Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/685232-f5e9-41d6-b94e-1a6ce5faf916/1/Nw1XQa-CejdNt6fVlx4QzZHNHNQ.roa
File:                     Nw1XQa-CejdNt6fVlx4QzZHNHNQ.roa (raw, json)
Hash identifier:          FoOVcmzYEhwtBVrwTB6UTxhVEwARWI2KwomzjXMUwX0=
Subject key identifier:   37:0D:57:41:AF:82:7A:37:4D:B7:A7:D5:97:1E:10:CD:91:CD:1C:D4
Certificate issuer:       /CN=c9c02d4234f4bc4e87555e41c03779d5620a5155
Certificate serial:       018E14282DF6523B2AE9CD33C91BEAC1E70B
Authority key identifier: C9:C0:2D:42:34:F4:BC:4E:87:55:5E:41:C0:37:79:D5:62:0A:51:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ycAtQjT0vE6HVV5BwDd51WIKUVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/685232-f5e9-41d6-b94e-1a6ce5faf916/1/Nw1XQa-CejdNt6fVlx4QzZHNHNQ.roa
Signing time:             Wed 06 Mar 2024 14:26:01 +0000
ROA not before:           Wed 06 Mar 2024 14:26:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49775
IP address blocks:        185.194.252.0/22 maxlen: 22
                          185.194.252.0/23 maxlen: 23
                          185.194.254.0/23 maxlen: 23
                          185.194.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/685232-f5e9-41d6-b94e-1a6ce5faf916/1/ycAtQjT0vE6HVV5BwDd51WIKUVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/685232-f5e9-41d6-b94e-1a6ce5faf916/1/ycAtQjT0vE6HVV5BwDd51WIKUVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ycAtQjT0vE6HVV5BwDd51WIKUVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:28:2d:f6:52:3b:2a:e9:cd:33:c9:1b:ea:c1:e7:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9c02d4234f4bc4e87555e41c03779d5620a5155
        Validity
            Not Before: Mar  6 14:26:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=370d5741af827a374db7a7d5971e10cd91cd1cd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:32:ee:6a:43:72:eb:7d:c7:61:5a:4c:50:d2:
                    11:0e:40:38:e2:92:d9:36:cb:e7:1c:de:d1:27:39:
                    88:64:15:31:d5:e1:45:8a:f9:6a:f3:f3:0e:e8:4f:
                    05:dd:d5:99:d6:f6:d4:66:bb:23:05:d5:8d:f7:47:
                    c6:24:a9:89:5d:6e:fc:74:e4:5d:ea:01:d8:e2:1e:
                    42:33:81:8d:68:de:c5:e8:44:61:f2:0d:d4:2d:c7:
                    54:6d:24:0f:1a:6f:e2:da:4c:83:ff:09:0b:08:fe:
                    c8:c7:f9:1a:b1:22:d0:06:d7:1d:bd:15:ed:56:98:
                    01:5a:ac:76:7d:25:56:ae:93:93:e0:f7:63:46:cf:
                    5a:92:06:a6:de:c8:27:48:89:72:aa:93:d8:54:e8:
                    08:30:dd:dc:a9:4e:97:a7:eb:b0:29:72:b1:06:33:
                    ee:6a:90:e9:49:30:15:dc:84:9e:4c:3a:83:63:30:
                    c1:84:44:aa:3e:b9:a2:83:d9:19:fc:f4:16:c5:58:
                    bb:c4:71:d6:1f:0f:01:f7:6b:13:a4:46:13:ca:02:
                    61:3e:fd:d3:c5:00:b9:1a:ff:45:e4:2f:ca:cb:40:
                    a9:02:26:d5:77:29:fc:8c:35:73:51:7b:61:e4:88:
                    e4:a8:76:84:55:75:47:1d:af:b6:0e:e8:7f:2c:f1:
                    a4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:0D:57:41:AF:82:7A:37:4D:B7:A7:D5:97:1E:10:CD:91:CD:1C:D4
