Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/95c08b-5056-4386-a42b-bf03dc837900/1/NCqzEDAkcdOF_5QXBG8yJjG5C8E.roa
File:                     NCqzEDAkcdOF_5QXBG8yJjG5C8E.roa (raw, json)
Hash identifier:          3y6ZaPdmVv7AeJPbPV9rY47Ckca5BlO8ayxRNoPx1Jg=
Subject key identifier:   34:2A:B3:10:30:24:71:D3:85:FF:94:17:04:6F:32:26:31:B9:0B:C1
Certificate issuer:       /CN=6a187ca5b8aee195cc8cadcfb48c544b181477ef
Certificate serial:       01941FFA68859D4F264131B21A92FC968165
Authority key identifier: 6A:18:7C:A5:B8:AE:E1:95:CC:8C:AD:CF:B4:8C:54:4B:18:14:77:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ahh8pbiu4ZXMjK3PtIxUSxgUd-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/95c08b-5056-4386-a42b-bf03dc837900/1/NCqzEDAkcdOF_5QXBG8yJjG5C8E.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30437
IP address blocks:        159.245.16.0/24 maxlen: 24
                          159.245.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/95c08b-5056-4386-a42b-bf03dc837900/1/ahh8pbiu4ZXMjK3PtIxUSxgUd-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/95c08b-5056-4386-a42b-bf03dc837900/1/ahh8pbiu4ZXMjK3PtIxUSxgUd-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ahh8pbiu4ZXMjK3PtIxUSxgUd-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:68:85:9d:4f:26:41:31:b2:1a:92:fc:96:81:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a187ca5b8aee195cc8cadcfb48c544b181477ef
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=342ab310302471d385ff9417046f322631b90bc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e8:6b:5b:44:5e:ab:51:e8:7d:a9:e7:ba:70:
                    f2:39:60:e2:03:68:c1:1d:a3:2a:9a:f7:6d:57:f4:
                    b5:27:16:d1:5d:73:71:76:75:8d:32:d0:61:9f:4c:
                    8e:6f:1c:00:4f:84:52:26:77:e5:44:6b:63:6b:61:
                    f8:12:e8:b8:42:14:c5:44:74:8e:74:8a:c7:bb:12:
                    f6:f8:58:e2:af:21:69:93:5a:37:c0:a3:ff:e1:ea:
                    8d:bc:b6:4d:7e:54:c9:33:d5:c8:af:cb:2f:8b:ee:
                    fb:84:27:a5:12:18:11:4a:66:26:c9:6d:a5:98:e4:
                    95:ee:28:ff:93:b1:ba:d2:64:6d:23:73:de:48:af:
                    fb:53:ee:79:c3:f7:a1:2f:a2:17:4a:2e:fa:97:d4:
                    41:17:e4:e5:20:ec:5d:fc:4e:9b:c0:a0:e7:c2:ad:
                    66:a3:24:cb:36:e1:a4:a4:8a:7e:99:c6:1d:5d:87:
                    f4:7a:65:f6:93:e1:f0:93:11:43:51:56:f3:e5:86:
                    b4:7e:e6:4b:b5:c9:ab:87:e9:18:53:2d:57:2b:4e:
                    a3:92:f6:9b:6a:a8:5c:1b:e9:29:b1:c9:3b:14:86:
                    a5:5b:95:53:8b:a6:28:fd:1a:63:42:0c:0a:58:a3:
                    97:3a:2b:1e:2d:92:39:b1:43:12:f0:6e:6a:71:2b:
                    f6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:2A:B3:10:30:24:71:D3:85:FF:94:17:04:6F:32:26:31:B9:0B:C1
            X509v3 Authority Key Identifier:
