Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/Noz5wr3epbu05Vd2T5en_KUnUJo.roa
File:                     Noz5wr3epbu05Vd2T5en_KUnUJo.roa (raw, json)
Hash identifier:          n8bHjw8LWs5a7wONCE3PSq7l7lZkIRnYqzaLOdDwG+A=
Subject key identifier:   36:8C:F9:C2:BD:DE:A5:BB:B4:E5:57:76:4F:97:A7:FC:A5:27:50:9A
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       019002066F289BFC5CDBD8A8E58BC2352759
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/Noz5wr3epbu05Vd2T5en_KUnUJo.roa
Signing time:             Mon 10 Jun 2024 12:01:34 +0000
ROA not before:           Mon 10 Jun 2024 12:01:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     269070
IP address blocks:        185.14.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:02:06:6f:28:9b:fc:5c:db:d8:a8:e5:8b:c2:35:27:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Jun 10 12:01:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=368cf9c2bddea5bbb4e557764f97a7fca527509a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:b4:3b:36:49:d4:65:f1:2b:24:82:25:fd:28:
                    f7:20:7b:b7:fb:43:a3:59:98:6c:69:ff:d6:ab:14:
                    62:b4:42:e7:1f:2a:39:9d:a6:79:61:82:a5:8c:b0:
                    de:e9:57:f7:36:d5:98:71:21:ae:63:e5:a9:11:93:
                    fc:10:ec:ff:6e:ab:4b:75:99:78:a4:9d:b8:1c:b8:
                    b8:7e:b0:91:c7:f5:0f:05:0c:b2:c3:68:6f:90:1f:
                    b3:79:30:70:3a:d0:4f:fc:dc:bc:94:7c:1e:8a:5d:
                    55:12:95:85:69:ea:52:b3:42:2b:2d:ef:19:70:c7:
                    f3:4e:03:f1:33:ff:21:7d:fb:e3:9d:97:6f:93:ae:
                    d7:90:35:54:53:5e:6c:f2:91:b0:e8:9f:cc:3a:a3:
                    94:8c:f8:da:6e:07:c9:89:8e:8d:99:e7:b9:5a:c1:
                    03:61:78:b8:6d:1c:ba:25:07:49:6d:29:44:dd:28:
                    c7:84:d2:cb:8c:2f:ea:7f:dc:04:e1:ec:b6:6b:70:
                    6d:4f:e0:c5:68:02:04:eb:c8:bb:5e:05:54:e2:19:
                    41:61:67:10:6f:dd:e5:bc:c0:f5:00:fd:f0:1c:13:
                    bf:2c:4c:ed:cf:18:fa:dd:c0:e0:f6:2e:93:d6:7a:
                    13:18:2f:21:10:be:f5:ac:df:58:49:fd:d7:e8:8a:
                    62:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:8C:F9:C2:BD:DE:A5:BB:B4:E5:57:76:4F:97:A7:FC:A5:27:50:9A
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/Noz5wr3epbu05Vd2T5en_KUnUJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:67:0a:83:3c:df:ec:0c:50:67:ce:ce:57:be:df:80:36:51:
         49:c9:7d:73:ed:68:ec:e6:98:b2:ad:ab:b2:92:8b:eb:48:0b:
         4d:43:23:d9:48:31:2b:5f:a0:79:43:60:19:a3:84:e9:15:70:
         a6:eb:3e:97:d4:2b:62:ca:e0:e3:7b:f9:ea:03:1f:55:0e:b5:
         ac:f3:c6:ab:b6:03:86:2e:ca:07:00:65:d3:68:0a:22:a3:87:
         f5:4d:31:4a:bf:3a:cc:f5:0f:1a:73:29:e2:4d:e8:a5:45:89:
         ee:fb:a4:ee:71:29:f0:12:e9:2d:ab:d6:45:58:7f:25:56:a6:
         10:cd:b6:3f:eb:9f:bf:a1:a4:2e:70:f9:53:84:5b:5e:3e:48:
         33:89:19:71:ca:92:90:94:0a:c3:7b:0f:56:da:97:d7:65:68:
         1a:79:b6:19:52:e2:4a:37:46:86:63:ed:de:7b:66:4d:72:ca:
         f2:71:13:8d:2f:f6:30:af:23:3c:f7:ae:c2:5f:aa:50:1f:4c:
         d7:c2:9b:90:3b:f8:a6:74:27:20:75:da:0c:a4:52:a4:dc:66:
         69:bd:ce:d0:9a:a4:b7:6c:a0:6c:cf:c4:21:64:d5:a9:b5:21:
         7a:54:e5:81:74:6e:bc:44:61:21:de:cf:32:56:8a:e8:42:97:
         c3:d6:7f:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZACBm8om/xc29io5YvCNSdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjQwNjEwMTIwMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjhjZjljMmJkZGVhNWJiYjRlNTU3NzY0Zjk3YTdmY2E1Mjc1MDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA87Q7NknUZfErJIIl/Sj3IHu3+0Oj
WZhsaf/WqxRitELnHyo5naZ5YYKljLDe6Vf3NtWYcSGuY+WpEZP8EOz/bqtLdZl4
pJ24HLi4frCRx/UPBQyyw2hvkB+zeTBwOtBP/Ny8lHweil1VEpWFaepSs0IrLe8Z
cMfzTgPxM/8hffvjnZdvk67XkDVUU15s8pGw6J/MOqOUjPjabgfJiY6Nmee5WsED
YXi4bRy6JQdJbSlE3SjHhNLLjC/qf9wE4ey2a3BtT+DFaAIE68i7XgVU4hlBYWcQ
b93lvMD1AP3wHBO/LEztzxj63cDg9i6T1noTGC8hEL71rN9YSf3X6IpigwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaM+cK93qW7tOVXdk+Xp/ylJ1CaMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvTm96NXdyM2VwYnUwNVZkMlQ1ZW5fS1VuVUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7uMA0G
CSqGSIb3DQEBCwUAA4IBAQA/ZwqDPN/sDFBnzs5Xvt+ANlFJyX1z7Wjs5piyrauy
kovrSAtNQyPZSDErX6B5Q2AZo4TpFXCm6z6X1CtiyuDje/nqAx9VDrWs88artgOG
LsoHAGXTaAoio4f1TTFKvzrM9Q8acyniTeilRYnu+6TucSnwEuktq9ZFWH8lVqYQ
zbY/65+/oaQucPlThFtePkgziRlxypKQlArDew9W2pfXZWgaebYZUuJKN0aGY+3e
e2ZNcsrycRONL/YwryM8967CX6pQH0zXwpuQO/imdCcgddoMpFKk3GZpvc7QmqS3
bKBsz8QhZNWptSF6VOWBdG68RGEh3s8yVoroQpfD1n8x
-----END CERTIFICATE-----