Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/NwcVQtHab91r42PdEII2o_uxIuM.roa
File:                     NwcVQtHab91r42PdEII2o_uxIuM.roa (raw, json)
Hash identifier:          3PjyhCKlUhFGM+m73UxSfUMgXNZ+U8tHNoX11nXX2uo=
Subject key identifier:   37:07:15:42:D1:DA:6F:DD:6B:E3:63:DD:10:82:36:A3:FB:B1:22:E3
Certificate issuer:       /CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
Certificate serial:       018CC94BE6FD18656BBE30307E63EAE0699A
Authority key identifier: B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/NwcVQtHab91r42PdEII2o_uxIuM.roa
Signing time:             Tue 02 Jan 2024 08:30:43 +0000
ROA not before:           Tue 02 Jan 2024 08:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205318
IP address blocks:        31.42.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 05:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4b:e6:fd:18:65:6b:be:30:30:7e:63:ea:e0:69:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b85eadc2ec70b30fa4225ed7fcd5730f0c7bc616
        Validity
            Not Before: Jan  2 08:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37071542d1da6fdd6be363dd108236a3fbb122e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:18:24:88:3b:0a:2c:e1:12:80:e5:37:e3:ff:
                    04:aa:c6:d0:f1:da:a5:a4:5f:19:4c:0d:97:af:cb:
                    6f:76:b1:c1:60:51:e8:7d:4b:2f:5e:2d:a4:0b:9f:
                    16:24:17:8f:b1:cc:7c:44:3b:9f:a5:37:4a:3c:cf:
                    96:c8:98:23:0e:53:ac:34:e6:ca:71:14:2e:66:7c:
                    38:f7:34:b2:4d:f2:7b:8f:d1:7e:96:f5:41:ae:8b:
                    62:33:b1:cd:20:d3:68:2c:c0:d8:19:5d:34:19:57:
                    25:0e:00:8f:b1:17:13:42:26:07:57:65:2e:d0:21:
                    ac:4b:9a:89:ef:07:c4:90:56:06:97:db:da:24:1e:
                    e6:d0:45:aa:1f:b5:1b:f2:22:a3:e0:33:00:0b:11:
                    8f:ef:a2:15:ec:3d:98:2e:6b:74:8e:59:b8:25:0e:
                    0d:04:e2:04:d8:07:8b:ad:31:41:84:06:5d:c0:5a:
                    15:35:af:a1:0c:b5:91:49:31:dc:31:82:a2:05:dc:
                    4f:36:e2:1e:ba:fc:b3:8b:ed:43:93:4e:5b:15:1b:
                    66:28:a4:d7:27:d1:b9:b1:92:83:79:1b:cb:a0:29:
                    c8:c2:f1:e2:92:af:07:b0:e3:ba:fd:16:91:3e:0d:
                    8c:36:07:36:5f:7b:2b:71:bb:b8:f0:ba:5b:74:a4:
                    b4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:07:15:42:D1:DA:6F:DD:6B:E3:63:DD:10:82:36:A3:FB:B1:22:E3
            X509v3 Authority Key Identifier:
