Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/NcFH54U_2J6k3O8FG01A4l3YkX4.roa
File:                     NcFH54U_2J6k3O8FG01A4l3YkX4.roa (raw, json)
Hash identifier:          /kjUMIh5yITP6UOhs7cpgkxUJuo6AlmV12M3gHqX+6U=
Subject key identifier:   35:C1:47:E7:85:3F:D8:9E:A4:DC:EF:05:1B:4D:40:E2:5D:D8:91:7E
Certificate issuer:       /CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
Certificate serial:       0194228D8DC1211D62B1DC9AA75CD7BF409E
Authority key identifier: 64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/NcFH54U_2J6k3O8FG01A4l3YkX4.roa
Signing time:             Wed 01 Jan 2025 15:48:09 +0000
ROA not before:           Wed 01 Jan 2025 15:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45012
IP address blocks:        194.34.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:8d:c1:21:1d:62:b1:dc:9a:a7:5c:d7:bf:40:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=643e1ba91c569a8b21a6d2d67f5dbbd6c04e43ea
        Validity
            Not Before: Jan  1 15:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35c147e7853fd89ea4dcef051b4d40e25dd8917e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:25:15:4b:8d:0c:b3:fa:0e:bb:c8:61:2a:fa:
                    35:23:db:30:d3:f7:a6:55:fa:9f:a5:84:a5:b6:c6:
                    40:00:72:60:91:65:e9:58:22:c3:1f:20:8e:76:e2:
                    b4:2e:b6:1e:b2:37:d5:ec:59:ec:76:ee:53:39:65:
                    19:f4:20:cd:33:a6:27:82:03:53:41:87:8c:c3:0e:
                    d7:2f:d9:d8:88:d4:03:68:74:a6:48:80:58:46:7c:
                    9c:a1:24:71:29:8e:9e:b7:62:ea:64:b5:7d:a9:ed:
                    63:65:c6:f9:76:00:52:4a:5e:fd:4f:8a:4b:c3:74:
                    e3:f4:65:4d:1a:e5:61:07:14:79:03:11:ae:5d:61:
                    a4:f4:68:40:ed:8f:77:a7:fb:77:6f:f8:0e:18:4c:
                    c4:38:cb:b4:50:93:ab:13:2f:8d:cc:7a:92:e3:85:
                    0a:18:9f:c9:f2:c5:2e:51:ec:12:52:00:f6:82:ce:
                    da:db:ee:ca:f5:02:29:cd:69:0e:d8:fe:8a:c9:62:
                    dd:54:ac:3e:cb:15:b6:04:4f:9c:63:c5:7a:dc:2c:
                    1b:69:36:3c:e0:bc:9a:38:7c:75:c7:8c:0b:d7:e9:
                    0e:46:f5:11:fe:aa:78:86:06:33:2d:e5:ff:d8:e3:
                    7b:d1:3b:19:f7:f4:f9:e1:69:ce:df:de:0f:3a:ce:
                    7e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C1:47:E7:85:3F:D8:9E:A4:DC:EF:05:1B:4D:40:E2:5D:D8:91:7E
            X509v3 Authority Key Identifier:
