Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/NFCSs01oWicTZXFure0N-PnCCWU.roa
File:                     NFCSs01oWicTZXFure0N-PnCCWU.roa (raw, json)
Hash identifier:          IkEQYNHCh8tUXj0EFqiGDLC3qEKoo3Zp0TKOGNH6Vmc=
Subject key identifier:   34:50:92:B3:4D:68:5A:27:13:65:71:6E:AD:ED:0D:F8:F9:C2:09:65
Certificate issuer:       /CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
Certificate serial:       01941FFA9151A5EC3B3DC9583ABF718A2FED
Authority key identifier: 7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/NFCSs01oWicTZXFure0N-PnCCWU.roa
Signing time:             Wed 01 Jan 2025 03:48:22 +0000
ROA not before:           Wed 01 Jan 2025 03:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9255
IP address blocks:        146.255.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:91:51:a5:ec:3b:3d:c9:58:3a:bf:71:8a:2f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc8911682bc5ca71cece1efe3ac135bfdb59dd6
        Validity
            Not Before: Jan  1 03:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=345092b34d685a271365716eaded0df8f9c20965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d5:a3:86:bd:54:e3:bd:c0:ec:54:26:87:16:
                    07:fd:65:1f:a8:a2:59:8c:ae:2d:19:35:ea:80:d9:
                    62:f2:c3:dc:62:8f:d7:6a:5f:f9:b1:90:18:35:0b:
                    9c:e3:15:a5:e8:44:4a:5f:03:6a:39:97:0a:a8:c1:
                    8e:8c:6b:69:69:95:af:8f:a5:19:fe:5a:75:26:b2:
                    36:0f:5a:b0:39:d3:a4:82:48:3c:25:76:a9:fd:39:
                    fd:20:c4:df:82:75:d2:87:2b:78:a6:b3:8d:45:32:
                    39:2f:a3:8a:e1:98:31:f4:ef:0e:9b:ef:69:96:00:
                    49:0e:5b:eb:dc:6f:4a:79:6f:18:ea:d1:47:1b:03:
                    6a:82:b1:0f:58:bf:76:a4:f1:39:6c:4b:1f:58:97:
                    99:92:91:67:c9:ff:ed:0f:77:43:a7:79:5d:19:a5:
                    59:fa:fc:33:91:b5:32:b2:01:ad:94:fe:fe:f3:aa:
                    49:2d:e9:55:1e:a9:c6:67:03:07:f2:6d:30:5e:53:
                    08:af:ef:95:26:6b:95:33:f6:eb:63:93:bb:7d:04:
                    49:ef:3a:d2:d9:a5:9e:14:b1:e3:e7:a4:ed:88:82:
                    ba:aa:49:51:f4:d0:01:cb:e8:9b:49:63:8b:51:7a:
                    65:1c:0c:b8:99:dc:0c:5f:05:33:8a:b6:54:b7:a8:
                    82:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:50:92:B3:4D:68:5A:27:13:65:71:6E:AD:ED:0D:F8:F9:C2:09:65
            X509v3 Authority Key Identifier:
                keyid:7D:C8:91:16:82:BC:5C:A7:1C:EC:E1:EF:E3:AC:13:5B:FD:B5:9D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fciRFoK8XKcc7OHv46wTW_21ndY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/NFCSs01oWicTZXFure0N-PnCCWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/0831bf-118c-4ece-934d-75295251b1e8/1/fciRFoK8XKcc7OHv46wTW_21ndY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.255.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:66:29:7c:8d:dd:51:ec:0e:a7:c9:1f:73:64:e4:85:d6:36:
         6f:2e:7f:5f:2d:de:f6:08:89:91:c7:78:5f:25:6d:67:46:86:
         69:22:bb:20:11:3b:ca:cf:85:0b:1c:66:40:fa:87:20:80:e3:
         86:c6:e0:14:74:95:e4:85:49:74:a8:f8:94:47:b1:69:8c:4b:
         4f:dc:31:d3:a6:be:dd:1e:2f:63:17:66:b2:31:00:36:6d:29:
         cc:17:b5:65:4c:c6:57:67:09:52:07:0b:25:5d:1f:74:c2:49:
         2b:a1:fc:e0:70:e0:c0:9a:72:f1:17:c5:80:79:9f:7a:19:35:
         e4:5d:3f:2e:26:a9:f1:00:11:ce:58:61:04:9b:75:64:ad:4d:
         79:55:89:0f:81:5b:81:16:6d:15:b6:1d:68:56:05:d2:0c:8a:
         3f:7e:46:91:4a:df:a9:d5:fb:00:92:db:b2:85:ba:b0:37:39:
         db:8c:16:57:4f:cf:c1:d8:78:fe:b8:94:f5:ce:69:33:c9:e1:
         f9:53:ee:00:a8:bb:0b:c6:63:e5:1d:59:69:20:6b:30:16:92:
         b7:40:e7:68:83:b4:49:db:5a:c5:b3:a0:15:f6:f7:0d:01:7e:
         22:4c:9f:86:ef:ca:4f:01:55:b2:5b:ea:b0:40:cf:1b:11:47:
         b3:10:c1:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pFRpew7PclYOr9xii/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzg5MTE2ODJiYzVjYTcxY2VjZTFlZmUzYWMxMzViZmRi
NTlkZDYwHhcNMjUwMTAxMDM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDUwOTJiMzRkNjg1YTI3MTM2NTcxNmVhZGVkMGRmOGY5YzIwOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndWjhr1U473A7FQmhxYH/WUfqKJZ
jK4tGTXqgNli8sPcYo/Xal/5sZAYNQuc4xWl6ERKXwNqOZcKqMGOjGtpaZWvj6UZ
/lp1JrI2D1qwOdOkgkg8JXap/Tn9IMTfgnXShyt4prONRTI5L6OK4Zgx9O8Om+9p
lgBJDlvr3G9KeW8Y6tFHGwNqgrEPWL92pPE5bEsfWJeZkpFnyf/tD3dDp3ldGaVZ
+vwzkbUysgGtlP7+86pJLelVHqnGZwMH8m0wXlMIr++VJmuVM/brY5O7fQRJ7zrS
2aWeFLHj56TtiIK6qklR9NABy+ibSWOLUXplHAy4mdwMXwUzirZUt6iCrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRQkrNNaFonE2Vxbq3tDfj5wgllMB8GA1UdIwQY
MBaAFH3IkRaCvFynHOzh7+OsE1v9tZ3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQt
NzUyOTUyNTFiMWU4LzEvTkZDU3MwMW9XaWNUWlhGdXJlME4tUG5DQ1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wODMxYmYtMTE4Yy00ZWNlLTkzNGQtNzUyOTUyNTFiMWU4
LzEvZmNpUkZvSzhYS2NjN09IdjQ2d1RXXzIxbmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkv98MA0G
CSqGSIb3DQEBCwUAA4IBAQAdZil8jd1R7A6nyR9zZOSF1jZvLn9fLd72CImRx3hf
JW1nRoZpIrsgETvKz4ULHGZA+ocggOOGxuAUdJXkhUl0qPiUR7FpjEtP3DHTpr7d
Hi9jF2ayMQA2bSnMF7VlTMZXZwlSBwslXR90wkkrofzgcODAmnLxF8WAeZ96GTXk
XT8uJqnxABHOWGEEm3VkrU15VYkPgVuBFm0Vth1oVgXSDIo/fkaRSt+p1fsAktuy
hbqwNznbjBZXT8/B2Hj+uJT1zmkzyeH5U+4AqLsLxmPlHVlpIGswFpK3QOdog7RJ
21rFs6AV9vcNAX4iTJ+G78pPAVWyW+qwQM8bEUezEME7
-----END CERTIFICATE-----