Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/NyK252RlLk1iSaCBVX4tECM9BJc.roa
File:                     NyK252RlLk1iSaCBVX4tECM9BJc.roa (raw, json)
Hash identifier:          hq5G0o1R8zc3RwMCcCob9o3DflnSMU8ldnexN1PlQAE=
Subject key identifier:   37:22:B6:E7:64:65:2E:4D:62:49:A0:81:55:7E:2D:10:23:3D:04:97
Certificate issuer:       /CN=a3608d6b0e80a6430fb6af43fae168a0e8011fee
Certificate serial:       018CC94CE15B73F1935FE955B35282395C2F
Authority key identifier: A3:60:8D:6B:0E:80:A6:43:0F:B6:AF:43:FA:E1:68:A0:E8:01:1F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/NyK252RlLk1iSaCBVX4tECM9BJc.roa
Signing time:             Tue 02 Jan 2024 08:31:47 +0000
ROA not before:           Tue 02 Jan 2024 08:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        185.125.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:e1:5b:73:f1:93:5f:e9:55:b3:52:82:39:5c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3608d6b0e80a6430fb6af43fae168a0e8011fee
        Validity
            Not Before: Jan  2 08:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3722b6e764652e4d6249a081557e2d10233d0497
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:31:dc:29:90:55:74:a8:81:9f:1e:a5:01:a9:
                    06:4a:c6:88:b6:36:b4:c9:b4:3f:b3:2c:e6:0e:f0:
                    8b:22:42:4d:a5:03:ad:d8:fe:83:13:06:d4:a1:79:
                    9a:73:ac:c8:2c:4d:bb:a1:5d:ba:a2:b3:1f:41:20:
                    d7:3c:3c:c5:d4:1d:42:91:af:4a:3d:e8:a9:e0:16:
                    3d:5e:5c:d2:2e:37:cf:d6:07:fc:71:ce:70:15:e3:
                    8d:b1:c9:77:74:11:e8:ae:b9:1e:3e:72:8d:a2:b3:
                    b9:d0:18:1a:c6:ae:a8:40:dc:07:1f:1a:24:b8:d1:
                    3d:6d:bb:cb:78:6e:fb:88:0e:2d:85:49:86:67:cf:
                    6b:c6:ef:7f:cb:89:2b:ac:1a:7a:74:bf:26:86:58:
                    76:fa:ff:c8:08:f0:af:78:71:3f:76:b0:8c:5e:57:
                    a1:95:f1:84:95:87:b7:fe:de:3b:06:b2:24:12:b7:
                    4c:4e:a2:f8:c2:0b:77:ae:90:26:82:44:d3:c0:03:
                    5b:cb:48:66:a4:3a:1d:3e:47:97:5a:bc:b1:1a:8e:
                    af:83:67:5a:f0:05:b7:4e:95:40:24:df:fe:86:8c:
                    49:5f:15:7e:13:7b:3b:4d:97:15:28:0a:c7:51:39:
                    00:7e:2f:13:c0:46:64:ed:a3:cf:88:33:09:11:73:
                    df:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:22:B6:E7:64:65:2E:4D:62:49:A0:81:55:7E:2D:10:23:3D:04:97
            X509v3 Authority Key Identifier:
                keyid:A3:60:8D:6B:0E:80:A6:43:0F:B6:AF:43:FA:E1:68:A0:E8:01:1F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o2CNaw6ApkMPtq9D-uFooOgBH-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/NyK252RlLk1iSaCBVX4tECM9BJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/fb5910-fe14-4453-8c9c-83bf70b1fd6b/1/o2CNaw6ApkMPtq9D-uFooOgBH-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:8a:b7:0b:c1:d0:8d:8f:30:34:fb:77:29:04:7d:4b:94:57:
         4e:7c:cd:a9:20:e0:16:1c:91:9d:e0:f6:c4:79:13:29:9c:c1:
         08:19:19:b0:a7:38:d2:78:f8:45:19:9f:f1:54:ad:28:e8:03:
         1a:cb:80:6b:d0:da:07:09:6f:85:48:8d:52:49:ef:27:46:8e:
         dc:db:f9:5b:7c:ac:90:18:c1:3d:53:3a:9d:bd:28:78:bd:87:
         e8:8c:42:5b:79:e7:7a:06:09:6f:f0:ac:74:9c:fb:f7:66:9a:
         47:b3:c5:56:4b:8b:d3:d8:52:c4:b0:0e:7c:5f:11:8d:49:cd:
         6a:e0:a0:1f:3d:c3:87:ad:be:91:e7:10:51:bc:54:3b:04:0c:
         56:05:12:1a:03:f8:3b:e2:11:35:30:9e:f7:d0:98:fb:b4:41:
         d7:8f:9b:cb:4e:e0:b3:09:cf:fe:38:3e:1b:6c:81:f8:8e:fc:
         94:df:e2:fb:21:97:0c:6f:5d:78:c2:84:8d:2c:c5:43:c6:66:
         e9:9c:88:c5:ce:36:19:a2:b2:e9:34:0c:01:c6:bd:5a:44:c6:
         8f:0b:91:05:69:8a:19:27:f3:60:bf:9b:8d:7a:69:e4:e9:e7:
         a0:ec:bc:2c:91:6e:2e:76:d6:14:7c:70:c7:8c:ed:20:af:11:
         f0:ed:59:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTOFbc/GTX+lVs1KCOVwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNjA4ZDZiMGU4MGE2NDMwZmI2YWY0M2ZhZTE2OGEwZTgw
MTFmZWUwHhcNMjQwMTAyMDgzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzIyYjZlNzY0NjUyZTRkNjI0OWEwODE1NTdlMmQxMDIzM2QwNDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTHcKZBVdKiBnx6lAakGSsaItja0
ybQ/syzmDvCLIkJNpQOt2P6DEwbUoXmac6zILE27oV26orMfQSDXPDzF1B1Cka9K
Peip4BY9XlzSLjfP1gf8cc5wFeONscl3dBHorrkePnKNorO50Bgaxq6oQNwHHxok
uNE9bbvLeG77iA4thUmGZ89rxu9/y4krrBp6dL8mhlh2+v/ICPCveHE/drCMXleh
lfGElYe3/t47BrIkErdMTqL4wgt3rpAmgkTTwANby0hmpDodPkeXWryxGo6vg2da
8AW3TpVAJN/+hoxJXxV+E3s7TZcVKArHUTkAfi8TwEZk7aPPiDMJEXPf0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcitudkZS5NYkmggVV+LRAjPQSXMB8GA1UdIwQY
MBaAFKNgjWsOgKZDD7avQ/rhaKDoAR/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzJDTmF3NkFwa01QdHE5RC11Rm9vT2dCSC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9mYjU5MTAtZmUxNC00NDUzLThjOWMt
ODNiZjcwYjFmZDZiLzEvTnlLMjUyUmxMazFpU2FDQlZYNHRFQ005QkpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9mYjU5MTAtZmUxNC00NDUzLThjOWMtODNiZjcwYjFmZDZi
LzEvbzJDTmF3NkFwa01QdHE5RC11Rm9vT2dCSC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX2NMA0G
CSqGSIb3DQEBCwUAA4IBAQBuircLwdCNjzA0+3cpBH1LlFdOfM2pIOAWHJGd4PbE
eRMpnMEIGRmwpzjSePhFGZ/xVK0o6AMay4Br0NoHCW+FSI1SSe8nRo7c2/lbfKyQ
GME9UzqdvSh4vYfojEJbeed6Bglv8Kx0nPv3ZppHs8VWS4vT2FLEsA58XxGNSc1q
4KAfPcOHrb6R5xBRvFQ7BAxWBRIaA/g74hE1MJ730Jj7tEHXj5vLTuCzCc/+OD4b
bIH4jvyU3+L7IZcMb114woSNLMVDxmbpnIjFzjYZorLpNAwBxr1aRMaPC5EFaYoZ
J/Ngv5uNemnk6eeg7LwskW4udtYUfHDHjO0grxHw7VnD
-----END CERTIFICATE-----