Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/Ncg0barPN98eKH5wZnCC5v2vuDI.roa
File:                     Ncg0barPN98eKH5wZnCC5v2vuDI.roa (raw, json)
Hash identifier:          FjHXVC11s57mwFd3Gxo8Ba52vzo2Q/QHXkW4y2+LSko=
Subject key identifier:   35:C8:34:6D:AA:CF:37:DF:1E:28:7E:70:66:70:82:E6:FD:AF:B8:32
Certificate issuer:       /CN=1cbd5746e300091ded1a11a13b16807b4fd0f1fc
Certificate serial:       018DA7ECFA1306F1F34AA131413BEB27AD54
Authority key identifier: 1C:BD:57:46:E3:00:09:1D:ED:1A:11:A1:3B:16:80:7B:4F:D0:F1:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HL1XRuMACR3tGhGhOxaAe0_Q8fw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/Ncg0barPN98eKH5wZnCC5v2vuDI.roa
Signing time:             Wed 14 Feb 2024 14:02:21 +0000
ROA not before:           Wed 14 Feb 2024 14:02:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200132
IP address blocks:        195.95.177.0/24 maxlen: 24
                          2001:67c:dec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/HL1XRuMACR3tGhGhOxaAe0_Q8fw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/HL1XRuMACR3tGhGhOxaAe0_Q8fw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HL1XRuMACR3tGhGhOxaAe0_Q8fw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:ec:fa:13:06:f1:f3:4a:a1:31:41:3b:eb:27:ad:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cbd5746e300091ded1a11a13b16807b4fd0f1fc
        Validity
            Not Before: Feb 14 14:02:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35c8346daacf37df1e287e70667082e6fdafb832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:07:6d:e6:9f:57:44:5c:b1:3f:79:1e:06:89:
                    2e:1b:60:d8:75:29:8c:6e:cc:f4:a5:af:e0:a0:97:
                    b3:ac:60:5e:73:08:5b:7d:a7:e0:90:d5:8d:3c:d6:
                    e3:75:11:a2:0e:b5:af:6a:22:ac:a7:6e:8f:31:9c:
                    5e:f7:ad:94:f6:c5:14:8f:e9:b4:a4:d5:bc:18:1e:
                    0e:43:ba:b9:f4:04:07:bb:59:b0:e0:3e:2d:f1:2d:
                    81:83:42:53:fd:ab:47:e8:f2:b7:4f:e7:b5:f1:c6:
                    d3:97:6b:d1:cf:76:70:d7:c0:d0:f8:42:ca:f3:ec:
                    99:7f:5f:24:42:7c:47:4a:a6:88:bf:e6:07:e2:f3:
                    3e:b6:c9:10:ae:92:99:b9:4d:96:81:5d:68:c1:ee:
                    42:14:7d:69:71:88:c7:8e:16:48:30:86:8b:e9:76:
                    d9:9d:30:24:20:fb:58:9a:4a:83:b9:c4:1f:83:2b:
                    ad:2a:0d:b6:c7:d5:76:a0:60:56:a2:27:5d:41:d3:
                    42:0c:79:bb:24:8e:ed:84:1c:b3:ac:38:e8:eb:fc:
                    c5:3c:79:c2:56:4a:b6:9f:b3:ef:86:63:61:1b:52:
                    e6:c9:c2:aa:d2:7d:ac:a3:f9:b7:6a:76:45:8f:c9:
                    55:be:3b:e2:d9:f1:55:86:c2:1e:c5:3b:f7:d1:22:
                    e4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C8:34:6D:AA:CF:37:DF:1E:28:7E:70:66:70:82:E6:FD:AF:B8:32
            X509v3 Authority Key Identifier:
                keyid:1C:BD:57:46:E3:00:09:1D:ED:1A:11:A1:3B:16:80:7B:4F:D0:F1:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HL1XRuMACR3tGhGhOxaAe0_Q8fw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/Ncg0barPN98eKH5wZnCC5v2vuDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e3086c-d72f-41ea-9444-bdea63e5a7c4/1/HL1XRuMACR3tGhGhOxaAe0_Q8fw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.95.177.0/24
                IPv6:
                  2001:67c:dec::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:55:be:58:53:40:e3:80:4b:45:e1:77:e0:bf:32:3d:5f:9d:
         09:3b:4f:ae:09:f4:64:89:e4:29:7d:f1:b0:79:05:be:76:b5:
         38:58:da:69:d5:e3:55:21:cb:de:05:30:b5:c1:47:30:d3:c9:
         66:1f:82:13:ec:24:4b:12:4a:54:07:e6:ca:8b:b6:d0:73:64:
         d0:08:ea:e9:a7:aa:ad:93:3f:a5:b7:df:9d:fd:72:82:61:44:
         02:c7:b8:10:8a:d6:21:b2:ca:d9:36:8e:57:29:4f:91:f9:00:
         ec:05:e5:14:11:6b:de:10:d4:36:3a:a8:95:d7:9f:11:56:de:
         08:67:52:ec:23:86:58:62:dd:db:ae:35:6e:2e:21:55:b2:c8:
         de:74:a2:fa:dd:72:c2:3d:93:0d:00:e2:dc:5c:bc:b3:e4:7e:
         c2:eb:fe:0e:16:96:1c:bb:39:6b:83:ea:fe:65:fd:74:29:9d:
         a2:20:c4:85:ea:f3:f5:44:3b:15:ab:22:e7:e4:0d:b3:f0:40:
         ae:86:d8:72:c7:6b:a8:6e:07:39:da:0c:20:5d:01:3b:82:96:
         71:c2:ef:be:dc:c2:47:1c:9d:56:66:42:e5:fb:8b:b5:df:3b:
         70:5c:7d:1b:de:b3:7d:38:16:b8:66:f5:89:f3:5b:4f:89:56:
         aa:2d:8a:9a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY2n7PoTBvHzSqExQTvrJ61UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYmQ1NzQ2ZTMwMDA5MWRlZDFhMTFhMTNiMTY4MDdiNGZk
MGYxZmMwHhcNMjQwMjE0MTQwMjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWM4MzQ2ZGFhY2YzN2RmMWUyODdlNzA2NjcwODJlNmZkYWZiODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQdt5p9XRFyxP3keBokuG2DYdSmM
bsz0pa/goJezrGBecwhbfafgkNWNPNbjdRGiDrWvaiKsp26PMZxe962U9sUUj+m0
pNW8GB4OQ7q59AQHu1mw4D4t8S2Bg0JT/atH6PK3T+e18cbTl2vRz3Zw18DQ+ELK
8+yZf18kQnxHSqaIv+YH4vM+tskQrpKZuU2WgV1owe5CFH1pcYjHjhZIMIaL6XbZ
nTAkIPtYmkqDucQfgyutKg22x9V2oGBWoiddQdNCDHm7JI7thByzrDjo6/zFPHnC
Vkq2n7PvhmNhG1LmycKq0n2so/m3anZFj8lVvjvi2fFVhsIexTv30SLkowIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDXING2qzzffHih+cGZwgub9r7gyMB8GA1UdIwQY
MBaAFBy9V0bjAAkd7RoRoTsWgHtP0PH8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEwxWFJ1TUFDUjN0R2hHaE94YUFlMF9ROGZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lMzA4NmMtZDcyZi00MWVhLTk0NDQt
YmRlYTYzZTVhN2M0LzEvTmNnMGJhclBOOThlS0g1d1puQ0M1djJ2dURJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lMzA4NmMtZDcyZi00MWVhLTk0NDQtYmRlYTYzZTVhN2M0
LzEvSEwxWFJ1TUFDUjN0R2hHaE94YUFlMF9ROGZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAw1+xMA8E
AgACMAkDBwAgAQZ8DewwDQYJKoZIhvcNAQELBQADggEBAJ1VvlhTQOOAS0Xhd+C/
Mj1fnQk7T64J9GSJ5Cl98bB5Bb52tThY2mnV41Uhy94FMLXBRzDTyWYfghPsJEsS
SlQH5sqLttBzZNAI6umnqq2TP6W33539coJhRALHuBCK1iGyytk2jlcpT5H5AOwF
5RQRa94Q1DY6qJXXnxFW3ghnUuwjhlhi3duuNW4uIVWyyN50ovrdcsI9kw0A4txc
vLPkfsLr/g4Wlhy7OWuD6v5l/XQpnaIgxIXq8/VEOxWrIufkDbPwQK6G2HLHa6hu
BznaDCBdATuClnHC777cwkccnVZmQuX7i7XfO3BcfRves304Frhm9YnzW0+JVqot
ipo=
-----END CERTIFICATE-----