Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/NS3PLsvPHZ5BNMXscaI6lUiQ-_0.roa
File:                     NS3PLsvPHZ5BNMXscaI6lUiQ-_0.roa (raw, json)
Hash identifier:          ifHPopmI8C/fWhHZ7kUlh0L0Qv3UiOcYMZNGauolx84=
Subject key identifier:   35:2D:CF:2E:CB:CF:1D:9E:41:34:C5:EC:71:A2:3A:95:48:90:FB:FD
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       0194236A430975B538D830C87FB017E6409E
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/NS3PLsvPHZ5BNMXscaI6lUiQ-_0.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12843
IP address blocks:        212.114.32.0/21 maxlen: 21
                          2a00:9300::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:43:09:75:b5:38:d8:30:c8:7f:b0:17:e6:40:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=352dcf2ecbcf1d9e4134c5ec71a23a954890fbfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:af:00:2f:e0:50:c2:54:0b:46:2d:79:30:84:
                    73:d5:4f:ba:d3:f6:f2:92:5a:cc:5c:6f:8c:04:e9:
                    a4:b0:3b:83:56:52:25:94:d3:8a:a3:11:ff:f7:de:
                    e1:8f:a5:5e:b9:b5:06:4e:de:7b:88:d6:f2:a1:93:
                    2d:e8:77:d5:51:cd:bb:28:a1:21:34:f3:41:ba:f6:
                    61:cc:9d:df:f5:63:5e:22:28:3c:65:0d:13:da:04:
                    85:97:5c:2e:93:df:6c:6f:f2:39:2b:4f:77:2b:d4:
                    c0:cb:9e:77:97:b5:c9:bb:fb:2b:6c:9c:e9:e3:3d:
                    a9:4a:cc:17:8d:37:38:6f:ad:62:d4:62:c6:3a:19:
                    dd:01:2a:54:24:0d:66:7b:ed:40:7b:95:b4:d9:cf:
                    f8:ae:74:55:ce:86:f3:17:86:9a:85:2a:46:d7:6a:
                    d8:c1:a0:7f:41:22:2b:af:88:8b:13:14:3e:91:43:
                    2a:4e:84:78:94:f5:f3:27:20:62:f0:38:5c:af:aa:
                    59:4f:04:03:29:be:19:c9:d6:42:31:2c:9e:25:06:
                    b2:a2:4b:2c:64:be:c4:d2:af:aa:b8:f1:e3:0a:a1:
                    59:4c:83:08:41:8f:f2:6c:4c:82:b0:96:c8:03:41:
                    ff:ec:43:a4:ae:b8:ca:fb:17:06:10:fa:ee:11:e2:
                    05:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2D:CF:2E:CB:CF:1D:9E:41:34:C5:EC:71:A2:3A:95:48:90:FB:FD
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/NS3PLsvPHZ5BNMXscaI6lUiQ-_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.32.0/21
                IPv6:
                  2a00:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:cc:52:a3:02:61:e8:e7:b1:98:4a:bb:f2:3d:d6:4c:ae:2f:
         c1:d8:d7:e0:6f:3a:a4:c4:82:bf:b2:71:67:77:2d:3a:55:e5:
         1a:45:55:78:a5:c6:d4:57:ca:50:56:1d:2b:df:7f:f9:3d:cc:
         93:2f:b5:d2:70:a1:0e:91:a5:f5:cf:ed:29:51:a7:fa:18:68:
         d0:25:ff:bc:9d:0c:23:ee:28:63:e1:d9:5c:1a:3c:21:55:44:
         05:3a:89:2b:dd:42:28:c2:98:4c:89:ff:97:3b:41:7c:9b:73:
         8e:aa:b7:ea:20:cc:24:ab:54:59:06:20:05:1c:99:70:85:29:
         77:d3:85:db:6e:bb:38:3b:de:ea:f5:57:7d:c6:48:c3:46:c2:
         59:53:73:78:c2:04:96:d8:87:6e:0e:80:3f:bc:ab:f8:c9:75:
         5c:6a:fd:0e:8e:cc:f5:04:e3:f1:ac:57:02:56:74:dc:eb:aa:
         87:4e:48:86:2d:cf:b3:b3:43:16:18:39:cb:ed:64:5d:f9:38:
         59:04:d4:25:5e:3c:2a:ff:4d:56:40:ee:32:c0:2b:a1:91:c1:
         dd:fe:14:6b:24:4b:96:67:5f:8e:c2:3f:e3:a2:5d:56:4a:08:
         de:79:9f:b8:cb:5c:3f:be:66:24:91:d5:f9:38:3d:b1:60:f3:
         c7:84:eb:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjakMJdbU42DDIf7AX5kCeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJkY2YyZWNiY2YxZDllNDEzNGM1ZWM3MWEyM2E5NTQ4OTBmYmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0a8AL+BQwlQLRi15MIRz1U+60/by
klrMXG+MBOmksDuDVlIllNOKoxH/997hj6VeubUGTt57iNbyoZMt6HfVUc27KKEh
NPNBuvZhzJ3f9WNeIig8ZQ0T2gSFl1wuk99sb/I5K093K9TAy553l7XJu/srbJzp
4z2pSswXjTc4b61i1GLGOhndASpUJA1me+1Ae5W02c/4rnRVzobzF4aahSpG12rY
waB/QSIrr4iLExQ+kUMqToR4lPXzJyBi8Dhcr6pZTwQDKb4ZydZCMSyeJQayokss
ZL7E0q+quPHjCqFZTIMIQY/ybEyCsJbIA0H/7EOkrrjK+xcGEPruEeIFywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDUtzy7Lzx2eQTTF7HGiOpVIkPv9MB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEvTlMzUExzdlBIWjVCTk1Yc2NhSTZsVWlRLV8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUtYmFiNDhkYWI0Y2Q2
LzEvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQD1HIgMA0E
AgACMAcDBQAqAJMAMA0GCSqGSIb3DQEBCwUAA4IBAQCgzFKjAmHo57GYSrvyPdZM
ri/B2NfgbzqkxIK/snFndy06VeUaRVV4pcbUV8pQVh0r33/5PcyTL7XScKEOkaX1
z+0pUaf6GGjQJf+8nQwj7ihj4dlcGjwhVUQFOokr3UIowphMif+XO0F8m3OOqrfq
IMwkq1RZBiAFHJlwhSl304Xbbrs4O97q9Vd9xkjDRsJZU3N4wgSW2IduDoA/vKv4
yXVcav0Ojsz1BOPxrFcCVnTc66qHTkiGLc+zs0MWGDnL7WRd+ThZBNQlXjwq/01W
QO4ywCuhkcHd/hRrJEuWZ1+Owj/jol1WSgjeeZ+4y1w/vmYkkdX5OD2xYPPHhOtV
-----END CERTIFICATE-----