Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/NhBL06__L5XcxYEuIn0L50pwRjs.roa
File:                     NhBL06__L5XcxYEuIn0L50pwRjs.roa (raw, json)
Hash identifier:          5qZg8m9fpfGtH9610pRHgy/a0NvK/XOxWYxBGjD6bxQ=
Subject key identifier:   36:10:4B:D3:AF:FF:2F:95:DC:C5:81:2E:22:7D:0B:E7:4A:70:46:3B
Certificate issuer:       /CN=38203463eb944b25c65135ca47bdbdab646f3984
Certificate serial:       018CC2DB073A7FD0CD88204C6F41288E27FB
Authority key identifier: 38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/NhBL06__L5XcxYEuIn0L50pwRjs.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207134
IP address blocks:        2a00:8860:500::/40 maxlen: 64
                          2a00:8861:500::/40 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:07:3a:7f:d0:cd:88:20:4c:6f:41:28:8e:27:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38203463eb944b25c65135ca47bdbdab646f3984
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36104bd3afff2f95dcc5812e227d0be74a70463b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:95:cb:cd:43:52:29:53:62:49:b7:a8:c2:8a:
                    c0:32:a1:1d:a1:04:c6:27:9a:20:96:33:2c:d2:56:
                    00:f6:10:dd:51:9b:d2:5e:fb:c8:e5:72:95:ad:4e:
                    a6:e0:30:b0:cc:4e:31:40:a1:71:65:c7:f3:13:cc:
                    93:a9:a7:2a:57:3a:1c:2c:88:a3:1a:d6:ce:60:46:
                    29:f4:59:20:f9:7b:1d:87:cc:56:2f:b8:9e:41:53:
                    dc:02:bc:15:cb:7b:9f:f2:9d:5c:ad:c8:29:8d:d7:
                    b5:82:9c:a4:e7:ce:0b:cd:8e:b9:ad:4e:15:ce:eb:
                    af:a6:4f:be:aa:e3:a1:84:31:2c:e6:a0:3e:5f:47:
                    38:92:64:4f:f6:64:c9:d8:e2:0f:df:bd:e2:43:7b:
                    40:e5:c2:50:c4:a9:d1:36:2f:25:7f:51:ff:e0:17:
                    c9:99:b9:20:eb:d1:4a:d5:cf:c5:00:77:fc:7d:5d:
                    a5:fc:f2:4c:7c:1f:7d:fe:2e:28:fb:ee:20:64:bf:
                    60:be:72:b5:ca:9f:7c:ce:6b:77:01:fb:43:d6:fc:
                    5e:b2:67:d8:e5:a0:33:52:3c:c9:78:92:5b:b4:5a:
                    9a:fd:8b:d1:ee:97:cb:87:ec:3b:7d:81:d2:2e:85:
                    f1:26:41:09:d3:8a:71:f7:bd:a5:bc:29:08:10:62:
                    f0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:10:4B:D3:AF:FF:2F:95:DC:C5:81:2E:22:7D:0B:E7:4A:70:46:3B
            X509v3 Authority Key Identifier:
                keyid:38:20:34:63:EB:94:4B:25:C6:51:35:CA:47:BD:BD:AB:64:6F:39:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OCA0Y-uUSyXGUTXKR729q2RvOYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/NhBL06__L5XcxYEuIn0L50pwRjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/0a2984-a869-440d-b578-58935179b985/1/OCA0Y-uUSyXGUTXKR729q2RvOYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:8860:500::/40
