Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/210043-5afe-456f-b3f8-dc027432e5a5/1/NQPUXX-7KDJmGl0hBmmNLhWfMIQ.roa
File:                     NQPUXX-7KDJmGl0hBmmNLhWfMIQ.roa (raw, json)
Hash identifier:          oZ6h25S8Al7NeR/0obMZC7VvAgiF9UAGG+3U8X+31Nw=
Subject key identifier:   35:03:D4:5D:7F:BB:28:32:66:1A:5D:21:06:69:8D:2E:15:9F:30:84
Certificate issuer:       /CN=00e0b4eaf9c10791f353ba987de2360a138417bd
Certificate serial:       018CC72776DD0DA3190855EA54ED38B61275
Authority key identifier: 00:E0:B4:EA:F9:C1:07:91:F3:53:BA:98:7D:E2:36:0A:13:84:17:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AOC06vnBB5HzU7qYfeI2ChOEF70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/210043-5afe-456f-b3f8-dc027432e5a5/1/NQPUXX-7KDJmGl0hBmmNLhWfMIQ.roa
Signing time:             Mon 01 Jan 2024 22:31:41 +0000
ROA not before:           Mon 01 Jan 2024 22:31:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        195.93.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/210043-5afe-456f-b3f8-dc027432e5a5/1/AOC06vnBB5HzU7qYfeI2ChOEF70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/210043-5afe-456f-b3f8-dc027432e5a5/1/AOC06vnBB5HzU7qYfeI2ChOEF70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AOC06vnBB5HzU7qYfeI2ChOEF70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:76:dd:0d:a3:19:08:55:ea:54:ed:38:b6:12:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00e0b4eaf9c10791f353ba987de2360a138417bd
        Validity
            Not Before: Jan  1 22:31:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3503d45d7fbb2832661a5d2106698d2e159f3084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:7c:b5:61:79:14:16:ce:06:9d:4f:24:84:56:
                    95:66:74:e9:63:2f:84:c4:9d:36:df:b3:8f:f8:95:
                    8b:cf:9a:97:2c:f6:8b:d1:c5:f3:63:f0:dd:9d:e2:
                    bf:fb:dd:b3:b3:d6:e6:47:89:9d:9e:5b:86:c6:ff:
                    a0:57:80:fd:76:f7:0f:e7:48:d9:2c:96:a8:89:46:
                    5e:18:18:7d:1f:0c:5a:b5:f6:7c:86:6b:c7:38:4a:
                    35:23:ac:2b:6e:e5:dc:81:7a:9e:92:56:38:75:55:
                    59:51:3b:21:2c:32:4b:46:79:f2:4c:60:64:b3:8f:
                    da:98:f0:c9:4a:f1:f4:76:4c:57:f6:a5:60:71:e6:
                    ce:9f:d0:fd:15:80:83:b7:e5:d0:cb:86:92:de:83:
                    ab:99:e9:77:4c:63:87:2f:56:e7:42:b2:b7:80:f0:
                    61:c8:05:b0:a7:bf:14:79:ac:14:b9:e4:85:36:75:
                    a4:a1:78:a5:c0:01:88:98:e3:77:23:d8:52:b3:07:
                    a7:9c:50:84:d1:a3:48:d0:8c:9c:ba:d4:ab:db:c4:
                    43:45:17:32:8f:dd:c5:c8:05:50:d7:68:91:bd:d7:
                    84:35:82:4d:84:82:c5:a3:da:4a:18:39:83:2f:ac:
                    47:62:bc:ba:1b:83:b2:db:00:53:ec:38:cc:6e:4a:
                    44:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:03:D4:5D:7F:BB:28:32:66:1A:5D:21:06:69:8D:2E:15:9F:30:84
            X509v3 Authority Key Identifier:
