Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/NQIcJXW31dG_qFX3Hjd_tdhldlc.roa
File:                     NQIcJXW31dG_qFX3Hjd_tdhldlc.roa (raw, json)
Hash identifier:          XygXPAdl5tKzU0+8Q9pr4UdqqPhsNDv5MCexAeFEswg=
Subject key identifier:   35:02:1C:25:75:B7:D5:D1:BF:A8:55:F7:1E:37:7F:B5:D8:65:76:57
Certificate issuer:       /CN=9cb80bc4b597c176bd8538c188fec73da25e6e84
Certificate serial:       0192011BC09E1C0BF8CB19977CDB24927529
Authority key identifier: 9C:B8:0B:C4:B5:97:C1:76:BD:85:38:C1:88:FE:C7:3D:A2:5E:6E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/NQIcJXW31dG_qFX3Hjd_tdhldlc.roa
Signing time:             Tue 17 Sep 2024 17:50:48 +0000
ROA not before:           Tue 17 Sep 2024 17:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201364
IP address blocks:        185.163.128.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:01:1b:c0:9e:1c:0b:f8:cb:19:97:7c:db:24:92:75:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb80bc4b597c176bd8538c188fec73da25e6e84
        Validity
            Not Before: Sep 17 17:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35021c2575b7d5d1bfa855f71e377fb5d8657657
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:37:f5:00:3a:56:02:6e:da:40:a2:cc:96:c2:
                    39:4e:2b:56:85:ad:1a:21:47:dd:0b:c0:69:da:2a:
                    28:b8:44:a8:b1:5d:0b:9d:b6:cc:34:3b:50:98:e7:
                    65:34:1e:f1:b7:85:57:07:e8:f8:2b:e6:9d:eb:97:
                    cf:8d:21:6b:55:3d:5d:c5:8e:40:ae:f4:db:9f:f0:
                    2f:aa:da:f9:f9:5f:95:7f:03:7b:be:c1:f3:79:a1:
                    97:22:87:21:f2:88:79:95:b9:c8:30:ba:aa:81:6a:
                    24:bd:ab:bf:5f:50:ec:37:b9:48:45:eb:fd:f0:6b:
                    f4:47:45:2b:48:ce:65:c3:82:52:66:20:56:03:08:
                    08:a3:dd:a7:ea:74:2d:57:a5:62:d1:2d:bd:ee:23:
                    2f:6d:fa:ba:ee:3b:f4:17:59:6c:45:eb:fc:24:9c:
                    b4:a9:59:96:25:73:28:69:ae:7b:a1:d0:50:80:6f:
                    af:a3:fd:dc:ed:05:3d:45:43:b4:f5:e0:64:1d:90:
                    49:1e:2e:46:b7:ac:de:2d:7e:b9:fc:9a:a4:7d:4d:
                    43:96:c9:6f:9d:3c:9b:51:fe:66:73:66:cf:35:74:
                    47:a1:6d:b9:0f:d6:72:ac:92:36:b8:ee:85:a8:70:
                    92:04:25:e9:77:b6:07:3e:53:0d:55:71:d9:74:40:
                    c2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:02:1C:25:75:B7:D5:D1:BF:A8:55:F7:1E:37:7F:B5:D8:65:76:57
            X509v3 Authority Key Identifier:
                keyid:9C:B8:0B:C4:B5:97:C1:76:BD:85:38:C1:88:FE:C7:3D:A2:5E:6E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLgLxLWXwXa9hTjBiP7HPaJeboQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/NQIcJXW31dG_qFX3Hjd_tdhldlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/720c04-e9c7-48b2-8fec-9cfe1b57cd20/1/nLgLxLWXwXa9hTjBiP7HPaJeboQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.163.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:d5:f7:4b:e7:d3:c6:b2:a1:1e:9e:9d:92:3d:5d:9e:d5:5e:
         c6:dc:1b:a3:ca:99:97:1b:7c:a6:de:fa:08:2f:10:92:f2:b5:
         ba:1b:5b:25:11:38:b2:3e:5d:a2:5d:e9:53:49:9c:11:73:e1:
         fc:be:33:f7:1e:19:49:84:bd:fc:2b:e8:3a:5c:58:db:6e:67:
         09:01:bb:5b:0e:29:78:7a:ae:68:97:01:d6:c2:f6:54:c1:01:
         a4:46:d3:4a:2a:31:c0:28:75:1d:c4:c0:17:97:01:67:2b:a0:
         5e:26:29:bf:9d:8a:98:12:4c:f4:ae:52:4e:38:77:2a:79:42:
         f6:98:93:94:57:d6:af:68:63:24:08:e4:a2:83:e0:12:4e:d4:
         c4:47:0a:3e:00:3b:6b:f1:3a:a4:e0:e3:4a:7b:f5:3d:cd:cd:
         88:60:74:dd:bf:aa:1f:6c:cc:ef:be:e3:15:4f:74:7b:1f:3d:
         df:a0:40:06:2e:ba:5d:93:ff:b8:23:ab:dd:5b:e4:42:62:0a:
         b3:08:96:d1:6b:04:75:2f:31:34:2d:77:80:bd:04:f7:d0:2e:
         3b:fe:88:ec:d5:1c:e6:74:5a:e1:3e:cd:20:36:a3:91:68:56:
         86:18:8e:1b:8d:19:35:0f:7b:35:2d:91:e7:78:64:9e:69:e8:
         c2:3e:56:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIBG8CeHAv4yxmXfNskknUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjgwYmM0YjU5N2MxNzZiZDg1MzhjMTg4ZmVjNzNkYTI1
ZTZlODQwHhcNMjQwOTE3MTc1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTAyMWMyNTc1YjdkNWQxYmZhODU1ZjcxZTM3N2ZiNWQ4NjU3NjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3jf1ADpWAm7aQKLMlsI5TitWha0a
IUfdC8Bp2ioouESosV0LnbbMNDtQmOdlNB7xt4VXB+j4K+ad65fPjSFrVT1dxY5A
rvTbn/Avqtr5+V+VfwN7vsHzeaGXIoch8oh5lbnIMLqqgWokvau/X1DsN7lIRev9
8Gv0R0UrSM5lw4JSZiBWAwgIo92n6nQtV6Vi0S297iMvbfq67jv0F1lsRev8JJy0
qVmWJXMoaa57odBQgG+vo/3c7QU9RUO09eBkHZBJHi5Gt6zeLX65/JqkfU1Dlslv
nTybUf5mc2bPNXRHoW25D9ZyrJI2uO6FqHCSBCXpd7YHPlMNVXHZdEDC3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUCHCV1t9XRv6hV9x43f7XYZXZXMB8GA1UdIwQY
MBaAFJy4C8S1l8F2vYU4wYj+xz2iXm6EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxnTHhMV1h3WGE5aFRqQmlQN0hQYUplYm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi83MjBjMDQtZTljNy00OGIyLThmZWMt
OWNmZTFiNTdjZDIwLzEvTlFJY0pYVzMxZEdfcUZYM0hqZF90ZGhsZGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi83MjBjMDQtZTljNy00OGIyLThmZWMtOWNmZTFiNTdjZDIw
LzEvbkxnTHhMV1h3WGE5aFRqQmlQN0hQYUplYm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaOAMA0G
CSqGSIb3DQEBCwUAA4IBAQAV1fdL59PGsqEenp2SPV2e1V7G3BujypmXG3ym3voI
LxCS8rW6G1slETiyPl2iXelTSZwRc+H8vjP3HhlJhL38K+g6XFjbbmcJAbtbDil4
eq5olwHWwvZUwQGkRtNKKjHAKHUdxMAXlwFnK6BeJim/nYqYEkz0rlJOOHcqeUL2
mJOUV9avaGMkCOSig+ASTtTERwo+ADtr8Tqk4ONKe/U9zc2IYHTdv6ofbMzvvuMV
T3R7Hz3foEAGLrpdk/+4I6vdW+RCYgqzCJbRawR1LzE0LXeAvQT30C47/ojs1Rzm
dFrhPs0gNqORaFaGGI4bjRk1D3s1LZHneGSeaejCPlbs
-----END CERTIFICATE-----