Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/NZPdudvFc3tgy-sEBsclSWTQh3I.roa
File:                     NZPdudvFc3tgy-sEBsclSWTQh3I.roa (raw, json)
Hash identifier:          ueqRUCWrY217AtpksM2c8dNtAdiGvK14ZfrIT+Iva4E=
Subject key identifier:   35:93:DD:B9:DB:C5:73:7B:60:CB:EB:04:06:C7:25:49:64:D0:87:72
Certificate issuer:       /CN=3b637ccf393f52e0b56fb58ee35af54411daf644
Certificate serial:       018CC56E2143F5CF1695A5C11AF6A73E6370
Authority key identifier: 3B:63:7C:CF:39:3F:52:E0:B5:6F:B5:8E:E3:5A:F5:44:11:DA:F6:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O2N8zzk_UuC1b7WO41r1RBHa9kQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/NZPdudvFc3tgy-sEBsclSWTQh3I.roa
Signing time:             Mon 01 Jan 2024 14:29:38 +0000
ROA not before:           Mon 01 Jan 2024 14:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204732
IP address blocks:        185.63.72.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/O2N8zzk_UuC1b7WO41r1RBHa9kQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/O2N8zzk_UuC1b7WO41r1RBHa9kQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O2N8zzk_UuC1b7WO41r1RBHa9kQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 27 Jun 2024 05:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:21:43:f5:cf:16:95:a5:c1:1a:f6:a7:3e:63:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b637ccf393f52e0b56fb58ee35af54411daf644
        Validity
            Not Before: Jan  1 14:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3593ddb9dbc5737b60cbeb0406c7254964d08772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:15:53:1e:88:7f:d9:d9:69:65:93:16:74:36:
                    56:34:9e:6c:33:6e:c3:41:70:01:1a:5c:23:68:1e:
                    b3:85:50:9e:4d:ec:b3:40:90:4f:fd:2a:c1:66:4c:
                    05:c4:39:ef:a1:0d:5b:6d:26:b6:73:25:55:34:f6:
                    99:73:1e:e0:e3:51:23:e5:73:c6:63:a4:03:ee:3d:
                    fb:64:19:81:74:54:96:13:11:4b:c8:aa:3d:6a:f9:
                    39:2a:37:dd:6c:e5:ea:f7:59:91:e0:1c:b3:49:e2:
                    7e:3f:45:30:7b:ad:83:23:ba:d9:53:f8:56:f9:a9:
                    08:36:29:b2:58:6f:e2:b3:43:94:a1:d0:59:d5:15:
                    88:0a:34:db:1f:f2:00:61:bb:aa:40:41:80:39:2a:
                    1c:63:f0:4d:e2:30:20:a9:4a:46:8e:f3:6c:0e:29:
                    6f:97:0c:01:11:d0:55:ae:f3:24:96:72:3f:ac:8b:
                    08:44:5d:b8:57:fa:ac:77:f5:e6:b7:21:d1:f2:a4:
                    97:14:c8:a1:ba:f8:03:da:22:7c:0c:b7:ec:a7:6f:
                    3e:58:f8:98:61:ca:a3:24:ad:35:42:bd:88:bd:d4:
                    7a:66:cb:bd:92:02:cf:00:d4:28:0b:54:59:70:e2:
                    63:7d:bc:89:f3:a5:c3:d7:91:d9:fe:81:18:f4:ca:
                    3a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:93:DD:B9:DB:C5:73:7B:60:CB:EB:04:06:C7:25:49:64:D0:87:72
            X509v3 Authority Key Identifier:
