Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/NcvN22Wngsxqz4kDV5FHfP-CKxo.roa
File:                     NcvN22Wngsxqz4kDV5FHfP-CKxo.roa (raw, json)
Hash identifier:          WFalwBnBOa83rudCS0P7Kw87L/jGj6BaPm1NfGgOLFI=
Subject key identifier:   35:CB:CD:DB:65:A7:82:CC:6A:CF:89:03:57:91:47:7C:FF:82:2B:1A
Certificate issuer:       /CN=df2c15cf72fcdb8596b7c6489b15a6b720c14eb5
Certificate serial:       018F3D849563498574E7A0067E94512A1E95
Authority key identifier: DF:2C:15:CF:72:FC:DB:85:96:B7:C6:48:9B:15:A6:B7:20:C1:4E:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/NcvN22Wngsxqz4kDV5FHfP-CKxo.roa
Signing time:             Fri 03 May 2024 08:14:10 +0000
ROA not before:           Fri 03 May 2024 08:14:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44294
IP address blocks:        185.239.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:84:95:63:49:85:74:e7:a0:06:7e:94:51:2a:1e:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df2c15cf72fcdb8596b7c6489b15a6b720c14eb5
        Validity
            Not Before: May  3 08:14:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35cbcddb65a782cc6acf89035791477cff822b1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:64:e5:50:95:d0:56:ef:96:2c:59:0f:b1:5e:
                    10:bc:59:cf:3a:4b:59:c6:1f:a6:1f:0d:a9:e1:66:
                    0a:9c:74:2f:e3:7e:cf:65:ec:f8:c9:2f:4f:d5:92:
                    a2:52:e0:06:af:1d:8f:db:66:6b:bf:cd:48:a3:c0:
                    87:80:c2:6b:a9:3a:4a:66:9e:b1:46:a8:ae:0b:a8:
                    40:03:37:15:1c:c1:c8:e8:06:5b:61:93:26:d0:3e:
                    dc:eb:43:9f:e2:8e:7f:aa:1b:85:b5:66:5a:13:8f:
                    ef:07:f8:32:5c:3d:2a:1f:bb:cd:25:d4:52:44:83:
                    bd:94:4c:99:5c:91:3e:3d:17:da:23:65:38:50:47:
                    8b:86:65:7c:f3:d5:d4:5c:f7:3f:8b:d6:2c:56:90:
                    64:22:cc:cb:aa:b5:0b:ea:6a:70:a1:b5:36:3d:0e:
                    b6:3d:98:e4:98:9f:d0:2c:b9:02:16:b2:0e:e6:dd:
                    7d:e3:4c:7e:52:e4:77:3e:2c:9d:d7:c3:24:99:83:
                    e1:50:f9:44:03:60:30:9f:83:e1:71:58:30:b2:36:
                    1b:0b:e7:1c:0d:4f:56:e8:e7:ca:b8:10:54:d9:2d:
                    72:53:3d:5f:49:c7:61:92:b8:1d:69:6e:ef:b9:40:
                    85:eb:46:23:0c:c9:c6:68:e0:7f:5f:d8:6c:d5:06:
                    3a:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:CB:CD:DB:65:A7:82:CC:6A:CF:89:03:57:91:47:7C:FF:82:2B:1A
            X509v3 Authority Key Identifier:
                keyid:DF:2C:15:CF:72:FC:DB:85:96:B7:C6:48:9B:15:A6:B7:20:C1:4E:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ywVz3L824WWt8ZImxWmtyDBTrU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/NcvN22Wngsxqz4kDV5FHfP-CKxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9cfea1-d82a-4755-810e-f1853d10e610/1/3ywVz3L824WWt8ZImxWmtyDBTrU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:b6:22:a0:5b:5a:53:4a:2c:ba:ff:0c:b1:e2:b3:a7:48:e6:
