Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/NAgQc3aql-gPXw9hF6ln_evN2Dc.roa
File:                     NAgQc3aql-gPXw9hF6ln_evN2Dc.roa (raw, json)
Hash identifier:          0EdK/EiK0jX6cY0+WkXAJx6kGqD4VFLqkOxKx4w5BX8=
Subject key identifier:   34:08:10:73:76:AA:97:E8:0F:5F:0F:61:17:A9:67:FD:EB:CD:D8:37
Certificate issuer:       /CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Certificate serial:       018CC5DBEC4B1B61C04409764E4FAAFF24FA
Authority key identifier: CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/NAgQc3aql-gPXw9hF6ln_evN2Dc.roa
Signing time:             Mon 01 Jan 2024 16:29:33 +0000
ROA not before:           Mon 01 Jan 2024 16:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29611
IP address blocks:        185.138.196.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:ec:4b:1b:61:c0:44:09:76:4e:4f:aa:ff:24:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
        Validity
            Not Before: Jan  1 16:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3408107376aa97e80f5f0f6117a967fdebcdd837
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5a:a7:66:58:7c:f4:cb:6a:75:c9:85:4a:6e:
                    1d:a2:0d:15:8c:89:bc:ad:20:1a:17:5d:26:a2:a3:
                    c4:78:a4:ec:d8:d1:db:ed:99:4e:95:29:db:77:c9:
                    ff:22:81:1b:7b:e8:02:95:5c:ca:c0:48:00:26:39:
                    88:4b:4e:f1:8f:c2:a2:d8:30:8d:81:41:ab:b9:5a:
                    0d:20:90:07:94:9b:12:cc:53:e0:64:bb:91:ca:83:
                    54:48:ab:46:ac:2d:2b:44:6e:fd:43:ef:08:90:19:
                    cc:ec:b5:90:10:18:6f:38:1c:92:b4:15:8b:28:c3:
                    1d:34:4d:d5:a7:fe:27:7a:a8:aa:ed:9e:04:d8:aa:
                    7a:72:41:61:f4:a0:1f:cc:c1:2d:c4:b4:93:31:fc:
                    10:38:18:3f:3d:6b:2c:c3:93:74:62:4b:89:c2:82:
                    34:ae:a9:35:d4:33:ab:3a:70:c9:72:e4:00:b4:f3:
                    00:84:46:a2:55:a7:ad:2c:a6:79:9b:f3:91:a0:0a:
                    3a:00:a6:ab:53:f7:6a:25:06:89:fa:60:c7:2c:b4:
                    61:2d:4f:28:48:ef:f1:f6:17:f4:d2:67:ae:27:59:
                    4c:d8:11:3f:2d:66:4b:e4:c6:f7:0a:fa:11:44:08:
                    6d:3a:ec:fa:d8:10:53:99:ef:70:74:1a:e7:a2:e7:
                    20:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:08:10:73:76:AA:97:E8:0F:5F:0F:61:17:A9:67:FD:EB:CD:D8:37
            X509v3 Authority Key Identifier:
                keyid:CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/NAgQc3aql-gPXw9hF6ln_evN2Dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:24:62:7c:7a:b3:59:9e:60:4f:1f:4e:90:27:54:06:54:18:
         ad:e9:34:f4:2b:dd:b2:68:86:4f:80:a5:5d:27:fd:46:a4:32:
         54:58:bb:80:16:99:4a:7b:b4:e0:6a:ea:e8:16:49:9a:e7:47:
         23:cf:ed:a4:0e:6d:42:dc:60:6f:de:00:b7:cb:71:0c:48:b8:
         5e:91:6b:db:4a:91:63:20:f7:43:0a:8d:75:d6:e7:3c:60:69:
         71:5b:1d:aa:f8:c0:c8:a0:d0:25:94:fb:cf:fd:d9:51:22:d5:
         79:be:8b:88:44:af:ac:06:40:56:cf:e7:fa:85:78:87:f7:6c:
         73:20:95:34:b6:b2:d3:84:bd:7d:d7:d4:bd:93:dd:8a:8a:9e:
         61:26:b3:18:42:40:ac:27:67:01:e7:0d:63:cf:53:76:d4:e9:
         dc:3d:14:db:22:12:f2:04:aa:db:0e:ca:3c:25:e2:03:3c:2a:
         8c:a6:c6:90:f0:80:e1:e7:c9:09:06:ec:75:fe:88:0b:c3:13:
         61:76:c9:bd:0a:04:e3:59:5e:b7:80:a0:c4:49:2f:19:9b:04:
         ba:12:82:99:58:b7:86:b6:fc:2a:ff:51:31:2f:22:08:c7:c2:
         8b:be:51:f3:25:74:eb:cd:dd:cc:9a:f5:14:ba:71:3a:83:33:
         bb:9c:02:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF2+xLG2HARAl2Tk+q/yT6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTYyNTU0MWFiZTZiNWFlOTI2NjcxZGFhOThhYzZkODA5
NGVjN2IwHhcNMjQwMTAxMTYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA4MTA3Mzc2YWE5N2U4MGY1ZjBmNjExN2E5NjdmZGViY2RkODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVqnZlh89MtqdcmFSm4dog0VjIm8
rSAaF10moqPEeKTs2NHb7ZlOlSnbd8n/IoEbe+gClVzKwEgAJjmIS07xj8Ki2DCN
gUGruVoNIJAHlJsSzFPgZLuRyoNUSKtGrC0rRG79Q+8IkBnM7LWQEBhvOByStBWL
KMMdNE3Vp/4neqiq7Z4E2Kp6ckFh9KAfzMEtxLSTMfwQOBg/PWssw5N0YkuJwoI0
rqk11DOrOnDJcuQAtPMAhEaiVaetLKZ5m/ORoAo6AKarU/dqJQaJ+mDHLLRhLU8o
SO/x9hf00meuJ1lM2BE/LWZL5Mb3CvoRRAhtOuz62BBTme9wdBrnoucgdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQIEHN2qpfoD18PYRepZ/3rzdg3MB8GA1UdIwQY
MBaAFM+WJVQavmta6SZnHaqYrG2AlOx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2Et
NTlhNTg3YmRlYTNmLzEvTkFnUWMzYXFsLWdQWHc5aEY2bG5fZXZOMkRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2EtNTlhNTg3YmRlYTNm
LzEvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYrEMA0G
CSqGSIb3DQEBCwUAA4IBAQB6JGJ8erNZnmBPH06QJ1QGVBit6TT0K92yaIZPgKVd
J/1GpDJUWLuAFplKe7TgauroFkma50cjz+2kDm1C3GBv3gC3y3EMSLhekWvbSpFj
IPdDCo111uc8YGlxWx2q+MDIoNAllPvP/dlRItV5vouIRK+sBkBWz+f6hXiH92xz
IJU0trLThL1919S9k92Kip5hJrMYQkCsJ2cB5w1jz1N21OncPRTbIhLyBKrbDso8
JeIDPCqMpsaQ8IDh58kJBux1/ogLwxNhdsm9CgTjWV63gKDESS8ZmwS6EoKZWLeG
tvwq/1ExLyIIx8KLvlHzJXTrzd3MmvUUunE6gzO7nAL1
-----END CERTIFICATE-----