Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/158450-dd43-4b82-ab2b-095e7188d0a0/1/NX4CwZtOHmt9KIU-f3qE-xYf1Wo.roa
File:                     NX4CwZtOHmt9KIU-f3qE-xYf1Wo.roa (raw, json)
Hash identifier:          Ihgg0aXvfXr83Bh+bt2O5XpJ6YGD4KQNjZ4wQQti82M=
Subject key identifier:   35:7E:02:C1:9B:4E:1E:6B:7D:28:85:3E:7F:7A:84:FB:16:1F:D5:6A
Certificate issuer:       /CN=a41d4e978810e9789a76e687a7ddd97526b0d9bc
Certificate serial:       018CC26D3D1B6C862F21A0BB3A04389DB997
Authority key identifier: A4:1D:4E:97:88:10:E9:78:9A:76:E6:87:A7:DD:D9:75:26:B0:D9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pB1Ol4gQ6XiaduaHp93ZdSaw2bw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/158450-dd43-4b82-ab2b-095e7188d0a0/1/NX4CwZtOHmt9KIU-f3qE-xYf1Wo.roa
Signing time:             Mon 01 Jan 2024 00:29:48 +0000
ROA not before:           Mon 01 Jan 2024 00:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16010
IP address blocks:        185.70.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/158450-dd43-4b82-ab2b-095e7188d0a0/1/pB1Ol4gQ6XiaduaHp93ZdSaw2bw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/158450-dd43-4b82-ab2b-095e7188d0a0/1/pB1Ol4gQ6XiaduaHp93ZdSaw2bw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pB1Ol4gQ6XiaduaHp93ZdSaw2bw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:3d:1b:6c:86:2f:21:a0:bb:3a:04:38:9d:b9:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a41d4e978810e9789a76e687a7ddd97526b0d9bc
        Validity
            Not Before: Jan  1 00:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=357e02c19b4e1e6b7d28853e7f7a84fb161fd56a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c0:52:16:45:f9:93:ba:c5:4e:89:dc:2e:be:
                    92:74:37:27:61:4e:f2:3d:8e:d2:70:0e:92:0c:e3:
                    fd:e9:9e:65:2a:de:96:e9:75:f8:6c:f4:31:64:a4:
                    ac:6f:91:52:42:68:5e:d0:22:60:c8:56:b3:b9:43:
                    a2:bc:97:41:b0:4a:24:c7:54:fc:c7:69:99:7d:9b:
                    21:01:d1:6f:99:22:62:e7:ac:9c:53:b7:c0:73:0c:
                    69:39:2c:60:4d:7c:21:2e:25:3a:71:b5:76:a6:b5:
                    70:06:49:19:3e:3c:41:e5:b6:b0:09:cc:b8:21:06:
                    c2:f8:89:83:87:57:39:29:42:ba:7e:40:19:29:c2:
                    cd:9d:84:0d:64:56:44:4d:42:34:40:26:87:24:84:
                    6f:d9:71:84:1b:05:0e:68:f7:83:57:75:90:01:0a:
                    2a:d9:21:c5:d2:1d:73:e5:9f:20:f1:e2:c2:f9:17:
                    a1:84:f0:30:1c:4f:5f:a0:43:ed:bd:97:0d:d7:df:
                    e0:cc:0b:69:ab:58:9f:f8:c2:4b:65:e5:9a:39:5e:
                    88:fd:4e:1d:e8:c1:7f:be:6e:89:44:e7:bf:51:97:
                    6a:83:97:1c:f3:7f:03:57:1c:64:31:09:63:92:3b:
                    96:ff:ca:e5:f1:a5:ba:9e:4d:44:08:5f:61:50:47:
                    6b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:7E:02:C1:9B:4E:1E:6B:7D:28:85:3E:7F:7A:84:FB:16:1F:D5:6A
            X509v3 Authority Key Identifier:
                keyid:A4:1D:4E:97:88:10:E9:78:9A:76:E6:87:A7:DD:D9:75:26:B0:D9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pB1Ol4gQ6XiaduaHp93ZdSaw2bw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/158450-dd43-4b82-ab2b-095e7188d0a0/1/NX4CwZtOHmt9KIU-f3qE-xYf1Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/158450-dd43-4b82-ab2b-095e7188d0a0/1/pB1Ol4gQ6XiaduaHp93ZdSaw2bw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:13:a8:ff:6b:42:d3:b5:d4:57:0e:f1:b2:ce:f5:24:95:df:
         95:2d:fe:cc:4b:50:04:48:51:3d:e7:a6:03:ae:f7:18:ac:1e:
         64:b9:d4:e0:39:30:86:11:4f:75:c7:9d:e6:44:5b:b8:82:e6:
         bc:12:84:ee:a8:e8:08:5e:ea:cf:ff:49:a6:a3:0e:4c:40:73:
         f1:56:2a:ff:96:c9:8b:8f:d4:c4:1d:8d:83:26:6f:27:5c:98:
         12:28:a9:ca:cb:bd:69:c6:52:04:f3:37:3b:9d:4e:12:ff:08:
         a4:bd:d5:7f:14:49:55:ca:dc:b7:65:1d:8b:68:81:9c:4a:2c:
         5e:2c:6a:98:ae:b7:31:d0:40:9d:34:0f:42:84:35:59:9f:11:
         94:8c:b4:60:1b:8e:7a:5c:cd:66:c0:6b:bf:c2:6f:eb:b0:cf:
         98:23:d0:3c:2e:d9:37:7c:b3:cc:1b:e3:68:9d:13:8a:dd:9c:
         ac:25:ec:e7:07:9d:9f:16:ea:35:97:6b:df:5d:5d:6e:10:68:
         f8:6f:5c:22:3d:59:b2:70:36:14:ec:05:8e:e7:65:9e:09:b1:
         52:39:12:92:6c:a0:b7:b0:f2:6a:32:50:eb:09:88:db:70:35:
         74:c4:66:17:ef:1c:09:fb:1d:21:60:20:f7:d4:97:1f:60:7b:
         de:9d:91:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbT0bbIYvIaC7OgQ4nbmXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MWQ0ZTk3ODgxMGU5Nzg5YTc2ZTY4N2E3ZGRkOTc1MjZi
MGQ5YmMwHhcNMjQwMTAxMDAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTdlMDJjMTliNGUxZTZiN2QyODg1M2U3ZjdhODRmYjE2MWZkNTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcBSFkX5k7rFToncLr6SdDcnYU7y
PY7ScA6SDOP96Z5lKt6W6XX4bPQxZKSsb5FSQmhe0CJgyFazuUOivJdBsEokx1T8
x2mZfZshAdFvmSJi56ycU7fAcwxpOSxgTXwhLiU6cbV2prVwBkkZPjxB5bawCcy4
IQbC+ImDh1c5KUK6fkAZKcLNnYQNZFZETUI0QCaHJIRv2XGEGwUOaPeDV3WQAQoq
2SHF0h1z5Z8g8eLC+RehhPAwHE9foEPtvZcN19/gzAtpq1if+MJLZeWaOV6I/U4d
6MF/vm6JROe/UZdqg5cc838DVxxkMQljkjuW/8rl8aW6nk1ECF9hUEdryQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDV+AsGbTh5rfSiFPn96hPsWH9VqMB8GA1UdIwQY
MBaAFKQdTpeIEOl4mnbmh6fd2XUmsNm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEIxT2w0Z1E2WGlhZHVhSHA5M1pkU2F3MmJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8xNTg0NTAtZGQ0My00YjgyLWFiMmIt
MDk1ZTcxODhkMGEwLzEvTlg0Q3dadE9IbXQ5S0lVLWYzcUUteFlmMVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8xNTg0NTAtZGQ0My00YjgyLWFiMmItMDk1ZTcxODhkMGEw
LzEvcEIxT2w0Z1E2WGlhZHVhSHA5M1pkU2F3MmJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUY0MA0G
CSqGSIb3DQEBCwUAA4IBAQB2E6j/a0LTtdRXDvGyzvUkld+VLf7MS1AESFE956YD
rvcYrB5kudTgOTCGEU91x53mRFu4gua8EoTuqOgIXurP/0mmow5MQHPxVir/lsmL
j9TEHY2DJm8nXJgSKKnKy71pxlIE8zc7nU4S/wikvdV/FElVyty3ZR2LaIGcSixe
LGqYrrcx0ECdNA9ChDVZnxGUjLRgG456XM1mwGu/wm/rsM+YI9A8Ltk3fLPMG+No
nROK3ZysJeznB52fFuo1l2vfXV1uEGj4b1wiPVmycDYU7AWO52WeCbFSORKSbKC3
sPJqMlDrCYjbcDV0xGYX7xwJ+x0hYCD31JcfYHvenZHV
-----END CERTIFICATE-----