Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/NWQgscpz24FvWoaSneyL6CVSSfI.roa
File:                     NWQgscpz24FvWoaSneyL6CVSSfI.roa (raw, json)
Hash identifier:          PXgTn3V1zleT0gGVr2Dc00k++SrzchKu79xwCo2F1M0=
Subject key identifier:   35:64:20:B1:CA:73:DB:81:6F:5A:86:92:9D:EC:8B:E8:25:52:49:F2
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B738BA32D891B975E7957348DCF1ED
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/NWQgscpz24FvWoaSneyL6CVSSfI.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39694
IP address blocks:        83.206.141.0/24 maxlen: 24
                          83.206.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:38:ba:32:d8:91:b9:75:e7:95:73:48:dc:f1:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=356420b1ca73db816f5a86929dec8be8255249f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:36:9f:e3:66:52:52:eb:35:fc:aa:c1:a5:b6:
                    01:ed:28:48:cf:69:de:b7:d1:a8:ca:37:93:25:e3:
                    e0:cf:4e:3a:04:78:11:ce:f0:78:dc:61:29:5c:69:
                    51:5c:71:e8:56:55:55:94:f8:e2:de:b0:9d:9b:b8:
                    73:59:6c:4b:b6:ac:93:48:3c:7c:0b:0a:f6:69:f8:
                    ce:bd:98:8b:d5:13:82:61:0d:b1:10:e3:9f:99:e1:
                    79:79:74:08:c3:f7:76:c7:a4:b6:55:33:4b:ce:5a:
                    18:24:64:16:1e:f7:30:52:a2:c0:7d:a7:b8:5e:f1:
                    6d:8a:18:1a:9c:df:81:ce:12:8d:49:6c:e7:ac:47:
                    ad:2f:27:2c:c7:12:14:ef:d1:91:3b:0f:3f:33:5b:
                    41:7b:90:43:0a:2a:d3:5b:db:87:46:0f:84:ae:ca:
                    8e:d8:51:5f:ac:13:37:59:5d:7a:1c:d1:84:13:81:
                    0b:a9:11:f5:2c:7f:68:a4:29:c0:a7:f9:f3:53:f7:
                    cc:90:0c:f5:b4:cd:e2:ba:07:75:60:92:d5:ca:b0:
                    34:f8:06:6d:f1:d5:c6:b1:4a:84:a3:41:be:bb:15:
                    e3:3b:ce:92:f1:ae:1b:d0:44:6f:dc:70:03:85:70:
                    d0:7c:54:dc:40:a0:90:2e:d3:a7:63:35:31:87:f9:
                    9a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:64:20:B1:CA:73:DB:81:6F:5A:86:92:9D:EC:8B:E8:25:52:49:F2
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/NWQgscpz24FvWoaSneyL6CVSSfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.206.141.0/24
                  83.206.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:6d:0e:12:1f:23:2e:af:2d:8e:ad:20:08:0b:7e:78:ca:75:
         e6:40:de:a9:f3:2f:21:da:8a:0a:b3:be:e6:7d:eb:32:94:d5:
         dc:cf:f5:5e:d8:f6:39:25:a9:1e:67:e8:7e:86:d5:15:d0:51:
         30:18:9d:36:4c:cf:08:df:53:14:76:c3:a7:2b:60:be:09:8e:
         00:b5:62:0e:26:ce:72:cd:72:19:ca:d6:bd:53:fc:ee:f2:8a:
         ff:05:fc:51:d2:6b:cb:d9:92:86:5d:2c:76:06:93:66:05:fc:
         75:ec:7b:e1:54:97:ab:83:8b:e6:27:24:f3:98:1a:02:bd:dc:
         05:50:79:11:4f:5c:d0:9a:ac:79:b2:27:c6:9f:f5:e9:2b:c1:
         1c:55:11:d4:ae:01:82:18:18:8b:3f:0e:35:e0:f8:63:6d:6b:
         9f:8b:22:33:e8:5c:8a:f8:1f:cc:73:84:e5:5e:33:71:18:a4:
         fd:25:62:82:51:df:35:7f:82:c6:df:8a:80:88:5f:f5:e2:75:
         3a:1d:df:97:3d:3f:58:11:51:c5:dc:b0:a2:79:f9:ab:27:1a:
         aa:e2:94:61:fc:7e:ab:f7:fc:35:89:f8:38:d8:07:e0:dc:8c:
         69:fe:a5:d6:19:c2:92:22:74:c0:01:fb:24:1b:5e:10:20:17:
         a4:5b:d9:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtzi6MtiRuXXnlXNI3PHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTY0MjBiMWNhNzNkYjgxNmY1YTg2OTI5ZGVjOGJlODI1NTI0OWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDaf42ZSUus1/KrBpbYB7ShIz2ne
t9GoyjeTJePgz046BHgRzvB43GEpXGlRXHHoVlVVlPji3rCdm7hzWWxLtqyTSDx8
Cwr2afjOvZiL1ROCYQ2xEOOfmeF5eXQIw/d2x6S2VTNLzloYJGQWHvcwUqLAfae4
XvFtihganN+BzhKNSWznrEetLycsxxIU79GROw8/M1tBe5BDCirTW9uHRg+ErsqO
2FFfrBM3WV16HNGEE4ELqRH1LH9opCnAp/nzU/fMkAz1tM3iugd1YJLVyrA0+AZt
8dXGsUqEo0G+uxXjO86S8a4b0ERv3HADhXDQfFTcQKCQLtOnYzUxh/maFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDVkILHKc9uBb1qGkp3si+glUknyMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvTldRZ3NjcHoyNEZ2V29hU25leUw2Q1ZTU2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU86NAwQA
U87wMA0GCSqGSIb3DQEBCwUAA4IBAQAPbQ4SHyMury2OrSAIC354ynXmQN6p8y8h
2ooKs77mfesylNXcz/Ve2PY5JakeZ+h+htUV0FEwGJ02TM8I31MUdsOnK2C+CY4A
tWIOJs5yzXIZyta9U/zu8or/BfxR0mvL2ZKGXSx2BpNmBfx17HvhVJerg4vmJyTz
mBoCvdwFUHkRT1zQmqx5sifGn/XpK8EcVRHUrgGCGBiLPw414PhjbWufiyIz6FyK
+B/Mc4TlXjNxGKT9JWKCUd81f4LG34qAiF/14nU6Hd+XPT9YEVHF3LCiefmrJxqq
4pRh/H6r9/w1ifg42Afg3Ixp/qXWGcKSInTAAfskG14QIBekW9nG
-----END CERTIFICATE-----