Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/f7453d-96ec-4d4e-9f3e-0e8bc8e812ee/1/NpxpYDbEQFM6mJHeo-x96k0gB1g.roa
File:                     NpxpYDbEQFM6mJHeo-x96k0gB1g.roa (raw, json)
Hash identifier:          7VbqI7JnUpOL+VYzXDkP6JIKThf2bWlPFq22QNVPJcM=
Subject key identifier:   36:9C:69:60:36:C4:40:53:3A:98:91:DE:A3:EC:7D:EA:4D:20:07:58
Certificate issuer:       /CN=7192f22a78a8071b02a362a8db33e8f3f72dd348
Certificate serial:       018CC49324AFA793DA75183A82E5E2ED85E3
Authority key identifier: 71:92:F2:2A:78:A8:07:1B:02:A3:62:A8:DB:33:E8:F3:F7:2D:D3:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cZLyKnioBxsCo2Ko2zPo8_ct00g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/f7453d-96ec-4d4e-9f3e-0e8bc8e812ee/1/NpxpYDbEQFM6mJHeo-x96k0gB1g.roa
Signing time:             Mon 01 Jan 2024 10:30:26 +0000
ROA not before:           Mon 01 Jan 2024 10:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207522
IP address blocks:        192.145.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/f7453d-96ec-4d4e-9f3e-0e8bc8e812ee/1/cZLyKnioBxsCo2Ko2zPo8_ct00g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/f7453d-96ec-4d4e-9f3e-0e8bc8e812ee/1/cZLyKnioBxsCo2Ko2zPo8_ct00g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cZLyKnioBxsCo2Ko2zPo8_ct00g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 01:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:24:af:a7:93:da:75:18:3a:82:e5:e2:ed:85:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7192f22a78a8071b02a362a8db33e8f3f72dd348
        Validity
            Not Before: Jan  1 10:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=369c696036c440533a9891dea3ec7dea4d200758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:27:f7:a0:55:fd:52:c4:8f:91:75:8d:fd:5d:
                    ce:11:62:0b:4f:55:4d:21:11:27:dd:15:bc:e6:f3:
                    35:56:de:bb:ca:d2:dc:fd:9d:da:c6:8b:79:f0:a0:
                    93:dd:2d:10:cc:8d:8c:4d:76:89:76:eb:7e:e7:5f:
                    24:ff:32:79:ad:b5:17:79:38:ca:5c:2d:5c:41:bb:
                    47:d8:5b:f6:27:93:64:69:16:97:50:38:02:de:ab:
                    a8:51:ba:27:75:a2:1f:d2:b6:dc:65:7a:1f:70:fd:
                    09:00:e4:a6:a1:13:fc:22:31:3e:83:fc:e2:13:3d:
                    d1:13:fa:f7:dc:f0:98:e9:3b:4b:29:6c:d7:f6:79:
                    c8:8d:f8:95:a3:6b:e7:a6:f8:5d:98:f4:2a:9c:f0:
                    86:b4:cc:d4:df:55:37:9d:cb:d9:52:4e:6d:65:ef:
                    a6:18:83:a9:b7:49:24:f3:c8:37:2c:d3:52:d1:c3:
                    42:85:47:09:aa:ae:c4:cd:96:ce:e6:45:67:78:9c:
                    67:5c:08:cd:17:99:70:fd:f4:f0:94:e9:9a:dd:85:
                    6a:ca:a9:7d:83:86:fa:67:b7:00:10:cd:f9:b3:a9:
                    70:d8:fb:a0:19:28:91:be:56:34:9a:38:ca:03:f5:
                    7b:93:a6:48:23:de:70:a0:ba:5b:73:3e:51:2c:5b:
                    a6:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:9C:69:60:36:C4:40:53:3A:98:91:DE:A3:EC:7D:EA:4D:20:07:58
            X509v3 Authority Key Identifier:
                keyid:71:92:F2:2A:78:A8:07:1B:02:A3:62:A8:DB:33:E8:F3:F7:2D:D3:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cZLyKnioBxsCo2Ko2zPo8_ct00g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/f7453d-96ec-4d4e-9f3e-0e8bc8e812ee/1/NpxpYDbEQFM6mJHeo-x96k0gB1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/f7453d-96ec-4d4e-9f3e-0e8bc8e812ee/1/cZLyKnioBxsCo2Ko2zPo8_ct00g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:23:f5:7f:1c:fa:ad:03:40:54:d4:2e:0b:09:df:0f:c5:56:
         08:6b:53:2d:de:d3:86:0d:40:3d:0c:8e:2b:fb:21:3c:97:ac:
         43:e3:e4:9c:a6:07:83:6d:21:89:c3:8d:a3:c5:91:6c:ba:8e:
         5a:11:d6:d7:d9:8d:43:ac:47:61:34:a3:05:54:8f:69:8e:d1:
         c4:ee:42:2f:a5:45:3a:cf:b8:89:a6:79:e3:a0:82:08:da:22:
         e0:1e:de:76:07:c9:53:b4:13:be:70:93:17:9c:29:6d:7c:a7:
         46:16:8a:43:91:98:c9:15:4f:19:3c:d7:fa:46:58:a2:c8:48:
         e7:bb:85:f0:b7:3b:89:29:7f:0b:17:e6:53:a8:dd:b2:33:a1:
         12:dd:b6:b3:a7:4a:53:0b:2a:16:59:16:46:03:2a:c9:70:3b:
         6a:01:82:87:3e:44:e5:67:0f:e4:25:7d:7d:c5:3c:86:7f:a3:
         4f:ff:97:88:3d:4d:c4:eb:79:19:88:8b:4f:11:df:10:ee:7d:
         f4:b5:da:0c:4d:a6:ef:87:cf:eb:02:89:dc:5c:27:f5:35:74:
         65:0b:73:1d:11:bf:8e:d8:0d:cb:1e:db:5a:ce:2d:1d:0d:77:
         76:85:b2:22:a8:07:d4:51:f4:3d:bf:8b:c9:34:78:9a:4a:50:
         cb:c9:54:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkySvp5PadRg6guXi7YXjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOTJmMjJhNzhhODA3MWIwMmEzNjJhOGRiMzNlOGYzZjcy
ZGQzNDgwHhcNMjQwMTAxMTAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjljNjk2MDM2YzQ0MDUzM2E5ODkxZGVhM2VjN2RlYTRkMjAwNzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkif3oFX9UsSPkXWN/V3OEWILT1VN
IREn3RW85vM1Vt67ytLc/Z3axot58KCT3S0QzI2MTXaJdut+518k/zJ5rbUXeTjK
XC1cQbtH2Fv2J5NkaRaXUDgC3quoUbondaIf0rbcZXofcP0JAOSmoRP8IjE+g/zi
Ez3RE/r33PCY6TtLKWzX9nnIjfiVo2vnpvhdmPQqnPCGtMzU31U3ncvZUk5tZe+m
GIOpt0kk88g3LNNS0cNChUcJqq7EzZbO5kVneJxnXAjNF5lw/fTwlOma3YVqyql9
g4b6Z7cAEM35s6lw2PugGSiRvlY0mjjKA/V7k6ZII95woLpbcz5RLFumjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDacaWA2xEBTOpiR3qPsfepNIAdYMB8GA1UdIwQY
MBaAFHGS8ip4qAcbAqNiqNsz6PP3LdNIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1pMeUtuaW9CeHNDbzJLbzJ6UG84X2N0MDBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9mNzQ1M2QtOTZlYy00ZDRlLTlmM2Ut
MGU4YmM4ZTgxMmVlLzEvTnB4cFlEYkVRRk02bUpIZW8teDk2azBnQjFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9mNzQ1M2QtOTZlYy00ZDRlLTlmM2UtMGU4YmM4ZTgxMmVl
LzEvY1pMeUtuaW9CeHNDbzJLbzJ6UG84X2N0MDBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJFvMA0G
CSqGSIb3DQEBCwUAA4IBAQBMI/V/HPqtA0BU1C4LCd8PxVYIa1Mt3tOGDUA9DI4r
+yE8l6xD4+ScpgeDbSGJw42jxZFsuo5aEdbX2Y1DrEdhNKMFVI9pjtHE7kIvpUU6
z7iJpnnjoIII2iLgHt52B8lTtBO+cJMXnCltfKdGFopDkZjJFU8ZPNf6RliiyEjn
u4XwtzuJKX8LF+ZTqN2yM6ES3bazp0pTCyoWWRZGAyrJcDtqAYKHPkTlZw/kJX19
xTyGf6NP/5eIPU3E63kZiItPEd8Q7n30tdoMTabvh8/rAoncXCf1NXRlC3MdEb+O
2A3LHttazi0dDXd2hbIiqAfUUfQ9v4vJNHiaSlDLyVTS
-----END CERTIFICATE-----