Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/NGG8demI3XYzdE6C2xywDEL2YMQ.roa
File:                     NGG8demI3XYzdE6C2xywDEL2YMQ.roa (raw, json)
Hash identifier:          /SKBaketiA3WLCXtzSIRB5GsKkrQ43A7XdzlaD7U2Kk=
Subject key identifier:   34:61:BC:75:E9:88:DD:76:33:74:4E:82:DB:1C:B0:0C:42:F6:60:C4
Certificate issuer:       /CN=29f9670ee2a30eac8c0a39dc47ff7a8cd2473b00
Certificate serial:       018EF6A5D1B75D54D176987AED4BF275141E
Authority key identifier: 29:F9:67:0E:E2:A3:0E:AC:8C:0A:39:DC:47:FF:7A:8C:D2:47:3B:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/NGG8demI3XYzdE6C2xywDEL2YMQ.roa
Signing time:             Fri 19 Apr 2024 13:57:25 +0000
ROA not before:           Fri 19 Apr 2024 13:57:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        212.56.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f6:a5:d1:b7:5d:54:d1:76:98:7a:ed:4b:f2:75:14:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29f9670ee2a30eac8c0a39dc47ff7a8cd2473b00
        Validity
            Not Before: Apr 19 13:57:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3461bc75e988dd7633744e82db1cb00c42f660c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:db:6d:4f:fc:e5:b4:4b:21:7c:e3:2a:f8:2c:
                    31:a8:d6:77:64:b9:2b:50:07:b1:13:f6:06:af:e9:
                    e5:e0:9e:43:e3:cb:7f:ca:cf:d3:e1:9a:05:e1:e9:
                    8b:78:89:21:5f:71:79:75:c1:92:e2:25:a8:0f:64:
                    fa:4b:81:c9:92:b9:34:b1:23:0d:7d:45:bd:c4:94:
                    0c:33:15:33:27:d5:bf:59:a7:86:a0:7e:1d:84:c9:
                    12:95:b1:01:30:fd:43:e6:ab:ac:06:06:62:7b:9a:
                    40:10:f5:34:96:dc:c0:09:a6:95:83:73:1b:a9:91:
                    5b:f6:ff:ca:65:9e:1c:52:53:75:f7:20:b6:d6:0f:
                    af:2c:37:44:fd:ec:09:64:bd:0d:e6:20:da:3f:e9:
                    d0:bc:95:4d:ff:c1:f9:71:53:6d:e5:b5:ec:ba:ac:
                    2f:d0:2c:52:fb:aa:51:7a:97:66:6b:2e:27:dc:73:
                    dd:a3:19:4f:d4:5b:3a:66:2f:2a:50:16:1f:ab:84:
                    a0:d7:83:74:93:98:06:3e:5d:e2:0b:cc:8a:e9:f2:
                    2d:d2:9e:fe:fd:17:61:48:2a:69:a7:bd:3f:9f:66:
                    d4:89:f5:19:51:ce:20:3d:44:52:68:bb:94:d0:d0:
                    e4:8d:ea:7b:d4:78:c2:e3:04:f9:17:63:6e:67:73:
                    76:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:61:BC:75:E9:88:DD:76:33:74:4E:82:DB:1C:B0:0C:42:F6:60:C4
            X509v3 Authority Key Identifier:
                keyid:29:F9:67:0E:E2:A3:0E:AC:8C:0A:39:DC:47:FF:7A:8C:D2:47:3B:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KflnDuKjDqyMCjncR_96jNJHOwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/NGG8demI3XYzdE6C2xywDEL2YMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/2ff76d-f116-4430-8407-6e29efdfd4e3/1/KflnDuKjDqyMCjncR_96jNJHOwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.56.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:87:39:94:3a:64:86:1e:8c:28:c3:cb:68:73:ba:7a:1d:53:
