Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/nhcnNBDUFPzCBrEN2Solnkm7AqE.roa
File:                     nhcnNBDUFPzCBrEN2Solnkm7AqE.roa (raw, json)
Hash identifier:          6PvCSFTzYfoW60wSLreDHIp65dobawP7ylMF2UVCSNY=
Subject key identifier:   9E:17:27:34:10:D4:14:FC:C2:06:B1:0D:D9:2A:25:9E:49:BB:02:A1
Certificate issuer:       /CN=cc40d96242b082efe5b4f2258820b3059396198d
Certificate serial:       018CC2DADA0F2A30C213321CD1D684057603
Authority key identifier: CC:40:D9:62:42:B0:82:EF:E5:B4:F2:25:88:20:B3:05:93:96:19:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zEDZYkKwgu_ltPIliCCzBZOWGY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/nhcnNBDUFPzCBrEN2Solnkm7AqE.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39210
IP address blocks:        185.235.148.0/22 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/zEDZYkKwgu_ltPIliCCzBZOWGY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/zEDZYkKwgu_ltPIliCCzBZOWGY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zEDZYkKwgu_ltPIliCCzBZOWGY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:da:0f:2a:30:c2:13:32:1c:d1:d6:84:05:76:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc40d96242b082efe5b4f2258820b3059396198d
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e17273410d414fcc206b10dd92a259e49bb02a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:80:61:91:55:72:93:e6:37:01:b4:93:8c:e7:
                    4d:1a:f7:3e:9b:22:aa:cb:06:7c:62:3b:f6:7b:3d:
                    7e:88:8c:b3:cb:d5:a1:f8:f7:ba:a9:6d:d5:36:fd:
                    31:db:69:79:ce:c4:35:74:66:0e:62:3d:a7:d2:28:
                    fb:86:f0:f3:42:8c:15:91:0c:15:7a:96:2b:ff:9a:
                    66:6c:de:51:a0:3c:e1:2b:3b:d4:56:91:d9:47:9f:
                    17:d4:da:e1:09:fc:df:4d:70:d9:4d:b5:c4:b1:ea:
                    88:24:3e:74:63:81:67:5f:b5:18:76:ca:fd:a7:6e:
                    e6:3c:01:65:05:0d:bd:85:9a:7b:aa:50:c3:b2:02:
                    a6:2a:b5:a9:b0:8c:61:7d:fa:55:46:6d:c1:82:a8:
                    e4:46:8a:b2:8f:6b:5a:97:cb:4b:68:ed:f3:4f:86:
                    bd:c7:c9:a2:c7:9b:8a:ea:f5:1f:25:33:49:1b:a1:
                    30:82:d4:4b:71:90:87:04:eb:19:21:a9:2a:57:ef:
                    d2:5b:01:4f:c8:d4:ef:e0:3d:8e:e5:4e:d0:c2:af:
                    ad:15:39:5d:c6:54:d1:0a:6c:52:bd:2a:a9:55:0b:
                    12:43:6c:9d:03:73:a8:ef:ba:32:db:e9:14:c7:c7:
                    b8:7e:92:75:71:50:a8:0c:06:b4:ab:f0:c5:26:22:
                    7c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:17:27:34:10:D4:14:FC:C2:06:B1:0D:D9:2A:25:9E:49:BB:02:A1
            X509v3 Authority Key Identifier:
                keyid:CC:40:D9:62:42:B0:82:EF:E5:B4:F2:25:88:20:B3:05:93:96:19:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zEDZYkKwgu_ltPIliCCzBZOWGY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/nhcnNBDUFPzCBrEN2Solnkm7AqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/1aa69f-db55-4fba-bce9-c1ebe61549cc/1/zEDZYkKwgu_ltPIliCCzBZOWGY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:ad:9a:ac:8a:b0:21:fe:38:51:91:e1:49:88:a2:f7:21:a0:
         51:ac:5a:d6:d4:6b:fe:b5:35:f6:d4:b6:f8:8f:f6:c4:6c:17:
         2a:80:b2:1c:bd:25:0b:0d:32:34:33:cc:ae:b4:c6:1f:9f:39:
         d6:11:02:39:7b:1e:ca:ae:e6:e9:ef:05:c4:13:cf:d1:85:29:
         96:de:e7:8f:69:35:33:29:0c:8b:90:07:37:78:b5:6b:d2:06:
         95:f2:ae:be:98:bb:ec:f6:3c:ca:51:28:1a:47:d8:89:1c:29:
         dc:38:5b:5e:73:4b:4c:76:31:e0:fa:93:bf:e2:fc:7c:7d:2e:
         a6:e3:9f:4f:df:8e:78:98:99:ff:2b:a5:e5:d1:50:16:91:b0:
         25:a2:e7:51:0c:f7:30:f5:43:37:de:06:39:d3:00:10:bc:50:
         a0:51:5d:70:f0:5f:13:6b:de:d6:c2:44:5d:5f:27:0e:2e:47:
         9e:d4:ad:6a:bc:03:e9:90:65:33:a3:b0:39:86:66:7f:a0:ae:
         f0:fc:74:44:b8:9b:23:c9:58:c7:e0:e1:ea:ef:7c:23:96:77:
         6f:e4:73:ab:c6:69:c2:8b:e5:e2:f1:6f:fd:fe:44:35:ba:af:
         94:d5:7f:32:e1:14:50:31:fa:00:fc:2b:bf:07:5e:53:59:9d:
         90:f4:cd:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2toPKjDCEzIc0daEBXYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNDBkOTYyNDJiMDgyZWZlNWI0ZjIyNTg4MjBiMzA1OTM5
NjE5OGQwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTE3MjczNDEwZDQxNGZjYzIwNmIxMGRkOTJhMjU5ZTQ5YmIwMmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIBhkVVyk+Y3AbSTjOdNGvc+myKq
ywZ8Yjv2ez1+iIyzy9Wh+Pe6qW3VNv0x22l5zsQ1dGYOYj2n0ij7hvDzQowVkQwV
epYr/5pmbN5RoDzhKzvUVpHZR58X1NrhCfzfTXDZTbXEseqIJD50Y4FnX7UYdsr9
p27mPAFlBQ29hZp7qlDDsgKmKrWpsIxhffpVRm3BgqjkRoqyj2tal8tLaO3zT4a9
x8mix5uK6vUfJTNJG6EwgtRLcZCHBOsZIakqV+/SWwFPyNTv4D2O5U7Qwq+tFTld
xlTRCmxSvSqpVQsSQ2ydA3Oo77oy2+kUx8e4fpJ1cVCoDAa0q/DFJiJ8twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ4XJzQQ1BT8wgaxDdkqJZ5JuwKhMB8GA1UdIwQY
MBaAFMxA2WJCsILv5bTyJYggswWTlhmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekVEWllrS3dndV9sdFBJbGlDQ3pCWk9XR1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS8xYWE2OWYtZGI1NS00ZmJhLWJjZTkt
YzFlYmU2MTU0OWNjLzEvbmhjbk5CRFVGUHpDQnJFTjJTb2xua203QXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS8xYWE2OWYtZGI1NS00ZmJhLWJjZTktYzFlYmU2MTU0OWNj
LzEvekVEWllrS3dndV9sdFBJbGlDQ3pCWk9XR1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueuUMA0G
CSqGSIb3DQEBCwUAA4IBAQC3rZqsirAh/jhRkeFJiKL3IaBRrFrW1Gv+tTX21Lb4
j/bEbBcqgLIcvSULDTI0M8yutMYfnznWEQI5ex7Krubp7wXEE8/RhSmW3uePaTUz
KQyLkAc3eLVr0gaV8q6+mLvs9jzKUSgaR9iJHCncOFtec0tMdjHg+pO/4vx8fS6m
459P3454mJn/K6Xl0VAWkbAloudRDPcw9UM33gY50wAQvFCgUV1w8F8Ta97WwkRd
XycOLkee1K1qvAPpkGUzo7A5hmZ/oK7w/HREuJsjyVjH4OHq73wjlndv5HOrxmnC
i+Xi8W/9/kQ1uq+U1X8y4RRQMfoA/Cu/B15TWZ2Q9M1U
-----END CERTIFICATE-----