Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/NTTQXOe-KQNTX8GpVTq9DTybvwY.roa
File:                     NTTQXOe-KQNTX8GpVTq9DTybvwY.roa (raw, json)
Hash identifier:          7Q/izpjUfuI43NBSW+PFWtuOP1bn244NH82d5+luV8E=
Subject key identifier:   35:34:D0:5C:E7:BE:29:03:53:5F:C1:A9:55:3A:BD:0D:3C:9B:BF:06
Certificate issuer:       /CN=388e962840cd3168dd2ea396fe68127628aeac27
Certificate serial:       018F2A5D365FAFD2C3065F64A47FD14FE528
Authority key identifier: 38:8E:96:28:40:CD:31:68:DD:2E:A3:96:FE:68:12:76:28:AE:AC:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OI6WKEDNMWjdLqOW_mgSdiiurCc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/NTTQXOe-KQNTX8GpVTq9DTybvwY.roa
Signing time:             Mon 29 Apr 2024 14:58:22 +0000
ROA not before:           Mon 29 Apr 2024 14:58:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.144.240.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/OI6WKEDNMWjdLqOW_mgSdiiurCc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/OI6WKEDNMWjdLqOW_mgSdiiurCc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OI6WKEDNMWjdLqOW_mgSdiiurCc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:5d:36:5f:af:d2:c3:06:5f:64:a4:7f:d1:4f:e5:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=388e962840cd3168dd2ea396fe68127628aeac27
        Validity
            Not Before: Apr 29 14:58:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3534d05ce7be2903535fc1a9553abd0d3c9bbf06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:db:11:39:bc:28:10:58:b1:c5:77:03:b1:f1:
                    7c:f1:25:61:2a:c1:c2:64:98:f9:68:82:70:d7:3e:
                    ba:58:85:af:3f:e8:46:50:0f:e4:a4:1a:b2:8f:37:
                    90:1a:0d:20:0e:86:9a:34:46:e7:32:5c:ef:0d:dd:
                    c5:0c:ea:fc:58:1a:38:03:d6:f9:ff:eb:af:3f:40:
                    76:de:52:4e:6b:22:c8:54:fb:d1:6e:48:7c:20:04:
                    f2:bd:05:da:42:9a:fd:c6:f2:2c:63:bc:d7:db:e7:
                    46:98:fc:a6:ff:2b:df:74:bc:66:33:9e:57:23:96:
                    be:33:4a:55:da:05:69:ec:d1:4d:16:8c:6a:2e:37:
                    29:77:c1:a3:c6:88:7c:3a:14:97:ec:75:1a:97:fe:
                    4f:5d:a9:8b:0e:4f:08:65:b8:56:99:c9:d1:3a:2a:
                    14:b1:b1:52:1f:f3:a6:8e:b2:c4:d5:6c:74:d8:9d:
                    23:1d:ce:7c:8b:38:77:f4:74:64:a4:95:84:4c:af:
                    f2:a5:7a:ac:76:4b:93:98:37:b2:c7:09:7b:84:e1:
                    41:c2:86:9d:d3:62:b1:b2:71:1f:fa:d7:8f:86:d6:
                    96:31:46:11:9d:5c:f6:78:96:81:52:23:7e:93:86:
                    07:81:7c:89:00:cc:c5:39:e1:2c:ed:32:a2:98:ae:
                    a4:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:34:D0:5C:E7:BE:29:03:53:5F:C1:A9:55:3A:BD:0D:3C:9B:BF:06
            X509v3 Authority Key Identifier:
                keyid:38:8E:96:28:40:CD:31:68:DD:2E:A3:96:FE:68:12:76:28:AE:AC:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OI6WKEDNMWjdLqOW_mgSdiiurCc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/NTTQXOe-KQNTX8GpVTq9DTybvwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/55ea3e-d7e2-430c-af8a-c321840c1faa/1/OI6WKEDNMWjdLqOW_mgSdiiurCc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:bb:2d:0a:4a:ab:95:a2:6f:9e:ec:9c:37:df:b1:cd:b6:85:
         fa:02:4c:1b:14:6a:b9:0b:a5:0a:b4:86:f0:aa:4f:70:d5:b9:
         6d:05:ec:30:a6:5b:e9:63:9d:e9:ca:b0:98:f3:be:8d:70:ac:
         90:c0:a8:4a:de:96:e0:6d:7c:b8:08:46:10:74:22:41:74:94:
         fb:d7:99:1c:dd:62:d7:c1:d5:b0:15:0d:ed:47:e6:f1:5b:10:
         72:e5:f7:25:62:ab:d5:e5:c1:03:01:f7:bb:7b:c5:c6:1c:50:
         01:af:31:63:2b:ba:61:5d:4b:17:7c:94:c8:d0:8e:50:d9:69:
         84:fc:d5:40:f7:c6:e8:26:96:d1:cb:6d:9c:4e:5b:c0:6d:38:
         19:e0:ff:4d:fc:2f:ab:7b:0d:09:af:91:19:27:4c:d7:3c:0e:
         4a:f0:04:ff:43:95:66:94:81:99:1b:ec:94:d6:ff:63:56:de:
         3c:a6:bc:53:98:7a:4c:b2:0a:bb:be:27:16:07:0e:1c:a6:64:
         a7:2f:0d:dd:e4:4c:84:7e:0c:97:81:ee:57:ca:8c:ae:be:bc:
         94:2b:d7:36:07:27:db:a4:ff:c1:03:73:ed:86:67:12:55:a9:
         7d:98:01:c9:06:cb:38:f6:14:5b:e4:9e:c4:77:2b:24:b3:40:
         12:80:f9:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8qXTZfr9LDBl9kpH/RT+UoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OGU5NjI4NDBjZDMxNjhkZDJlYTM5NmZlNjgxMjc2Mjhh
ZWFjMjcwHhcNMjQwNDI5MTQ1ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTM0ZDA1Y2U3YmUyOTAzNTM1ZmMxYTk1NTNhYmQwZDNjOWJiZjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdsRObwoEFixxXcDsfF88SVhKsHC
ZJj5aIJw1z66WIWvP+hGUA/kpBqyjzeQGg0gDoaaNEbnMlzvDd3FDOr8WBo4A9b5
/+uvP0B23lJOayLIVPvRbkh8IATyvQXaQpr9xvIsY7zX2+dGmPym/yvfdLxmM55X
I5a+M0pV2gVp7NFNFoxqLjcpd8Gjxoh8OhSX7HUal/5PXamLDk8IZbhWmcnROioU
sbFSH/OmjrLE1Wx02J0jHc58izh39HRkpJWETK/ypXqsdkuTmDeyxwl7hOFBwoad
02KxsnEf+tePhtaWMUYRnVz2eJaBUiN+k4YHgXyJAMzFOeEs7TKimK6ktwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDU00FznvikDU1/BqVU6vQ08m78GMB8GA1UdIwQY
MBaAFDiOlihAzTFo3S6jlv5oEnYorqwnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0k2V0tFRE5NV2pkTHFPV19tZ1NkaWl1ckNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81NWVhM2UtZDdlMi00MzBjLWFmOGEt
YzMyMTg0MGMxZmFhLzEvTlRUUVhPZS1LUU5UWDhHcFZUcTlEVHlidndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81NWVhM2UtZDdlMi00MzBjLWFmOGEtYzMyMTg0MGMxZmFh
LzEvT0k2V0tFRE5NV2pkTHFPV19tZ1NkaWl1ckNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZDwMA0G
CSqGSIb3DQEBCwUAA4IBAQBNuy0KSquVom+e7Jw337HNtoX6AkwbFGq5C6UKtIbw
qk9w1bltBewwplvpY53pyrCY876NcKyQwKhK3pbgbXy4CEYQdCJBdJT715kc3WLX
wdWwFQ3tR+bxWxBy5fclYqvV5cEDAfe7e8XGHFABrzFjK7phXUsXfJTI0I5Q2WmE
/NVA98boJpbRy22cTlvAbTgZ4P9N/C+rew0Jr5EZJ0zXPA5K8AT/Q5VmlIGZG+yU
1v9jVt48prxTmHpMsgq7vicWBw4cpmSnLw3d5EyEfgyXge5XyoyuvryUK9c2Byfb
pP/BA3PthmcSVal9mAHJBss49hRb5J7Edysks0ASgPnb
-----END CERTIFICATE-----