Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/Ns-TL5URBIXkWjSrsIX0f-jA8r8.roa
File:                     Ns-TL5URBIXkWjSrsIX0f-jA8r8.roa (raw, json)
Hash identifier:          rkMxs94A3zqfZql4p2TlDjcRtvwJLskmzewtRu09cI8=
Subject key identifier:   36:CF:93:2F:95:11:04:85:E4:5A:34:AB:B0:85:F4:7F:E8:C0:F2:BF
Certificate issuer:       /CN=d103af197645a4941c6cdb08669af008b79102be
Certificate serial:       01941F8C0BE3252DC3166F49D6422F75298C
Authority key identifier: D1:03:AF:19:76:45:A4:94:1C:6C:DB:08:66:9A:F0:08:B7:91:02:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0QOvGXZFpJQcbNsIZprwCLeRAr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/Ns-TL5URBIXkWjSrsIX0f-jA8r8.roa
Signing time:             Wed 01 Jan 2025 01:47:39 +0000
ROA not before:           Wed 01 Jan 2025 01:47:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8455
IP address blocks:        185.158.164.0/22 maxlen: 24
                          2a07:ae80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/0QOvGXZFpJQcbNsIZprwCLeRAr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/0QOvGXZFpJQcbNsIZprwCLeRAr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0QOvGXZFpJQcbNsIZprwCLeRAr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:0b:e3:25:2d:c3:16:6f:49:d6:42:2f:75:29:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d103af197645a4941c6cdb08669af008b79102be
        Validity
            Not Before: Jan  1 01:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36cf932f95110485e45a34abb085f47fe8c0f2bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f9:bb:a7:24:ce:bb:a2:aa:18:13:4d:e8:8d:
                    88:2a:b2:1e:f7:51:f0:32:50:7f:2b:6c:50:18:89:
                    80:f4:d2:0f:64:bf:89:f6:75:df:10:04:ec:b4:ed:
                    95:f9:86:75:62:08:14:ef:24:bd:45:fc:cd:ef:e2:
                    5c:6f:e9:f8:37:a7:fd:2a:b3:2e:c8:7b:1f:f6:31:
                    b5:b1:35:b4:a2:7f:15:85:87:15:d9:c2:3f:21:57:
                    cc:1c:6b:b2:ca:22:35:fc:3b:bf:71:15:3f:58:97:
                    86:fc:9e:ed:d1:91:bd:04:85:04:5a:9b:ba:78:02:
                    92:28:80:15:a5:a7:e5:ca:66:57:41:af:ca:b4:18:
                    36:09:8a:98:bf:87:fd:ce:f3:7b:be:20:ac:4e:16:
                    7b:64:70:45:d4:78:14:86:db:6e:53:d9:39:a3:20:
                    13:4a:d7:2f:9a:e5:d1:b0:b0:1a:01:cc:cc:c3:3e:
                    e0:14:24:ef:cc:8c:4c:a3:89:d1:5b:37:a0:1f:85:
                    fb:89:d4:aa:b2:c7:23:ce:be:7c:b8:33:02:0e:ec:
                    9f:f0:08:92:79:fc:e5:72:ff:e6:5a:21:42:6e:29:
                    36:96:7b:c0:c3:18:8e:10:33:9f:61:cd:9a:88:df:
                    b3:95:d2:b0:81:97:32:ab:47:65:01:16:86:31:45:
                    f1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:CF:93:2F:95:11:04:85:E4:5A:34:AB:B0:85:F4:7F:E8:C0:F2:BF
            X509v3 Authority Key Identifier:
