Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/a2d4cb-923a-4e04-8d85-ad9d5db0f099/1/NlZbb3JEFvLS7qgpO5Sarfp7X6M.roa
File:                     NlZbb3JEFvLS7qgpO5Sarfp7X6M.roa (raw, json)
Hash identifier:          m/qdjOcr/p8LWnX+p0Dhv9lthJEH6izG7CaZhpN/GKc=
Subject key identifier:   36:56:5B:6F:72:44:16:F2:D2:EE:A8:29:3B:94:9A:AD:FA:7B:5F:A3
Certificate issuer:       /CN=5d9c5b733fba71e98c07e13b03a7c55ab84cc8ed
Certificate serial:       018CC6B7C20E1891FCF3C1EF385210F6091F
Authority key identifier: 5D:9C:5B:73:3F:BA:71:E9:8C:07:E1:3B:03:A7:C5:5A:B8:4C:C8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XZxbcz-6cemMB-E7A6fFWrhMyO0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/a2d4cb-923a-4e04-8d85-ad9d5db0f099/1/NlZbb3JEFvLS7qgpO5Sarfp7X6M.roa
Signing time:             Mon 01 Jan 2024 20:29:40 +0000
ROA not before:           Mon 01 Jan 2024 20:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2590
IP address blocks:        185.125.124.0/22 maxlen: 24
                          2a03:9560::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/a2d4cb-923a-4e04-8d85-ad9d5db0f099/1/XZxbcz-6cemMB-E7A6fFWrhMyO0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/a2d4cb-923a-4e04-8d85-ad9d5db0f099/1/XZxbcz-6cemMB-E7A6fFWrhMyO0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XZxbcz-6cemMB-E7A6fFWrhMyO0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:03:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:c2:0e:18:91:fc:f3:c1:ef:38:52:10:f6:09:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d9c5b733fba71e98c07e13b03a7c55ab84cc8ed
        Validity
            Not Before: Jan  1 20:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36565b6f724416f2d2eea8293b949aadfa7b5fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c6:6f:7c:62:d8:80:dc:87:10:50:02:73:67:
                    df:18:41:40:29:4b:30:f4:4a:f4:68:a2:57:d8:16:
                    ec:fe:9a:31:88:e5:9b:ff:94:e8:54:6d:a8:91:73:
                    5b:4b:7e:7c:94:52:88:6c:7a:4c:ac:dd:1c:77:83:
                    4f:96:61:b5:54:ba:a8:2b:8b:cf:0d:b3:30:ce:4c:
                    84:b9:ab:c2:7a:d0:2f:d1:c9:3e:7f:a6:76:11:6c:
                    dd:44:f5:96:71:27:86:87:82:9a:4d:6c:24:72:88:
                    c3:14:e7:42:78:b7:26:43:c6:c1:10:4a:a7:7b:d4:
                    5d:77:15:10:5d:12:ca:39:5b:a2:48:f3:e2:5c:2b:
                    a0:a6:d9:28:1b:3c:1c:25:dc:d2:65:42:d2:86:5a:
                    31:dd:8e:35:c6:57:d1:90:84:d8:88:fd:96:8f:22:
                    8b:61:b3:b7:3d:65:7f:51:58:e1:34:c8:e2:80:04:
                    fa:63:bf:3d:98:b7:a9:60:28:6f:d7:f1:bf:de:90:
                    f6:39:69:95:37:a3:e8:0a:92:25:c6:d3:d1:85:0d:
                    11:c7:d7:94:2b:97:67:14:b1:3f:6c:f9:0d:fa:60:
                    87:86:2a:e7:0d:b3:5f:04:5e:14:24:8f:b9:f7:89:
                    d7:3f:11:bf:66:ad:e3:3d:40:09:70:6c:39:5f:68:
                    e0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:56:5B:6F:72:44:16:F2:D2:EE:A8:29:3B:94:9A:AD:FA:7B:5F:A3
            X509v3 Authority Key Identifier:
                keyid:5D:9C:5B:73:3F:BA:71:E9:8C:07:E1:3B:03:A7:C5:5A:B8:4C:C8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XZxbcz-6cemMB-E7A6fFWrhMyO0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/a2d4cb-923a-4e04-8d85-ad9d5db0f099/1/NlZbb3JEFvLS7qgpO5Sarfp7X6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/a2d4cb-923a-4e04-8d85-ad9d5db0f099/1/XZxbcz-6cemMB-E7A6fFWrhMyO0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.124.0/22
                IPv6:
                  2a03:9560::/29

    Signature Algorithm: sha256WithRSAEncryption
         8e:5f:68:ee:3e:53:0a:71:9b:e1:ce:91:f3:68:a2:fd:db:d1:
         c6:6a:5f:7d:77:fc:cf:8f:b0:3f:64:2e:eb:40:a3:3a:b3:11:
         11:55:47:fc:15:b1:1d:54:e7:a1:2d:d5:93:64:5a:79:98:9f:
         6b:d8:c0:12:0e:df:c5:79:ff:4c:58:30:29:8a:7e:18:d9:cb:
         1c:5c:07:1d:de:9a:ca:4f:88:c2:10:e8:d1:0d:b3:7d:77:8d:
         64:2a:5f:2a:8f:05:9d:25:17:63:76:22:d7:24:c1:c3:3d:d9:
         d0:46:cf:6e:be:85:8f:b9:9e:4f:6a:f9:43:34:ba:4e:c3:26:
         88:91:29:64:1f:7d:ff:1f:d1:aa:ce:3a:2f:55:bd:ab:e5:31:
         56:98:ba:08:20:c1:8d:89:71:b9:02:0b:a7:b9:0a:f2:8a:c3:
         17:0c:85:79:4a:8e:54:c5:34:ce:30:fc:0a:bd:4a:da:d9:17:
         94:a8:e0:9a:7b:64:46:aa:2b:b9:c9:2c:9c:25:75:25:99:8c:
         ad:4c:be:20:18:d3:ca:89:ae:2b:f2:2a:f8:91:43:e4:51:41:
         da:d3:dc:be:39:61:6a:1d:62:28:93:5a:c4:e9:50:48:1b:06:
         96:a8:64:09:a6:77:f8:49:3b:9e:2f:01:d6:dc:41:15:3c:7f:
         21:f6:7e:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGt8IOGJH888HvOFIQ9gkfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOWM1YjczM2ZiYTcxZTk4YzA3ZTEzYjAzYTdjNTVhYjg0
Y2M4ZWQwHhcNMjQwMTAxMjAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjU2NWI2ZjcyNDQxNmYyZDJlZWE4MjkzYjk0OWFhZGZhN2I1ZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMZvfGLYgNyHEFACc2ffGEFAKUsw
9Er0aKJX2Bbs/poxiOWb/5ToVG2okXNbS358lFKIbHpMrN0cd4NPlmG1VLqoK4vP
DbMwzkyEuavCetAv0ck+f6Z2EWzdRPWWcSeGh4KaTWwkcojDFOdCeLcmQ8bBEEqn
e9RddxUQXRLKOVuiSPPiXCugptkoGzwcJdzSZULShlox3Y41xlfRkITYiP2WjyKL
YbO3PWV/UVjhNMjigAT6Y789mLepYChv1/G/3pD2OWmVN6PoCpIlxtPRhQ0Rx9eU
K5dnFLE/bPkN+mCHhirnDbNfBF4UJI+594nXPxG/Zq3jPUAJcGw5X2jgGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDZWW29yRBby0u6oKTuUmq36e1+jMB8GA1UdIwQY
MBaAFF2cW3M/unHpjAfhOwOnxVq4TMjtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFp4YmN6LTZjZW1NQi1FN0E2ZkZXcmhNeU8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9hMmQ0Y2ItOTIzYS00ZTA0LThkODUt
YWQ5ZDVkYjBmMDk5LzEvTmxaYmIzSkVGdkxTN3FncE81U2FyZnA3WDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9hMmQ0Y2ItOTIzYS00ZTA0LThkODUtYWQ5ZDVkYjBmMDk5
LzEvWFp4YmN6LTZjZW1NQi1FN0E2ZkZXcmhNeU8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuX18MA0E
AgACMAcDBQMqA5VgMA0GCSqGSIb3DQEBCwUAA4IBAQCOX2juPlMKcZvhzpHzaKL9
29HGal99d/zPj7A/ZC7rQKM6sxERVUf8FbEdVOehLdWTZFp5mJ9r2MASDt/Fef9M
WDApin4Y2cscXAcd3prKT4jCEOjRDbN9d41kKl8qjwWdJRdjdiLXJMHDPdnQRs9u
voWPuZ5PavlDNLpOwyaIkSlkH33/H9GqzjovVb2r5TFWmLoIIMGNiXG5AgunuQry
isMXDIV5So5UxTTOMPwKvUra2ReUqOCae2RGqiu5ySycJXUlmYytTL4gGNPKia4r
8ir4kUPkUUHa09y+OWFqHWIok1rE6VBIGwaWqGQJpnf4STueLwHW3EEVPH8h9n5t
-----END CERTIFICATE-----