE0ZjllYTc3NWQ0NTdkMTFhYWFlZmNlYWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGo4bt46dpiB6xgW6LjTwDq1CwHL
9AmLa/ipA8L5CyAjXkqTGEkMITE/0Jfo4gj5IkLywUESt7k/DCDXervsJAFFGwVv
o6P2+rxg57AZUHFpbLNv7YsiFmcDaVaIxFaBn4lHqKpW9hje4PaakuuQSI9K52MC
w3Do5tJxR/hAOl2jm8ZyEG+u/lH9k2FSAhMM4KjCytzBV8cQYzhv2iYm1DQghh/6
9N3BTsF9UuFmge6+heXXwh/vGub6Y/5tHN3aUJZhwBsrHj/VFlC/B6xLArWezTIF
Xcj8KdEwoOVDKgfuC9+JroPrcYZ220DHD0o3pYwrIOmkcT6gO+dRKEQdZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4b9wMTktoU+ep3XUV9Eaqu/Or+MB8GA1UdIwQY
MBaAFNbbqhtS86cyif92ist7qn84f5VfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXR1cUcxTHpwektKXzNhS3kzdXFmemhfbFY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iMGI2ZTctM2UyMy00NDI2LThjODQt
ZmFiODNkNDAzNTU4LzEvbmh2M0F4T1MyaFQ1Nm5kZFJYMFJxcTc4NnY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iMGI2ZTctM2UyMy00NDI2LThjODQtZmFiODNkNDAzNTU4
LzEvMXR1cUcxTHpwektKXzNhS3kzdXFmemhfbFY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AVMA0G
CSqGSIb3DQEBCwUAA4IBAQBUJuNpYmgy5pJ6p/TwfXFbWDsczJQ2mcMX5B/FV+zT
TNuWlAyZsjHbs60LV7FTallU4zv287Bt/+egMoYjR1N9RFSEcFw0OGPshuZfZQme
Je0xfEVW30UXkqx8roYPpMKQMkABb6YOGoI6YvJg1x2/J9wra4QHZDPw9NfxXxGv
9F0B31mhSDCPBdpgVMjC7BiKwbo4i6WVbdMUpJJ/TLbHlBk+x7BjWUpQahOinMnU
eUHvcCWuWvh5SaYDLxjNA4F/lpL9TT5lP7/y6cAQlmiGuAXrOCA82EC5wl8BX43v
2rXftlqjGBtIrh+LNfOorP2ThzahH3wMmOxLQzS+KmNw
-----END CERTIFICATE-----