Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/NqDKNL-isTZ-wWyfDswPlCRiVT8.roa
File:                     NqDKNL-isTZ-wWyfDswPlCRiVT8.roa (raw, json)
Hash identifier:          AeyMzF0Rd7T964kWDaQ5vkoNyQF00AxrTLAxW4N9s7k=
Subject key identifier:   36:A0:CA:34:BF:A2:B1:36:7E:C1:6C:9F:0E:CC:0F:94:24:62:55:3F
Certificate issuer:       /CN=a52fc60d36e28bb8df145c84acab19cfa53b025a
Certificate serial:       018CCA2B98D18A63997C23076920B960CF42
Authority key identifier: A5:2F:C6:0D:36:E2:8B:B8:DF:14:5C:84:AC:AB:19:CF:A5:3B:02:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/NqDKNL-isTZ-wWyfDswPlCRiVT8.roa
Signing time:             Tue 02 Jan 2024 12:35:03 +0000
ROA not before:           Tue 02 Jan 2024 12:35:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1921
IP address blocks:        176.97.158.0/24 maxlen: 24
                          192.174.68.0/24 maxlen: 24
                          2001:67c:10b8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/pS_GDTbii7jfFFyErKsZz6U7Alo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/pS_GDTbii7jfFFyErKsZz6U7Alo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:03:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:98:d1:8a:63:99:7c:23:07:69:20:b9:60:cf:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a52fc60d36e28bb8df145c84acab19cfa53b025a
        Validity
            Not Before: Jan  2 12:35:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36a0ca34bfa2b1367ec16c9f0ecc0f942462553f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:de:dd:2a:b9:b0:85:8f:a2:27:5e:ff:40:36:
                    62:0a:c4:ce:cf:8b:c4:86:3e:78:98:74:c8:f9:d6:
                    4b:cd:c0:9e:63:9e:3f:bf:38:57:72:0d:40:af:7a:
                    70:cc:ac:2a:9d:36:3f:17:e1:3e:28:1d:a6:50:dc:
                    cb:fc:13:de:9c:53:7a:62:6a:45:83:b4:ef:93:77:
                    26:9c:c4:48:97:40:7f:f0:4c:ca:90:a0:06:1b:a3:
                    66:bb:41:5f:ae:c8:f1:13:54:64:4a:08:c3:c6:67:
                    08:ac:24:a6:da:cf:3a:96:35:99:ad:8d:2f:64:62:
                    36:53:9f:e6:c5:d4:ff:a8:a8:3a:84:b8:59:6d:59:
                    20:96:49:53:7a:28:d5:6e:19:6a:5e:35:0c:e5:67:
                    66:bb:7e:b6:59:4e:4a:7f:d8:60:c4:08:1a:1c:2b:
                    88:e1:e4:da:8c:22:20:52:a5:0c:a3:1c:d7:e1:9a:
                    59:d5:45:eb:98:61:f7:21:e2:e0:e5:2c:3f:a6:cd:
                    92:16:86:7e:59:ca:28:3f:62:44:a5:f6:37:2c:3d:
                    d4:42:58:f1:67:4d:f7:9a:22:f8:c2:8d:5e:a6:e4:
                    1d:b8:2c:c8:4c:8a:cf:a0:f3:21:09:c9:db:bd:77:
                    d3:46:54:11:f7:dd:04:42:4e:81:13:07:b4:c4:d1:
                    f2:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A0:CA:34:BF:A2:B1:36:7E:C1:6C:9F:0E:CC:0F:94:24:62:55:3F
            X509v3 Authority Key Identifier:
                keyid:A5:2F:C6:0D:36:E2:8B:B8:DF:14:5C:84:AC:AB:19:CF:A5:3B:02:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/NqDKNL-isTZ-wWyfDswPlCRiVT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/pS_GDTbii7jfFFyErKsZz6U7Alo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.97.158.0/24
                  192.174.68.0/24
                IPv6:
                  2001:67c:10b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:3c:f8:1e:19:13:32:28:e2:de:eb:87:8d:0c:89:d3:4b:6f:
         42:e3:36:22:e1:7e:bc:47:ae:9a:ef:14:86:ce:2e:58:de:e2:
         c2:21:05:cf:5a:3b:97:a8:63:42:48:ec:a3:d8:2f:52:bd:df:
         9c:e6:57:e1:4e:e3:24:f5:b6:e5:5c:db:b6:48:aa:9a:84:85:
         1e:e6:37:d5:58:68:da:6c:60:e0:26:eb:d0:4b:74:a0:82:b9:
         0f:85:ea:30:24:a9:24:0a:18:fd:34:29:19:25:e9:68:47:d9:
         c2:b7:d9:ee:24:da:cc:da:3d:41:ae:df:18:9f:55:fc:df:fb:
         ce:4a:7c:d5:16:2d:fc:eb:73:57:25:96:4e:94:59:c6:f4:73:
         cc:7f:c6:11:d0:6a:65:12:02:1b:13:0b:ba:a3:93:65:67:fe:
         0d:73:20:cf:14:f4:9c:5d:89:ad:a4:39:86:95:68:ba:63:8e:
         ba:5c:35:cb:bf:5c:ad:9c:c7:b0:9b:68:f2:49:f2:e2:37:b0:
         6f:6c:a3:19:5f:5d:01:12:0e:ee:89:c4:ce:d1:65:59:13:89:
         b9:00:cf:88:d3:38:b4:ad:47:cd:e7:9e:ef:ed:0a:32:95:cd:
         b6:d0:73:a6:4b:be:07:42:cc:3e:be:98:6b:86:17:93:b4:da:
         b7:09:a0:53
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzKK5jRimOZfCMHaSC5YM9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MmZjNjBkMzZlMjhiYjhkZjE0NWM4NGFjYWIxOWNmYTUz
YjAyNWEwHhcNMjQwMTAyMTIzNTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmEwY2EzNGJmYTJiMTM2N2VjMTZjOWYwZWNjMGY5NDI0NjI1NTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjt7dKrmwhY+iJ17/QDZiCsTOz4vE
hj54mHTI+dZLzcCeY54/vzhXcg1Ar3pwzKwqnTY/F+E+KB2mUNzL/BPenFN6YmpF
g7Tvk3cmnMRIl0B/8EzKkKAGG6Nmu0FfrsjxE1RkSgjDxmcIrCSm2s86ljWZrY0v
ZGI2U5/mxdT/qKg6hLhZbVkglklTeijVbhlqXjUM5Wdmu362WU5Kf9hgxAgaHCuI
4eTajCIgUqUMoxzX4ZpZ1UXrmGH3IeLg5Sw/ps2SFoZ+WcooP2JEpfY3LD3UQljx
Z033miL4wo1epuQduCzITIrPoPMhCcnbvXfTRlQR990EQk6BEwe0xNHyRQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDagyjS/orE2fsFsnw7MD5QkYlU/MB8GA1UdIwQY
MBaAFKUvxg024ou43xRchKyrGc+lOwJaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFNfR0RUYmlpN2pmRkZ5RXJLc1p6NlU3QWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9mMGI5NjAtODZkOC00MDYyLWE1OTct
OWI0YTJkNWYzYTc2LzEvTnFES05MLWlzVFotd1d5ZkRzd1BsQ1JpVlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9mMGI5NjAtODZkOC00MDYyLWE1OTctOWI0YTJkNWYzYTc2
LzEvcFNfR0RUYmlpN2pmRkZ5RXJLc1p6NlU3QWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAsGGeAwQA
wK5EMA8EAgACMAkDBwAgAQZ8ELgwDQYJKoZIhvcNAQELBQADggEBADQ8+B4ZEzIo
4t7rh40MidNLb0LjNiLhfrxHrprvFIbOLlje4sIhBc9aO5eoY0JI7KPYL1K935zm
V+FO4yT1tuVc27ZIqpqEhR7mN9VYaNpsYOAm69BLdKCCuQ+F6jAkqSQKGP00KRkl
6WhH2cK32e4k2szaPUGu3xifVfzf+85KfNUWLfzrc1cllk6UWcb0c8x/xhHQamUS
AhsTC7qjk2Vn/g1zIM8U9Jxdia2kOYaVaLpjjrpcNcu/XK2cx7CbaPJJ8uI3sG9s
oxlfXQESDu6JxM7RZVkTibkAz4jTOLStR83nnu/tCjKVzbbQc6ZLvgdCzD6+mGuG
F5O02rcJoFM=
-----END CERTIFICATE-----