Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/NC1nxD09jYp2y9Xm_icqz66UFSo.roa
File:                     NC1nxD09jYp2y9Xm_icqz66UFSo.roa (raw, json)
Hash identifier:          HYUTEjqYmfRgeoCSJy/IWyPBJHU/RxX4QiK0iiHevow=
Subject key identifier:   34:2D:67:C4:3D:3D:8D:8A:76:CB:D5:E6:FE:27:2A:CF:AE:94:15:2A
Certificate issuer:       /CN=38a8550659bb68e770d8b0126b7261fb87d8240b
Certificate serial:       018CCA2BD9083883501E2656FA82F23B9D09
Authority key identifier: 38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/NC1nxD09jYp2y9Xm_icqz66UFSo.roa
Signing time:             Tue 02 Jan 2024 12:35:20 +0000
ROA not before:           Tue 02 Jan 2024 12:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206353
IP address blocks:        185.186.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:d9:08:38:83:50:1e:26:56:fa:82:f2:3b:9d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38a8550659bb68e770d8b0126b7261fb87d8240b
        Validity
            Not Before: Jan  2 12:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=342d67c43d3d8d8a76cbd5e6fe272acfae94152a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ef:1e:4e:ba:2a:e8:c2:f2:ce:17:4d:54:f2:
                    c6:91:a8:d5:8e:78:86:23:1e:bd:d0:ed:e8:5d:a7:
                    86:08:81:b8:c3:a8:34:c1:a7:ff:dd:d0:1f:c4:67:
                    e3:86:f5:a8:a7:00:0f:3d:70:e7:c0:93:b7:e1:17:
                    24:e9:88:64:8a:b6:50:e1:14:fd:01:c5:cd:05:8d:
                    f9:6f:75:bf:69:c5:c2:32:cf:05:6e:eb:a7:fa:61:
                    35:ce:cd:80:5b:92:00:26:0e:51:e4:cc:35:dc:2d:
                    8c:81:6f:6d:1a:cb:69:b2:b1:85:b1:a4:65:49:56:
                    f1:5f:4c:c2:9e:a2:e3:e8:5b:42:b4:45:dc:0f:93:
                    b9:4a:ba:14:1d:03:e2:29:5d:dd:71:21:fc:d6:d2:
                    9f:43:48:33:03:97:34:3a:24:53:56:34:88:e4:9e:
                    d8:96:51:95:51:c6:f5:4c:77:a5:cb:a6:62:33:8b:
                    c1:ca:d9:83:4a:39:26:cb:7d:d6:3c:68:42:3f:48:
                    8f:b7:7a:82:bf:b7:a4:1a:23:33:b0:51:c4:04:5d:
                    55:9a:bb:f7:2a:3f:f2:60:f8:25:f5:6e:26:90:e6:
                    52:2a:10:6c:44:4a:a5:33:b2:27:18:1a:7d:16:be:
                    e1:63:c8:52:a6:94:58:77:27:1a:5b:bd:d7:32:80:
                    ec:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:2D:67:C4:3D:3D:8D:8A:76:CB:D5:E6:FE:27:2A:CF:AE:94:15:2A
            X509v3 Authority Key Identifier:
                keyid:38:A8:55:06:59:BB:68:E7:70:D8:B0:12:6B:72:61:FB:87:D8:24:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKhVBlm7aOdw2LASa3Jh-4fYJAs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/NC1nxD09jYp2y9Xm_icqz66UFSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/7dce73-c4df-4333-8e81-1d703b496634/1/OKhVBlm7aOdw2LASa3Jh-4fYJAs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:80:f8:ae:b0:b3:89:9d:5b:3b:84:c4:48:c3:c8:6a:04:39:
         52:25:5d:ed:8e:c2:b8:b4:92:62:cf:7b:8f:9b:32:45:a6:16:
         fd:53:7e:87:48:ca:02:97:09:d0:69:e7:c2:6f:e8:24:fa:2e:
         3d:16:45:1c:1f:d5:bf:18:95:ae:50:fb:23:57:70:5f:25:5e:
         43:a9:6f:d3:3f:58:fa:a6:15:ab:2e:24:07:95:2c:8f:8e:e9:
         96:36:18:e7:16:eb:66:b1:d0:b3:77:23:29:fc:6d:cc:06:ff:
         3e:e6:31:6f:cc:70:3d:ff:b9:db:04:c0:ad:10:ff:dc:56:91:
         24:19:31:88:51:0b:84:9f:fe:a7:6c:e1:75:be:09:2d:2f:ae:
         7b:0f:43:6e:0f:e2:bf:1a:0b:a7:e2:bf:07:8e:5b:16:79:d0:
         ed:a3:af:6f:ac:43:e9:c5:68:02:0b:5c:8a:21:1d:5d:d7:ed:
         f8:36:81:14:31:a6:3a:0f:7a:54:43:72:e7:d2:ed:1b:07:b0:
         10:ac:31:44:26:21:46:00:9f:d4:29:65:a8:16:b4:69:d4:21:
         a0:80:9d:11:90:e9:85:c4:41:06:f1:0e:15:d6:ca:1a:92:f6:
         a2:f1:80:25:e0:a1:dd:ef:bc:2f:5e:56:6e:f6:35:df:49:f2:
         8b:73:70:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK9kIOINQHiZW+oLyO50JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTg1NTA2NTliYjY4ZTc3MGQ4YjAxMjZiNzI2MWZiODdk
ODI0MGIwHhcNMjQwMTAyMTIzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDJkNjdjNDNkM2Q4ZDhhNzZjYmQ1ZTZmZTI3MmFjZmFlOTQxNTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAme8eTroq6MLyzhdNVPLGkajVjniG
Ix690O3oXaeGCIG4w6g0waf/3dAfxGfjhvWopwAPPXDnwJO34Rck6YhkirZQ4RT9
AcXNBY35b3W/acXCMs8Fbuun+mE1zs2AW5IAJg5R5Mw13C2MgW9tGstpsrGFsaRl
SVbxX0zCnqLj6FtCtEXcD5O5SroUHQPiKV3dcSH81tKfQ0gzA5c0OiRTVjSI5J7Y
llGVUcb1THely6ZiM4vBytmDSjkmy33WPGhCP0iPt3qCv7ekGiMzsFHEBF1Vmrv3
Kj/yYPgl9W4mkOZSKhBsREqlM7InGBp9Fr7hY8hSppRYdycaW73XMoDs5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQtZ8Q9PY2KdsvV5v4nKs+ulBUqMB8GA1UdIwQY
MBaAFDioVQZZu2jncNiwEmtyYfuH2CQLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEt
MWQ3MDNiNDk2NjM0LzEvTkMxbnhEMDlqWXAyeTlYbV9pY3F6NjZVRlNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi83ZGNlNzMtYzRkZi00MzMzLThlODEtMWQ3MDNiNDk2NjM0
LzEvT0toVkJsbTdhT2R3MkxBU2EzSmgtNGZZSkFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubqAMA0G
CSqGSIb3DQEBCwUAA4IBAQCbgPiusLOJnVs7hMRIw8hqBDlSJV3tjsK4tJJiz3uP
mzJFphb9U36HSMoClwnQaefCb+gk+i49FkUcH9W/GJWuUPsjV3BfJV5DqW/TP1j6
phWrLiQHlSyPjumWNhjnFutmsdCzdyMp/G3MBv8+5jFvzHA9/7nbBMCtEP/cVpEk
GTGIUQuEn/6nbOF1vgktL657D0NuD+K/Ggun4r8HjlsWedDto69vrEPpxWgCC1yK
IR1d1+34NoEUMaY6D3pUQ3Ln0u0bB7AQrDFEJiFGAJ/UKWWoFrRp1CGggJ0RkOmF
xEEG8Q4V1soakvai8YAl4KHd77wvXlZu9jXfSfKLc3D7
-----END CERTIFICATE-----