Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/NaG2UyiZsKZmP-03cna1ovVqzPw.roa
File:                     NaG2UyiZsKZmP-03cna1ovVqzPw.roa (raw, json)
Hash identifier:          ZMhmNZyGF2A1qnQpr8u+VkjQjlfJcWwfyYEXX139E1E=
Subject key identifier:   35:A1:B6:53:28:99:B0:A6:66:3F:ED:37:72:76:B5:A2:F5:6A:CC:FC
Certificate issuer:       /CN=b278ed8f9780f29dafa22f9fdf03374da4980e94
Certificate serial:       018CC8DF01A507A7D612D24B574177D16D55
Authority key identifier: B2:78:ED:8F:97:80:F2:9D:AF:A2:2F:9F:DF:03:37:4D:A4:98:0E:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snjtj5eA8p2voi-f3wM3TaSYDpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/NaG2UyiZsKZmP-03cna1ovVqzPw.roa
Signing time:             Tue 02 Jan 2024 06:31:47 +0000
ROA not before:           Tue 02 Jan 2024 06:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59852
IP address blocks:        185.253.10.0/24 maxlen: 24
                          2a10:b4c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/snjtj5eA8p2voi-f3wM3TaSYDpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/snjtj5eA8p2voi-f3wM3TaSYDpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snjtj5eA8p2voi-f3wM3TaSYDpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 18:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:01:a5:07:a7:d6:12:d2:4b:57:41:77:d1:6d:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b278ed8f9780f29dafa22f9fdf03374da4980e94
        Validity
            Not Before: Jan  2 06:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35a1b6532899b0a6663fed377276b5a2f56accfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4e:05:49:52:8b:27:55:8a:43:21:ce:09:08:
                    82:7f:b3:c0:ac:cc:1b:75:42:17:5f:2c:61:56:ab:
                    6a:6c:79:87:df:c7:b2:fd:16:78:45:7d:54:b7:6c:
                    b2:1a:e3:69:43:f9:62:fa:1f:45:88:14:e5:97:85:
                    a6:15:64:96:58:cb:47:13:57:5e:9e:a5:3d:0f:b2:
                    5f:bb:e2:f0:d8:5d:ae:d0:5b:f8:62:6c:19:1d:73:
                    40:a6:a0:ce:3d:72:79:26:16:76:29:f7:15:ff:17:
                    1c:eb:6b:85:7e:cd:85:8a:47:95:e1:47:09:44:2c:
                    4a:9d:e5:e0:df:3c:45:f0:30:48:c9:80:f1:c9:56:
                    5f:9b:4f:c1:45:5f:db:b7:78:8f:ac:ce:e4:dc:3b:
                    fb:d4:6b:20:66:a1:65:41:0a:8d:b5:ec:30:83:30:
                    cd:4a:54:6a:5e:71:3e:df:b1:d5:36:fd:d2:25:aa:
                    90:cb:a7:4b:c7:b0:63:bd:15:cb:11:18:5f:90:78:
                    e5:b0:ba:5b:02:75:45:7e:c7:a0:e2:b5:97:89:fd:
                    8c:d9:dd:8a:c3:9e:41:0a:ff:a7:10:e1:94:5c:3c:
                    db:4a:db:24:de:25:0a:6d:ae:76:39:af:9b:3e:8a:
                    62:ea:1e:eb:03:93:21:35:48:69:8f:25:aa:a6:e8:
                    a6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A1:B6:53:28:99:B0:A6:66:3F:ED:37:72:76:B5:A2:F5:6A:CC:FC
            X509v3 Authority Key Identifier:
                keyid:B2:78:ED:8F:97:80:F2:9D:AF:A2:2F:9F:DF:03:37:4D:A4:98:0E:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snjtj5eA8p2voi-f3wM3TaSYDpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/NaG2UyiZsKZmP-03cna1ovVqzPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/1e2316-1b5b-4ba5-937d-02864c58519c/1/snjtj5eA8p2voi-f3wM3TaSYDpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.10.0/24
                IPv6:
                  2a10:b4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:15:aa:5a:5c:4a:42:b6:e6:be:bd:fd:cd:a6:2d:df:09:29:
         76:7f:40:9d:fc:53:ec:9d:59:5d:aa:9b:da:66:ee:1f:a2:c9:
         b4:28:78:c5:c0:59:d2:b8:fc:58:c7:24:08:b9:9a:14:87:ec:
         80:43:4c:90:e1:29:62:92:2d:5c:0f:41:e8:54:ab:63:18:1b:
         cc:39:5e:f7:b7:88:12:b2:1f:39:ca:4d:51:00:4d:07:53:91:
         e4:23:01:74:15:e9:1a:91:1d:29:ed:54:f0:d9:2f:c1:67:87:
         64:e6:cc:fb:92:d1:3c:bc:f0:7c:ae:3c:44:04:f8:59:47:7e:
         34:8a:ab:c9:74:bb:60:0d:93:51:fc:01:e5:c1:81:f5:5a:41:
         df:61:fb:20:ae:aa:c1:dd:9c:13:fc:5b:67:e2:39:f4:92:01:
         26:20:09:fe:e6:c7:17:7c:49:9d:6c:84:bf:d4:1c:4e:63:42:
         f1:e8:37:31:78:5f:4d:d6:65:c3:f6:02:2f:5b:c5:16:b8:a1:
         84:e3:f8:d7:f3:9e:10:85:3b:df:3f:91:bf:25:ec:9a:bc:9f:
         54:10:e7:1d:05:06:a5:aa:4a:a5:0c:9e:b2:aa:b0:06:c0:bb:
         89:f0:52:28:bf:0e:08:a5:c8:63:70:65:59:57:54:24:0a:fb:
         54:19:3d:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI3wGlB6fWEtJLV0F30W1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzhlZDhmOTc4MGYyOWRhZmEyMmY5ZmRmMDMzNzRkYTQ5
ODBlOTQwHhcNMjQwMTAyMDYzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWExYjY1MzI4OTliMGE2NjYzZmVkMzc3Mjc2YjVhMmY1NmFjY2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApk4FSVKLJ1WKQyHOCQiCf7PArMwb
dUIXXyxhVqtqbHmH38ey/RZ4RX1Ut2yyGuNpQ/li+h9FiBTll4WmFWSWWMtHE1de
nqU9D7Jfu+Lw2F2u0Fv4YmwZHXNApqDOPXJ5JhZ2KfcV/xcc62uFfs2FikeV4UcJ
RCxKneXg3zxF8DBIyYDxyVZfm0/BRV/bt3iPrM7k3Dv71GsgZqFlQQqNtewwgzDN
SlRqXnE+37HVNv3SJaqQy6dLx7BjvRXLERhfkHjlsLpbAnVFfseg4rWXif2M2d2K
w55BCv+nEOGUXDzbStsk3iUKba52Oa+bPopi6h7rA5MhNUhpjyWqpuimXwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDWhtlMombCmZj/tN3J2taL1asz8MB8GA1UdIwQY
MBaAFLJ47Y+XgPKdr6Ivn98DN02kmA6UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25qdGo1ZUE4cDJ2b2ktZjN3TTNUYVNZRHBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8xZTIzMTYtMWI1Yi00YmE1LTkzN2Qt
MDI4NjRjNTg1MTljLzEvTmFHMlV5aVpzS1ptUC0wM2NuYTFvdlZxelB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8xZTIzMTYtMWI1Yi00YmE1LTkzN2QtMDI4NjRjNTg1MTlj
LzEvc25qdGo1ZUE4cDJ2b2ktZjN3TTNUYVNZRHBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf0KMA0E
AgACMAcDBQMqELTAMA0GCSqGSIb3DQEBCwUAA4IBAQA8FapaXEpCtua+vf3Npi3f
CSl2f0Cd/FPsnVldqpvaZu4fosm0KHjFwFnSuPxYxyQIuZoUh+yAQ0yQ4Sliki1c
D0HoVKtjGBvMOV73t4gSsh85yk1RAE0HU5HkIwF0FekakR0p7VTw2S/BZ4dk5sz7
ktE8vPB8rjxEBPhZR340iqvJdLtgDZNR/AHlwYH1WkHfYfsgrqrB3ZwT/Ftn4jn0
kgEmIAn+5scXfEmdbIS/1BxOY0Lx6DcxeF9N1mXD9gIvW8UWuKGE4/jX854QhTvf
P5G/JeyavJ9UEOcdBQalqkqlDJ6yqrAGwLuJ8FIovw4IpchjcGVZV1QkCvtUGT2j
-----END CERTIFICATE-----