Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/NplcFubroD0c9_m5XESUogvREeU.roa
File:                     NplcFubroD0c9_m5XESUogvREeU.roa (raw, json)
Hash identifier:          fvGiAMX26rt+6MZ9wPZn53HDBw8BNzXJgc+tu8I6Vbw=
Subject key identifier:   36:99:5C:16:E6:EB:A0:3D:1C:F7:F9:B9:5C:44:94:A2:0B:D1:11:E5
Certificate issuer:       /CN=727309f110347cc61b8c27bbfbf10a6bfb408358
Certificate serial:       018CC26D6442C0AF5120EFC29F1F3614F8D5
Authority key identifier: 72:73:09:F1:10:34:7C:C6:1B:8C:27:BB:FB:F1:0A:6B:FB:40:83:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/NplcFubroD0c9_m5XESUogvREeU.roa
Signing time:             Mon 01 Jan 2024 00:29:58 +0000
ROA not before:           Mon 01 Jan 2024 00:29:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199351
IP address blocks:        2001:67c:1394::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:64:42:c0:af:51:20:ef:c2:9f:1f:36:14:f8:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=727309f110347cc61b8c27bbfbf10a6bfb408358
        Validity
            Not Before: Jan  1 00:29:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36995c16e6eba03d1cf7f9b95c4494a20bd111e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f1:2f:20:d3:a7:3d:96:54:f5:a0:59:44:d6:
                    22:9d:e4:54:be:f9:e2:f7:1f:2d:f3:67:52:dc:91:
                    ba:08:6d:d7:c2:97:bd:ed:9e:c5:36:04:b2:d9:0f:
                    b6:67:62:fa:50:10:40:7b:94:ea:3b:57:a0:3e:43:
                    fe:41:29:b3:e7:a5:94:e5:8e:fa:26:84:01:fe:66:
                    bd:6f:aa:c5:c1:fa:f9:ac:3d:3f:b7:89:d6:b7:87:
                    c2:db:2e:f9:35:b1:37:a2:9d:10:1b:08:fa:2e:72:
                    2a:62:5b:0c:06:09:79:b4:ff:ff:7f:ee:ed:6d:da:
                    32:12:cb:78:ca:91:05:a2:d0:95:29:ed:af:79:f2:
                    80:0a:82:24:33:db:2c:7f:78:5f:c0:8d:28:17:10:
                    0d:78:17:f6:0e:35:b4:47:fa:21:72:c1:d0:a8:83:
                    85:a7:76:21:5d:2a:c6:a3:c6:7a:81:ef:aa:cd:ee:
                    e7:1a:ed:93:52:aa:02:cc:4d:0a:46:5b:b3:c2:f2:
                    48:98:21:94:bd:8b:99:10:e7:c7:b8:b5:ea:dd:30:
                    0b:23:78:80:64:9d:bb:b5:9e:6d:f9:12:35:0d:11:
                    11:ab:9b:b5:8a:f7:ed:bd:7f:91:a0:2f:ca:35:f3:
                    83:32:1f:d1:e3:41:b4:74:bb:6d:58:0e:c6:a1:f3:
                    a6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:99:5C:16:E6:EB:A0:3D:1C:F7:F9:B9:5C:44:94:A2:0B:D1:11:E5
            X509v3 Authority Key Identifier:
                keyid:72:73:09:F1:10:34:7C:C6:1B:8C:27:BB:FB:F1:0A:6B:FB:40:83:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/NplcFubroD0c9_m5XESUogvREeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/008909-72ea-4791-a5bf-f23346bcc217/1/cnMJ8RA0fMYbjCe7-_EKa_tAg1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1394::/48