                keyid:64:3E:1B:A9:1C:56:9A:8B:21:A6:D2:D6:7F:5D:BB:D6:C0:4E:43:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZD4bqRxWmoshptLWf1271sBOQ-o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/NcFH54U_2J6k3O8FG01A4l3YkX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/aca912-9e8d-4749-95e0-fea0aff359f5/1/ZD4bqRxWmoshptLWf1271sBOQ-o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:14:9b:99:93:ff:a7:ee:30:63:e5:05:08:26:fb:82:a8:b1:
         ed:d2:a0:6c:29:38:0a:70:4c:d2:fa:b9:9e:6a:cc:b5:74:71:
         5a:5f:9f:84:d7:b2:bf:1b:44:01:c8:87:99:38:09:79:de:c3:
         9b:c5:99:f3:10:c8:b4:e3:db:de:51:06:9b:3c:fc:6b:17:de:
         88:02:71:74:d4:84:14:fc:12:4d:ff:72:ae:68:86:c7:fe:be:
         cc:02:db:dd:bc:1e:e4:88:66:04:14:e2:0f:7e:a0:02:67:79:
         43:70:c7:c4:54:63:09:2a:82:88:5d:74:1d:c4:6e:1b:67:ee:
         15:ff:cb:a1:2d:95:ef:2e:10:d0:55:60:0d:9f:52:73:aa:1c:
         c8:ae:0b:1a:f3:21:89:0d:36:3b:20:fc:a7:62:0d:01:48:03:
         51:08:d3:fa:98:94:18:95:26:20:55:eb:14:17:06:24:88:65:
         bc:4d:3c:32:10:04:e3:7f:da:6a:89:a3:80:75:d0:80:98:fc:
         42:e9:ae:d5:e9:70:55:4d:04:92:05:ad:30:9f:90:ec:fb:c6:
         ed:5f:39:0b:0d:da:4b:3c:e6:94:b3:8e:29:df:5d:0a:b0:71:
         fb:f7:37:0b:6c:52:a1:c6:02:cb:9f:dd:ab:de:23:12:4e:fb:
         70:18:ea:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijY3BIR1isdyap1zXv0CeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0M2UxYmE5MWM1NjlhOGIyMWE2ZDJkNjdmNWRiYmQ2YzA0
ZTQzZWEwHhcNMjUwMTAxMTU0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWMxNDdlNzg1M2ZkODllYTRkY2VmMDUxYjRkNDBlMjVkZDg5MTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9SUVS40Ms/oOu8hhKvo1I9sw0/em
VfqfpYSltsZAAHJgkWXpWCLDHyCOduK0LrYesjfV7Fnsdu5TOWUZ9CDNM6YnggNT
QYeMww7XL9nYiNQDaHSmSIBYRnycoSRxKY6et2LqZLV9qe1jZcb5dgBSSl79T4pL
w3Tj9GVNGuVhBxR5AxGuXWGk9GhA7Y93p/t3b/gOGEzEOMu0UJOrEy+NzHqS44UK
GJ/J8sUuUewSUgD2gs7a2+7K9QIpzWkO2P6KyWLdVKw+yxW2BE+cY8V63CwbaTY8
4LyaOHx1x4wL1+kORvUR/qp4hgYzLeX/2ON70TsZ9/T54WnO394POs5+zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXBR+eFP9iepNzvBRtNQOJd2JF+MB8GA1UdIwQY
MBaAFGQ+G6kcVpqLIabS1n9du9bATkPqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAt
ZmVhMGFmZjM1OWY1LzEvTmNGSDU0VV8ySjZrM084RkcwMUE0bDNZa1g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9hY2E5MTItOWU4ZC00NzQ5LTk1ZTAtZmVhMGFmZjM1OWY1
LzEvWkQ0YnFSeFdtb3NocHRMV2YxMjcxc0JPUS1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiLhMA0G
CSqGSIb3DQEBCwUAA4IBAQAWFJuZk/+n7jBj5QUIJvuCqLHt0qBsKTgKcEzS+rme
asy1dHFaX5+E17K/G0QByIeZOAl53sObxZnzEMi049veUQabPPxrF96IAnF01IQU
/BJN/3KuaIbH/r7MAtvdvB7kiGYEFOIPfqACZ3lDcMfEVGMJKoKIXXQdxG4bZ+4V
/8uhLZXvLhDQVWANn1JzqhzIrgsa8yGJDTY7IPynYg0BSANRCNP6mJQYlSYgVesU
FwYkiGW8TTwyEATjf9pqiaOAddCAmPxC6a7V6XBVTQSSBa0wn5Ds+8btXzkLDdpL
POaUs44p310KsHH79zcLbFKhxgLLn92r3iMSTvtwGOp3
-----END CERTIFICATE-----