Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/e1a472-14ef-46af-b4c9-e6f89903ee7d/1/NHNImCBH_MxRv8Fod8VWMISmV24.roa
File:                     NHNImCBH_MxRv8Fod8VWMISmV24.roa (raw, json)
Hash identifier:          EnGuV19hO5LsWJ9j4QFiS/Vjc6pIapw7dIwXEV6bmJ0=
Subject key identifier:   34:73:48:98:20:47:FC:CC:51:BF:C1:68:77:C5:56:30:84:A6:57:6E
Certificate issuer:       /CN=b56f0e2fe6da00d2cd01f73a1c7d264eaa722661
Certificate serial:       018D64F1FA29F6CC45B5A316A5B89A0CA751
Authority key identifier: B5:6F:0E:2F:E6:DA:00:D2:CD:01:F7:3A:1C:7D:26:4E:AA:72:26:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tW8OL-baANLNAfc6HH0mTqpyJmE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/e1a472-14ef-46af-b4c9-e6f89903ee7d/1/NHNImCBH_MxRv8Fod8VWMISmV24.roa
Signing time:             Thu 01 Feb 2024 13:53:16 +0000
ROA not before:           Thu 01 Feb 2024 13:53:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209281
IP address blocks:        86.62.20.0/24 maxlen: 24
                          86.62.21.0/24 maxlen: 24
                          86.62.22.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/e1a472-14ef-46af-b4c9-e6f89903ee7d/1/tW8OL-baANLNAfc6HH0mTqpyJmE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/e1a472-14ef-46af-b4c9-e6f89903ee7d/1/tW8OL-baANLNAfc6HH0mTqpyJmE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tW8OL-baANLNAfc6HH0mTqpyJmE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:f1:fa:29:f6:cc:45:b5:a3:16:a5:b8:9a:0c:a7:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b56f0e2fe6da00d2cd01f73a1c7d264eaa722661
        Validity
            Not Before: Feb  1 13:53:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=347348982047fccc51bfc16877c5563084a6576e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0d:56:17:43:bb:84:64:7f:56:45:f8:41:d2:
                    3f:d9:f8:a8:60:81:31:e4:f4:04:bc:16:e4:e7:33:
                    45:9f:84:f1:aa:20:c8:f2:5b:f5:e8:cd:b6:be:61:
                    21:1a:f4:7b:fe:a1:8a:20:20:e8:1e:8d:51:ac:82:
                    44:c8:47:77:67:2f:a2:ce:ae:aa:84:65:4f:f1:dd:
                    3e:c8:37:d8:fa:f8:22:73:f9:3e:8e:63:43:3f:19:
                    46:71:ca:b2:6b:8e:de:e8:b8:52:9f:56:41:7e:b2:
                    e7:33:35:49:ab:e7:1b:73:5e:4f:3c:92:84:34:82:
                    ec:ad:2a:b6:52:18:e5:07:f0:9d:aa:6f:bb:3e:78:
                    bf:8a:27:09:a1:91:9b:69:23:a2:08:9d:20:cf:4d:
                    94:ed:75:d1:a5:38:dc:94:c0:71:92:7e:19:0f:35:
                    dc:a0:96:c9:46:ed:fa:e9:8a:c7:68:4e:82:20:2f:
                    2b:47:32:20:23:e9:3b:9c:7c:43:fa:79:88:39:66:
                    42:fd:ee:c1:19:d0:65:f1:81:45:82:8f:70:26:fe:
                    0b:df:87:e8:68:06:53:3c:d3:ce:78:06:81:d2:b0:
                    4b:2c:98:42:fd:da:48:c2:73:ee:6c:06:21:31:72:
                    b5:d4:d4:22:b5:99:59:fd:22:28:e0:f6:d9:4e:f7:
                    ab:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:73:48:98:20:47:FC:CC:51:BF:C1:68:77:C5:56:30:84:A6:57:6E
