Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/NWE2cPAGC6ekQTNRvvQBDzNbBCI.roa
File:                     NWE2cPAGC6ekQTNRvvQBDzNbBCI.roa (raw, json)
Hash identifier:          JYQddBlHcfkT0Fzf5sAV677CRcrL/4SBQbdwWPIfTIA=
Subject key identifier:   35:61:36:70:F0:06:0B:A7:A4:41:33:51:BE:F4:01:0F:33:5B:04:22
Certificate issuer:       /CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
Certificate serial:       018CC56E14CB37B74B6A0C8FFAD69685F79D
Authority key identifier: FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/NWE2cPAGC6ekQTNRvvQBDzNbBCI.roa
Signing time:             Mon 01 Jan 2024 14:29:35 +0000
ROA not before:           Mon 01 Jan 2024 14:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        195.210.112.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:14:cb:37:b7:4b:6a:0c:8f:fa:d6:96:85:f7:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=feb84d9f8f9e33156589a5ebf722203a899e0a51
        Validity
            Not Before: Jan  1 14:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35613670f0060ba7a4413351bef4010f335b0422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:bc:ae:d3:62:06:e4:73:ca:05:15:71:4a:a6:
                    6f:d7:c4:a6:cd:b3:d0:04:c7:01:29:2b:dc:ba:d8:
                    ac:29:18:a3:30:f4:0e:6a:bf:b9:cb:f6:35:f3:b1:
                    6d:d0:dc:07:e1:e0:83:fa:ec:ee:3b:85:0d:f9:8f:
                    5a:7b:da:b1:3d:12:fa:19:70:5b:7b:09:c8:09:a8:
                    19:80:2a:06:29:e3:b1:24:0a:da:73:ae:ab:7d:0d:
                    f0:93:a9:c6:59:23:7c:3b:45:4b:37:a7:9a:5d:f9:
                    ee:84:fa:36:b9:96:7b:3e:0d:cb:29:a7:3a:8c:76:
                    cf:4e:74:ae:30:e8:ae:ee:10:26:e2:b5:fa:09:a2:
                    cb:b4:59:89:43:ed:50:28:db:07:47:45:17:39:ee:
                    25:ab:89:71:c3:b3:e2:b3:09:33:04:da:2e:10:c3:
                    9a:a0:0f:03:08:3d:1c:d3:95:a9:7b:3f:86:8f:23:
                    77:5b:78:ac:1b:6e:ab:5f:87:0b:94:a7:4a:dc:3b:
                    5a:57:0d:bb:c1:89:58:9a:40:c2:17:05:cd:b6:87:
                    eb:60:e0:a8:9c:fc:69:33:9f:e9:11:54:84:2d:70:
                    74:3d:3e:3e:e5:da:25:9a:10:64:98:97:51:5f:49:
                    13:40:3c:61:b0:ba:66:b4:b4:63:9f:40:9c:92:31:
                    08:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:61:36:70:F0:06:0B:A7:A4:41:33:51:BE:F4:01:0F:33:5B:04:22
            X509v3 Authority Key Identifier:
                keyid:FE:B8:4D:9F:8F:9E:33:15:65:89:A5:EB:F7:22:20:3A:89:9E:0A:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_rhNn4-eMxVliaXr9yIgOomeClE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/NWE2cPAGC6ekQTNRvvQBDzNbBCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/614e5c-299b-4fd4-a0bc-af1cc2317e39/1/_rhNn4-eMxVliaXr9yIgOomeClE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.210.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e0:a9:10:04:b8:95:e5:c8:79:cb:53:9d:df:e4:24:21:85:30:
         7e:74:35:8f:60:63:ae:bf:0d:99:35:05:46:6b:15:df:c0:1d:
         ab:b7:6b:66:06:f9:9c:06:c5:65:31:68:0d:82:8f:4b:c2:85:
         33:36:94:ab:4e:da:26:6e:c9:18:6f:e2:99:1d:7d:49:2e:4c:
         9d:3b:2a:55:f2:cc:5f:e4:90:05:ad:37:63:89:ba:72:08:7b:
         8b:02:67:85:ee:f7:c3:fe:93:89:b6:71:ec:77:83:ab:43:ef:
         a1:dc:1e:e8:cb:c4:0b:3e:d0:90:61:75:1b:01:a8:ce:82:ec:
         a2:2c:5f:a2:1d:07:24:07:e9:28:09:75:39:e9:05:e1:77:c7:
         3b:aa:78:6f:af:3b:98:9c:a6:eb:b1:39:69:aa:62:16:d4:c4:
         45:f5:40:dc:ed:bd:13:ba:3c:79:fb:7c:33:d7:9b:8f:6c:69:
         34:99:c0:7e:ad:1d:4b:7d:90:5f:20:d3:e0:9a:9d:13:cb:4f:
         85:0b:9e:de:10:ef:66:16:51:32:a4:b6:6c:73:e6:24:72:87:
         ba:ec:9e:e6:9d:14:00:8c:5d:1b:c1:f8:ce:3a:10:46:c4:86:
         3b:12:76:73:76:c3:80:58:52:ea:3c:15:c4:54:2f:ec:60:21:
         f1:8a:23:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhTLN7dLagyP+taWhfedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlYjg0ZDlmOGY5ZTMzMTU2NTg5YTVlYmY3MjIyMDNhODk5
ZTBhNTEwHhcNMjQwMTAxMTQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTYxMzY3MGYwMDYwYmE3YTQ0MTMzNTFiZWY0MDEwZjMzNWIwNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+byu02IG5HPKBRVxSqZv18SmzbPQ
BMcBKSvcutisKRijMPQOar+5y/Y187Ft0NwH4eCD+uzuO4UN+Y9ae9qxPRL6GXBb
ewnICagZgCoGKeOxJArac66rfQ3wk6nGWSN8O0VLN6eaXfnuhPo2uZZ7Pg3LKac6
jHbPTnSuMOiu7hAm4rX6CaLLtFmJQ+1QKNsHR0UXOe4lq4lxw7PiswkzBNouEMOa
oA8DCD0c05Wpez+GjyN3W3isG26rX4cLlKdK3DtaVw27wYlYmkDCFwXNtofrYOCo
nPxpM5/pEVSELXB0PT4+5dolmhBkmJdRX0kTQDxhsLpmtLRjn0CckjEI7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVhNnDwBgunpEEzUb70AQ8zWwQiMB8GA1UdIwQY
MBaAFP64TZ+PnjMVZYml6/ciIDqJngpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMt
YWYxY2MyMzE3ZTM5LzEvTldFMmNQQUdDNmVrUVROUnZ2UUJEek5iQkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82MTRlNWMtMjk5Yi00ZmQ0LWEwYmMtYWYxY2MyMzE3ZTM5
LzEvX3JoTm40LWVNeFZsaWFYcjl5SWdPb21lQ2xFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9JwMA0G
CSqGSIb3DQEBCwUAA4IBAQDgqRAEuJXlyHnLU53f5CQhhTB+dDWPYGOuvw2ZNQVG
axXfwB2rt2tmBvmcBsVlMWgNgo9LwoUzNpSrTtombskYb+KZHX1JLkydOypV8sxf
5JAFrTdjibpyCHuLAmeF7vfD/pOJtnHsd4OrQ++h3B7oy8QLPtCQYXUbAajOguyi
LF+iHQckB+koCXU56QXhd8c7qnhvrzuYnKbrsTlpqmIW1MRF9UDc7b0Tujx5+3wz
15uPbGk0mcB+rR1LfZBfINPgmp0Ty0+FC57eEO9mFlEypLZsc+Ykcoe67J7mnRQA
jF0bwfjOOhBGxIY7EnZzdsOAWFLqPBXEVC/sYCHxiiM6
-----END CERTIFICATE-----