    Signature Algorithm: sha256WithRSAEncryption
         23:8a:37:e0:ac:07:1a:c2:c7:99:94:81:d2:07:09:13:00:b6:
         22:a7:b5:78:91:e2:8c:0b:cd:ce:dc:18:80:ae:1e:99:9a:71:
         54:97:b2:8c:5d:cc:b8:25:d3:54:26:94:0a:1d:4d:48:8b:a4:
         18:d8:57:e5:7d:1c:d1:9e:2d:5f:18:92:64:40:6e:82:d5:d8:
         52:a3:cf:1f:ad:bf:4b:01:1c:ff:4e:67:3a:3a:14:59:e4:c1:
         7e:71:4f:20:ba:79:3b:96:9b:f3:7d:52:77:6c:03:ed:68:e0:
         26:e0:e3:7b:43:ad:89:b7:73:8c:b8:8d:75:41:57:9a:b2:a4:
         a3:f7:6e:2b:be:1c:5b:99:1e:ff:3a:e2:c3:5c:ef:3e:dd:ac:
         b5:f1:cf:71:4c:18:58:ce:d6:f4:6c:e9:ed:c3:32:e8:eb:73:
         ff:18:2e:95:9e:38:74:de:c0:eb:55:99:3b:b0:da:09:2c:f7:
         58:14:a4:ab:0d:3e:9b:8f:14:c0:d1:66:04:2f:f8:92:b7:11:
         0a:8f:85:27:3a:4e:7b:d3:da:be:88:93:b0:73:30:e0:4a:b1:
         54:e8:4e:8e:3b:64:aa:94:56:5d:92:ed:37:24:a6:d8:86:f1:
         03:0a:94:c9:cd:35:0e:1d:96:9a:46:04:54:0f:f7:dc:33:30:
         c9:6a:ed:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbWRCwK9RIO/Cnx82FPjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNzMwOWYxMTAzNDdjYzYxYjhjMjdiYmZiZjEwYTZiZmI0
MDgzNTgwHhcNMjQwMTAxMDAyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjk5NWMxNmU2ZWJhMDNkMWNmN2Y5Yjk1YzQ0OTRhMjBiZDExMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvEvINOnPZZU9aBZRNYineRUvvni
9x8t82dS3JG6CG3Xwpe97Z7FNgSy2Q+2Z2L6UBBAe5TqO1egPkP+QSmz56WU5Y76
JoQB/ma9b6rFwfr5rD0/t4nWt4fC2y75NbE3op0QGwj6LnIqYlsMBgl5tP//f+7t
bdoyEst4ypEFotCVKe2vefKACoIkM9ssf3hfwI0oFxANeBf2DjW0R/ohcsHQqIOF
p3YhXSrGo8Z6ge+qze7nGu2TUqoCzE0KRluzwvJImCGUvYuZEOfHuLXq3TALI3iA
ZJ27tZ5t+RI1DRERq5u1ivftvX+RoC/KNfODMh/R40G0dLttWA7GofOm4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDaZXBbm66A9HPf5uVxElKIL0RHlMB8GA1UdIwQY
MBaAFHJzCfEQNHzGG4wnu/vxCmv7QINYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY25NSjhSQTBmTVliakNlNy1fRUthX3RBZzFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wMDg5MDktNzJlYS00NzkxLWE1YmYt
ZjIzMzQ2YmNjMjE3LzEvTnBsY0Z1YnJvRDBjOV9tNVhFU1VvZ3ZSRWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wMDg5MDktNzJlYS00NzkxLWE1YmYtZjIzMzQ2YmNjMjE3
LzEvY25NSjhSQTBmTVliakNlNy1fRUthX3RBZzFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBOU
MA0GCSqGSIb3DQEBCwUAA4IBAQAjijfgrAcawseZlIHSBwkTALYip7V4keKMC83O
3BiArh6ZmnFUl7KMXcy4JdNUJpQKHU1Ii6QY2FflfRzRni1fGJJkQG6C1dhSo88f
rb9LARz/Tmc6OhRZ5MF+cU8gunk7lpvzfVJ3bAPtaOAm4ON7Q62Jt3OMuI11QVea
sqSj924rvhxbmR7/OuLDXO8+3ay18c9xTBhYztb0bOntwzLo63P/GC6Vnjh03sDr
VZk7sNoJLPdYFKSrDT6bjxTA0WYEL/iStxEKj4UnOk5709q+iJOwczDgSrFU6E6O
O2SqlFZdku03JKbYhvEDCpTJzTUOHZaaRgRUD/fcMzDJau3w
-----END CERTIFICATE-----