Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/NZ_VJNXAdV28Uswc4U9C7rGrHjk.roa
File:                     NZ_VJNXAdV28Uswc4U9C7rGrHjk.roa (raw, json)
Hash identifier:          ROszkRlCdNDmh34pJK48pAv0LCnZZl3yVqCLjVjsOag=
Subject key identifier:   35:9F:D5:24:D5:C0:75:5D:BC:52:CC:1C:E1:4F:42:EE:B1:AB:1E:39
Certificate issuer:       /CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
Certificate serial:       018CC6B928D91B4200B2AC21E88C4C9984F3
Authority key identifier: 4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/NZ_VJNXAdV28Uswc4U9C7rGrHjk.roa
Signing time:             Mon 01 Jan 2024 20:31:12 +0000
ROA not before:           Mon 01 Jan 2024 20:31:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210546
IP address blocks:        185.149.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:28:d9:1b:42:00:b2:ac:21:e8:8c:4c:99:84:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f2d30b015ec4ef1b0d3c64347c8d1b598293f81
        Validity
            Not Before: Jan  1 20:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=359fd524d5c0755dbc52cc1ce14f42eeb1ab1e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:44:93:be:c6:91:00:f7:a2:a5:76:43:ee:37:
                    6f:4b:26:ac:a5:1e:19:8d:08:60:9a:95:39:22:f5:
                    c3:68:1d:ca:04:59:c8:3b:b1:2e:d8:30:57:a4:8e:
                    d9:4b:70:60:27:c7:71:3c:09:49:d6:cb:c8:fa:b3:
                    69:75:98:38:ef:aa:b3:f8:79:5c:5b:ae:b9:78:85:
                    08:f6:7c:4c:50:f7:04:7b:d8:c6:1e:ac:ec:ee:2d:
                    19:6c:44:d5:11:03:70:d4:9e:56:dd:ef:fc:0b:10:
                    6f:60:5f:22:39:f8:40:bc:d4:7e:74:0c:db:33:34:
                    15:e0:34:fc:1d:2e:02:91:ab:e5:ee:05:67:c2:0d:
                    ae:f0:90:d1:5f:76:2e:48:c8:4d:32:d7:cb:8e:20:
                    4f:c2:24:ba:ff:ae:9b:27:4a:24:01:47:95:43:97:
                    fc:2c:87:53:49:5b:24:7a:0e:9a:01:53:0d:47:b0:
                    be:8f:c9:6c:9a:af:a9:3f:54:8c:23:3e:76:0f:d5:
                    32:73:04:c0:b8:56:2c:44:65:b3:7a:d7:51:98:26:
                    28:b2:b3:d7:60:64:00:5c:03:e3:f2:21:ec:1b:9a:
                    0a:05:2f:92:4d:aa:df:76:db:90:cc:1c:3f:dc:8f:
                    36:0f:e8:d6:ce:24:18:3c:67:46:86:1a:a9:08:2d:
                    72:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9F:D5:24:D5:C0:75:5D:BC:52:CC:1C:E1:4F:42:EE:B1:AB:1E:39
            X509v3 Authority Key Identifier:
