Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Nkdia3T-qNRJ3CTvJrXawzCi-fg.roa
File:                     Nkdia3T-qNRJ3CTvJrXawzCi-fg.roa (raw, json)
Hash identifier:          hQsz02qzDAl5ksERWlJv515J8QY25URISbAV1nw6RUs=
Subject key identifier:   36:47:62:6B:74:FE:A8:D4:49:DC:24:EF:26:B5:DA:C3:30:A2:F9:F8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018CCA2B58A5D2FEE8C4B77DDAD4FD646D43
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Nkdia3T-qNRJ3CTvJrXawzCi-fg.roa
Signing time:             Tue 02 Jan 2024 12:34:47 +0000
ROA not before:           Tue 02 Jan 2024 12:34:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57758
IP address blocks:        185.142.141.0/24 maxlen: 32
                          2a06:7a04::/43 maxlen: 128

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:58:a5:d2:fe:e8:c4:b7:7d:da:d4:fd:64:6d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  2 12:34:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3647626b74fea8d449dc24ef26b5dac330a2f9f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:77:04:47:d4:50:78:b8:1b:fd:fb:d1:f1:c9:
                    c3:7d:ee:31:7a:82:1b:e9:5b:bb:49:62:32:4d:fa:
                    80:a6:62:4c:2a:04:c7:65:83:55:33:9c:c8:da:ac:
                    08:0a:29:ef:4f:16:35:33:97:f1:6e:a1:0a:5f:e2:
                    ec:8f:19:2a:e7:58:67:7b:a7:47:d0:ad:a6:f5:d0:
                    b2:a2:76:a3:ea:07:bd:50:0c:c6:d4:f8:2e:43:0a:
                    03:ea:14:72:19:c9:37:0e:ca:5e:34:3e:52:53:a9:
                    46:79:1f:05:af:53:da:c3:89:65:69:6e:79:c5:b9:
                    2c:88:da:67:aa:15:b0:40:b6:5b:a3:5b:de:0c:7c:
                    09:b7:15:7f:e2:75:a7:9d:08:79:b5:06:4e:d9:27:
                    dd:22:d1:8f:82:b2:a4:5d:6f:e6:38:e9:c4:69:8a:
                    a5:74:45:03:85:e7:f9:9f:bd:c5:76:ef:c9:48:07:
                    3e:94:52:55:c2:8b:d3:55:63:85:0f:87:4a:a1:8d:
                    46:ca:94:d6:b5:2d:c1:7a:c1:46:4f:a3:b2:6b:b0:
                    bc:14:3a:ea:bd:41:e5:e4:66:c0:a7:84:4d:88:29:
                    35:36:25:71:e1:33:b6:c0:c3:78:3f:a5:5a:8d:11:
                    9b:08:bc:af:c8:5f:99:60:92:18:9e:0d:a2:d7:71:
                    ce:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:47:62:6B:74:FE:A8:D4:49:DC:24:EF:26:B5:DA:C3:30:A2:F9:F8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/Nkdia3T-qNRJ3CTvJrXawzCi-fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.142.141.0/24
                IPv6:
                  2a06:7a04::/43

    Signature Algorithm: sha256WithRSAEncryption
         5c:8f:94:52:81:b3:a2:58:eb:a2:a0:d1:01:ea:04:a5:c4:6a:
         7d:20:fc:63:c5:a2:4b:cf:69:b2:4a:1c:b2:a6:e4:86:31:0a:
         2b:d7:6e:4b:c3:16:d2:d1:c4:9d:76:6a:af:9f:2a:a1:ff:81:
         b9:21:cc:3c:61:aa:d0:43:f1:81:67:3b:bb:04:e3:66:f0:a8:
         f1:bb:f4:38:cb:5c:ad:b5:9a:fa:e9:5b:3b:c5:42:4a:6b:f3:
         d2:47:5e:91:67:ea:53:4e:3a:cb:b6:17:b0:64:b3:94:6b:18:
         7e:a7:27:02:d6:1c:47:67:85:5e:a2:42:a8:c1:7b:98:0d:c6:
         10:f5:e8:98:74:5b:74:b6:5d:b4:36:0a:1a:32:0d:94:87:23:
         98:90:42:f6:9d:44:59:79:b9:3b:e1:02:cf:85:c0:c1:17:67:
         ed:e4:57:49:36:d0:80:a1:9b:18:6d:77:99:4f:a9:90:35:ec:
         0b:62:d7:11:58:3e:71:59:4d:31:13:af:c7:57:e0:55:fe:c6:
         d6:f6:45:23:91:e6:95:f8:99:dc:60:40:a7:33:d0:7d:0b:05:
         dc:ba:43:c5:47:37:2f:9c:42:5c:84:4e:d2:22:c4:38:d8:69:
         96:5e:e5:6b:39:98:4a:a3:2a:cb:f7:2d:3c:4b:81:32:41:df:
         ce:fb:0d:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKK1il0v7oxLd92tT9ZG1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjQwMTAyMTIzNDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjQ3NjI2Yjc0ZmVhOGQ0NDlkYzI0ZWYyNmI1ZGFjMzMwYTJmOWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XcER9RQeLgb/fvR8cnDfe4xeoIb
6Vu7SWIyTfqApmJMKgTHZYNVM5zI2qwICinvTxY1M5fxbqEKX+Lsjxkq51hne6dH
0K2m9dCyonaj6ge9UAzG1PguQwoD6hRyGck3DspeND5SU6lGeR8Fr1Paw4llaW55
xbksiNpnqhWwQLZbo1veDHwJtxV/4nWnnQh5tQZO2SfdItGPgrKkXW/mOOnEaYql
dEUDhef5n73Fdu/JSAc+lFJVwovTVWOFD4dKoY1GypTWtS3BesFGT6Oya7C8FDrq
vUHl5GbAp4RNiCk1NiVx4TO2wMN4P6VajRGbCLyvyF+ZYJIYng2i13HO+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDZHYmt0/qjUSdwk7ya12sMwovn4MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvTmtkaWEzVC1xTlJKM0NUdkpyWGF3ekNpLWZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuY6NMA8E
AgACMAkDBwUqBnoEAAAwDQYJKoZIhvcNAQELBQADggEBAFyPlFKBs6JY66Kg0QHq
BKXEan0g/GPFokvPabJKHLKm5IYxCivXbkvDFtLRxJ12aq+fKqH/gbkhzDxhqtBD
8YFnO7sE42bwqPG79DjLXK21mvrpWzvFQkpr89JHXpFn6lNOOsu2F7Bks5RrGH6n
JwLWHEdnhV6iQqjBe5gNxhD16Jh0W3S2XbQ2ChoyDZSHI5iQQvadRFl5uTvhAs+F
wMEXZ+3kV0k20IChmxhtd5lPqZA17Ati1xFYPnFZTTETr8dX4FX+xtb2RSOR5pX4
mdxgQKcz0H0LBdy6Q8VHNy+cQlyETtIixDjYaZZe5Ws5mEqjKsv3LTxLgTJB3877
DcM=
-----END CERTIFICATE-----