                  2a00:8861:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         2e:25:38:00:67:27:48:02:b5:7e:dc:87:af:ed:b0:95:dd:e7:
         24:23:42:4e:f8:91:13:37:e7:ad:9c:da:a4:d3:89:34:ff:87:
         18:27:44:b1:00:be:d0:4d:3e:a5:04:6b:e0:5b:35:f5:f7:88:
         a3:ee:c5:44:c1:63:17:4d:a9:f4:75:80:f3:df:f4:29:7b:ea:
         16:38:b8:6a:08:eb:59:27:24:ab:f8:07:ec:b1:21:7c:dc:f1:
         3d:a0:02:10:03:9c:99:d3:bd:8f:13:5e:41:d4:25:3f:a5:ae:
         02:94:36:e6:23:61:06:b3:65:e1:7f:45:96:cc:9b:b1:90:f2:
         d0:81:13:cd:d6:d6:03:6d:81:27:af:cb:27:94:a1:10:d4:3c:
         e4:57:ca:de:93:52:4b:47:df:47:3c:f4:d1:06:97:49:0b:14:
         ed:27:b4:76:f6:25:64:44:1a:fb:1d:9b:20:b9:56:9c:d8:1e:
         4d:56:c6:4d:b4:5c:27:92:0b:16:9a:21:14:f3:69:49:ed:f9:
         9a:47:f3:c0:be:fa:b0:81:a9:04:aa:e2:22:f0:b7:05:66:70:
         66:ba:7b:ce:8a:72:03:53:37:2d:b7:84:c0:43:98:b1:65:26:
         09:8c:ed:d2:3e:8c:e0:ae:94:56:80:0f:11:d5:a4:95:e2:b3:
         44:19:dc:17
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAYzC2wc6f9DNiCBMb0Eojif7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MjAzNDYzZWI5NDRiMjVjNjUxMzVjYTQ3YmRiZGFiNjQ2
ZjM5ODQwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjEwNGJkM2FmZmYyZjk1ZGNjNTgxMmUyMjdkMGJlNzRhNzA0NjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5XLzUNSKVNiSbeoworAMqEdoQTG
J5ogljMs0lYA9hDdUZvSXvvI5XKVrU6m4DCwzE4xQKFxZcfzE8yTqacqVzocLIij
GtbOYEYp9Fkg+Xsdh8xWL7ieQVPcArwVy3uf8p1crcgpjde1gpyk584LzY65rU4V
zuuvpk++quOhhDEs5qA+X0c4kmRP9mTJ2OIP373iQ3tA5cJQxKnRNi8lf1H/4BfJ
mbkg69FK1c/FAHf8fV2l/PJMfB99/i4o++4gZL9gvnK1yp98zmt3AftD1vxesmfY
5aAzUjzJeJJbtFqa/YvR7pfLh+w7fYHSLoXxJkEJ04px972lvCkIEGLwDwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFDYQS9Ov/y+V3MWBLiJ9C+dKcEY7MB8GA1UdIwQY
MBaAFDggNGPrlEslxlE1yke9vatkbzmEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1Nzgt
NTg5MzUxNzliOTg1LzEvTmhCTDA2X19MNVhjeFlFdUluMEw1MHB3UmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wYTI5ODQtYTg2OS00NDBkLWI1NzgtNTg5MzUxNzliOTg1
LzEvT0NBMFktdVVTeVhHVVRYS1I3MjlxMlJ2T1lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgCIYAUD
BgAqAIhhBTANBgkqhkiG9w0BAQsFAAOCAQEALiU4AGcnSAK1ftyHr+2wld3nJCNC
TviREzfnrZzapNOJNP+HGCdEsQC+0E0+pQRr4Fs19feIo+7FRMFjF02p9HWA89/0
KXvqFji4agjrWSckq/gH7LEhfNzxPaACEAOcmdO9jxNeQdQlP6WuApQ25iNhBrNl
4X9FlsybsZDy0IETzdbWA22BJ6/LJ5ShENQ85FfK3pNSS0ffRzz00QaXSQsU7Se0
dvYlZEQa+x2bILlWnNgeTVbGTbRcJ5ILFpohFPNpSe35mkfzwL76sIGpBKriIvC3
BWZwZrp7zopyA1M3LbeEwEOYsWUmCYzt0j6M4K6UVoAPEdWkleKzRBncFw==
-----END CERTIFICATE-----