Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/Nw-NS4F_D_Co6zRIbVPlMWKqe0s.roa
File:                     Nw-NS4F_D_Co6zRIbVPlMWKqe0s.roa (raw, json)
Hash identifier:          Md2NDQJ6IRg63Vm7cwkKZTnyIu0FgZXHJyZWqiE67uw=
Subject key identifier:   37:0F:8D:4B:81:7F:0F:F0:A8:EB:34:48:6D:53:E5:31:62:AA:7B:4B
Certificate issuer:       /CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
Certificate serial:       018CCA2B535DAA69FEF5769EF5660D822BFB
Authority key identifier: 5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/Nw-NS4F_D_Co6zRIbVPlMWKqe0s.roa
Signing time:             Tue 02 Jan 2024 12:34:46 +0000
ROA not before:           Tue 02 Jan 2024 12:34:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211421
IP address blocks:        31.7.64.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:53:5d:aa:69:fe:f5:76:9e:f5:66:0d:82:2b:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b52634a2eb03f8565b5e33dc2b9f49041f7cfb0
        Validity
            Not Before: Jan  2 12:34:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=370f8d4b817f0ff0a8eb34486d53e53162aa7b4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:79:1b:88:0a:16:ca:1a:e6:6b:dd:f3:f8:30:
                    dd:68:91:41:12:9e:61:ff:4d:50:8b:81:f4:c6:9d:
                    37:bb:c7:6d:a8:dc:ea:9f:f0:83:99:c8:d1:40:7f:
                    56:4e:c1:83:ef:b8:ba:a5:3d:db:50:f3:5b:88:b7:
                    37:cf:e5:68:46:53:ed:6c:c1:08:a0:2b:3c:ec:44:
                    c1:98:60:12:54:fb:d1:5b:44:c1:98:08:c5:99:0e:
                    3c:5e:8c:a5:8b:24:87:b6:80:f6:36:cc:6d:d5:67:
                    0b:65:aa:db:19:d7:42:6b:a9:31:bc:b7:d5:e7:29:
                    f9:85:6b:27:88:6d:e0:a6:ca:c9:96:1f:5d:4f:58:
                    be:8e:43:1b:2b:68:6f:9e:53:2b:e7:09:fb:36:d4:
                    25:1d:24:e1:36:79:56:fb:53:a0:d8:b2:c9:92:6b:
                    53:6b:77:eb:94:40:9e:c0:63:6e:5b:72:41:95:6d:
                    fe:ea:31:cb:25:a8:ff:f2:5d:f6:f8:d2:4f:b5:09:
                    71:f7:32:3c:7e:0a:b4:cc:81:0c:66:bd:38:c8:c8:
                    9a:3b:87:7e:17:1a:4f:09:0a:db:f6:9e:29:ec:05:
                    78:d2:fa:39:9b:9f:05:98:0c:48:69:64:4d:5f:57:
                    ef:08:5b:6c:7a:35:0c:a6:60:c4:29:7e:56:1e:e3:
                    e2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:0F:8D:4B:81:7F:0F:F0:A8:EB:34:48:6D:53:E5:31:62:AA:7B:4B
            X509v3 Authority Key Identifier:
                keyid:5B:52:63:4A:2E:B0:3F:85:65:B5:E3:3D:C2:B9:F4:90:41:F7:CF:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W1JjSi6wP4VlteM9wrn0kEH3z7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/Nw-NS4F_D_Co6zRIbVPlMWKqe0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/7a5b44-6b18-42d3-a8d5-dc6554fd1235/1/W1JjSi6wP4VlteM9wrn0kEH3z7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.7.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:6e:42:06:22:a6:cd:42:d5:06:b6:95:e3:9c:aa:b4:7c:b7:
         da:79:ac:a3:45:17:29:6d:32:7c:45:68:b0:6e:9b:6a:4c:50:
         48:f3:e8:8e:3c:c5:4d:79:c4:11:13:1f:fb:ce:cf:94:df:b9:
         34:ea:6c:50:10:5c:bd:6d:2e:59:84:6e:77:c8:a3:14:9b:4a:
         a5:d9:c0:d7:96:58:06:78:ba:8b:c5:59:69:b0:63:74:69:aa:
         19:4c:6c:05:49:48:98:d8:c8:79:53:8f:6c:a6:be:ef:ad:fb:
         c2:59:ce:09:c7:00:4f:a8:29:ff:b5:84:ed:e8:fc:c2:9a:de:
         98:88:3f:60:7d:06:ca:cf:df:b4:a5:1e:34:1b:5c:e2:b1:bc:
         6c:ef:e1:4e:c3:95:a3:9c:05:35:c0:ee:bc:01:78:32:97:43:
         28:df:b1:80:2d:1f:57:5a:07:7c:99:fc:82:db:52:36:69:9b:
         f5:5a:f7:74:9e:0b:30:fd:69:80:40:d3:8f:b4:23:16:e8:ca:
         c6:98:8d:19:65:b6:94:40:ec:6d:d9:27:ac:f4:41:d3:21:e8:
         81:93:34:69:ec:87:05:17:7b:e1:dd:d6:c6:bb:28:a2:39:f7:
         57:62:64:5b:30:75:56:4b:f2:cf:8b:f3:dc:e5:9e:b5:98:63:
         0a:ae:8b:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK1Ndqmn+9Xae9WYNgiv7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNTI2MzRhMmViMDNmODU2NWI1ZTMzZGMyYjlmNDkwNDFm
N2NmYjAwHhcNMjQwMTAyMTIzNDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzBmOGQ0YjgxN2YwZmYwYThlYjM0NDg2ZDUzZTUzMTYyYWE3YjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HkbiAoWyhrma93z+DDdaJFBEp5h
/01Qi4H0xp03u8dtqNzqn/CDmcjRQH9WTsGD77i6pT3bUPNbiLc3z+VoRlPtbMEI
oCs87ETBmGASVPvRW0TBmAjFmQ48XoyliySHtoD2Nsxt1WcLZarbGddCa6kxvLfV
5yn5hWsniG3gpsrJlh9dT1i+jkMbK2hvnlMr5wn7NtQlHSThNnlW+1Og2LLJkmtT
a3frlECewGNuW3JBlW3+6jHLJaj/8l32+NJPtQlx9zI8fgq0zIEMZr04yMiaO4d+
FxpPCQrb9p4p7AV40vo5m58FmAxIaWRNX1fvCFtsejUMpmDEKX5WHuPi9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcPjUuBfw/wqOs0SG1T5TFiqntLMB8GA1UdIwQY
MBaAFFtSY0ousD+FZbXjPcK59JBB98+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUt
ZGM2NTU0ZmQxMjM1LzEvTnctTlM0Rl9EX0NvNnpSSWJWUGxNV0txZTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC83YTViNDQtNmIxOC00MmQzLWE4ZDUtZGM2NTU0ZmQxMjM1
LzEvVzFKalNpNndQNFZsdGVNOXdybjBrRUgzejdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHwdAMA0G
CSqGSIb3DQEBCwUAA4IBAQDKbkIGIqbNQtUGtpXjnKq0fLfaeayjRRcpbTJ8RWiw
bptqTFBI8+iOPMVNecQREx/7zs+U37k06mxQEFy9bS5ZhG53yKMUm0ql2cDXllgG
eLqLxVlpsGN0aaoZTGwFSUiY2Mh5U49spr7vrfvCWc4JxwBPqCn/tYTt6PzCmt6Y
iD9gfQbKz9+0pR40G1zisbxs7+FOw5WjnAU1wO68AXgyl0Mo37GALR9XWgd8mfyC
21I2aZv1Wvd0ngsw/WmAQNOPtCMW6MrGmI0ZZbaUQOxt2Ses9EHTIeiBkzRp7IcF
F3vh3dbGuyiiOfdXYmRbMHVWS/LPi/Pc5Z61mGMKrouM
-----END CERTIFICATE-----