Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/3f0083-59d7-433a-905a-47b1bdf8d530/1/NgR37ANmrNNE3A5AMvaae_t1K50.roa
File:                     NgR37ANmrNNE3A5AMvaae_t1K50.roa (raw, json)
Hash identifier:          kc+REan9AHLTX7fNR4EhWFNE8aSR1vqbijjkQz1B1vw=
Subject key identifier:   36:04:77:EC:03:66:AC:D3:44:DC:0E:40:32:F6:9A:7B:FB:75:2B:9D
Certificate issuer:       /CN=b13971bfea78d6aa5b49ed5ac35c77b6a30a0894
Certificate serial:       018CC86F389123FAE46FD47F07EF1C5066BA
Authority key identifier: B1:39:71:BF:EA:78:D6:AA:5B:49:ED:5A:C3:5C:77:B6:A3:0A:08:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sTlxv-p41qpbSe1aw1x3tqMKCJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/3f0083-59d7-433a-905a-47b1bdf8d530/1/NgR37ANmrNNE3A5AMvaae_t1K50.roa
Signing time:             Tue 02 Jan 2024 04:29:41 +0000
ROA not before:           Tue 02 Jan 2024 04:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43702
IP address blocks:        194.165.15.0/24 maxlen: 24
                          194.165.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/3f0083-59d7-433a-905a-47b1bdf8d530/1/sTlxv-p41qpbSe1aw1x3tqMKCJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/3f0083-59d7-433a-905a-47b1bdf8d530/1/sTlxv-p41qpbSe1aw1x3tqMKCJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sTlxv-p41qpbSe1aw1x3tqMKCJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:38:91:23:fa:e4:6f:d4:7f:07:ef:1c:50:66:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b13971bfea78d6aa5b49ed5ac35c77b6a30a0894
        Validity
            Not Before: Jan  2 04:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=360477ec0366acd344dc0e4032f69a7bfb752b9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:93:fe:df:c3:34:19:51:dd:f1:85:2b:0b:41:
                    21:09:1b:7e:35:5e:cf:74:64:0c:82:36:ff:f4:b3:
                    cc:b8:a0:56:37:dc:95:de:16:74:a3:45:f6:03:7f:
                    e1:3f:f9:b3:b0:9b:79:01:13:48:54:c9:f4:b6:71:
                    6a:0c:d1:21:c2:4b:6a:da:87:65:62:18:37:25:45:
                    ea:c3:34:30:68:44:e8:d2:e1:c7:74:1b:75:9e:94:
                    4f:78:d2:17:54:1f:47:ad:69:62:b2:af:bc:76:17:
                    51:bb:64:32:a6:19:9c:c3:50:87:2c:6c:aa:e1:41:
                    e5:db:89:ec:ff:74:35:0e:6f:9d:97:d3:be:4b:c5:
                    ec:1d:9c:3d:60:37:b6:aa:91:74:17:47:7c:cd:59:
                    a9:2b:60:57:30:28:e0:5a:78:74:6a:19:b9:ad:0c:
                    15:aa:73:72:7f:b2:27:29:8b:90:5d:cd:50:63:01:
                    93:87:42:5d:34:4d:2e:13:61:18:16:35:14:61:45:
                    15:8b:81:89:ab:61:57:93:c3:12:44:27:58:87:1b:
                    f1:c5:73:24:30:fe:b9:a9:52:d1:7a:2e:e7:13:73:
                    eb:60:16:41:3a:4b:50:cf:f4:74:a7:9a:66:10:66:
                    f2:1e:dc:01:11:e0:41:8f:a0:be:a7:e4:ad:dd:3b:
                    a4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:04:77:EC:03:66:AC:D3:44:DC:0E:40:32:F6:9A:7B:FB:75:2B:9D
            X509v3 Authority Key Identifier:
