Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/b64a3b-d39a-4e60-bcbd-3fbef14726c5/1/nvf_LVX7Mm77t8IYqB827q565Ww.roa
File:                     nvf_LVX7Mm77t8IYqB827q565Ww.roa (raw, json)
Hash identifier:          zYUtnamlBKPRv1oHkrfVrF30YvwJvzne7YrCh0R1qfQ=
Subject key identifier:   9E:F7:FF:2D:55:FB:32:6E:FB:B7:C2:18:A8:1F:36:EE:AE:7A:E5:6C
Certificate issuer:       /CN=3d23d5ed0a141bfb44f6935d23588aeb9136c66d
Certificate serial:       018CC8DF730AD6B910305C339AF1E9E2550B
Authority key identifier: 3D:23:D5:ED:0A:14:1B:FB:44:F6:93:5D:23:58:8A:EB:91:36:C6:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PSPV7QoUG_tE9pNdI1iK65E2xm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/b64a3b-d39a-4e60-bcbd-3fbef14726c5/1/nvf_LVX7Mm77t8IYqB827q565Ww.roa
Signing time:             Tue 02 Jan 2024 06:32:16 +0000
ROA not before:           Tue 02 Jan 2024 06:32:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        185.191.252.0/23 maxlen: 23
                          185.191.254.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/b64a3b-d39a-4e60-bcbd-3fbef14726c5/1/PSPV7QoUG_tE9pNdI1iK65E2xm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/b64a3b-d39a-4e60-bcbd-3fbef14726c5/1/PSPV7QoUG_tE9pNdI1iK65E2xm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PSPV7QoUG_tE9pNdI1iK65E2xm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 18:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:73:0a:d6:b9:10:30:5c:33:9a:f1:e9:e2:55:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d23d5ed0a141bfb44f6935d23588aeb9136c66d
        Validity
            Not Before: Jan  2 06:32:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ef7ff2d55fb326efbb7c218a81f36eeae7ae56c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1c:39:7a:fd:c4:4d:99:78:3c:2e:45:c9:67:
                    b6:4a:4c:a5:bc:de:ae:06:1c:d9:6c:c2:30:70:21:
                    b8:4a:62:cd:c9:7e:bb:8d:b4:a0:29:18:42:b3:a2:
                    93:39:ff:69:a2:ff:40:28:0d:98:7f:94:d4:91:bb:
                    37:22:54:c0:ca:87:e2:db:96:f0:ea:53:76:cf:d9:
                    d8:3d:3a:06:f4:1e:ac:eb:c2:73:7e:9e:8d:b1:1c:
                    56:79:9d:7f:ec:68:b7:41:f6:48:c4:7b:a5:5f:59:
                    e1:a4:66:9e:e8:ff:98:3e:da:73:ca:dd:8a:e6:2e:
                    9b:a0:74:fd:11:28:29:45:b6:9e:82:fe:40:15:1d:
                    ba:ee:2c:a7:5f:3c:55:ad:b0:c2:d0:a9:72:bf:94:
                    21:d8:3b:b0:b0:bd:0b:82:fe:ed:4a:89:17:0f:b4:
                    be:8e:74:59:8e:36:29:0c:8c:8b:c5:71:21:21:3b:
                    18:3f:da:84:7b:ff:bd:f1:ba:93:c7:cd:99:69:33:
                    5f:f7:c6:55:4a:7c:bc:78:50:6a:4e:05:e3:cc:53:
                    77:43:92:5d:04:9d:28:c9:71:a2:7b:ad:70:81:5b:
                    41:25:f7:b3:87:f4:e2:88:7a:29:9a:1b:04:d2:99:
                    81:0e:df:6f:39:f2:90:cd:f5:ec:c8:15:e7:cc:03:
                    d1:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:F7:FF:2D:55:FB:32:6E:FB:B7:C2:18:A8:1F:36:EE:AE:7A:E5:6C
            X509v3 Authority Key Identifier:
                keyid:3D:23:D5:ED:0A:14:1B:FB:44:F6:93:5D:23:58:8A:EB:91:36:C6:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PSPV7QoUG_tE9pNdI1iK65E2xm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/b64a3b-d39a-4e60-bcbd-3fbef14726c5/1/nvf_LVX7Mm77t8IYqB827q565Ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/b64a3b-d39a-4e60-bcbd-3fbef14726c5/1/PSPV7QoUG_tE9pNdI1iK65E2xm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:e4:d3:95:8b:c5:ee:30:ec:3f:06:28:5f:4b:b8:c5:17:4d:
         49:3d:63:db:02:f2:16:4d:05:e5:dd:aa:5f:f0:d1:8b:2a:aa:
         e5:5e:04:76:2f:aa:5e:30:56:98:98:f8:4f:fb:af:e8:ab:02:
         65:31:09:3f:3e:80:16:e5:01:9f:d2:32:1f:71:23:6e:36:2b:
         07:95:0f:26:fa:eb:9c:d0:b7:5f:69:36:0d:2d:de:11:60:67:
         39:e2:0d:74:11:7d:e4:ec:3c:6c:d0:e9:93:7b:ea:5d:d8:8a:
         5e:57:e2:eb:8d:3b:d3:fe:38:32:3a:60:e3:b5:b0:d2:a6:28:
         20:1f:91:01:36:74:a2:6f:8b:6e:b9:d2:c4:ba:db:4e:8d:7f:
         af:d6:9c:25:9d:d4:ec:a1:ee:c1:50:ac:52:be:63:5b:a5:41:
         39:71:90:a1:4a:b0:4b:0c:28:6d:0f:24:08:b7:81:b2:1c:4b:
         68:b1:dc:31:0a:33:d6:e1:d5:95:1f:d4:b4:38:b9:be:ef:6f:
         e9:4f:e6:61:fc:11:32:fd:34:16:14:50:4f:ad:ec:91:2c:00:
         c7:76:0c:3d:eb:75:50:ad:89:96:f4:f4:09:f9:2c:a9:72:5e:
         7e:89:73:31:ec:eb:f3:cc:af:8c:74:a9:c2:a8:3f:09:f6:3a:
         d7:53:e2:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI33MK1rkQMFwzmvHp4lULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMjNkNWVkMGExNDFiZmI0NGY2OTM1ZDIzNTg4YWViOTEz
NmM2NmQwHhcNMjQwMTAyMDYzMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWY3ZmYyZDU1ZmIzMjZlZmJiN2MyMThhODFmMzZlZWFlN2FlNTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhw5ev3ETZl4PC5FyWe2SkylvN6u
BhzZbMIwcCG4SmLNyX67jbSgKRhCs6KTOf9pov9AKA2Yf5TUkbs3IlTAyofi25bw
6lN2z9nYPToG9B6s68Jzfp6NsRxWeZ1/7Gi3QfZIxHulX1nhpGae6P+YPtpzyt2K
5i6boHT9ESgpRbaegv5AFR267iynXzxVrbDC0Klyv5Qh2DuwsL0Lgv7tSokXD7S+
jnRZjjYpDIyLxXEhITsYP9qEe/+98bqTx82ZaTNf98ZVSny8eFBqTgXjzFN3Q5Jd
BJ0oyXGie61wgVtBJfezh/TiiHopmhsE0pmBDt9vOfKQzfXsyBXnzAPR9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ73/y1V+zJu+7fCGKgfNu6ueuVsMB8GA1UdIwQY
MBaAFD0j1e0KFBv7RPaTXSNYiuuRNsZtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFNQVjdRb1VHX3RFOXBOZEkxaUs2NUUyeG0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9iNjRhM2ItZDM5YS00ZTYwLWJjYmQt
M2ZiZWYxNDcyNmM1LzEvbnZmX0xWWDdNbTc3dDhJWXFCODI3cTU2NVd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi9iNjRhM2ItZDM5YS00ZTYwLWJjYmQtM2ZiZWYxNDcyNmM1
LzEvUFNQVjdRb1VHX3RFOXBOZEkxaUs2NUUyeG0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub/8MA0G
CSqGSIb3DQEBCwUAA4IBAQAy5NOVi8XuMOw/BihfS7jFF01JPWPbAvIWTQXl3apf
8NGLKqrlXgR2L6peMFaYmPhP+6/oqwJlMQk/PoAW5QGf0jIfcSNuNisHlQ8m+uuc
0LdfaTYNLd4RYGc54g10EX3k7Dxs0OmTe+pd2IpeV+LrjTvT/jgyOmDjtbDSpigg
H5EBNnSib4tuudLEuttOjX+v1pwlndTsoe7BUKxSvmNbpUE5cZChSrBLDChtDyQI
t4GyHEtosdwxCjPW4dWVH9S0OLm+72/pT+Zh/BEy/TQWFFBPreyRLADHdgw963VQ
rYmW9PQJ+Sypcl5+iXMx7OvzzK+MdKnCqD8J9jrXU+KD
-----END CERTIFICATE-----