Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/2b4823-4262-47d3-9b80-66758479863e/1/NZb3HyPVI_VSF2frXSYsx9jf8Z0.roa
File:                     NZb3HyPVI_VSF2frXSYsx9jf8Z0.roa (raw, json)
Hash identifier:          F3h+T2MMsQMXsTkFfX5gTaULgMtsRu/0M8JOJI+yUD0=
Subject key identifier:   35:96:F7:1F:23:D5:23:F5:52:17:67:EB:5D:26:2C:C7:D8:DF:F1:9D
Certificate issuer:       /CN=dcdcb02b61e3a15eac373b992e0e1a6545f61e52
Certificate serial:       018CC26D1310D7E92978E50A95C1552751A0
Authority key identifier: DC:DC:B0:2B:61:E3:A1:5E:AC:37:3B:99:2E:0E:1A:65:45:F6:1E:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3NywK2HjoV6sNzuZLg4aZUX2HlI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/2b4823-4262-47d3-9b80-66758479863e/1/NZb3HyPVI_VSF2frXSYsx9jf8Z0.roa
Signing time:             Mon 01 Jan 2024 00:29:37 +0000
ROA not before:           Mon 01 Jan 2024 00:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209799
IP address blocks:        194.15.100.0/22 maxlen: 24
                          92.243.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/2b4823-4262-47d3-9b80-66758479863e/1/3NywK2HjoV6sNzuZLg4aZUX2HlI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/2b4823-4262-47d3-9b80-66758479863e/1/3NywK2HjoV6sNzuZLg4aZUX2HlI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3NywK2HjoV6sNzuZLg4aZUX2HlI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:13:10:d7:e9:29:78:e5:0a:95:c1:55:27:51:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcdcb02b61e3a15eac373b992e0e1a6545f61e52
        Validity
            Not Before: Jan  1 00:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3596f71f23d523f5521767eb5d262cc7d8dff19d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:73:70:af:99:16:36:cf:0e:21:a7:87:5b:ae:
                    e9:47:25:d0:9a:3e:31:e2:bf:33:8e:1e:85:f3:82:
                    6a:b3:24:56:b0:c2:1f:b0:d9:ce:65:4d:84:ba:eb:
                    5d:dd:45:9a:a7:67:65:1f:61:30:54:8b:60:58:77:
                    ee:b2:6c:f3:3b:3e:23:66:5d:73:6c:cd:78:18:2c:
                    32:24:80:00:ff:a3:65:fa:85:15:7e:8f:b6:83:ce:
                    62:52:16:19:e8:f0:fa:43:4c:8e:a3:55:dc:27:34:
                    32:ec:43:3f:d8:1b:d8:30:b4:11:7b:96:36:92:b7:
                    d4:87:3c:ee:6d:85:0e:98:37:2d:5e:f7:fa:25:71:
                    3b:a5:95:e9:98:5e:da:73:cd:15:cc:ea:77:d7:d5:
                    8c:08:2a:1b:c1:2c:66:d2:6a:66:16:21:35:82:66:
                    7e:f4:7b:3d:2b:3e:a4:48:85:25:1c:96:b3:fd:9b:
                    8c:12:07:e2:c0:c8:94:08:a4:e5:5b:20:33:b0:1d:
                    69:29:f5:f6:b8:7a:70:ee:65:e2:d7:df:c1:1b:9a:
                    59:5d:ed:0b:c0:00:83:c5:09:ce:4b:07:31:ba:06:
                    c4:f3:97:74:ba:a9:56:a0:c2:3e:30:62:ed:19:69:
                    61:32:be:35:76:e4:cd:b0:c4:df:47:a1:6d:1e:ad:
                    e7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:96:F7:1F:23:D5:23:F5:52:17:67:EB:5D:26:2C:C7:D8:DF:F1:9D
            X509v3 Authority Key Identifier:
                keyid:DC:DC:B0:2B:61:E3:A1:5E:AC:37:3B:99:2E:0E:1A:65:45:F6:1E:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3NywK2HjoV6sNzuZLg4aZUX2HlI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/2b4823-4262-47d3-9b80-66758479863e/1/NZb3HyPVI_VSF2frXSYsx9jf8Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/2b4823-4262-47d3-9b80-66758479863e/1/3NywK2HjoV6sNzuZLg4aZUX2HlI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.243.85.0/24
                  194.15.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:08:e8:78:c9:21:e5:c8:c7:b9:4d:72:db:49:53:f4:78:99:
         4e:eb:e0:3e:91:83:e0:2e:7c:c7:c0:a8:a1:28:d7:f7:08:d1:
         5d:67:b7:32:55:f3:79:d4:70:b6:b8:c7:02:05:77:fd:f2:f4:
         b3:be:78:cf:f3:06:d1:3e:16:78:b9:70:47:b7:63:de:6f:84:
         fe:6a:85:b4:c7:60:b0:84:c0:df:62:02:32:86:f3:da:0e:4d:
         b3:0b:d6:7f:d3:a4:fc:86:e4:dd:a3:7c:d3:8c:36:58:f9:1b:
         10:ce:e9:71:bc:cb:c2:b9:03:76:a8:31:96:1f:aa:99:2b:80:
         08:22:3d:0b:67:6a:a7:05:17:11:b8:cc:e3:c1:e1:11:4f:08:
         d1:07:1c:d1:04:be:c4:4f:57:64:a3:5a:0c:df:04:28:f2:47:
         05:8f:97:bc:6c:46:2e:c1:54:fd:2c:d6:9f:fb:27:59:45:c6:
         44:95:69:14:d6:a8:12:39:24:8c:01:f5:0b:b9:77:ec:35:6d:
         8a:1c:59:0e:1c:ea:d7:94:24:83:cf:ad:b1:93:09:a4:d7:31:
         9e:89:24:a3:b6:82:ad:ec:49:7e:9f:f0:7b:2a:87:24:ad:78:
         20:16:5e:f1:6d:45:ba:e2:e4:88:07:6e:94:96:e4:2e:07:0f:
         06:a2:06:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbRMQ1+kpeOUKlcFVJ1GgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZGNiMDJiNjFlM2ExNWVhYzM3M2I5OTJlMGUxYTY1NDVm
NjFlNTIwHhcNMjQwMTAxMDAyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTk2ZjcxZjIzZDUyM2Y1NTIxNzY3ZWI1ZDI2MmNjN2Q4ZGZmMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHNwr5kWNs8OIaeHW67pRyXQmj4x
4r8zjh6F84JqsyRWsMIfsNnOZU2Euutd3UWap2dlH2EwVItgWHfusmzzOz4jZl1z
bM14GCwyJIAA/6Nl+oUVfo+2g85iUhYZ6PD6Q0yOo1XcJzQy7EM/2BvYMLQRe5Y2
krfUhzzubYUOmDctXvf6JXE7pZXpmF7ac80VzOp319WMCCobwSxm0mpmFiE1gmZ+
9Hs9Kz6kSIUlHJaz/ZuMEgfiwMiUCKTlWyAzsB1pKfX2uHpw7mXi19/BG5pZXe0L
wACDxQnOSwcxugbE85d0uqlWoMI+MGLtGWlhMr41duTNsMTfR6FtHq3neQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDWW9x8j1SP1Uhdn610mLMfY3/GdMB8GA1UdIwQY
MBaAFNzcsCth46FerDc7mS4OGmVF9h5SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM055d0sySGpvVjZzTnp1WkxnNGFaVVgySGxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS8yYjQ4MjMtNDI2Mi00N2QzLTliODAt
NjY3NTg0Nzk4NjNlLzEvTlpiM0h5UFZJX1ZTRjJmclhTWXN4OWpmOFowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS8yYjQ4MjMtNDI2Mi00N2QzLTliODAtNjY3NTg0Nzk4NjNl
LzEvM055d0sySGpvVjZzTnp1WkxnNGFaVVgySGxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXPNVAwQC
wg9kMA0GCSqGSIb3DQEBCwUAA4IBAQAfCOh4ySHlyMe5TXLbSVP0eJlO6+A+kYPg
LnzHwKihKNf3CNFdZ7cyVfN51HC2uMcCBXf98vSzvnjP8wbRPhZ4uXBHt2Peb4T+
aoW0x2CwhMDfYgIyhvPaDk2zC9Z/06T8huTdo3zTjDZY+RsQzulxvMvCuQN2qDGW
H6qZK4AIIj0LZ2qnBRcRuMzjweERTwjRBxzRBL7ET1dko1oM3wQo8kcFj5e8bEYu
wVT9LNaf+ydZRcZElWkU1qgSOSSMAfULuXfsNW2KHFkOHOrXlCSDz62xkwmk1zGe
iSSjtoKt7El+n/B7KockrXggFl7xbUW64uSIB26UluQuBw8Gogat
-----END CERTIFICATE-----