                keyid:00:E0:B4:EA:F9:C1:07:91:F3:53:BA:98:7D:E2:36:0A:13:84:17:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOC06vnBB5HzU7qYfeI2ChOEF70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/210043-5afe-456f-b3f8-dc027432e5a5/1/NQPUXX-7KDJmGl0hBmmNLhWfMIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/210043-5afe-456f-b3f8-dc027432e5a5/1/AOC06vnBB5HzU7qYfeI2ChOEF70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.93.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:b7:7c:cf:53:20:16:d1:e2:5e:b3:03:0a:49:a8:43:3a:16:
         98:b7:b0:bb:d4:ed:c8:70:11:e1:88:8f:f5:da:cf:83:8a:da:
         41:4e:45:85:8f:50:c7:d9:14:4d:10:9e:17:ca:52:c8:60:4a:
         ad:b8:db:6a:f0:0c:41:19:5a:21:11:2e:e8:08:b2:89:06:2f:
         37:cd:b5:db:b9:09:e3:bd:6c:58:db:95:6f:36:8f:f9:79:16:
         f2:20:a1:67:3a:24:5b:8d:ea:90:8a:43:9e:d6:3f:f4:7b:d8:
         4e:d1:58:02:76:73:cd:d7:e8:8f:d1:b9:41:96:fa:f2:24:07:
         5e:4e:80:81:77:77:69:c7:f6:cf:09:8f:18:48:3c:2a:c9:49:
         29:d4:65:2b:fb:9f:37:98:cf:7f:25:12:d2:30:00:bf:4d:65:
         9b:c7:d9:f5:f3:a9:61:d9:dc:c6:6c:58:1b:b5:25:10:31:6b:
         5f:d7:74:fb:d6:0b:16:ed:84:6b:10:74:79:81:d6:38:fc:ca:
         1e:4a:b8:87:5a:3d:7a:1e:bb:5f:07:ac:65:49:2e:e4:22:c7:
         6c:a8:b0:d4:86:ee:3c:ce:ca:f2:f4:ff:1d:6d:0d:0c:f4:a2:
         19:27:65:e6:af:02:66:4d:79:94:1d:5b:2d:bb:03:d4:d9:da:
         01:d6:24:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ3bdDaMZCFXqVO04thJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTBiNGVhZjljMTA3OTFmMzUzYmE5ODdkZTIzNjBhMTM4
NDE3YmQwHhcNMjQwMTAxMjIzMTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTAzZDQ1ZDdmYmIyODMyNjYxYTVkMjEwNjY5OGQyZTE1OWYzMDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXy1YXkUFs4GnU8khFaVZnTpYy+E
xJ0237OP+JWLz5qXLPaL0cXzY/DdneK/+92zs9bmR4mdnluGxv+gV4D9dvcP50jZ
LJaoiUZeGBh9HwxatfZ8hmvHOEo1I6wrbuXcgXqeklY4dVVZUTshLDJLRnnyTGBk
s4/amPDJSvH0dkxX9qVgcebOn9D9FYCDt+XQy4aS3oOrmel3TGOHL1bnQrK3gPBh
yAWwp78UeawUueSFNnWkoXilwAGImON3I9hSswennFCE0aNI0IycutSr28RDRRcy
j93FyAVQ12iRvdeENYJNhILFo9pKGDmDL6xHYry6G4Oy2wBT7DjMbkpEuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUD1F1/uygyZhpdIQZpjS4VnzCEMB8GA1UdIwQY
MBaAFADgtOr5wQeR81O6mH3iNgoThBe9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9DMDZ2bkJCNUh6VTdxWWZlSTJDaE9FRjcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8yMTAwNDMtNWFmZS00NTZmLWIzZjgt
ZGMwMjc0MzJlNWE1LzEvTlFQVVhYLTdLREptR2wwaEJtbU5MaFdmTUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8yMTAwNDMtNWFmZS00NTZmLWIzZjgtZGMwMjc0MzJlNWE1
LzEvQU9DMDZ2bkJCNUh6VTdxWWZlSTJDaE9FRjcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw13jMA0G
CSqGSIb3DQEBCwUAA4IBAQCQt3zPUyAW0eJeswMKSahDOhaYt7C71O3IcBHhiI/1
2s+DitpBTkWFj1DH2RRNEJ4XylLIYEqtuNtq8AxBGVohES7oCLKJBi83zbXbuQnj
vWxY25VvNo/5eRbyIKFnOiRbjeqQikOe1j/0e9hO0VgCdnPN1+iP0blBlvryJAde
ToCBd3dpx/bPCY8YSDwqyUkp1GUr+583mM9/JRLSMAC/TWWbx9n186lh2dzGbFgb
tSUQMWtf13T71gsW7YRrEHR5gdY4/MoeSriHWj16HrtfB6xlSS7kIsdsqLDUhu48
zsry9P8dbQ0M9KIZJ2XmrwJmTXmUHVstuwPU2doB1iTW
-----END CERTIFICATE-----