Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/NQGu67d_KGZmkLOQ0K-q_5tZYHs.roa
File:                     NQGu67d_KGZmkLOQ0K-q_5tZYHs.roa (raw, json)
Hash identifier:          F6Lq5HJTu8Nd0w0MO9reifB1cCzq5i1+YvTF3ad6TsU=
Subject key identifier:   35:01:AE:EB:B7:7F:28:66:66:90:B3:90:D0:AF:AA:FF:9B:59:60:7B
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018F0647584D689EBE7B48D9D1DC29F12372
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/NQGu67d_KGZmkLOQ0K-q_5tZYHs.roa
Signing time:             Mon 22 Apr 2024 14:48:10 +0000
ROA not before:           Mon 22 Apr 2024 14:48:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208949
IP address blocks:        160.19.94.0/24 maxlen: 24
                          160.19.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:47:58:4d:68:9e:be:7b:48:d9:d1:dc:29:f1:23:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 22 14:48:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3501aeebb77f28666690b390d0afaaff9b59607b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7e:97:4e:04:28:6e:50:f9:1b:cf:36:ec:f6:
                    94:b1:d5:17:a0:b2:57:94:93:6e:e6:73:fc:d0:d6:
                    11:fe:12:be:43:6c:6e:4f:02:c8:c3:03:b0:e2:9f:
                    b4:e4:97:42:32:cc:17:7e:38:7d:b5:08:c8:a4:85:
                    70:63:b4:d3:af:e6:f7:5e:26:20:33:6c:4a:81:f4:
                    89:fc:1c:db:2a:82:11:13:4e:88:57:71:5c:00:ed:
                    8b:94:55:3c:c8:2c:dd:50:99:02:74:fa:f6:cd:d8:
                    5f:d8:24:25:88:65:30:51:02:de:5c:b0:6b:31:d9:
                    d4:f9:82:7b:52:a5:bc:44:6b:1e:cd:15:af:5b:0e:
                    49:24:e9:fd:00:5a:9b:40:ff:c2:e7:a1:cc:e0:d6:
                    dc:d5:2d:e8:48:16:11:d0:93:15:24:9c:19:04:bf:
                    e1:69:fc:74:29:5d:0e:f4:c2:32:9b:16:c5:ab:a3:
                    2d:ef:bd:ac:8c:67:d9:ca:df:05:8c:70:f3:0f:32:
                    d3:b1:11:cb:10:df:1b:90:cd:0f:aa:86:e9:d2:d0:
                    10:e5:c0:d0:f4:7f:83:59:1b:33:46:4c:56:f2:45:
                    3b:a4:c4:d7:7b:43:09:b5:84:5b:6b:12:bc:bd:6d:
                    28:a9:1d:33:0d:85:62:7e:fe:7b:1c:c1:20:42:40:
                    b4:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:01:AE:EB:B7:7F:28:66:66:90:B3:90:D0:AF:AA:FF:9B:59:60:7B
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/NQGu67d_KGZmkLOQ0K-q_5tZYHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.19.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:8a:82:a0:ab:96:a0:36:86:a6:61:3c:72:2a:fc:52:89:f0:
         80:f6:ab:68:00:6c:4c:8a:fe:0f:58:fb:6c:c0:13:46:95:a5:
         f1:f1:cc:e0:aa:7b:62:60:03:1c:71:dd:84:ca:74:44:71:20:
         34:4a:bb:be:a6:e6:60:eb:e9:38:f9:39:bd:f6:70:be:41:7c:
         6e:07:72:a9:45:d6:f7:54:6d:4c:09:d2:8e:ef:42:f7:86:58:
         bf:f0:27:e6:36:fb:2c:4c:c4:9b:00:8d:a3:11:0b:ad:c3:de:
         5d:6c:d5:c0:2d:b8:e6:62:2e:15:79:a1:9f:27:be:46:4a:e6:
         43:5c:9d:90:a4:d0:ba:3f:0b:eb:dc:5a:bc:95:bc:9a:20:a7:
         74:fa:aa:e3:c0:e1:53:9b:94:82:53:a2:81:ed:49:71:94:ce:
         be:d8:18:ff:4a:40:5e:1c:74:19:97:d5:1d:df:0b:a9:c1:3e:
         86:2d:fd:f2:e4:ba:ab:1d:54:e5:76:59:5f:c3:54:8a:e3:d9:
         a4:dc:cb:e2:dd:5c:d1:02:2c:78:86:d8:a4:98:d4:91:7c:bc:
         9b:6f:a3:32:9b:d7:aa:04:97:4a:79:55:42:2a:10:bb:48:c1:
         9c:91:6b:8f:9b:c6:65:bb:ea:ef:a3:8c:6f:e6:13:b8:95:50:
         89:1f:4c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8GR1hNaJ6+e0jZ0dwp8SNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDIyMTQ0ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTAxYWVlYmI3N2YyODY2NjY5MGIzOTBkMGFmYWFmZjliNTk2MDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlH6XTgQoblD5G8827PaUsdUXoLJX
lJNu5nP80NYR/hK+Q2xuTwLIwwOw4p+05JdCMswXfjh9tQjIpIVwY7TTr+b3XiYg
M2xKgfSJ/BzbKoIRE06IV3FcAO2LlFU8yCzdUJkCdPr2zdhf2CQliGUwUQLeXLBr
MdnU+YJ7UqW8RGsezRWvWw5JJOn9AFqbQP/C56HM4Nbc1S3oSBYR0JMVJJwZBL/h
afx0KV0O9MIymxbFq6Mt772sjGfZyt8FjHDzDzLTsRHLEN8bkM0Pqobp0tAQ5cDQ
9H+DWRszRkxW8kU7pMTXe0MJtYRbaxK8vW0oqR0zDYVifv57HMEgQkC0bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUBruu3fyhmZpCzkNCvqv+bWWB7MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTlFHdTY3ZF9LR1pta0xPUTBLLXFfNXRaWUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBoBNeMA0G
CSqGSIb3DQEBCwUAA4IBAQCHioKgq5agNoamYTxyKvxSifCA9qtoAGxMiv4PWPts
wBNGlaXx8czgqntiYAMccd2EynREcSA0Sru+puZg6+k4+Tm99nC+QXxuB3KpRdb3
VG1MCdKO70L3hli/8CfmNvssTMSbAI2jEQutw95dbNXALbjmYi4VeaGfJ75GSuZD
XJ2QpNC6Pwvr3Fq8lbyaIKd0+qrjwOFTm5SCU6KB7UlxlM6+2Bj/SkBeHHQZl9Ud
3wupwT6GLf3y5LqrHVTldllfw1SK49mk3Mvi3VzRAix4htikmNSRfLybb6Mym9eq
BJdKeVVCKhC7SMGckWuPm8Zlu+rvo4xv5hO4lVCJH0yZ
-----END CERTIFICATE-----