            X509v3 Authority Key Identifier:
                keyid:B5:6F:0E:2F:E6:DA:00:D2:CD:01:F7:3A:1C:7D:26:4E:AA:72:26:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tW8OL-baANLNAfc6HH0mTqpyJmE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/e1a472-14ef-46af-b4c9-e6f89903ee7d/1/NHNImCBH_MxRv8Fod8VWMISmV24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/e1a472-14ef-46af-b4c9-e6f89903ee7d/1/tW8OL-baANLNAfc6HH0mTqpyJmE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:00:69:45:ea:b8:eb:e3:39:2a:85:08:dd:10:cd:a3:14:21:
         11:32:72:73:bf:69:4f:ef:1c:04:6a:63:ac:21:83:73:3f:b7:
         ed:2a:c5:09:64:b9:a8:78:62:2f:12:83:7b:07:fa:b4:9c:34:
         3f:66:4b:af:b5:6d:ed:37:4a:97:6d:89:a2:1d:3a:80:b3:44:
         9d:3e:53:a9:23:d1:f6:66:6f:9c:52:60:62:de:5f:07:6b:65:
         24:73:75:6a:e0:c8:a7:03:0e:02:d4:09:02:92:e0:22:ab:6d:
         96:45:27:ef:84:66:f6:e3:00:05:f2:85:8a:b5:18:93:b1:17:
         b2:23:dc:49:68:e0:e0:bf:73:72:55:f8:a7:91:3f:34:89:a3:
         bb:a1:7d:ff:b0:1b:1d:42:9a:53:fa:c1:ce:2d:9b:d4:bc:bc:
         89:06:de:8f:84:e9:9d:0b:47:85:2f:e3:9d:62:12:8a:0f:de:
         20:70:2d:bd:bf:5f:8c:5c:92:7b:6f:8e:b7:d7:d1:af:9d:18:
         25:a5:0f:6b:11:98:ec:fc:47:6f:6b:a4:0d:fe:2a:3a:a3:83:
         70:bc:81:79:95:7e:82:b4:0d:1f:d3:b6:60:ae:ba:34:49:6e:
         d6:85:61:22:7d:37:a5:86:cc:e7:3f:0f:74:69:f2:ac:29:ec:
         68:11:4f:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1k8fop9sxFtaMWpbiaDKdRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NmYwZTJmZTZkYTAwZDJjZDAxZjczYTFjN2QyNjRlYWE3
MjI2NjEwHhcNMjQwMjAxMTM1MzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDczNDg5ODIwNDdmY2NjNTFiZmMxNjg3N2M1NTYzMDg0YTY1NzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkg1WF0O7hGR/VkX4QdI/2fioYIEx
5PQEvBbk5zNFn4TxqiDI8lv16M22vmEhGvR7/qGKICDoHo1RrIJEyEd3Zy+izq6q
hGVP8d0+yDfY+vgic/k+jmNDPxlGccqya47e6LhSn1ZBfrLnMzVJq+cbc15PPJKE
NILsrSq2UhjlB/Cdqm+7Pni/iicJoZGbaSOiCJ0gz02U7XXRpTjclMBxkn4ZDzXc
oJbJRu366YrHaE6CIC8rRzIgI+k7nHxD+nmIOWZC/e7BGdBl8YFFgo9wJv4L34fo
aAZTPNPOeAaB0rBLLJhC/dpIwnPubAYhMXK11NQitZlZ/SIo4PbZTverTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDRzSJggR/zMUb/BaHfFVjCEplduMB8GA1UdIwQY
MBaAFLVvDi/m2gDSzQH3Ohx9Jk6qciZhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFc4T0wtYmFBTkxOQWZjNkhIMG1UcXB5Sm1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9lMWE0NzItMTRlZi00NmFmLWI0Yzkt
ZTZmODk5MDNlZTdkLzEvTkhOSW1DQkhfTXhSdjhGb2Q4VldNSVNtVjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9lMWE0NzItMTRlZi00NmFmLWI0YzktZTZmODk5MDNlZTdk
LzEvdFc4T0wtYmFBTkxOQWZjNkhIMG1UcXB5Sm1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVj4UMA0G
CSqGSIb3DQEBCwUAA4IBAQARAGlF6rjr4zkqhQjdEM2jFCERMnJzv2lP7xwEamOs
IYNzP7ftKsUJZLmoeGIvEoN7B/q0nDQ/ZkuvtW3tN0qXbYmiHTqAs0SdPlOpI9H2
Zm+cUmBi3l8Ha2Ukc3Vq4MinAw4C1AkCkuAiq22WRSfvhGb24wAF8oWKtRiTsRey
I9xJaODgv3NyVfinkT80iaO7oX3/sBsdQppT+sHOLZvUvLyJBt6PhOmdC0eFL+Od
YhKKD94gcC29v1+MXJJ7b46319GvnRglpQ9rEZjs/Edva6QN/io6o4NwvIF5lX6C
tA0f07Zgrro0SW7WhWEifTelhsznPw90afKsKexoEU83
-----END CERTIFICATE-----