            X509v3 Authority Key Identifier:
                keyid:C9:C0:2D:42:34:F4:BC:4E:87:55:5E:41:C0:37:79:D5:62:0A:51:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ycAtQjT0vE6HVV5BwDd51WIKUVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/685232-f5e9-41d6-b94e-1a6ce5faf916/1/Nw1XQa-CejdNt6fVlx4QzZHNHNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/685232-f5e9-41d6-b94e-1a6ce5faf916/1/ycAtQjT0vE6HVV5BwDd51WIKUVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:21:f5:72:d7:08:d5:dd:7a:3a:4c:36:f7:6b:9d:cf:2e:e0:
         0d:fb:a1:1a:85:55:11:09:20:42:57:03:59:ca:c4:a4:7f:32:
         5b:c8:27:ca:5c:25:14:56:09:1c:a1:7c:5b:20:2b:48:54:51:
         89:fa:2e:6e:34:90:db:7f:20:e9:94:96:b3:ff:85:cf:ae:f4:
         aa:a6:dc:cf:1c:0a:47:62:31:7c:2e:45:3d:c6:90:00:f2:e9:
         90:08:ea:2b:ac:f1:a1:0e:51:65:ad:9d:b9:3d:2a:82:39:d9:
         7a:02:52:b1:40:85:05:e3:74:ae:e4:30:a9:b1:db:b6:64:e9:
         f6:a5:50:28:3f:c8:11:50:1b:49:d9:07:0e:45:d6:0f:f2:4f:
         76:66:62:a4:75:4f:33:57:93:97:d0:d9:1c:9e:f3:22:29:96:
         48:1e:68:b1:70:0a:a9:40:96:98:7a:7d:91:f8:ba:b9:f0:43:
         9f:e1:5b:47:83:cd:4a:66:5c:32:83:88:ca:e3:f7:27:9a:42:
         7e:07:ea:ec:f4:d4:b6:fd:1b:3f:17:3d:ed:ea:7f:5a:7a:74:
         bb:3a:49:a2:c5:e1:2f:10:4f:7f:43:4b:2a:a6:e8:df:36:9a:
         bf:47:fd:c1:d7:b9:74:4f:00:13:06:be:f8:5d:60:ed:3a:47:
         3c:42:92:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4UKC32Ujsq6c0zyRvqwecLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YzAyZDQyMzRmNGJjNGU4NzU1NWU0MWMwMzc3OWQ1NjIw
YTUxNTUwHhcNMjQwMzA2MTQyNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzBkNTc0MWFmODI3YTM3NGRiN2E3ZDU5NzFlMTBjZDkxY2QxY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzLuakNy633HYVpMUNIRDkA44pLZ
NsvnHN7RJzmIZBUx1eFFivlq8/MO6E8F3dWZ1vbUZrsjBdWN90fGJKmJXW78dORd
6gHY4h5CM4GNaN7F6ERh8g3ULcdUbSQPGm/i2kyD/wkLCP7Ix/kasSLQBtcdvRXt
VpgBWqx2fSVWrpOT4PdjRs9akgam3sgnSIlyqpPYVOgIMN3cqU6Xp+uwKXKxBjPu
apDpSTAV3ISeTDqDYzDBhESqPrmig9kZ/PQWxVi7xHHWHw8B92sTpEYTygJhPv3T
xQC5Gv9F5C/Ky0CpAibVdyn8jDVzUXth5IjkqHaEVXVHHa+2Duh/LPGkawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcNV0Gvgno3Tben1ZceEM2RzRzUMB8GA1UdIwQY
MBaAFMnALUI09LxOh1VeQcA3edViClFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWNBdFFqVDB2RTZIVlY1QndEZDUxV0lLVVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS82ODUyMzItZjVlOS00MWQ2LWI5NGUt
MWE2Y2U1ZmFmOTE2LzEvTncxWFFhLUNlamROdDZmVmx4NFF6WkhOSE5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS82ODUyMzItZjVlOS00MWQ2LWI5NGUtMWE2Y2U1ZmFmOTE2
LzEveWNBdFFqVDB2RTZIVlY1QndEZDUxV0lLVVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCucL8MA0G
CSqGSIb3DQEBCwUAA4IBAQB1IfVy1wjV3Xo6TDb3a53PLuAN+6EahVURCSBCVwNZ
ysSkfzJbyCfKXCUUVgkcoXxbICtIVFGJ+i5uNJDbfyDplJaz/4XPrvSqptzPHApH
YjF8LkU9xpAA8umQCOorrPGhDlFlrZ25PSqCOdl6AlKxQIUF43Su5DCpsdu2ZOn2
pVAoP8gRUBtJ2QcORdYP8k92ZmKkdU8zV5OX0NkcnvMiKZZIHmixcAqpQJaYen2R
+Lq58EOf4VtHg81KZlwyg4jK4/cnmkJ+B+rs9NS2/Rs/Fz3t6n9aenS7OkmixeEv
EE9/Q0sqpujfNpq/R/3B17l0TwATBr74XWDtOkc8QpKq
-----END CERTIFICATE-----