Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/NQWVz5b3u7RfC8vqlRy5FkfGxFI.roa
File:                     NQWVz5b3u7RfC8vqlRy5FkfGxFI.roa (raw, json)
Hash identifier:          vaegAJ67BlUB6KEaR/96Ed4wnx0nt5/wuHZua5Rn37c=
Subject key identifier:   35:05:95:CF:96:F7:BB:B4:5F:0B:CB:EA:95:1C:B9:16:47:C6:C4:52
Certificate issuer:       /CN=8a31f8bea33b0056446e3321eede3a170fbd7c1f
Certificate serial:       018CC7941C195A7187198A901307CB23F95A
Authority key identifier: 8A:31:F8:BE:A3:3B:00:56:44:6E:33:21:EE:DE:3A:17:0F:BD:7C:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ijH4vqM7AFZEbjMh7t46Fw-9fB8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/NQWVz5b3u7RfC8vqlRy5FkfGxFI.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201047
IP address blocks:        37.18.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/ijH4vqM7AFZEbjMh7t46Fw-9fB8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/ijH4vqM7AFZEbjMh7t46Fw-9fB8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ijH4vqM7AFZEbjMh7t46Fw-9fB8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1c:19:5a:71:87:19:8a:90:13:07:cb:23:f9:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a31f8bea33b0056446e3321eede3a170fbd7c1f
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=350595cf96f7bbb45f0bcbea951cb91647c6c452
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:88:d7:fb:74:1b:9f:b7:70:be:90:2c:2e:f0:
                    38:bf:5d:50:ba:d3:f5:6b:43:70:3d:17:6a:7b:fa:
                    c0:cc:8a:03:1b:d5:3f:41:b1:97:34:61:0d:c3:08:
                    7e:ea:5a:38:ed:42:1a:4d:0a:9f:1a:21:9a:3e:c4:
                    04:2c:6a:5f:19:6c:e2:07:cc:02:7b:e2:59:39:6b:
                    0d:0c:a6:dd:41:b0:e3:75:fa:6e:e9:16:53:30:9a:
                    fc:c0:b1:55:f8:7f:a8:49:0e:8e:64:1b:fd:5b:e5:
                    d6:2e:bc:52:8d:4d:ac:f0:d6:23:57:5d:07:4d:94:
                    d4:4f:8b:84:e2:6f:eb:94:20:0d:16:c9:81:af:82:
                    e9:d3:6e:14:69:5c:93:a1:86:72:7e:bb:b5:05:8a:
                    53:22:db:1f:68:6b:52:2f:3f:e6:15:86:a9:74:71:
                    28:f9:0c:ac:0d:80:da:97:e4:59:b5:96:03:6d:cd:
                    21:a6:bf:a4:37:46:db:ac:85:74:31:93:a8:41:82:
                    11:a5:c6:d1:bd:da:1e:4b:34:31:0a:3d:64:7d:5f:
                    57:13:e1:5d:1b:08:ce:76:86:a7:b2:7f:ad:17:58:
                    ec:77:12:87:4b:7a:d9:77:3a:df:d2:d9:3d:1f:a4:
                    5a:c8:90:37:e5:b1:77:c6:5f:70:35:25:c9:7b:63:
                    81:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:05:95:CF:96:F7:BB:B4:5F:0B:CB:EA:95:1C:B9:16:47:C6:C4:52
            X509v3 Authority Key Identifier:
                keyid:8A:31:F8:BE:A3:3B:00:56:44:6E:33:21:EE:DE:3A:17:0F:BD:7C:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ijH4vqM7AFZEbjMh7t46Fw-9fB8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/NQWVz5b3u7RfC8vqlRy5FkfGxFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/60fc0d-0eb9-424c-a630-9a5c73bffa23/1/ijH4vqM7AFZEbjMh7t46Fw-9fB8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:b0:7a:8c:05:c7:84:eb:1e:a0:58:40:68:61:e9:0a:74:12:
         6f:a7:7f:4d:58:dc:4e:3f:7a:7c:22:b0:26:43:e6:da:07:db:
         8f:22:46:68:0d:35:0c:12:b0:8a:99:e8:a5:e7:21:0f:3d:04:
         d4:da:12:b4:d6:b1:9e:c5:30:b4:94:68:7c:d8:75:63:c8:89:
         67:bb:cf:7b:f4:b2:5c:46:49:b5:d5:2a:b0:07:2d:c9:35:31:
         14:52:27:7c:fe:b0:87:c6:60:ad:b8:66:b7:4d:7c:9b:9a:e0:
         8a:30:48:ee:bc:77:00:a2:9a:df:5e:77:93:79:b2:6c:10:fe:
         af:3c:14:05:94:c3:09:7f:f0:3d:f6:50:4d:67:29:c8:2c:df:
         1e:17:f7:13:f0:9c:60:12:b2:c0:e7:d9:5c:a6:14:1e:c7:c3:
         81:54:36:eb:74:d8:6c:c4:10:1c:5a:9f:68:51:94:d1:1d:62:
         48:53:4a:98:09:3f:4b:ab:8e:06:86:7a:04:93:11:6d:6e:28:
         61:b5:94:6f:f3:3a:a9:49:c1:d0:48:44:31:28:db:fb:d6:a9:
         fe:35:df:f0:ba:7d:5a:c6:c4:3f:73:b2:cd:bf:f2:ca:44:23:
         5f:48:ba:6a:31:ba:f1:34:33:7f:91:20:54:d7:20:7b:6f:8d:
         93:79:d7:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBwZWnGHGYqQEwfLI/laMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMzFmOGJlYTMzYjAwNTY0NDZlMzMyMWVlZGUzYTE3MGZi
ZDdjMWYwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTA1OTVjZjk2ZjdiYmI0NWYwYmNiZWE5NTFjYjkxNjQ3YzZjNDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYjX+3Qbn7dwvpAsLvA4v11QutP1
a0NwPRdqe/rAzIoDG9U/QbGXNGENwwh+6lo47UIaTQqfGiGaPsQELGpfGWziB8wC
e+JZOWsNDKbdQbDjdfpu6RZTMJr8wLFV+H+oSQ6OZBv9W+XWLrxSjU2s8NYjV10H
TZTUT4uE4m/rlCANFsmBr4Lp024UaVyToYZyfru1BYpTItsfaGtSLz/mFYapdHEo
+QysDYDal+RZtZYDbc0hpr+kN0bbrIV0MZOoQYIRpcbRvdoeSzQxCj1kfV9XE+Fd
GwjOdoansn+tF1jsdxKHS3rZdzrf0tk9H6RayJA35bF3xl9wNSXJe2OBOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUFlc+W97u0XwvL6pUcuRZHxsRSMB8GA1UdIwQY
MBaAFIox+L6jOwBWRG4zIe7eOhcPvXwfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWpINHZxTTdBRlpFYmpNaDd0NDZGdy05ZkI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC82MGZjMGQtMGViOS00MjRjLWE2MzAt
OWE1YzczYmZmYTIzLzEvTlFXVno1YjN1N1JmQzh2cWxSeTVGa2ZHeEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC82MGZjMGQtMGViOS00MjRjLWE2MzAtOWE1YzczYmZmYTIz
LzEvaWpINHZxTTdBRlpFYmpNaDd0NDZGdy05ZkI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJRK5MA0G
CSqGSIb3DQEBCwUAA4IBAQB9sHqMBceE6x6gWEBoYekKdBJvp39NWNxOP3p8IrAm
Q+baB9uPIkZoDTUMErCKmeil5yEPPQTU2hK01rGexTC0lGh82HVjyIlnu8979LJc
Rkm11SqwBy3JNTEUUid8/rCHxmCtuGa3TXybmuCKMEjuvHcAoprfXneTebJsEP6v
PBQFlMMJf/A99lBNZynILN8eF/cT8JxgErLA59lcphQex8OBVDbrdNhsxBAcWp9o
UZTRHWJIU0qYCT9Lq44GhnoEkxFtbihhtZRv8zqpScHQSEQxKNv71qn+Nd/wun1a
xsQ/c7LNv/LKRCNfSLpqMbrxNDN/kSBU1yB7b42TedcP
-----END CERTIFICATE-----