                keyid:3B:63:7C:CF:39:3F:52:E0:B5:6F:B5:8E:E3:5A:F5:44:11:DA:F6:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O2N8zzk_UuC1b7WO41r1RBHa9kQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/NZPdudvFc3tgy-sEBsclSWTQh3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9c5c1f-f4b6-45a8-9c9f-30733d370df3/1/O2N8zzk_UuC1b7WO41r1RBHa9kQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:5b:fe:a1:e9:01:5c:f5:c3:32:0e:eb:62:69:a4:7e:e2:2e:
         c6:51:be:a5:90:c6:47:e6:8e:86:f5:60:e8:07:70:dd:53:89:
         ca:ba:c2:2b:08:4a:bb:a4:0c:5d:a1:19:1c:88:b3:0b:5c:c1:
         13:fd:f4:c9:63:b2:dc:85:5e:81:17:3f:cb:b3:3e:a9:c4:c3:
         6f:83:58:9f:58:93:d7:88:ea:6c:fa:9f:ac:26:5f:ef:2d:49:
         da:34:4f:ee:5a:0b:cf:5f:b5:78:b7:8a:a5:81:d8:24:b9:8c:
         33:d8:fc:85:74:8f:fc:32:82:0b:bb:cc:a7:29:ef:cf:dc:cf:
         40:b5:ea:92:84:a7:45:83:04:96:a7:4a:44:94:4b:67:19:78:
         5f:d0:68:1b:35:b9:05:c4:2c:e0:04:8f:1a:5a:4a:bd:63:e4:
         75:4c:69:bb:ec:9d:5e:a5:ad:81:65:5f:22:6b:3f:cd:b8:d7:
         3a:a8:5e:06:07:99:6b:13:55:f8:e4:f7:7d:dc:cc:18:2a:3a:
         7a:ba:40:78:29:6b:68:75:95:52:da:7a:b6:80:73:0b:77:df:
         8a:55:e8:d8:22:12:39:4c:ac:0e:06:59:de:d8:8e:1b:5e:ea:
         6f:7b:d5:f9:1f:f3:b8:f6:50:33:22:ee:1a:fe:d1:d8:1b:b9:
         50:e2:54:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiFD9c8WlaXBGvanPmNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNjM3Y2NmMzkzZjUyZTBiNTZmYjU4ZWUzNWFmNTQ0MTFk
YWY2NDQwHhcNMjQwMTAxMTQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTkzZGRiOWRiYzU3MzdiNjBjYmViMDQwNmM3MjU0OTY0ZDA4NzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxVTHoh/2dlpZZMWdDZWNJ5sM27D
QXABGlwjaB6zhVCeTeyzQJBP/SrBZkwFxDnvoQ1bbSa2cyVVNPaZcx7g41Ej5XPG
Y6QD7j37ZBmBdFSWExFLyKo9avk5KjfdbOXq91mR4ByzSeJ+P0Uwe62DI7rZU/hW
+akINimyWG/is0OUodBZ1RWICjTbH/IAYbuqQEGAOSocY/BN4jAgqUpGjvNsDilv
lwwBEdBVrvMklnI/rIsIRF24V/qsd/XmtyHR8qSXFMihuvgD2iJ8DLfsp28+WPiY
YcqjJK01Qr2IvdR6Zsu9kgLPANQoC1RZcOJjfbyJ86XD15HZ/oEY9Mo6AQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWT3bnbxXN7YMvrBAbHJUlk0IdyMB8GA1UdIwQY
MBaAFDtjfM85P1LgtW+1juNa9UQR2vZEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzJOOHp6a19VdUMxYjdXTzQxcjFSQkhhOWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85YzVjMWYtZjRiNi00NWE4LTljOWYt
MzA3MzNkMzcwZGYzLzEvTlpQZHVkdkZjM3RneS1zRUJzY2xTV1RRaDNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85YzVjMWYtZjRiNi00NWE4LTljOWYtMzA3MzNkMzcwZGYz
LzEvTzJOOHp6a19VdUMxYjdXTzQxcjFSQkhhOWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuT9IMA0G
CSqGSIb3DQEBCwUAA4IBAQCWW/6h6QFc9cMyDutiaaR+4i7GUb6lkMZH5o6G9WDo
B3DdU4nKusIrCEq7pAxdoRkciLMLXMET/fTJY7LchV6BFz/Lsz6pxMNvg1ifWJPX
iOps+p+sJl/vLUnaNE/uWgvPX7V4t4qlgdgkuYwz2PyFdI/8MoILu8ynKe/P3M9A
teqShKdFgwSWp0pElEtnGXhf0GgbNbkFxCzgBI8aWkq9Y+R1TGm77J1epa2BZV8i
az/NuNc6qF4GB5lrE1X45Pd93MwYKjp6ukB4KWtodZVS2nq2gHMLd9+KVejYIhI5
TKwOBlne2I4bXupve9X5H/O49lAzIu4a/tHYG7lQ4lTQ
-----END CERTIFICATE-----