                keyid:B1:39:71:BF:EA:78:D6:AA:5B:49:ED:5A:C3:5C:77:B6:A3:0A:08:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sTlxv-p41qpbSe1aw1x3tqMKCJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3f0083-59d7-433a-905a-47b1bdf8d530/1/NgR37ANmrNNE3A5AMvaae_t1K50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/3f0083-59d7-433a-905a-47b1bdf8d530/1/sTlxv-p41qpbSe1aw1x3tqMKCJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.165.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:0c:54:da:de:05:b8:0a:9d:76:bf:5e:65:a3:24:ed:da:37:
         5a:5c:e9:41:82:73:1b:3d:53:b8:f9:5e:44:1e:72:bd:3f:27:
         f1:7d:c0:a4:5d:2e:4a:7e:9e:03:ff:76:28:15:67:21:a0:7f:
         43:df:4b:55:41:fe:62:c6:7d:96:c4:26:b1:5c:8f:2b:ee:63:
         47:e7:e7:d8:a3:90:10:11:32:8f:15:c0:56:45:b8:b1:96:c2:
         16:80:ed:79:52:48:38:77:0e:ef:0c:73:b2:5c:36:ca:6d:c9:
         e1:15:27:7c:81:61:b7:63:e8:99:62:31:67:cc:de:58:0d:47:
         db:83:c5:7a:c5:55:c3:cd:df:01:8e:65:a1:1b:61:55:fe:e9:
         ce:af:24:f2:6d:6e:22:af:f8:13:d1:27:05:91:84:96:f2:f9:
         cc:5b:2d:c3:40:e2:aa:74:c1:6b:76:54:36:c1:ba:32:79:d0:
         90:3a:2d:5c:84:1f:6e:d6:1f:17:b1:e0:be:99:a9:78:be:be:
         25:15:14:36:7e:68:3a:f4:a2:9f:b6:af:20:a8:1b:0d:1c:f9:
         80:70:f3:6b:9e:5e:df:fb:c6:6e:1c:56:06:ef:89:cf:6a:2b:
         58:a8:b9:4a:14:39:ad:68:24:68:32:67:82:b8:cd:f0:f9:b2:
         a9:fc:e0:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbziRI/rkb9R/B+8cUGa6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMzk3MWJmZWE3OGQ2YWE1YjQ5ZWQ1YWMzNWM3N2I2YTMw
YTA4OTQwHhcNMjQwMTAyMDQyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjA0NzdlYzAzNjZhY2QzNDRkYzBlNDAzMmY2OWE3YmZiNzUyYjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpP+38M0GVHd8YUrC0EhCRt+NV7P
dGQMgjb/9LPMuKBWN9yV3hZ0o0X2A3/hP/mzsJt5ARNIVMn0tnFqDNEhwktq2odl
Yhg3JUXqwzQwaETo0uHHdBt1npRPeNIXVB9HrWlisq+8dhdRu2Qyphmcw1CHLGyq
4UHl24ns/3Q1Dm+dl9O+S8XsHZw9YDe2qpF0F0d8zVmpK2BXMCjgWnh0ahm5rQwV
qnNyf7InKYuQXc1QYwGTh0JdNE0uE2EYFjUUYUUVi4GJq2FXk8MSRCdYhxvxxXMk
MP65qVLRei7nE3PrYBZBOktQz/R0p5pmEGbyHtwBEeBBj6C+p+St3TukvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYEd+wDZqzTRNwOQDL2mnv7dSudMB8GA1UdIwQY
MBaAFLE5cb/qeNaqW0ntWsNcd7ajCgiUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1RseHYtcDQxcXBiU2UxYXcxeDN0cU1LQ0pRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8zZjAwODMtNTlkNy00MzNhLTkwNWEt
NDdiMWJkZjhkNTMwLzEvTmdSMzdBTm1yTk5FM0E1QU12YWFlX3QxSzUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8zZjAwODMtNTlkNy00MzNhLTkwNWEtNDdiMWJkZjhkNTMw
LzEvc1RseHYtcDQxcXBiU2UxYXcxeDN0cU1LQ0pRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwqUOMA0G
CSqGSIb3DQEBCwUAA4IBAQAtDFTa3gW4Cp12v15loyTt2jdaXOlBgnMbPVO4+V5E
HnK9PyfxfcCkXS5Kfp4D/3YoFWchoH9D30tVQf5ixn2WxCaxXI8r7mNH5+fYo5AQ
ETKPFcBWRbixlsIWgO15Ukg4dw7vDHOyXDbKbcnhFSd8gWG3Y+iZYjFnzN5YDUfb
g8V6xVXDzd8BjmWhG2FV/unOryTybW4ir/gT0ScFkYSW8vnMWy3DQOKqdMFrdlQ2
wboyedCQOi1chB9u1h8XseC+mal4vr4lFRQ2fmg69KKftq8gqBsNHPmAcPNrnl7f
+8ZuHFYG74nPaitYqLlKFDmtaCRoMmeCuM3w+bKp/ODo
-----END CERTIFICATE-----