         77:8f:43:0c:47:6a:d6:e1:c8:b7:8e:53:65:e7:42:92:02:7e:
         14:95:b7:cf:58:09:e2:57:bc:87:9d:c0:21:11:ee:12:c5:a7:
         ff:9f:ab:ea:ca:c1:c1:c1:fe:c7:57:69:59:27:3e:e9:b9:31:
         c8:9a:30:77:16:83:65:51:65:9c:c9:b8:f0:e6:af:fd:96:f4:
         71:ff:d7:eb:b5:8e:51:d5:6a:d1:12:96:94:e3:29:56:ff:1e:
         97:ca:6d:bd:b9:25:e3:1e:3e:c8:62:b7:5f:63:a3:56:66:5b:
         87:fc:68:af:3b:86:fa:d6:28:86:46:6a:10:1e:97:0b:c2:90:
         b9:12:20:e2:da:bf:e3:e6:b9:b5:56:67:e8:20:de:5a:fc:91:
         6b:ac:72:ef:ed:02:2c:d5:22:10:d2:e0:ba:bd:87:e5:80:d6:
         89:42:5a:00:49:e7:5c:2c:e7:a0:6e:97:2d:ad:d6:7a:f0:0c:
         96:33:b6:c1:9a:df:a4:93:7e:b4:1e:fb:25:b9:66:9b:b2:58:
         36:ca:c3:b2:03:e5:d5:f7:6b:f8:a6:65:66:a0:b5:16:57:c6:
         c2:c0:e9:cb:f0:16:0b:52:0c:ab:89:13:80:83:4f:36:6c:3f:
         a5:18:15:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY89hJVjSYV056AGfpRRKh6VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMmMxNWNmNzJmY2RiODU5NmI3YzY0ODliMTVhNmI3MjBj
MTRlYjUwHhcNMjQwNTAzMDgxNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWNiY2RkYjY1YTc4MmNjNmFjZjg5MDM1NzkxNDc3Y2ZmODIyYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WTlUJXQVu+WLFkPsV4QvFnPOktZ
xh+mHw2p4WYKnHQv437PZez4yS9P1ZKiUuAGrx2P22Zrv81Io8CHgMJrqTpKZp6x
RqiuC6hAAzcVHMHI6AZbYZMm0D7c60Of4o5/qhuFtWZaE4/vB/gyXD0qH7vNJdRS
RIO9lEyZXJE+PRfaI2U4UEeLhmV889XUXPc/i9YsVpBkIszLqrUL6mpwobU2PQ62
PZjkmJ/QLLkCFrIO5t1940x+UuR3Piyd18MkmYPhUPlEA2Awn4PhcVgwsjYbC+cc
DU9W6OfKuBBU2S1yUz1fScdhkrgdaW7vuUCF60YjDMnGaOB/X9hs1QY6GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXLzdtlp4LMas+JA1eRR3z/gisaMB8GA1UdIwQY
MBaAFN8sFc9y/NuFlrfGSJsVprcgwU61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3l3VnozTDgyNFdXdDhaSW14V210eURCVHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85Y2ZlYTEtZDgyYS00NzU1LTgxMGUt
ZjE4NTNkMTBlNjEwLzEvTmN2TjIyV25nc3hxejRrRFY1RkhmUC1DS3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85Y2ZlYTEtZDgyYS00NzU1LTgxMGUtZjE4NTNkMTBlNjEw
LzEvM3l3VnozTDgyNFdXdDhaSW14V210eURCVHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue8ZMA0G
CSqGSIb3DQEBCwUAA4IBAQAqtiKgW1pTSiy6/wyx4rOnSOZ3j0MMR2rW4ci3jlNl
50KSAn4UlbfPWAniV7yHncAhEe4Sxaf/n6vqysHBwf7HV2lZJz7puTHImjB3FoNl
UWWcybjw5q/9lvRx/9frtY5R1WrREpaU4ylW/x6Xym29uSXjHj7IYrdfY6NWZluH
/GivO4b61iiGRmoQHpcLwpC5EiDi2r/j5rm1VmfoIN5a/JFrrHLv7QIs1SIQ0uC6
vYflgNaJQloASedcLOegbpctrdZ68AyWM7bBmt+kk360HvsluWabslg2ysOyA+XV
92v4pmVmoLUWV8bCwOnL8BYLUgyriROAg082bD+lGBWm
-----END CERTIFICATE-----