                keyid:4F:2D:30:B0:15:EC:4E:F1:B0:D3:C6:43:47:C8:D1:B5:98:29:3F:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/NZ_VJNXAdV28Uswc4U9C7rGrHjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/9668b5-5e92-4c18-9bb9-4351bbf74c0c/1/Ty0wsBXsTvGw08ZDR8jRtZgpP4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:e2:3e:56:55:07:da:15:b4:38:3c:86:f0:41:47:0b:8c:74:
         41:d5:dd:65:da:a4:09:31:fd:a5:70:58:f7:25:14:49:50:f9:
         10:03:80:b5:ec:70:3c:d6:96:e1:7d:8f:2a:ee:9c:c3:7f:f1:
         6e:e4:53:bd:d1:25:a8:9e:ad:10:bc:cf:03:f4:f0:b2:fd:eb:
         c4:7e:06:78:5a:6b:4d:fc:91:8d:40:fb:c3:6c:3a:5e:16:9d:
         25:90:27:62:61:32:c5:25:6b:c7:40:e9:4b:f7:ec:67:7f:91:
         b6:f9:f3:42:fe:2e:0f:44:37:c0:bf:ba:82:e1:85:2f:25:df:
         28:f6:b7:02:bd:8f:9b:c0:60:e0:53:1d:85:ca:7b:3a:9e:25:
         b4:84:db:7c:07:cf:1b:0e:8f:52:e9:99:d9:75:99:8f:e7:bc:
         e3:5f:ef:cf:04:c5:99:9f:88:c3:ea:78:9d:7b:56:20:5c:da:
         c9:98:e8:85:0e:39:86:43:be:65:5e:64:63:b7:ee:df:e7:77:
         03:8e:92:e9:c5:61:cf:d4:33:21:b4:2f:e7:fd:9d:91:06:9e:
         5a:60:2b:5c:fb:62:4d:42:5d:33:98:c4:ef:a8:b4:8d:2f:c3:
         ce:16:90:6d:e4:92:e2:08:3b:53:3e:92:c9:c1:13:5e:7e:93:
         b1:53:21:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuSjZG0IAsqwh6IxMmYTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMmQzMGIwMTVlYzRlZjFiMGQzYzY0MzQ3YzhkMWI1OTgy
OTNmODEwHhcNMjQwMTAxMjAzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTlmZDUyNGQ1YzA3NTVkYmM1MmNjMWNlMTRmNDJlZWIxYWIxZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtESTvsaRAPeipXZD7jdvSyaspR4Z
jQhgmpU5IvXDaB3KBFnIO7Eu2DBXpI7ZS3BgJ8dxPAlJ1svI+rNpdZg476qz+Hlc
W665eIUI9nxMUPcEe9jGHqzs7i0ZbETVEQNw1J5W3e/8CxBvYF8iOfhAvNR+dAzb
MzQV4DT8HS4Ckavl7gVnwg2u8JDRX3YuSMhNMtfLjiBPwiS6/66bJ0okAUeVQ5f8
LIdTSVskeg6aAVMNR7C+j8lsmq+pP1SMIz52D9UycwTAuFYsRGWzetdRmCYosrPX
YGQAXAPj8iHsG5oKBS+STarfdtuQzBw/3I82D+jWziQYPGdGhhqpCC1yIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWf1STVwHVdvFLMHOFPQu6xqx45MB8GA1UdIwQY
MBaAFE8tMLAV7E7xsNPGQ0fI0bWYKT+BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjkt
NDM1MWJiZjc0YzBjLzEvTlpfVkpOWEFkVjI4VXN3YzRVOUM3ckdySGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NjY4YjUtNWU5Mi00YzE4LTliYjktNDM1MWJiZjc0YzBj
LzEvVHkwd3NCWHNUdkd3MDhaRFI4alJ0WmdwUDRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZWSMA0G
CSqGSIb3DQEBCwUAA4IBAQBI4j5WVQfaFbQ4PIbwQUcLjHRB1d1l2qQJMf2lcFj3
JRRJUPkQA4C17HA81pbhfY8q7pzDf/Fu5FO90SWonq0QvM8D9PCy/evEfgZ4WmtN
/JGNQPvDbDpeFp0lkCdiYTLFJWvHQOlL9+xnf5G2+fNC/i4PRDfAv7qC4YUvJd8o
9rcCvY+bwGDgUx2Fyns6niW0hNt8B88bDo9S6ZnZdZmP57zjX+/PBMWZn4jD6nid
e1YgXNrJmOiFDjmGQ75lXmRjt+7f53cDjpLpxWHP1DMhtC/n/Z2RBp5aYCtc+2JN
Ql0zmMTvqLSNL8POFpBt5JLiCDtTPpLJwRNefpOxUyH7
-----END CERTIFICATE-----