Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/NvMRUqDKtYWuRVpTIJ9CGqujxNA.roa
File:                     NvMRUqDKtYWuRVpTIJ9CGqujxNA.roa (raw, json)
Hash identifier:          kryhbopy4GAkFHyv4+gr3+R0VLAwjRYK/jIS2PXVEYw=
Subject key identifier:   36:F3:11:52:A0:CA:B5:85:AE:45:5A:53:20:9F:42:1A:AB:A3:C4:D0
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018E0EF5EE567CED0E1EDF17E56D37BC5A8B
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/NvMRUqDKtYWuRVpTIJ9CGqujxNA.roa
Signing time:             Tue 05 Mar 2024 14:13:02 +0000
ROA not before:           Tue 05 Mar 2024 14:13:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203004
IP address blocks:        185.164.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:f5:ee:56:7c:ed:0e:1e:df:17:e5:6d:37:bc:5a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Mar  5 14:13:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36f31152a0cab585ae455a53209f421aaba3c4d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b7:7d:a5:56:67:98:87:3d:aa:bb:6c:0b:b9:
                    1f:ad:9d:63:bb:38:41:cf:15:cc:41:04:2f:84:4f:
                    d5:1a:85:51:a4:a5:f6:7d:a6:b8:bb:a4:60:6f:a5:
                    8f:9b:fb:a5:94:1c:81:5c:b1:f4:32:86:46:eb:1e:
                    24:aa:3e:fa:fa:01:08:d6:5f:88:34:f6:77:2b:9e:
                    dc:40:2d:85:da:d6:96:b3:71:23:c3:6b:80:34:f8:
                    43:41:d3:21:ab:70:1a:a1:cc:ef:e2:20:9d:0e:bb:
                    74:42:53:8b:5f:8f:6b:6e:26:ec:2a:ab:dd:ca:98:
                    cb:49:fa:a2:c6:a8:27:52:8c:32:e8:30:ad:24:ff:
                    fd:f8:59:1a:ea:8a:e1:0b:a8:6d:32:ad:cc:27:2c:
                    04:9f:61:2c:21:26:b4:df:bb:20:46:4b:79:21:57:
                    99:06:da:d7:66:e0:45:ef:59:1e:e1:32:0e:f8:73:
                    16:2e:ed:3d:58:6f:b3:9a:44:2b:d1:78:f7:40:da:
                    1c:9c:ad:31:f9:81:db:e5:d8:86:c7:44:ca:cd:8a:
                    9a:bc:1c:13:ab:40:a8:45:9e:df:e1:a3:e6:f3:a4:
                    1e:52:8d:1a:4a:40:14:f8:8f:26:66:52:7f:8a:93:
                    dc:51:53:01:aa:dc:91:d7:a7:f8:0c:35:6e:96:ba:
                    44:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:F3:11:52:A0:CA:B5:85:AE:45:5A:53:20:9F:42:1A:AB:A3:C4:D0
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/NvMRUqDKtYWuRVpTIJ9CGqujxNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:36:70:f5:33:03:ff:cc:4a:b7:db:b1:07:e9:d2:8f:e0:94:
         e0:59:1c:34:b9:fb:17:fe:43:93:1d:a0:f3:23:3e:b0:3c:79:
         31:6d:2d:08:74:ba:67:8a:bf:f7:d1:40:57:e4:0b:a7:ac:a2:
         3c:ba:e6:dc:0b:68:b4:97:f3:d3:9e:92:ea:7d:8c:ae:99:d7:
         0e:9e:a7:68:c4:80:d4:bb:1c:4c:7f:4c:9d:7c:72:a0:7e:79:
         28:f2:dd:46:69:27:13:9f:b3:40:73:b2:71:2f:88:03:b0:6f:
         05:cd:91:9b:2f:58:54:fe:46:9a:ba:f9:fe:4f:a6:a5:ad:d7:
         b8:cb:7c:82:05:5f:2f:96:bf:4b:e0:66:e9:0b:33:32:16:87:
         c8:f4:fc:9f:b5:8b:27:f0:52:63:13:1d:95:6f:c9:12:60:52:
         0f:ef:5d:3c:55:de:ab:66:35:51:49:73:cc:39:95:48:ea:bb:
         79:8e:62:01:ed:09:1e:28:a5:bf:5b:8a:a6:7b:18:45:c9:40:
         cf:78:09:7b:86:0d:b3:62:8c:92:ca:1d:3f:bc:1c:71:89:24:
         61:a6:ae:6d:44:dc:e3:19:2f:75:f4:52:3e:f1:13:6b:a7:1f:
         c9:9c:8b:3a:c4:c1:ef:30:c6:a7:35:20:48:76:e2:3c:8c:28:
         91:7b:3c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4O9e5WfO0OHt8X5W03vFqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMzA1MTQxMzAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmYzMTE1MmEwY2FiNTg1YWU0NTVhNTMyMDlmNDIxYWFiYTNjNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrd9pVZnmIc9qrtsC7kfrZ1juzhB
zxXMQQQvhE/VGoVRpKX2faa4u6Rgb6WPm/ullByBXLH0MoZG6x4kqj76+gEI1l+I
NPZ3K57cQC2F2taWs3Ejw2uANPhDQdMhq3Aaoczv4iCdDrt0QlOLX49rbibsKqvd
ypjLSfqixqgnUowy6DCtJP/9+Fka6orhC6htMq3MJywEn2EsISa037sgRkt5IVeZ
BtrXZuBF71ke4TIO+HMWLu09WG+zmkQr0Xj3QNocnK0x+YHb5diGx0TKzYqavBwT
q0CoRZ7f4aPm86QeUo0aSkAU+I8mZlJ/ipPcUVMBqtyR16f4DDVulrpEvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbzEVKgyrWFrkVaUyCfQhqro8TQMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvTnZNUlVxREt0WVd1UlZwVElKOUNHcXVqeE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaStMA0G
CSqGSIb3DQEBCwUAA4IBAQBFNnD1MwP/zEq327EH6dKP4JTgWRw0ufsX/kOTHaDz
Iz6wPHkxbS0IdLpnir/30UBX5AunrKI8uubcC2i0l/PTnpLqfYyumdcOnqdoxIDU
uxxMf0ydfHKgfnko8t1GaScTn7NAc7JxL4gDsG8FzZGbL1hU/kaauvn+T6alrde4
y3yCBV8vlr9L4GbpCzMyFofI9PyftYsn8FJjEx2Vb8kSYFIP7108Vd6rZjVRSXPM
OZVI6rt5jmIB7QkeKKW/W4qmexhFyUDPeAl7hg2zYoySyh0/vBxxiSRhpq5tRNzj
GS919FI+8RNrpx/JnIs6xMHvMManNSBIduI8jCiRezyZ
-----END CERTIFICATE-----