Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/NT4OyggJqwaSb6FmFydF4JFiMYA.roa
File:                     NT4OyggJqwaSb6FmFydF4JFiMYA.roa (raw, json)
Hash identifier:          j+MDBXrgsnaiQDan0arN3gCFptI7rax/D08MKyrgjpo=
Subject key identifier:   35:3E:0E:CA:08:09:AB:06:92:6F:A1:66:17:27:45:E0:91:62:31:80
Certificate issuer:       /CN=864106540f30a9dcdf8ef9be72ffef8bd8a72e5c
Certificate serial:       018CC86FAC1A368406B491C45A334DC7883D
Authority key identifier: 86:41:06:54:0F:30:A9:DC:DF:8E:F9:BE:72:FF:EF:8B:D8:A7:2E:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hkEGVA8wqdzfjvm-cv_vi9inLlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/NT4OyggJqwaSb6FmFydF4JFiMYA.roa
Signing time:             Tue 02 Jan 2024 04:30:10 +0000
ROA not before:           Tue 02 Jan 2024 04:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42061
IP address blocks:        195.8.212.0/23 maxlen: 23
                          2001:67c:1d0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/hkEGVA8wqdzfjvm-cv_vi9inLlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/hkEGVA8wqdzfjvm-cv_vi9inLlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hkEGVA8wqdzfjvm-cv_vi9inLlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:ac:1a:36:84:06:b4:91:c4:5a:33:4d:c7:88:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=864106540f30a9dcdf8ef9be72ffef8bd8a72e5c
        Validity
            Not Before: Jan  2 04:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=353e0eca0809ab06926fa166172745e091623180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f1:a6:54:64:88:ee:d6:15:f8:c0:36:2e:8d:
                    5c:c9:20:10:db:56:98:c0:fb:60:fa:26:c6:93:48:
                    af:27:6a:80:1a:b7:51:d4:c6:63:ff:c2:73:d1:e5:
                    ef:89:97:8d:26:82:83:a7:77:5f:ca:f2:07:08:1d:
                    08:ad:4d:0a:05:2c:5b:db:b7:1e:7c:5d:89:58:45:
                    9a:df:e0:84:aa:bb:86:00:ca:d3:36:8f:47:12:d5:
                    ff:54:d1:7f:ce:21:e7:b2:89:dd:42:5d:2f:77:6c:
                    0a:0a:58:02:ec:73:27:43:e1:ed:9e:38:67:ca:cb:
                    d7:34:6e:85:51:2d:50:77:95:98:00:57:a8:31:2b:
                    15:cd:ce:35:db:52:79:7e:e8:e4:1c:20:85:d7:89:
                    df:2a:00:1a:09:c4:d7:0c:be:d9:13:94:35:a0:36:
                    db:bf:51:a0:47:b2:3b:82:70:02:e7:e9:82:69:23:
                    17:07:b8:cf:53:35:23:b0:9e:1c:02:24:38:d5:93:
                    d3:17:b2:ef:17:96:e1:d7:fe:22:21:31:00:0b:e9:
                    85:34:74:dd:d5:3d:d6:04:6e:a7:7d:bb:04:b3:00:
                    e9:3e:86:6a:2a:fe:4a:56:d9:33:28:55:38:44:e5:
                    dc:c4:2d:df:de:dc:1f:1b:fe:97:9e:aa:dc:3c:e1:
                    88:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:3E:0E:CA:08:09:AB:06:92:6F:A1:66:17:27:45:E0:91:62:31:80
            X509v3 Authority Key Identifier:
                keyid:86:41:06:54:0F:30:A9:DC:DF:8E:F9:BE:72:FF:EF:8B:D8:A7:2E:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hkEGVA8wqdzfjvm-cv_vi9inLlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/NT4OyggJqwaSb6FmFydF4JFiMYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/0be7f2-638d-4f45-b697-3b318e47276d/1/hkEGVA8wqdzfjvm-cv_vi9inLlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.212.0/23
                IPv6:
                  2001:67c:1d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:dd:38:29:51:3a:18:fd:06:19:40:42:3d:fd:2b:6c:2e:9a:
         a8:66:77:40:c9:8d:18:28:c3:a7:8c:3e:13:07:da:4c:4f:7e:
         fe:60:b8:3c:b1:c6:da:0d:6c:f5:fa:42:7c:60:53:9c:a6:5d:
         cd:2c:7a:69:db:6c:91:e0:ef:f5:c9:63:5a:76:c8:c1:8f:c5:
         67:57:27:f7:01:15:e7:7d:ec:04:b0:32:b1:48:1a:75:9b:8d:
         d1:87:6b:e4:33:f2:dd:64:e2:ea:92:b9:33:e5:96:af:53:cb:
         1a:52:d4:67:ae:c5:de:70:de:97:b0:04:d1:8e:77:ef:9a:0e:
         f4:76:2c:9d:96:79:6c:bc:b6:7c:1a:a1:00:ed:c1:e5:9c:47:
         38:9e:e1:8c:33:80:59:90:b6:5b:0c:55:44:12:b4:2c:d1:b4:
         c6:66:c3:97:f0:2a:9b:39:9c:d9:8c:e5:27:29:83:14:74:f5:
         25:3d:7c:83:51:c4:db:08:67:76:fc:f2:b9:46:90:ed:36:f7:
         0c:a8:db:da:59:0b:ad:41:43:dc:99:ec:87:21:58:56:1d:cf:
         31:ed:d9:38:8d:84:dc:0c:53:48:86:e1:39:e0:32:67:43:c4:
         ec:88:7d:03:90:11:7e:7e:6a:ac:35:25:9a:c9:cf:ef:4f:46:
         f1:95:04:2f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIb6waNoQGtJHEWjNNx4g9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NDEwNjU0MGYzMGE5ZGNkZjhlZjliZTcyZmZlZjhiZDhh
NzJlNWMwHhcNMjQwMTAyMDQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTNlMGVjYTA4MDlhYjA2OTI2ZmExNjYxNzI3NDVlMDkxNjIzMTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/GmVGSI7tYV+MA2Lo1cySAQ21aY
wPtg+ibGk0ivJ2qAGrdR1MZj/8Jz0eXviZeNJoKDp3dfyvIHCB0IrU0KBSxb27ce
fF2JWEWa3+CEqruGAMrTNo9HEtX/VNF/ziHnsondQl0vd2wKClgC7HMnQ+Htnjhn
ysvXNG6FUS1Qd5WYAFeoMSsVzc4121J5fujkHCCF14nfKgAaCcTXDL7ZE5Q1oDbb
v1GgR7I7gnAC5+mCaSMXB7jPUzUjsJ4cAiQ41ZPTF7LvF5bh1/4iITEAC+mFNHTd
1T3WBG6nfbsEswDpPoZqKv5KVtkzKFU4ROXcxC3f3twfG/6XnqrcPOGIGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDU+DsoICasGkm+hZhcnReCRYjGAMB8GA1UdIwQY
MBaAFIZBBlQPMKnc3475vnL/74vYpy5cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGtFR1ZBOHdxZHpmanZtLWN2X3ZpOWluTGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8wYmU3ZjItNjM4ZC00ZjQ1LWI2OTct
M2IzMThlNDcyNzZkLzEvTlQ0T3lnZ0pxd2FTYjZGbUZ5ZEY0SkZpTVlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8wYmU3ZjItNjM4ZC00ZjQ1LWI2OTctM2IzMThlNDcyNzZk
LzEvaGtFR1ZBOHdxZHpmanZtLWN2X3ZpOWluTGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBwwjUMA8E
AgACMAkDBwAgAQZ8AdAwDQYJKoZIhvcNAQELBQADggEBAArdOClROhj9BhlAQj39
K2wumqhmd0DJjRgow6eMPhMH2kxPfv5guDyxxtoNbPX6QnxgU5ymXc0semnbbJHg
7/XJY1p2yMGPxWdXJ/cBFed97ASwMrFIGnWbjdGHa+Qz8t1k4uqSuTPllq9TyxpS
1Geuxd5w3pewBNGOd++aDvR2LJ2WeWy8tnwaoQDtweWcRzie4YwzgFmQtlsMVUQS
tCzRtMZmw5fwKps5nNmM5ScpgxR09SU9fINRxNsIZ3b88rlGkO029wyo29pZC61B
Q9yZ7IchWFYdzzHt2TiNhNwMU0iG4TngMmdDxOyIfQOQEX5+aqw1JZrJz+9PRvGV
BC8=
-----END CERTIFICATE-----