Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/NqAw6L7b9QzFEwKnLg97dKOcUsc.roa
File:                     NqAw6L7b9QzFEwKnLg97dKOcUsc.roa (raw, json)
Hash identifier:          NZt8gvElclaUDAo3urfiHperBEj5dsoagEbzChdwv4M=
Subject key identifier:   36:A0:30:E8:BE:DB:F5:0C:C5:13:02:A7:2E:0F:7B:74:A3:9C:52:C7
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018EF0A0FC8E14E679F6B88A42ECE27506F5
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/NqAw6L7b9QzFEwKnLg97dKOcUsc.roa
Signing time:             Thu 18 Apr 2024 09:54:25 +0000
ROA not before:           Thu 18 Apr 2024 09:54:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        185.160.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f0:a0:fc:8e:14:e6:79:f6:b8:8a:42:ec:e2:75:06:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Apr 18 09:54:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36a030e8bedbf50cc51302a72e0f7b74a39c52c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:80:c3:32:85:cd:24:da:03:39:b3:cb:f9:f3:
                    f1:4a:21:6a:f6:b3:ad:99:ef:3f:08:0f:76:f0:43:
                    67:9a:79:2f:0f:d9:70:e7:a1:39:9f:c4:a7:5a:5f:
                    56:a1:e2:13:c8:b6:b0:0b:a2:c6:e1:11:8e:e9:98:
                    34:4a:df:45:58:0f:20:5e:63:37:08:28:60:af:f8:
                    6f:7a:e6:39:66:a5:9e:c0:2a:1d:80:f1:11:91:a8:
                    2e:f1:36:9d:b6:38:d5:0b:1a:94:f2:cb:50:35:1d:
                    e8:b5:e2:b5:00:01:1f:3e:f1:14:ca:ed:81:a1:9c:
                    e3:e3:bb:82:47:b4:a0:9b:cc:b0:36:04:65:8a:46:
                    90:f0:86:48:62:07:63:4b:48:5e:53:ed:28:18:5f:
                    0c:5e:ca:ac:2e:bd:81:1b:3b:36:e1:f6:ec:a8:df:
                    bd:b2:95:72:e7:c0:f0:d7:6f:a6:ad:d8:4d:4d:2c:
                    da:1d:d5:51:59:71:7d:0d:eb:04:fe:cc:e3:d8:e7:
                    a3:98:75:02:21:fe:6f:be:aa:ad:f4:36:2d:ca:23:
                    31:78:d9:90:c6:90:9c:a4:38:fb:8a:29:35:c5:18:
                    b3:ba:76:cc:2b:ac:26:2a:c0:50:36:db:92:f3:ad:
                    66:fb:d7:c9:b5:90:90:3a:c7:bf:49:38:fd:04:08:
                    5e:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A0:30:E8:BE:DB:F5:0C:C5:13:02:A7:2E:0F:7B:74:A3:9C:52:C7
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/NqAw6L7b9QzFEwKnLg97dKOcUsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.160.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:66:dc:c4:39:81:89:d6:0c:b3:0b:0e:31:04:a4:98:72:03:
         44:75:e4:58:37:98:43:c9:db:1e:04:31:f6:de:e1:3e:b0:21:
         27:73:9a:34:72:85:ce:ef:5f:c3:af:23:2d:46:57:16:2b:a3:
         1d:0a:50:ad:3c:69:aa:27:c1:7d:c0:b9:b4:af:29:fc:58:44:
         87:07:df:12:a7:f0:9a:e1:eb:c4:7f:b1:41:d7:a9:fc:4b:3b:
         c4:31:58:a9:9c:84:fb:73:58:de:c9:9c:b7:4f:7f:bd:67:78:
         9a:50:99:3c:2f:10:dc:b4:71:d5:a3:32:6e:16:32:67:f2:04:
         b5:20:5b:b8:c3:9d:1d:06:a6:17:da:8f:73:22:69:ae:da:64:
         4c:e2:8c:98:cf:f0:23:5b:d8:e0:54:19:6e:a0:f3:66:bd:41:
         c8:c4:79:a5:07:4a:72:2f:8d:96:2c:da:93:43:f4:26:b5:87:
         78:25:bc:6e:51:db:f9:f0:16:8a:57:55:ef:f8:b0:4a:a8:16:
         7e:b7:8f:a1:5d:33:20:29:88:8b:cd:f8:0e:03:17:8a:98:b0:
         17:d7:56:7b:20:3f:87:55:14:74:66:78:f1:78:2f:cb:2b:46:
         9a:85:d2:97:ba:e4:21:1d:2f:75:9a:2a:7d:71:cb:ba:0e:eb:
         ea:28:4c:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7woPyOFOZ59riKQuzidQb1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwNDE4MDk1NDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmEwMzBlOGJlZGJmNTBjYzUxMzAyYTcyZTBmN2I3NGEzOWM1MmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4DDMoXNJNoDObPL+fPxSiFq9rOt
me8/CA928ENnmnkvD9lw56E5n8SnWl9WoeITyLawC6LG4RGO6Zg0St9FWA8gXmM3
CChgr/hveuY5ZqWewCodgPERkagu8TadtjjVCxqU8stQNR3oteK1AAEfPvEUyu2B
oZzj47uCR7Sgm8ywNgRlikaQ8IZIYgdjS0heU+0oGF8MXsqsLr2BGzs24fbsqN+9
spVy58Dw12+mrdhNTSzaHdVRWXF9DesE/szj2OejmHUCIf5vvqqt9DYtyiMxeNmQ
xpCcpDj7iik1xRizunbMK6wmKsBQNtuS861m+9fJtZCQOse/STj9BAheAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDagMOi+2/UMxRMCpy4Pe3SjnFLHMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvTnFBdzZMN2I5UXpGRXdLbkxnOTdkS09jVXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaDBMA0G
CSqGSIb3DQEBCwUAA4IBAQBqZtzEOYGJ1gyzCw4xBKSYcgNEdeRYN5hDydseBDH2
3uE+sCEnc5o0coXO71/DryMtRlcWK6MdClCtPGmqJ8F9wLm0ryn8WESHB98Sp/Ca
4evEf7FB16n8SzvEMVipnIT7c1jeyZy3T3+9Z3iaUJk8LxDctHHVozJuFjJn8gS1
IFu4w50dBqYX2o9zImmu2mRM4oyYz/AjW9jgVBluoPNmvUHIxHmlB0pyL42WLNqT
Q/QmtYd4JbxuUdv58BaKV1Xv+LBKqBZ+t4+hXTMgKYiLzfgOAxeKmLAX11Z7ID+H
VRR0ZnjxeC/LK0aahdKXuuQhHS91mip9ccu6DuvqKEzJ
-----END CERTIFICATE-----