Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/1bcb11-341d-4ade-96b1-d2269f40f3d3/1/NkspXGe77cleEiq64dGs3MRqQUI.roa
File:                     NkspXGe77cleEiq64dGs3MRqQUI.roa (raw, json)
Hash identifier:          z2YLPiKFkxBjF/PzlU4f11EVQUEpkUBMyHDkkaZw4i0=
Subject key identifier:   36:4B:29:5C:67:BB:ED:C9:5E:12:2A:BA:E1:D1:AC:DC:C4:6A:41:42
Certificate issuer:       /CN=e260b0a55a87a66e90a7463a01da6414fc034d3d
Certificate serial:       01927BB9E089097C2BC37B2AED1D8DC02642
Authority key identifier: E2:60:B0:A5:5A:87:A6:6E:90:A7:46:3A:01:DA:64:14:FC:03:4D:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4mCwpVqHpm6Qp0Y6AdpkFPwDTT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/1bcb11-341d-4ade-96b1-d2269f40f3d3/1/NkspXGe77cleEiq64dGs3MRqQUI.roa
Signing time:             Fri 11 Oct 2024 13:17:12 +0000
ROA not before:           Fri 11 Oct 2024 13:17:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        176.61.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/1bcb11-341d-4ade-96b1-d2269f40f3d3/1/4mCwpVqHpm6Qp0Y6AdpkFPwDTT0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/1bcb11-341d-4ade-96b1-d2269f40f3d3/1/4mCwpVqHpm6Qp0Y6AdpkFPwDTT0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4mCwpVqHpm6Qp0Y6AdpkFPwDTT0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7b:b9:e0:89:09:7c:2b:c3:7b:2a:ed:1d:8d:c0:26:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e260b0a55a87a66e90a7463a01da6414fc034d3d
        Validity
            Not Before: Oct 11 13:17:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=364b295c67bbedc95e122abae1d1acdcc46a4142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:0b:40:8e:79:95:8d:5f:da:79:6f:b0:7a:3b:
                    10:38:ec:eb:9b:2d:48:c5:36:ff:87:fc:34:20:55:
                    7b:34:7b:3b:bb:23:38:8e:f0:61:76:40:07:8a:e4:
                    a2:9b:78:cc:17:30:90:24:9e:7d:e8:be:c3:2b:61:
                    7d:39:b8:35:4b:10:63:ff:53:18:fd:00:15:2a:98:
                    cb:7c:67:b1:6f:86:d2:5a:63:c8:b7:1a:a7:61:04:
                    04:ac:74:b9:a1:68:a2:c7:88:f6:a6:23:e2:3a:04:
                    0e:80:00:1e:59:bb:6d:71:dc:fc:41:85:5f:b2:f2:
                    c5:30:51:f9:2c:a9:22:89:de:b0:7c:7b:0e:65:35:
                    36:58:fd:00:91:53:09:ee:f2:96:b4:17:df:a8:64:
                    ca:66:9e:ab:fc:78:2c:8d:09:4d:a8:c0:d2:85:b7:
                    13:7a:23:1d:45:f9:a1:78:7e:e4:b4:0b:9a:84:15:
                    8c:69:87:c4:3a:85:6c:7d:ef:7e:71:19:87:e5:d4:
                    43:ce:1b:8f:a4:3f:84:1b:3e:a8:86:d8:58:21:7f:
                    18:62:43:6b:5a:4e:1a:34:12:a3:c5:04:15:12:a8:
                    b4:db:ce:56:37:6c:2d:91:90:7c:52:b3:9a:29:f1:
                    f7:b0:e0:bf:ce:3c:69:3c:c2:93:66:ab:11:d2:15:
                    08:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4B:29:5C:67:BB:ED:C9:5E:12:2A:BA:E1:D1:AC:DC:C4:6A:41:42
            X509v3 Authority Key Identifier:
                keyid:E2:60:B0:A5:5A:87:A6:6E:90:A7:46:3A:01:DA:64:14:FC:03:4D:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4mCwpVqHpm6Qp0Y6AdpkFPwDTT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/1bcb11-341d-4ade-96b1-d2269f40f3d3/1/NkspXGe77cleEiq64dGs3MRqQUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/1bcb11-341d-4ade-96b1-d2269f40f3d3/1/4mCwpVqHpm6Qp0Y6AdpkFPwDTT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.61.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:3a:cd:e1:51:00:6b:61:5b:ce:98:07:11:98:20:05:0d:07:
         55:44:b9:1d:12:78:ba:47:c6:76:3d:7f:be:60:e0:7e:24:0d:
         b1:f2:29:e0:d9:25:d4:e0:50:51:e4:38:78:30:73:bf:c4:ac:
         9b:0d:f2:f6:7c:21:a2:9c:58:08:89:01:8a:4f:d3:20:a6:cf:
         c0:4e:22:bc:92:d0:32:b2:c2:f7:a2:cd:5b:e9:2d:d0:02:48:
         a9:f5:59:15:26:38:73:5a:46:be:22:2f:0a:9b:78:13:eb:d9:
         90:40:1d:9f:bf:bd:86:d8:08:df:2d:94:25:b1:7d:cb:80:6b:
         6b:8a:78:18:40:31:5c:78:48:ad:bd:4e:3d:7e:f0:24:87:28:
         5c:89:a8:66:0e:16:78:47:de:b1:ba:31:8c:cb:08:bd:3d:c9:
         10:2f:e9:a5:49:86:4f:f6:4b:f1:1d:c7:25:2a:58:04:c4:0c:
         b3:88:36:63:bc:1c:a4:d5:99:18:54:67:a2:5d:a4:05:52:e7:
         11:e5:68:1d:28:31:5e:4b:3e:2d:fe:21:0a:cd:31:7d:90:be:
         e6:fc:bd:5f:f4:ac:56:20:e8:52:e4:9b:58:e1:5a:1f:6e:74:
         db:2b:6d:f0:6c:80:72:08:20:6f:e3:e8:5b:2a:47:34:06:08:
         a6:6f:fb:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ7ueCJCXwrw3sq7R2NwCZCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNjBiMGE1NWE4N2E2NmU5MGE3NDYzYTAxZGE2NDE0ZmMw
MzRkM2QwHhcNMjQxMDExMTMxNzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjRiMjk1YzY3YmJlZGM5NWUxMjJhYmFlMWQxYWNkY2M0NmE0MTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gtAjnmVjV/aeW+wejsQOOzrmy1I
xTb/h/w0IFV7NHs7uyM4jvBhdkAHiuSim3jMFzCQJJ596L7DK2F9Obg1SxBj/1MY
/QAVKpjLfGexb4bSWmPItxqnYQQErHS5oWiix4j2piPiOgQOgAAeWbttcdz8QYVf
svLFMFH5LKkiid6wfHsOZTU2WP0AkVMJ7vKWtBffqGTKZp6r/HgsjQlNqMDShbcT
eiMdRfmheH7ktAuahBWMaYfEOoVsfe9+cRmH5dRDzhuPpD+EGz6ohthYIX8YYkNr
Wk4aNBKjxQQVEqi0285WN2wtkZB8UrOaKfH3sOC/zjxpPMKTZqsR0hUI7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZLKVxnu+3JXhIquuHRrNzEakFCMB8GA1UdIwQY
MBaAFOJgsKVah6ZukKdGOgHaZBT8A009MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG1Dd3BWcUhwbTZRcDBZNkFkcGtGUHdEVFQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8xYmNiMTEtMzQxZC00YWRlLTk2YjEt
ZDIyNjlmNDBmM2QzLzEvTmtzcFhHZTc3Y2xlRWlxNjRkR3MzTVJxUVVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8xYmNiMTEtMzQxZC00YWRlLTk2YjEtZDIyNjlmNDBmM2Qz
LzEvNG1Dd3BWcUhwbTZRcDBZNkFkcGtGUHdEVFQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsD2BMA0G
CSqGSIb3DQEBCwUAA4IBAQAZOs3hUQBrYVvOmAcRmCAFDQdVRLkdEni6R8Z2PX++
YOB+JA2x8ing2SXU4FBR5Dh4MHO/xKybDfL2fCGinFgIiQGKT9Mgps/ATiK8ktAy
ssL3os1b6S3QAkip9VkVJjhzWka+Ii8Km3gT69mQQB2fv72G2AjfLZQlsX3LgGtr
ingYQDFceEitvU49fvAkhyhciahmDhZ4R96xujGMywi9PckQL+mlSYZP9kvxHccl
KlgExAyziDZjvByk1ZkYVGeiXaQFUucR5WgdKDFeSz4t/iEKzTF9kL7m/L1f9KxW
IOhS5JtY4VofbnTbK23wbIByCCBv4+hbKkc0Bgimb/tZ
-----END CERTIFICATE-----