                keyid:D1:03:AF:19:76:45:A4:94:1C:6C:DB:08:66:9A:F0:08:B7:91:02:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0QOvGXZFpJQcbNsIZprwCLeRAr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/Ns-TL5URBIXkWjSrsIX0f-jA8r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/ec23cc-da5a-4d2b-95d9-7db3ec6fa302/1/0QOvGXZFpJQcbNsIZprwCLeRAr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.164.0/22
                IPv6:
                  2a07:ae80::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:ce:c6:13:be:14:6e:61:bb:dc:11:7c:de:6a:61:c2:cb:c9:
         d3:7e:ae:1c:51:a6:d8:6f:fb:eb:53:84:59:41:64:5b:09:08:
         c3:39:66:7c:22:5a:72:5d:3b:31:42:0f:d2:42:65:bf:4d:89:
         1a:8b:f8:44:28:7b:9e:36:74:a5:4b:c9:bb:f1:62:4b:69:a0:
         04:5b:6e:4c:6e:76:7f:2e:f0:79:b4:7e:5c:cc:d5:64:08:fa:
         e4:c4:e9:ce:fc:78:bb:17:9c:74:31:17:b5:95:35:10:a8:6d:
         7c:e5:ef:4a:6d:f6:c3:73:39:a8:69:ad:56:f0:0d:8f:59:e0:
         68:37:d1:40:81:60:6d:25:6a:6b:ee:9d:94:32:40:66:f4:b7:
         ee:82:a1:76:bc:1f:a6:c5:b1:ec:a5:8b:d4:49:94:1a:d1:a2:
         16:e8:79:fd:34:cd:61:e4:6f:b8:f3:83:e0:3a:3f:16:19:75:
         43:19:ef:22:ab:09:25:9b:bb:54:3b:6a:86:84:92:21:78:37:
         80:f7:2e:c9:b8:49:d5:7f:d0:d4:41:3c:7f:4f:79:60:ae:2e:
         d1:4e:3e:13:a2:36:6b:6a:dd:8e:e4:23:35:72:d0:27:73:ec:
         05:66:0a:39:ee:82:cf:bd:51:b8:80:a4:ed:31:cb:53:3a:1c:
         f7:6a:19:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjAvjJS3DFm9J1kIvdSmMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMDNhZjE5NzY0NWE0OTQxYzZjZGIwODY2OWFmMDA4Yjc5
MTAyYmUwHhcNMjUwMTAxMDE0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmNmOTMyZjk1MTEwNDg1ZTQ1YTM0YWJiMDg1ZjQ3ZmU4YzBmMmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/m7pyTOu6KqGBNN6I2IKrIe91Hw
MlB/K2xQGImA9NIPZL+J9nXfEATstO2V+YZ1YggU7yS9RfzN7+Jcb+n4N6f9KrMu
yHsf9jG1sTW0on8VhYcV2cI/IVfMHGuyyiI1/Du/cRU/WJeG/J7t0ZG9BIUEWpu6
eAKSKIAVpaflymZXQa/KtBg2CYqYv4f9zvN7viCsThZ7ZHBF1HgUhttuU9k5oyAT
StcvmuXRsLAaAczMwz7gFCTvzIxMo4nRWzegH4X7idSqsscjzr58uDMCDuyf8AiS
efzlcv/mWiFCbik2lnvAwxiOEDOfYc2aiN+zldKwgZcyq0dlARaGMUXxaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDbPky+VEQSF5Fo0q7CF9H/owPK/MB8GA1UdIwQY
MBaAFNEDrxl2RaSUHGzbCGaa8Ai3kQK+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFFPdkdYWkZwSlFjYk5zSVpwcndDTGVSQXI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My9lYzIzY2MtZGE1YS00ZDJiLTk1ZDkt
N2RiM2VjNmZhMzAyLzEvTnMtVEw1VVJCSVhrV2pTcnNJWDBmLWpBOHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My9lYzIzY2MtZGE1YS00ZDJiLTk1ZDktN2RiM2VjNmZhMzAy
LzEvMFFPdkdYWkZwSlFjYk5zSVpwcndDTGVSQXI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZ6kMA0E
AgACMAcDBQMqB66AMA0GCSqGSIb3DQEBCwUAA4IBAQBYzsYTvhRuYbvcEXzeamHC
y8nTfq4cUabYb/vrU4RZQWRbCQjDOWZ8IlpyXTsxQg/SQmW/TYkai/hEKHueNnSl
S8m78WJLaaAEW25MbnZ/LvB5tH5czNVkCPrkxOnO/Hi7F5x0MRe1lTUQqG185e9K
bfbDczmoaa1W8A2PWeBoN9FAgWBtJWpr7p2UMkBm9LfugqF2vB+mxbHspYvUSZQa
0aIW6Hn9NM1h5G+484PgOj8WGXVDGe8iqwklm7tUO2qGhJIheDeA9y7JuEnVf9DU
QTx/T3lgri7RTj4TojZrat2O5CM1ctAnc+wFZgo57oLPvVG4gKTtMctTOhz3ahn8
-----END CERTIFICATE-----