Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/NuxUC2dOoAySHe_WgX4neZKlvRo.roa
File:                     NuxUC2dOoAySHe_WgX4neZKlvRo.roa (raw, json)
Hash identifier:          Ue0+YlDjini2g7x5wsCTqeDVJUWQj8F0Dy+VHpUWfCk=
Subject key identifier:   36:EC:54:0B:67:4E:A0:0C:92:1D:EF:D6:81:7E:27:79:92:A5:BD:1A
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018CC5DCE7B620D47FC812BB3ED5EF9B8970
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/NuxUC2dOoAySHe_WgX4neZKlvRo.roa
Signing time:             Mon 01 Jan 2024 16:30:37 +0000
ROA not before:           Mon 01 Jan 2024 16:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211936
IP address blocks:        92.114.44.0/22 maxlen: 24
                          31.186.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:e7:b6:20:d4:7f:c8:12:bb:3e:d5:ef:9b:89:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  1 16:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36ec540b674ea00c921defd6817e277992a5bd1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6c:01:12:c8:2e:0c:8a:1c:07:d7:f8:31:4c:
                    3f:eb:ad:d9:f3:d6:5c:26:e4:1a:19:ce:60:c3:74:
                    9d:bc:67:e4:00:1d:72:82:81:30:53:6e:86:71:84:
                    d4:5e:4b:14:1c:19:77:b3:9c:d9:2c:c3:47:d0:fb:
                    a9:28:d1:fc:01:5d:51:32:4e:33:f6:c8:f0:a6:fa:
                    60:48:50:1a:11:7a:2e:cb:ea:2a:fa:1e:f8:64:d7:
                    cf:44:b7:92:fa:39:c5:5f:78:d1:0a:31:8a:8f:5c:
                    f0:01:12:50:ac:8a:ef:e1:d5:a1:a9:ec:90:05:f3:
                    0b:17:e0:20:e7:00:6b:7c:ba:bf:47:c9:1a:2c:bd:
                    9e:07:25:d4:82:d4:77:87:35:b4:e2:b8:fb:b9:ec:
                    50:f1:83:97:33:f2:1e:47:be:19:f6:65:32:b7:ca:
                    54:96:60:c1:69:7c:b2:95:00:f1:d6:a4:e3:74:ba:
                    9a:a3:5d:52:89:76:0f:c1:0c:46:04:d8:6a:8a:d0:
                    a3:91:c0:63:3e:36:87:37:cf:29:97:b9:20:40:4f:
                    b0:76:a0:e2:15:c2:fb:8a:5b:a3:41:26:6b:cf:00:
                    04:bf:ed:a3:65:32:ad:a8:17:ff:33:9f:d4:58:d0:
                    bb:70:27:97:2e:7c:b2:3c:d8:33:74:e1:54:b1:95:
                    4c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EC:54:0B:67:4E:A0:0C:92:1D:EF:D6:81:7E:27:79:92:A5:BD:1A
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/NuxUC2dOoAySHe_WgX4neZKlvRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.176.0/22
                  92.114.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:82:e7:ac:8d:3e:c0:a4:fc:55:7d:ac:d7:f8:30:0b:78:f3:
         d7:0a:aa:41:7f:d1:2e:b2:9b:a1:7f:19:3c:ad:b8:a9:23:af:
         c1:8a:27:35:d6:b5:0d:63:91:4d:17:e3:d5:a0:03:d0:ad:03:
         7f:08:29:19:0f:a3:20:17:02:0d:8a:09:03:1a:00:13:bb:9a:
         90:4e:70:ab:f8:95:26:48:31:1b:66:cd:fc:1f:01:e3:ca:c0:
         de:5e:d4:66:59:9d:d4:21:03:65:47:38:15:14:b0:d3:4e:9e:
         08:ef:d9:cd:a1:58:1b:2d:48:d0:b6:05:5c:0f:73:c8:a5:32:
         47:3a:cf:75:02:2e:d8:75:00:b9:41:40:fa:23:c8:b2:7b:1d:
         75:3b:0d:1d:d7:04:6d:82:9f:cd:0b:c5:ab:f4:0d:ae:86:9f:
         89:5a:1b:d8:d2:d7:87:f9:53:30:c5:3d:9e:f2:42:4f:4b:29:
         e4:bb:02:b8:4d:a7:e2:94:f9:ae:34:a8:be:2c:4a:e7:68:81:
         91:c9:8b:b5:c8:35:0d:a2:b0:e7:d4:e7:8f:77:59:9e:ef:bf:
         3b:96:43:81:b8:06:5d:d4:c8:4b:f2:d9:7e:96:7d:51:cf:80:
         80:19:3d:90:91:58:13:27:98:ba:82:19:b3:92:4f:57:d1:d6:
         14:fb:3d:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF3Oe2INR/yBK7PtXvm4lwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwMTAxMTYzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVjNTQwYjY3NGVhMDBjOTIxZGVmZDY4MTdlMjc3OTkyYTViZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmwBEsguDIocB9f4MUw/663Z89Zc
JuQaGc5gw3SdvGfkAB1ygoEwU26GcYTUXksUHBl3s5zZLMNH0PupKNH8AV1RMk4z
9sjwpvpgSFAaEXouy+oq+h74ZNfPRLeS+jnFX3jRCjGKj1zwARJQrIrv4dWhqeyQ
BfMLF+Ag5wBrfLq/R8kaLL2eByXUgtR3hzW04rj7uexQ8YOXM/IeR74Z9mUyt8pU
lmDBaXyylQDx1qTjdLqao11SiXYPwQxGBNhqitCjkcBjPjaHN88pl7kgQE+wdqDi
FcL7ilujQSZrzwAEv+2jZTKtqBf/M5/UWNC7cCeXLnyyPNgzdOFUsZVMZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDbsVAtnTqAMkh3v1oF+J3mSpb0aMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvTnV4VUMyZE9vQXlTSGVfV2dYNG5lWktsdlJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCH7qwAwQC
XHIsMA0GCSqGSIb3DQEBCwUAA4IBAQAMguesjT7ApPxVfazX+DALePPXCqpBf9Eu
spuhfxk8rbipI6/Biic11rUNY5FNF+PVoAPQrQN/CCkZD6MgFwINigkDGgATu5qQ
TnCr+JUmSDEbZs38HwHjysDeXtRmWZ3UIQNlRzgVFLDTTp4I79nNoVgbLUjQtgVc
D3PIpTJHOs91Ai7YdQC5QUD6I8iyex11Ow0d1wRtgp/NC8Wr9A2uhp+JWhvY0teH
+VMwxT2e8kJPSynkuwK4TafilPmuNKi+LErnaIGRyYu1yDUNorDn1OePd1me7787
lkOBuAZd1MhL8tl+ln1Rz4CAGT2QkVgTJ5i6ghmzkk9X0dYU+z2A
-----END CERTIFICATE-----