                keyid:B8:5E:AD:C2:EC:70:B3:0F:A4:22:5E:D7:FC:D5:73:0F:0C:7B:C6:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uF6twuxwsw-kIl7X_NVzDwx7xhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/NwcVQtHab91r42PdEII2o_uxIuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/f07b18-19d7-41f2-af6b-bc7a208a5e2e/1/uF6twuxwsw-kIl7X_NVzDwx7xhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.42.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:75:5c:6d:33:08:5c:f0:ac:29:64:6c:26:8f:2b:9e:ed:62:
         f7:40:02:d4:f6:5e:7c:c1:aa:a3:77:00:07:b0:8a:c3:95:06:
         73:1c:c2:e7:a2:12:b8:4d:b7:d5:cc:3a:47:4f:3f:05:15:17:
         51:f7:bc:a4:02:c0:f8:52:2e:15:f4:54:8e:1a:07:41:79:23:
         22:bb:3d:5e:b2:4e:62:ec:7e:d2:45:8e:ce:50:98:6e:20:28:
         2d:40:79:bf:e7:f2:3a:3d:d1:33:eb:b0:e5:f7:de:8a:af:3e:
         aa:41:c4:da:8a:3e:14:97:7c:fe:f9:a0:bf:e3:51:29:86:88:
         f3:41:2d:37:78:9c:24:f6:b5:c8:76:1c:1b:64:0f:fa:e4:4a:
         2d:24:77:f6:10:96:52:b5:a6:22:68:97:15:44:76:39:28:a6:
         9f:38:89:7f:44:b1:3b:93:e0:89:a1:b1:a1:c3:b9:66:1e:83:
         4b:b7:13:ac:2f:9b:75:b2:b2:8a:6f:db:92:f6:c7:09:d1:c5:
         9a:6f:49:f0:06:e6:75:8f:84:5d:a0:c0:5e:74:7e:8f:43:22:
         33:b9:ca:48:62:69:08:a3:00:14:06:19:cb:e5:5a:d8:a0:ec:
         8e:44:05:d0:b6:a4:45:80:d1:ac:da:85:c0:8b:ad:52:41:b4:
         e0:05:e9:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJS+b9GGVrvjAwfmPq4GmaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4NWVhZGMyZWM3MGIzMGZhNDIyNWVkN2ZjZDU3MzBmMGM3
YmM2MTYwHhcNMjQwMTAyMDgzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzA3MTU0MmQxZGE2ZmRkNmJlMzYzZGQxMDgyMzZhM2ZiYjEyMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRgkiDsKLOESgOU34/8EqsbQ8dql
pF8ZTA2Xr8tvdrHBYFHofUsvXi2kC58WJBePscx8RDufpTdKPM+WyJgjDlOsNObK
cRQuZnw49zSyTfJ7j9F+lvVBrotiM7HNINNoLMDYGV00GVclDgCPsRcTQiYHV2Uu
0CGsS5qJ7wfEkFYGl9vaJB7m0EWqH7Ub8iKj4DMACxGP76IV7D2YLmt0jlm4JQ4N
BOIE2AeLrTFBhAZdwFoVNa+hDLWRSTHcMYKiBdxPNuIeuvyzi+1Dk05bFRtmKKTX
J9G5sZKDeRvLoCnIwvHikq8HsOO6/RaRPg2MNgc2X3srcbu48LpbdKS05wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcHFULR2m/da+Nj3RCCNqP7sSLjMB8GA1UdIwQY
MBaAFLhercLscLMPpCJe1/zVcw8Me8YWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmIt
YmM3YTIwOGE1ZTJlLzEvTndjVlF0SGFiOTFyNDJQZEVJSTJvX3V4SXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9mMDdiMTgtMTlkNy00MWYyLWFmNmItYmM3YTIwOGE1ZTJl
LzEvdUY2dHd1eHdzdy1rSWw3WF9OVnpEd3g3eGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyo5MA0G
CSqGSIb3DQEBCwUAA4IBAQAUdVxtMwhc8KwpZGwmjyue7WL3QALU9l58waqjdwAH
sIrDlQZzHMLnohK4TbfVzDpHTz8FFRdR97ykAsD4Ui4V9FSOGgdBeSMiuz1esk5i
7H7SRY7OUJhuICgtQHm/5/I6PdEz67Dl996Krz6qQcTaij4Ul3z++aC/41Ephojz
QS03eJwk9rXIdhwbZA/65EotJHf2EJZStaYiaJcVRHY5KKafOIl/RLE7k+CJobGh
w7lmHoNLtxOsL5t1srKKb9uS9scJ0cWab0nwBuZ1j4RdoMBedH6PQyIzucpIYmkI
owAUBhnL5VrYoOyORAXQtqRFgNGs2oXAi61SQbTgBek7
-----END CERTIFICATE-----