Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/NB0XtAJVbvrDgV-r1vAQZSRnzXU.roa
File:                     NB0XtAJVbvrDgV-r1vAQZSRnzXU.roa (raw, json)
Hash identifier:          wX0GUP+W1hVds9Bir37GI7hO4wZFzHu5fVEX7dqSr68=
Subject key identifier:   34:1D:17:B4:02:55:6E:FA:C3:81:5F:AB:D6:F0:10:65:24:67:CD:75
Certificate issuer:       /CN=37e751a11c1a7888fa58dbfc32c8959bc946303e
Certificate serial:       018CC56E312C6DCCF624FA387EDEBDA02CF4
Authority key identifier: 37:E7:51:A1:1C:1A:78:88:FA:58:DB:FC:32:C8:95:9B:C9:46:30:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N-dRoRwaeIj6WNv8MsiVm8lGMD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/NB0XtAJVbvrDgV-r1vAQZSRnzXU.roa
Signing time:             Mon 01 Jan 2024 14:29:42 +0000
ROA not before:           Mon 01 Jan 2024 14:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62371
IP address blocks:        185.205.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/N-dRoRwaeIj6WNv8MsiVm8lGMD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/N-dRoRwaeIj6WNv8MsiVm8lGMD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N-dRoRwaeIj6WNv8MsiVm8lGMD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:31:2c:6d:cc:f6:24:fa:38:7e:de:bd:a0:2c:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37e751a11c1a7888fa58dbfc32c8959bc946303e
        Validity
            Not Before: Jan  1 14:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=341d17b402556efac3815fabd6f010652467cd75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b6:89:5a:b8:62:4f:c3:2d:e4:84:fb:52:50:
                    20:0f:30:2d:65:36:e8:bd:de:d4:e7:19:c8:9e:f9:
                    d3:f2:20:c3:09:1e:18:2b:5a:f2:1d:9e:38:52:da:
                    11:9b:19:eb:79:1f:dd:e6:69:16:9c:d3:d3:af:6c:
                    49:11:3d:99:a1:af:18:58:5f:a4:ab:86:4b:b8:d9:
                    59:04:a0:19:62:5d:76:3e:16:b0:a0:08:69:6b:f6:
                    1a:d0:6f:a6:9b:21:ef:bc:e6:01:c0:1e:db:48:7e:
                    b1:e7:56:fb:19:cd:66:19:79:4b:20:4c:2f:28:4a:
                    06:7d:b4:a7:7f:99:b0:c0:70:30:67:1a:a0:c7:75:
                    97:f4:1b:08:6e:6d:a6:40:fb:bb:4f:18:41:32:a5:
                    c7:60:6e:4b:f8:9d:8d:6e:89:91:81:46:ea:5d:59:
                    c7:5b:44:a4:48:ab:fc:b1:f0:19:af:ac:0b:9c:0c:
                    b1:f8:6d:b1:30:ad:43:09:ed:96:3a:39:85:c1:b4:
                    12:75:6f:18:bf:0d:dc:8c:4d:ab:36:2e:4e:01:2b:
                    b4:80:12:ab:cc:24:41:98:fc:85:43:c7:25:03:56:
                    f6:d9:c8:64:05:76:97:37:7e:f0:3c:29:98:14:41:
                    72:68:08:af:da:10:36:dd:8d:4a:9d:e8:98:0a:f1:
                    87:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:1D:17:B4:02:55:6E:FA:C3:81:5F:AB:D6:F0:10:65:24:67:CD:75
            X509v3 Authority Key Identifier:
                keyid:37:E7:51:A1:1C:1A:78:88:FA:58:DB:FC:32:C8:95:9B:C9:46:30:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N-dRoRwaeIj6WNv8MsiVm8lGMD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/NB0XtAJVbvrDgV-r1vAQZSRnzXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/6b0344-8229-4d25-b498-8ce7c4fc5e0b/1/N-dRoRwaeIj6WNv8MsiVm8lGMD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f6:9a:b6:39:c0:cf:27:b8:24:7a:8d:cb:32:96:a1:83:0f:
         a6:10:c4:eb:80:fc:25:b5:8a:d0:9f:bf:fd:ff:0c:c3:3d:00:
         ce:71:51:fb:6c:e1:d1:41:be:c8:ee:56:bb:a6:92:b9:f8:36:
         45:95:05:ce:68:3a:f9:7c:68:37:94:ba:4d:3f:d9:bf:f5:db:
         cb:f9:23:f5:c3:ae:1f:43:89:4e:82:b5:8f:17:a3:0f:e9:fd:
         b5:7e:35:8b:da:63:5b:d8:66:94:4c:d2:e6:61:a7:a1:37:bd:
         a4:3c:95:68:19:2f:2e:c4:cb:e2:8d:e1:89:55:8e:db:6b:99:
         6a:1c:38:fa:f5:7d:25:88:f1:77:3d:cf:63:a7:99:eb:ac:7d:
         64:1f:50:8d:7e:f6:fd:9b:d6:42:68:45:5d:c6:43:58:d3:24:
         14:3a:1d:e5:62:ea:26:43:ef:9b:9d:36:41:f8:81:6f:0c:98:
         cb:b3:8d:fd:08:c1:45:80:34:58:d8:f9:7e:92:f6:2a:5a:af:
         fc:85:86:e5:b8:fc:3f:63:df:30:77:2b:37:21:c0:95:09:ce:
         8a:0b:c2:9b:79:b8:8a:ef:c9:be:02:15:be:0e:02:9c:98:bc:
         24:da:a4:57:90:83:0c:9f:1e:70:e0:ac:ff:77:4f:a9:c3:29:
         37:8d:3d:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjEsbcz2JPo4ft69oCz0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3ZTc1MWExMWMxYTc4ODhmYTU4ZGJmYzMyYzg5NTliYzk0
NjMwM2UwHhcNMjQwMTAxMTQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDFkMTdiNDAyNTU2ZWZhYzM4MTVmYWJkNmYwMTA2NTI0NjdjZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7aJWrhiT8Mt5IT7UlAgDzAtZTbo
vd7U5xnInvnT8iDDCR4YK1ryHZ44UtoRmxnreR/d5mkWnNPTr2xJET2Zoa8YWF+k
q4ZLuNlZBKAZYl12PhawoAhpa/Ya0G+mmyHvvOYBwB7bSH6x51b7Gc1mGXlLIEwv
KEoGfbSnf5mwwHAwZxqgx3WX9BsIbm2mQPu7TxhBMqXHYG5L+J2NbomRgUbqXVnH
W0SkSKv8sfAZr6wLnAyx+G2xMK1DCe2WOjmFwbQSdW8Yvw3cjE2rNi5OASu0gBKr
zCRBmPyFQ8clA1b22chkBXaXN37wPCmYFEFyaAiv2hA23Y1KneiYCvGHvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQdF7QCVW76w4Ffq9bwEGUkZ811MB8GA1UdIwQY
MBaAFDfnUaEcGniI+ljb/DLIlZvJRjA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTi1kUm9Sd2FlSWo2V052OE1zaVZtOGxHTUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS82YjAzNDQtODIyOS00ZDI1LWI0OTgt
OGNlN2M0ZmM1ZTBiLzEvTkIwWHRBSlZidnJEZ1YtcjF2QVFaU1JuelhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS82YjAzNDQtODIyOS00ZDI1LWI0OTgtOGNlN2M0ZmM1ZTBi
LzEvTi1kUm9Sd2FlSWo2V052OE1zaVZtOGxHTUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc1GMA0G
CSqGSIb3DQEBCwUAA4IBAQB99pq2OcDPJ7gkeo3LMpahgw+mEMTrgPwltYrQn7/9
/wzDPQDOcVH7bOHRQb7I7la7ppK5+DZFlQXOaDr5fGg3lLpNP9m/9dvL+SP1w64f
Q4lOgrWPF6MP6f21fjWL2mNb2GaUTNLmYaehN72kPJVoGS8uxMvijeGJVY7ba5lq
HDj69X0liPF3Pc9jp5nrrH1kH1CNfvb9m9ZCaEVdxkNY0yQUOh3lYuomQ++bnTZB
+IFvDJjLs439CMFFgDRY2Pl+kvYqWq/8hYbluPw/Y98wdys3IcCVCc6KC8KbebiK
78m+AhW+DgKcmLwk2qRXkIMMnx5w4Kz/d0+pwyk3jT2y
-----END CERTIFICATE-----