                keyid:6A:18:7C:A5:B8:AE:E1:95:CC:8C:AD:CF:B4:8C:54:4B:18:14:77:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ahh8pbiu4ZXMjK3PtIxUSxgUd-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/95c08b-5056-4386-a42b-bf03dc837900/1/NCqzEDAkcdOF_5QXBG8yJjG5C8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/95c08b-5056-4386-a42b-bf03dc837900/1/ahh8pbiu4ZXMjK3PtIxUSxgUd-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.245.16.0/24
                  159.245.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:40:4f:ea:27:23:22:33:e4:b7:42:16:13:6e:98:64:70:5a:
         cd:b9:43:44:86:f8:03:38:5e:e0:81:50:9f:1d:85:13:79:45:
         29:34:52:71:58:03:b2:24:f2:4c:71:d1:99:7c:9f:bc:8f:1c:
         5d:1c:77:c6:89:78:ff:b2:92:7b:a1:d2:55:38:72:07:3f:1d:
         b7:bc:d6:eb:f4:b3:5c:60:45:fc:fb:09:95:7a:3e:f0:71:9f:
         b1:0b:62:59:4d:aa:7d:54:a2:83:7d:69:a8:cb:04:00:2d:df:
         19:9e:d2:f9:e2:f2:2f:9f:81:69:af:2c:c3:46:51:52:6d:af:
         79:f8:7e:29:10:ab:7a:38:92:2e:d0:97:96:a9:d9:96:31:c2:
         c5:80:ce:57:5a:4a:c0:6d:a7:e8:61:15:78:c0:9b:b3:86:46:
         9f:9f:a9:f8:2b:5d:b4:2a:60:bd:5d:c0:47:ae:75:e3:4d:d7:
         f3:63:e4:04:6c:cb:30:ab:f4:89:eb:7c:83:5a:3c:6f:db:75:
         c4:76:91:05:3c:a0:3a:a7:ce:18:cc:f8:14:ec:ca:53:29:83:
         ef:3a:d9:14:14:6e:bd:5c:40:f6:66:33:d3:af:98:45:5d:e5:
         01:9b:cb:db:59:2a:d7:d7:5d:ba:7d:ce:a1:75:21:14:eb:9d:
         13:04:67:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+miFnU8mQTGyGpL8loFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMTg3Y2E1YjhhZWUxOTVjYzhjYWRjZmI0OGM1NDRiMTgx
NDc3ZWYwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDJhYjMxMDMwMjQ3MWQzODVmZjk0MTcwNDZmMzIyNjMxYjkwYmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+hrW0Req1HofannunDyOWDiA2jB
HaMqmvdtV/S1JxbRXXNxdnWNMtBhn0yObxwAT4RSJnflRGtja2H4Eui4QhTFRHSO
dIrHuxL2+FjiryFpk1o3wKP/4eqNvLZNflTJM9XIr8svi+77hCelEhgRSmYmyW2l
mOSV7ij/k7G60mRtI3PeSK/7U+55w/ehL6IXSi76l9RBF+TlIOxd/E6bwKDnwq1m
oyTLNuGkpIp+mcYdXYf0emX2k+HwkxFDUVbz5Ya0fuZLtcmrh+kYUy1XK06jkvab
aqhcG+kpsck7FIalW5VTi6Yo/RpjQgwKWKOXOiseLZI5sUMS8G5qcSv20QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDQqsxAwJHHThf+UFwRvMiYxuQvBMB8GA1UdIwQY
MBaAFGoYfKW4ruGVzIytz7SMVEsYFHfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWhoOHBiaXU0WlhNakszUHRJeFVTeGdVZC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi85NWMwOGItNTA1Ni00Mzg2LWE0MmIt
YmYwM2RjODM3OTAwLzEvTkNxekVEQWtjZE9GXzVRWEJHOHlKakc1QzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi85NWMwOGItNTA1Ni00Mzg2LWE0MmItYmYwM2RjODM3OTAw
LzEvYWhoOHBiaXU0WlhNakszUHRJeFVTeGdVZC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAn/UQAwQA
n/USMA0GCSqGSIb3DQEBCwUAA4IBAQBZQE/qJyMiM+S3QhYTbphkcFrNuUNEhvgD
OF7ggVCfHYUTeUUpNFJxWAOyJPJMcdGZfJ+8jxxdHHfGiXj/spJ7odJVOHIHPx23
vNbr9LNcYEX8+wmVej7wcZ+xC2JZTap9VKKDfWmoywQALd8ZntL54vIvn4FpryzD
RlFSba95+H4pEKt6OJIu0JeWqdmWMcLFgM5XWkrAbafoYRV4wJuzhkafn6n4K120
KmC9XcBHrnXjTdfzY+QEbMswq/SJ63yDWjxv23XEdpEFPKA6p84YzPgU7MpTKYPv
OtkUFG69XED2ZjPTr5hFXeUBm8vbWSrX1126fc6hdSEU650TBGfs
-----END CERTIFICATE-----