         6f:4d:73:bd:d5:ed:16:b9:ac:d1:a2:2e:a4:c1:e7:d4:db:52:
         c2:05:a0:1c:3f:bd:78:b5:db:a9:13:b4:54:94:37:fd:a1:f0:
         fa:16:da:2a:0e:1b:66:4c:57:b1:22:ea:7d:04:47:8e:c7:c5:
         d4:f6:e3:07:5d:93:31:74:64:5a:a6:31:f3:25:c5:48:14:36:
         24:67:7c:4f:a9:7e:50:09:71:ee:da:54:f7:86:99:70:ef:2b:
         81:04:40:ab:e8:86:f8:d9:1a:06:96:0e:6d:2a:07:58:d4:3e:
         4c:95:c0:08:28:aa:77:1c:70:de:39:0d:69:0b:c3:f7:e5:98:
         5a:35:18:83:5e:95:28:87:d7:25:87:43:e9:36:52:c9:c1:1f:
         15:82:27:75:f8:b3:bf:d0:88:d2:ce:4c:88:e1:97:d4:69:36:
         88:82:2b:3b:d7:8f:67:eb:af:6c:04:c9:6a:43:94:0f:87:52:
         18:ac:0f:7e:64:83:4f:a0:ce:f8:95:d5:10:b0:06:64:27:ae:
         3d:82:c2:2f:a1:60:38:b3:6e:a2:66:ca:31:4f:4b:da:57:4c:
         99:2a:da:e5:0b:7a:06:2a:16:38:fe:3f:0a:f5:52:85:73:b9:
         2c:72:82:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY72pdG3XVTRdph67UvydRQeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Zjk2NzBlZTJhMzBlYWM4YzBhMzlkYzQ3ZmY3YThjZDI0
NzNiMDAwHhcNMjQwNDE5MTM1NzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDYxYmM3NWU5ODhkZDc2MzM3NDRlODJkYjFjYjAwYzQyZjY2MGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9ttT/zltEshfOMq+CwxqNZ3ZLkr
UAexE/YGr+nl4J5D48t/ys/T4ZoF4emLeIkhX3F5dcGS4iWoD2T6S4HJkrk0sSMN
fUW9xJQMMxUzJ9W/WaeGoH4dhMkSlbEBMP1D5qusBgZie5pAEPU0ltzACaaVg3Mb
qZFb9v/KZZ4cUlN19yC21g+vLDdE/ewJZL0N5iDaP+nQvJVN/8H5cVNt5bXsuqwv
0CxS+6pRepdmay4n3HPdoxlP1Fs6Zi8qUBYfq4Sg14N0k5gGPl3iC8yK6fIt0p7+
/RdhSCppp70/n2bUifUZUc4gPURSaLuU0NDkjep71HjC4wT5F2NuZ3N2sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRhvHXpiN12M3ROgtscsAxC9mDEMB8GA1UdIwQY
MBaAFCn5Zw7iow6sjAo53Ef/eozSRzsAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2ZsbkR1S2pEcXlNQ2puY1JfOTZqTkpIT3dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8yZmY3NmQtZjExNi00NDMwLTg0MDct
NmUyOWVmZGZkNGUzLzEvTkdHOGRlbUkzWFl6ZEU2QzJ4eXdERUwyWU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8yZmY3NmQtZjExNi00NDMwLTg0MDctNmUyOWVmZGZkNGUz
LzEvS2ZsbkR1S2pEcXlNQ2puY1JfOTZqTkpIT3dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Dg7MA0G
CSqGSIb3DQEBCwUAA4IBAQBWhzmUOmSGHowow8toc7p6HVNvTXO91e0WuazRoi6k
wefU21LCBaAcP714tdupE7RUlDf9ofD6FtoqDhtmTFexIup9BEeOx8XU9uMHXZMx
dGRapjHzJcVIFDYkZ3xPqX5QCXHu2lT3hplw7yuBBECr6Ib42RoGlg5tKgdY1D5M
lcAIKKp3HHDeOQ1pC8P35ZhaNRiDXpUoh9clh0PpNlLJwR8Vgid1+LO/0IjSzkyI
4ZfUaTaIgis7149n669sBMlqQ5QPh1IYrA9+ZINPoM74ldUQsAZkJ649gsIvoWA4
s26iZsoxT0vaV0yZKtrlC3oGKhY4/j8K9VKFc7kscoJO
-----END CERTIFICATE-----