Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/NluQuRsgOiFaIXTWt3y3rez6Bh4.roa
File:                     NluQuRsgOiFaIXTWt3y3rez6Bh4.roa (raw, json)
Hash identifier:          JKkT06F430W2THw9Cv6TXAFRcJ7i7LHFoCLoKhmOqSc=
Subject key identifier:   36:5B:90:B9:1B:20:3A:21:5A:21:74:D6:B7:7C:B7:AD:EC:FA:06:1E
Certificate issuer:       /CN=6931d7e7a99749a385eaeb27f850ab89da8f2ee0
Certificate serial:       019423D776748DEFA6AEDB5B3DD3D9FAF574
Authority key identifier: 69:31:D7:E7:A9:97:49:A3:85:EA:EB:27:F8:50:AB:89:DA:8F:2E:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aTHX56mXSaOF6usn-FCridqPLuA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/NluQuRsgOiFaIXTWt3y3rez6Bh4.roa
Signing time:             Wed 01 Jan 2025 21:48:30 +0000
ROA not before:           Wed 01 Jan 2025 21:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60538
IP address blocks:        193.36.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/aTHX56mXSaOF6usn-FCridqPLuA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/aTHX56mXSaOF6usn-FCridqPLuA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aTHX56mXSaOF6usn-FCridqPLuA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:76:74:8d:ef:a6:ae:db:5b:3d:d3:d9:fa:f5:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6931d7e7a99749a385eaeb27f850ab89da8f2ee0
        Validity
            Not Before: Jan  1 21:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=365b90b91b203a215a2174d6b77cb7adecfa061e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:37:07:cb:ea:b2:d8:18:e0:5f:fb:0d:c7:85:
                    48:66:95:e8:75:bb:24:7d:59:ed:81:15:dd:4d:a6:
                    ed:a2:45:46:68:cc:bd:94:ca:a6:f8:4e:85:55:34:
                    bc:b7:6d:3d:8a:0c:f0:ce:b2:87:6a:59:47:15:22:
                    4d:cd:69:f9:ab:24:d0:e2:d8:b4:00:8d:29:cc:85:
                    16:f8:9f:79:56:0b:eb:12:c9:29:9a:5d:c9:db:aa:
                    24:71:3a:07:a1:c9:de:d7:81:c6:a8:1e:64:c0:f1:
                    50:2e:c2:c7:8d:80:fd:bd:68:b4:e5:49:e1:fd:6d:
                    7d:35:68:af:7c:04:51:52:b8:40:0c:06:f2:1d:9e:
                    13:8b:53:fe:df:ce:f5:17:3a:0c:b7:8c:1d:34:f1:
                    9f:e3:e9:ed:3e:da:be:d9:b0:ef:b7:8c:7d:38:65:
                    f8:37:a2:a9:c5:fe:99:53:c7:f4:51:fe:a7:27:58:
                    3d:67:17:13:82:48:39:6b:d3:41:60:af:03:23:99:
                    f9:66:4d:99:4a:7a:ff:4e:ac:cb:29:8e:99:14:10:
                    86:44:5a:e3:c6:ab:69:fe:f8:d3:f9:e0:60:ba:01:
                    f6:9b:ee:a4:86:13:7d:3e:1d:31:50:fe:a2:4c:68:
                    d2:a8:a6:de:51:34:c9:1c:33:81:0c:f4:b5:23:60:
                    dc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:5B:90:B9:1B:20:3A:21:5A:21:74:D6:B7:7C:B7:AD:EC:FA:06:1E
            X509v3 Authority Key Identifier:
