Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NwRc8p7U8Eiaw8dhsviB5w9IsoU.roa
File:                     NwRc8p7U8Eiaw8dhsviB5w9IsoU.roa (raw, json)
Hash identifier:          1b34yhLBiGtm0WEhWovEGFt3W3gFi/gmzVuZ0ggaSDE=
Subject key identifier:   37:04:5C:F2:9E:D4:F0:48:9A:C3:C7:61:B2:F8:81:E7:0F:48:B2:85
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A1536A6EE3256AD55BBF0FA9AD701
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NwRc8p7U8Eiaw8dhsviB5w9IsoU.roa
Signing time:             Tue 02 Jan 2024 12:33:24 +0000
ROA not before:           Tue 02 Jan 2024 12:33:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56673
IP address blocks:        146.120.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:15:36:a6:ee:32:56:ad:55:bb:f0:fa:9a:d7:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37045cf29ed4f0489ac3c761b2f881e70f48b285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3c:1c:8a:ea:39:f2:79:45:b7:91:19:7f:5e:
                    38:1f:96:3a:57:a7:fd:d1:b0:de:03:35:fd:1b:9c:
                    ed:6e:a0:99:d0:68:75:fe:de:a1:5b:32:17:34:7a:
                    b6:fc:02:7b:7f:8a:83:b9:0b:29:36:d6:fa:c1:01:
                    6a:95:23:c0:85:3a:db:a1:e7:11:8a:a4:43:34:a6:
                    eb:27:91:1e:b7:f4:34:27:27:9f:f1:39:26:c6:a7:
                    ac:5b:42:3e:30:2f:c7:4a:7c:5f:d4:6b:41:fb:f6:
                    8a:70:c7:c5:67:2d:9f:b6:62:89:d5:01:45:6d:ef:
                    8d:c5:9d:63:d0:9b:0c:b7:0e:72:7d:34:ca:3a:59:
                    02:04:33:02:fc:a8:42:10:f7:05:d3:84:c5:cd:ff:
                    2c:b5:6c:d0:17:be:9e:e1:52:0e:4d:31:8b:32:b8:
                    66:7e:d8:c0:e2:4f:65:d7:45:7d:95:6a:3d:5c:4d:
                    c6:78:14:68:1a:ed:aa:85:e8:9b:78:2d:78:bf:6d:
                    43:85:4f:9a:d5:cf:15:7f:a9:1a:c1:fa:f7:a7:d0:
                    29:9f:81:5f:aa:1b:ac:08:e8:d7:55:d3:3e:11:9c:
                    8d:30:82:7f:bd:6b:90:63:dd:d4:ad:d8:f8:07:50:
                    77:12:1c:11:ca:47:ab:a5:73:db:19:b3:45:14:a4:
                    87:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:04:5C:F2:9E:D4:F0:48:9A:C3:C7:61:B2:F8:81:E7:0F:48:B2:85
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/NwRc8p7U8Eiaw8dhsviB5w9IsoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:dd:eb:3f:4d:af:7a:11:bb:3c:12:99:8b:a3:59:6b:70:4f:
         c8:d2:b6:07:8a:e9:f6:60:f6:91:48:01:44:5c:31:6a:b9:18:
         21:bc:11:2a:fd:d0:c9:3e:e1:01:9b:de:e0:c0:14:fb:52:4b:
         f1:56:a8:a1:68:94:e5:0f:e7:24:bb:e2:2e:af:31:ef:8d:27:
         89:1f:51:8d:82:95:70:19:9e:92:90:20:f3:9c:2c:00:b6:58:
         10:22:1b:a8:3a:71:0b:cb:b3:64:0d:6d:42:95:b7:3c:ec:2f:
         85:25:c0:43:4f:45:e6:01:45:b4:21:df:ce:fb:0d:db:b4:aa:
         f4:e7:d7:79:f7:7f:9b:38:41:4c:4f:8e:de:8a:45:9e:78:eb:
         99:91:e4:6c:66:01:d8:9e:1a:ba:2f:0c:ce:8b:a6:d6:52:c0:
         a0:0a:16:6d:db:5d:53:8b:63:84:18:f4:4d:a9:8c:c5:82:ee:
         83:f4:58:81:af:ae:dd:bf:5d:71:ba:7d:c2:65:c4:c8:2f:1c:
         12:12:a4:97:3b:a7:80:97:36:da:2a:9a:86:ed:e7:22:b0:12:
         95:6a:2e:b2:20:50:1e:3c:d5:e2:48:22:88:71:40:1d:2d:7a:
         7e:5a:16:b5:79:04:3e:e5:67:c2:c9:0d:a9:ae:f5:e8:e0:f8:
         3c:ec:4d:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKhU2pu4yVq1Vu/D6mtcBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzA0NWNmMjllZDRmMDQ4OWFjM2M3NjFiMmY4ODFlNzBmNDhiMjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Dwciuo58nlFt5EZf144H5Y6V6f9
0bDeAzX9G5ztbqCZ0Gh1/t6hWzIXNHq2/AJ7f4qDuQspNtb6wQFqlSPAhTrboecR
iqRDNKbrJ5Eet/Q0Jyef8TkmxqesW0I+MC/HSnxf1GtB+/aKcMfFZy2ftmKJ1QFF
be+NxZ1j0JsMtw5yfTTKOlkCBDMC/KhCEPcF04TFzf8stWzQF76e4VIOTTGLMrhm
ftjA4k9l10V9lWo9XE3GeBRoGu2qheibeC14v21DhU+a1c8Vf6kawfr3p9Apn4Ff
qhusCOjXVdM+EZyNMIJ/vWuQY93Urdj4B1B3EhwRykerpXPbGbNFFKSHPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcEXPKe1PBImsPHYbL4gecPSLKFMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTndSYzhwN1U4RWlhdzhkaHN2aUI1dzlJc29VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAknjHMA0G
CSqGSIb3DQEBCwUAA4IBAQCC3es/Ta96Ebs8EpmLo1lrcE/I0rYHiun2YPaRSAFE
XDFquRghvBEq/dDJPuEBm97gwBT7UkvxVqihaJTlD+cku+IurzHvjSeJH1GNgpVw
GZ6SkCDznCwAtlgQIhuoOnELy7NkDW1Clbc87C+FJcBDT0XmAUW0Id/O+w3btKr0
59d593+bOEFMT47eikWeeOuZkeRsZgHYnhq6LwzOi6bWUsCgChZt211Ti2OEGPRN
qYzFgu6D9FiBr67dv11xun3CZcTILxwSEqSXO6eAlzbaKpqG7ecisBKVai6yIFAe
PNXiSCKIcUAdLXp+Wha1eQQ+5WfCyQ2prvXo4Pg87E2a
-----END CERTIFICATE-----