Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/NlKWDvWV6A8kmXOVjzvKEoIndxY.roa
File:                     NlKWDvWV6A8kmXOVjzvKEoIndxY.roa (raw, json)
Hash identifier:          h+UhxW9S4nTfdgzeYFnXO2ayiFyXxgExy2Nk5oisGQY=
Subject key identifier:   36:52:96:0E:F5:95:E8:0F:24:99:73:95:8F:3B:CA:12:82:27:77:16
Certificate issuer:       /CN=63c05afa0dc9a5f8f618c3ed2eec672ec38f6fef
Certificate serial:       018CC6B7E6A1DED84D8691E8C1DA5BDA651D
Authority key identifier: 63:C0:5A:FA:0D:C9:A5:F8:F6:18:C3:ED:2E:EC:67:2E:C3:8F:6F:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/NlKWDvWV6A8kmXOVjzvKEoIndxY.roa
Signing time:             Mon 01 Jan 2024 20:29:50 +0000
ROA not before:           Mon 01 Jan 2024 20:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57350
IP address blocks:        91.231.217.0/24 maxlen: 24
                          91.231.216.0/24 maxlen: 24
                          185.41.116.0/23 maxlen: 23
                          185.41.118.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e6:a1:de:d8:4d:86:91:e8:c1:da:5b:da:65:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63c05afa0dc9a5f8f618c3ed2eec672ec38f6fef
        Validity
            Not Before: Jan  1 20:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3652960ef595e80f249973958f3bca1282277716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:70:98:f0:7c:69:5d:4b:a7:ac:6b:ca:b3:3a:
                    75:74:b2:38:37:01:12:83:38:d8:7e:7a:aa:57:63:
                    f4:99:58:ed:0f:fb:78:7a:22:c7:c4:c1:9c:e6:11:
                    d5:d3:83:fb:cb:00:23:f2:5f:3f:d2:7b:23:b9:67:
                    b9:9e:3c:34:eb:32:88:03:fd:a6:92:5e:c3:57:73:
                    f6:c7:fc:4c:0b:7e:8c:d7:89:cb:58:5d:34:20:94:
                    59:ea:a7:a9:8a:40:f4:bb:50:b2:4c:3a:68:6b:51:
                    45:4a:34:05:b6:1f:92:f6:54:c8:05:3a:ec:25:dc:
                    1a:38:80:90:c7:d2:98:05:4e:f5:d4:3c:9d:a3:05:
                    e4:96:b3:fe:4c:cb:74:89:d8:23:0c:c1:7d:66:ff:
                    96:83:71:8a:e2:be:42:3f:14:6d:18:93:7c:23:75:
                    13:2c:01:cc:97:06:0a:77:f3:80:89:f6:7d:5d:1a:
                    11:fa:f5:14:89:87:11:52:4f:e2:11:ff:c2:81:7a:
                    3e:09:d2:4f:fe:c2:37:a5:fd:e7:06:88:24:f0:00:
                    56:6d:43:f4:ae:6a:0c:da:46:6d:7b:db:1c:4c:3c:
                    bf:80:4f:6e:6e:ee:7a:9b:bf:68:82:b1:6f:ad:03:
                    c1:38:af:3a:a2:4d:59:7f:fd:af:b1:99:fe:8c:be:
                    4c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:52:96:0E:F5:95:E8:0F:24:99:73:95:8F:3B:CA:12:82:27:77:16
            X509v3 Authority Key Identifier:
                keyid:63:C0:5A:FA:0D:C9:A5:F8:F6:18:C3:ED:2E:EC:67:2E:C3:8F:6F:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/NlKWDvWV6A8kmXOVjzvKEoIndxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.216.0/23
                  185.41.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:d8:c6:27:7d:54:c9:4f:4b:a2:ad:d3:ba:4e:59:c6:4b:de:
         b3:33:60:f8:71:52:3d:df:c9:68:49:39:d8:a5:00:82:22:f5:
         ec:67:00:f1:23:18:28:fd:2a:84:d1:e2:58:6c:d2:7f:d8:64:
         aa:71:9b:9c:ea:11:9d:20:53:d5:a7:8b:b9:94:94:46:d0:c1:
         50:f8:5f:b9:52:13:59:0e:31:68:9d:8d:d8:26:d2:88:c1:8f:
         16:96:98:17:c3:70:ca:9c:87:b4:c7:fd:f3:be:69:2c:ac:41:
         bc:65:ad:bb:2a:18:0d:22:71:d1:7b:78:bf:4c:c7:41:ea:98:
         84:b0:e5:e2:2a:63:e8:69:da:c1:4c:96:3d:41:c6:d6:bd:4e:
         d1:15:05:a2:cc:17:76:a3:ed:3d:ad:44:37:f7:11:dd:5c:30:
         b9:9d:0e:3e:78:f0:1f:20:e9:f0:d7:0b:17:74:61:f2:a0:8a:
         13:ee:88:52:f6:9c:d1:21:05:a3:ef:7a:5d:67:5f:b2:c8:3e:
         14:d0:2b:8a:74:aa:0a:da:dd:b9:aa:fc:ff:b3:a2:65:61:16:
         d0:f8:22:62:58:e7:f4:4b:3b:23:27:c0:c9:b7:bb:8f:aa:f3:
         65:a9:03:9b:13:cc:29:91:da:21:be:29:3d:06:61:7b:17:79:
         79:9c:7b:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt+ah3thNhpHowdpb2mUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYzA1YWZhMGRjOWE1ZjhmNjE4YzNlZDJlZWM2NzJlYzM4
ZjZmZWYwHhcNMjQwMTAxMjAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjUyOTYwZWY1OTVlODBmMjQ5OTczOTU4ZjNiY2ExMjgyMjc3NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXCY8HxpXUunrGvKszp1dLI4NwES
gzjYfnqqV2P0mVjtD/t4eiLHxMGc5hHV04P7ywAj8l8/0nsjuWe5njw06zKIA/2m
kl7DV3P2x/xMC36M14nLWF00IJRZ6qepikD0u1CyTDpoa1FFSjQFth+S9lTIBTrs
JdwaOICQx9KYBU711DydowXklrP+TMt0idgjDMF9Zv+Wg3GK4r5CPxRtGJN8I3UT
LAHMlwYKd/OAifZ9XRoR+vUUiYcRUk/iEf/CgXo+CdJP/sI3pf3nBogk8ABWbUP0
rmoM2kZte9scTDy/gE9ubu56m79ogrFvrQPBOK86ok1Zf/2vsZn+jL5MAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDZSlg71legPJJlzlY87yhKCJ3cWMB8GA1UdIwQY
MBaAFGPAWvoNyaX49hjD7S7sZy7Dj2/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWThCYS1nM0pwZmoyR01QdEx1eG5Mc09QYi04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9jNGE3MGUtZjdhOC00YWEwLTk4YzYt
MjNlMDk2NTJiM2Q4LzEvTmxLV0R2V1Y2QThrbVhPVmp6dktFb0luZHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9jNGE3MGUtZjdhOC00YWEwLTk4YzYtMjNlMDk2NTJiM2Q4
LzEvWThCYS1nM0pwZmoyR01QdEx1eG5Mc09QYi04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+fYAwQC
uSl0MA0GCSqGSIb3DQEBCwUAA4IBAQBM2MYnfVTJT0uirdO6TlnGS96zM2D4cVI9
38loSTnYpQCCIvXsZwDxIxgo/SqE0eJYbNJ/2GSqcZuc6hGdIFPVp4u5lJRG0MFQ
+F+5UhNZDjFonY3YJtKIwY8WlpgXw3DKnIe0x/3zvmksrEG8Za27KhgNInHRe3i/
TMdB6piEsOXiKmPoadrBTJY9QcbWvU7RFQWizBd2o+09rUQ39xHdXDC5nQ4+ePAf
IOnw1wsXdGHyoIoT7ohS9pzRIQWj73pdZ1+yyD4U0CuKdKoK2t25qvz/s6JlYRbQ
+CJiWOf0SzsjJ8DJt7uPqvNlqQObE8wpkdohvik9BmF7F3l5nHvz
-----END CERTIFICATE-----