                keyid:69:31:D7:E7:A9:97:49:A3:85:EA:EB:27:F8:50:AB:89:DA:8F:2E:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aTHX56mXSaOF6usn-FCridqPLuA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/NluQuRsgOiFaIXTWt3y3rez6Bh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/8cfd73-1257-4dfa-8c59-76ae42356ce5/1/aTHX56mXSaOF6usn-FCridqPLuA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:05:f7:cf:aa:59:6f:4f:fe:0b:2c:7f:53:10:56:09:e7:83:
         53:92:e0:c8:e0:ea:f9:15:ef:93:25:a1:49:14:91:08:03:e6:
         27:0f:be:c5:91:98:11:53:0a:fc:3f:83:d1:65:17:91:1b:c7:
         6c:84:85:3b:03:35:b4:83:00:2b:34:f8:f4:6f:c4:44:8b:8e:
         61:1d:f2:0d:77:b6:f7:0f:f3:8f:ac:56:56:bd:56:4e:6b:14:
         ba:c4:15:61:17:24:5d:02:aa:3c:b3:6d:79:88:09:23:67:a4:
         53:e0:13:03:47:a4:1f:0d:6b:8d:d5:85:bc:f5:c3:e9:9c:94:
         70:a1:52:ee:56:55:eb:87:a2:c7:fb:de:54:f1:0f:92:26:01:
         8e:93:cf:cb:fd:dc:a4:54:1b:49:34:06:04:e1:8b:79:60:35:
         67:20:18:6c:d6:eb:63:2b:72:af:25:36:1f:87:e4:01:b7:59:
         04:79:ac:cf:8a:a3:b1:a1:a5:3f:1f:b8:d5:c2:58:b5:86:ef:
         9a:07:f4:16:c9:6f:0b:34:88:53:20:a7:40:ad:20:60:72:b0:
         55:a7:8d:dd:fc:eb:78:6f:0e:80:c4:09:c9:f1:9a:01:d6:82:
         28:e3:99:e6:03:f7:8f:3b:12:45:59:ac:c6:1f:48:6a:44:ef:
         81:98:ee:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj13Z0je+mrttbPdPZ+vV0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5MzFkN2U3YTk5NzQ5YTM4NWVhZWIyN2Y4NTBhYjg5ZGE4
ZjJlZTAwHhcNMjUwMTAxMjE0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjViOTBiOTFiMjAzYTIxNWEyMTc0ZDZiNzdjYjdhZGVjZmEwNjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTcHy+qy2BjgX/sNx4VIZpXodbsk
fVntgRXdTabtokVGaMy9lMqm+E6FVTS8t209igzwzrKHallHFSJNzWn5qyTQ4ti0
AI0pzIUW+J95VgvrEskpml3J26okcToHocne14HGqB5kwPFQLsLHjYD9vWi05Unh
/W19NWivfARRUrhADAbyHZ4Ti1P+3871FzoMt4wdNPGf4+ntPtq+2bDvt4x9OGX4
N6Kpxf6ZU8f0Uf6nJ1g9ZxcTgkg5a9NBYK8DI5n5Zk2ZSnr/TqzLKY6ZFBCGRFrj
xqtp/vjT+eBgugH2m+6khhN9Ph0xUP6iTGjSqKbeUTTJHDOBDPS1I2DcRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZbkLkbIDohWiF01rd8t63s+gYeMB8GA1UdIwQY
MBaAFGkx1+epl0mjherrJ/hQq4najy7gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVRIWDU2bVhTYU9GNnVzbi1GQ3JpZHFQTHVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC84Y2ZkNzMtMTI1Ny00ZGZhLThjNTkt
NzZhZTQyMzU2Y2U1LzEvTmx1UXVSc2dPaUZhSVhUV3QzeTNyZXo2Qmg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC84Y2ZkNzMtMTI1Ny00ZGZhLThjNTktNzZhZTQyMzU2Y2U1
LzEvYVRIWDU2bVhTYU9GNnVzbi1GQ3JpZHFQTHVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSQBMA0G
CSqGSIb3DQEBCwUAA4IBAQAgBffPqllvT/4LLH9TEFYJ54NTkuDI4Or5Fe+TJaFJ
FJEIA+YnD77FkZgRUwr8P4PRZReRG8dshIU7AzW0gwArNPj0b8REi45hHfINd7b3
D/OPrFZWvVZOaxS6xBVhFyRdAqo8s215iAkjZ6RT4BMDR6QfDWuN1YW89cPpnJRw
oVLuVlXrh6LH+95U8Q+SJgGOk8/L/dykVBtJNAYE4Yt5YDVnIBhs1utjK3KvJTYf
h+QBt1kEeazPiqOxoaU/H7jVwli1hu+aB/QWyW8LNIhTIKdArSBgcrBVp43d/Ot4
bw6AxAnJ8ZoB1oIo45nmA/ePOxJFWazGH0hqRO+BmO5i
-----END CERTIFICATE-----