Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/fcd516-88f5-4e48-9ab4-93df45003e7e/1/NttUX3LRLFZ6VthT-VVGGGeursM.roa
File:                     NttUX3LRLFZ6VthT-VVGGGeursM.roa (raw, json)
Hash identifier:          Hxu0uq2JhgKLkokEcDE1T2NyVe8Xxx3juqKvnInSklY=
Subject key identifier:   36:DB:54:5F:72:D1:2C:56:7A:56:D8:53:F9:55:46:18:67:AE:AE:C3
Certificate issuer:       /CN=6ac72a734392f6cf792b3d0c3ed11820286f19f4
Certificate serial:       018CC5DC7C35C2D392F62F64EB031A774D9E
Authority key identifier: 6A:C7:2A:73:43:92:F6:CF:79:2B:3D:0C:3E:D1:18:20:28:6F:19:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ascqc0OS9s95Kz0MPtEYIChvGfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/fcd516-88f5-4e48-9ab4-93df45003e7e/1/NttUX3LRLFZ6VthT-VVGGGeursM.roa
Signing time:             Mon 01 Jan 2024 16:30:10 +0000
ROA not before:           Mon 01 Jan 2024 16:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212574
IP address blocks:        185.153.232.0/24 maxlen: 24
                          2a10:7240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/fcd516-88f5-4e48-9ab4-93df45003e7e/1/ascqc0OS9s95Kz0MPtEYIChvGfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/fcd516-88f5-4e48-9ab4-93df45003e7e/1/ascqc0OS9s95Kz0MPtEYIChvGfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ascqc0OS9s95Kz0MPtEYIChvGfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:7c:35:c2:d3:92:f6:2f:64:eb:03:1a:77:4d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ac72a734392f6cf792b3d0c3ed11820286f19f4
        Validity
            Not Before: Jan  1 16:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36db545f72d12c567a56d853f955461867aeaec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:dd:f9:40:d7:6c:03:ec:6f:3b:08:ad:82:c1:
                    fb:b4:11:0c:69:06:d2:ca:e3:bb:8c:57:b0:89:52:
                    e1:e5:1c:a6:02:73:43:e6:66:48:12:81:ec:f4:0d:
                    6d:e9:a8:3b:ed:51:00:de:b0:d1:13:52:55:ed:56:
                    18:97:50:05:0d:db:06:dd:09:ef:75:cb:5d:29:00:
                    14:7e:06:a0:6c:3e:cd:6d:f1:aa:01:a5:22:d0:94:
                    54:f8:9c:a3:6b:e1:40:8c:87:45:bd:0d:86:a2:73:
                    94:f9:32:ba:6e:19:61:37:1e:2a:92:f8:d5:99:11:
                    7c:1f:94:43:23:5a:85:33:be:db:97:0d:29:3a:96:
                    c0:a7:f3:62:c8:7a:55:99:e9:f1:9b:27:92:b2:1a:
                    a2:5f:fa:c4:6d:73:f4:b7:5c:1e:39:75:73:03:19:
                    a1:18:41:df:a2:ac:e4:e0:11:44:86:59:80:e6:00:
                    6e:e6:43:e2:6e:52:99:1c:88:22:69:7c:c5:1c:b7:
                    62:67:2e:b5:d4:3a:36:3c:2e:cb:f7:7f:b3:4d:25:
                    15:16:3c:5e:cb:ae:42:c1:54:eb:8a:0c:a2:c6:2b:
                    b9:55:9a:4e:b3:dc:9f:b7:a9:5b:f9:81:64:49:13:
                    78:49:a2:8b:d3:35:db:90:92:14:ba:e1:0c:df:ab:
                    ab:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:DB:54:5F:72:D1:2C:56:7A:56:D8:53:F9:55:46:18:67:AE:AE:C3
            X509v3 Authority Key Identifier:
                keyid:6A:C7:2A:73:43:92:F6:CF:79:2B:3D:0C:3E:D1:18:20:28:6F:19:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ascqc0OS9s95Kz0MPtEYIChvGfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/fcd516-88f5-4e48-9ab4-93df45003e7e/1/NttUX3LRLFZ6VthT-VVGGGeursM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/fcd516-88f5-4e48-9ab4-93df45003e7e/1/ascqc0OS9s95Kz0MPtEYIChvGfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.153.232.0/24
                IPv6:
                  2a10:7240::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:49:a2:6d:b2:e2:ec:c3:72:90:3c:cd:81:23:5f:e8:4e:21:
         72:a8:bb:4c:60:a0:6c:af:b3:a6:4a:9f:07:ec:b2:4d:ce:13:
         e2:fb:5a:76:9c:b0:af:0f:b2:e7:23:a3:13:62:1f:93:94:bc:
         34:b8:67:9c:37:78:71:0f:57:11:3e:79:7c:4d:99:ba:28:8a:
         68:f9:2d:f7:17:5f:98:89:04:9d:f1:0a:2b:ed:88:36:3f:d9:
         6e:e1:0c:ee:9c:73:cd:2d:27:77:ce:ad:81:8c:80:8b:5f:9f:
         2f:b7:de:de:88:ee:62:f3:b6:3d:68:b1:55:3f:3e:8f:66:ab:
         b7:25:26:73:b4:a0:63:76:2d:b3:fc:1d:d7:d6:5e:75:b5:f3:
         da:a2:66:27:60:ec:60:1b:fe:d2:ed:72:c7:0f:ab:81:af:60:
         f5:9d:ce:4d:1a:e6:5f:44:9d:c4:9f:7c:b6:0f:73:cd:1a:38:
         94:f0:a5:6a:8b:f5:32:8d:62:aa:4c:59:d6:66:7b:e7:65:e8:
         df:6f:48:c3:75:39:cc:0d:4c:d7:76:da:60:57:32:7c:06:90:
         82:c3:00:be:bc:4b:94:11:eb:6b:00:1d:fa:73:89:5d:e1:97:
         7f:ec:19:e0:5a:6e:52:9f:b9:2b:2b:ed:ad:c2:8a:1e:72:44:
         1a:93:af:9f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3Hw1wtOS9i9k6wMad02eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYzcyYTczNDM5MmY2Y2Y3OTJiM2QwYzNlZDExODIwMjg2
ZjE5ZjQwHhcNMjQwMTAxMTYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmRiNTQ1ZjcyZDEyYzU2N2E1NmQ4NTNmOTU1NDYxODY3YWVhZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd35QNdsA+xvOwitgsH7tBEMaQbS
yuO7jFewiVLh5RymAnND5mZIEoHs9A1t6ag77VEA3rDRE1JV7VYYl1AFDdsG3Qnv
dctdKQAUfgagbD7NbfGqAaUi0JRU+Jyja+FAjIdFvQ2GonOU+TK6bhlhNx4qkvjV
mRF8H5RDI1qFM77blw0pOpbAp/NiyHpVmenxmyeSshqiX/rEbXP0t1weOXVzAxmh
GEHfoqzk4BFEhlmA5gBu5kPiblKZHIgiaXzFHLdiZy611Do2PC7L93+zTSUVFjxe
y65CwVTrigyixiu5VZpOs9yft6lb+YFkSRN4SaKL0zXbkJIUuuEM36urgwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDbbVF9y0SxWelbYU/lVRhhnrq7DMB8GA1UdIwQY
MBaAFGrHKnNDkvbPeSs9DD7RGCAobxn0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXNjcWMwT1M5czk1S3owTVB0RVlJQ2h2R2ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9mY2Q1MTYtODhmNS00ZTQ4LTlhYjQt
OTNkZjQ1MDAzZTdlLzEvTnR0VVgzTFJMRlo2VnRoVC1WVkdHR2V1cnNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9mY2Q1MTYtODhmNS00ZTQ4LTlhYjQtOTNkZjQ1MDAzZTdl
LzEvYXNjcWMwT1M5czk1S3owTVB0RVlJQ2h2R2ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZnoMA0E
AgACMAcDBQAqEHJAMA0GCSqGSIb3DQEBCwUAA4IBAQAKSaJtsuLsw3KQPM2BI1/o
TiFyqLtMYKBsr7OmSp8H7LJNzhPi+1p2nLCvD7LnI6MTYh+TlLw0uGecN3hxD1cR
Pnl8TZm6KIpo+S33F1+YiQSd8Qor7Yg2P9lu4QzunHPNLSd3zq2BjICLX58vt97e
iO5i87Y9aLFVPz6PZqu3JSZztKBjdi2z/B3X1l51tfPaomYnYOxgG/7S7XLHD6uB
r2D1nc5NGuZfRJ3En3y2D3PNGjiU8KVqi/UyjWKqTFnWZnvnZejfb0jDdTnMDUzX
dtpgVzJ8BpCCwwC+vEuUEetrAB36c4ld4Zd/7BngWm5Sn7krK+2twooeckQak6+f
-----END CERTIFICATE-----