Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/NDcvvFCbRQMBj6Ce7TxCvg78xRA.roa
File:                     NDcvvFCbRQMBj6Ce7TxCvg78xRA.roa (raw, json)
Hash identifier:          ZnoyCD71cWX9uJo81vQY/QbHbcImuSaohp8tyXcIjTI=
Subject key identifier:   34:37:2F:BC:50:9B:45:03:01:8F:A0:9E:ED:3C:42:BE:0E:FC:C5:10
Certificate issuer:       /CN=712f9cb3c298b150beb79080376f74bdeac438ac
Certificate serial:       018CC64A8AADA6533F19B704C222DFF283E2
Authority key identifier: 71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/NDcvvFCbRQMBj6Ce7TxCvg78xRA.roa
Signing time:             Mon 01 Jan 2024 18:30:23 +0000
ROA not before:           Mon 01 Jan 2024 18:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203433
IP address blocks:        185.22.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:8a:ad:a6:53:3f:19:b7:04:c2:22:df:f2:83:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=712f9cb3c298b150beb79080376f74bdeac438ac
        Validity
            Not Before: Jan  1 18:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34372fbc509b4503018fa09eed3c42be0efcc510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:57:2c:5b:04:85:2b:1c:6e:d7:42:42:8c:9b:
                    36:95:4f:d3:94:d1:84:14:a5:47:ee:dc:2d:89:31:
                    c8:36:4b:89:f8:d2:ed:1a:de:92:7a:43:0d:f9:2d:
                    4c:b2:c6:c6:f1:97:82:08:82:58:0f:85:89:5a:87:
                    4d:61:49:45:39:d6:f8:e4:da:0d:a2:b3:4c:e6:65:
                    9d:c6:85:c9:85:c9:df:e1:94:36:61:eb:7e:c8:27:
                    49:47:91:c9:db:6e:7f:e1:51:df:cd:71:38:be:61:
                    8e:f6:32:26:6a:73:8d:72:21:d8:cc:c0:81:78:28:
                    c8:bd:00:ba:2c:c1:cb:e3:c8:17:ba:bc:0f:7d:84:
                    9b:41:af:fa:e3:cc:81:a0:e3:54:c8:bf:18:87:2a:
                    5f:d4:54:da:a4:24:29:d9:de:5a:a2:12:e4:13:c9:
                    b9:a0:a4:10:ba:e1:60:79:8a:87:bf:82:e9:5a:fe:
                    51:d4:97:0c:f3:a4:99:b7:d6:c5:35:a3:ac:4e:7e:
                    7f:6a:fe:19:8b:96:40:71:e4:39:0d:74:df:43:9d:
                    88:bc:47:a2:7b:15:fd:5c:96:31:89:d0:ff:e4:46:
                    af:d9:82:3f:56:63:14:14:54:b8:d3:46:11:8e:0f:
                    9b:9c:ad:e6:01:1e:12:1e:7f:b2:a1:04:de:ab:98:
                    23:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:37:2F:BC:50:9B:45:03:01:8F:A0:9E:ED:3C:42:BE:0E:FC:C5:10
            X509v3 Authority Key Identifier:
                keyid:71:2F:9C:B3:C2:98:B1:50:BE:B7:90:80:37:6F:74:BD:EA:C4:38:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cS-cs8KYsVC-t5CAN290verEOKw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/NDcvvFCbRQMBj6Ce7TxCvg78xRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/e2e119-fd78-4b1a-b16a-987da4392056/1/cS-cs8KYsVC-t5CAN290verEOKw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:90:ac:cf:92:5b:3e:e5:51:ad:94:69:ef:ba:2e:17:09:d2:
         91:26:dd:d5:5f:3d:02:05:ed:e8:b2:3e:39:ba:71:9e:bf:44:
         07:de:7b:8c:c8:d5:59:a9:1e:b0:2e:3e:59:bf:eb:47:6a:c9:
         cc:c3:aa:b3:19:f7:fe:bb:2f:d5:2c:03:68:56:75:cc:e2:78:
         7c:f6:31:34:9e:1c:94:90:81:eb:d7:71:71:a2:76:ce:e0:62:
         07:f2:4e:b4:4b:b1:b9:f8:b5:4a:75:64:15:09:52:94:af:4a:
         1f:08:33:01:ab:ce:47:a1:c0:cd:75:b8:61:3a:f8:c7:72:9d:
         1e:8b:74:94:38:5e:49:f6:a9:91:c0:fe:9b:5d:09:15:19:a2:
         63:d1:a1:c1:e2:42:1a:73:46:83:5f:98:e4:1b:1d:6e:c4:2f:
         c1:dc:3c:78:4c:b5:5b:b0:02:73:39:a1:ab:ce:b3:8f:f8:52:
         3f:da:47:d1:24:e3:11:ee:74:c3:cd:2e:4c:81:7e:d2:25:81:
         0b:78:45:e0:fe:b1:2f:93:9e:3d:98:2b:df:3b:94:56:e5:77:
         cb:13:b6:6f:6d:c9:7f:ab:89:ba:a7:a0:3e:ea:a3:87:6a:0c:
         e7:bb:84:1d:5c:d4:64:34:5e:83:69:43:b8:87:86:f1:2d:ba:
         c2:b8:c9:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSoqtplM/GbcEwiLf8oPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMmY5Y2IzYzI5OGIxNTBiZWI3OTA4MDM3NmY3NGJkZWFj
NDM4YWMwHhcNMjQwMTAxMTgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDM3MmZiYzUwOWI0NTAzMDE4ZmEwOWVlZDNjNDJiZTBlZmNjNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVcsWwSFKxxu10JCjJs2lU/TlNGE
FKVH7twtiTHINkuJ+NLtGt6SekMN+S1MssbG8ZeCCIJYD4WJWodNYUlFOdb45NoN
orNM5mWdxoXJhcnf4ZQ2Yet+yCdJR5HJ225/4VHfzXE4vmGO9jImanONciHYzMCB
eCjIvQC6LMHL48gXurwPfYSbQa/648yBoONUyL8Yhypf1FTapCQp2d5aohLkE8m5
oKQQuuFgeYqHv4LpWv5R1JcM86SZt9bFNaOsTn5/av4Zi5ZAceQ5DXTfQ52IvEei
exX9XJYxidD/5Eav2YI/VmMUFFS400YRjg+bnK3mAR4SHn+yoQTeq5gjSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQ3L7xQm0UDAY+gnu08Qr4O/MUQMB8GA1UdIwQY
MBaAFHEvnLPCmLFQvreQgDdvdL3qxDisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEt
OTg3ZGE0MzkyMDU2LzEvTkRjdnZGQ2JSUU1CajZDZTdUeEN2Zzc4eFJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lMmUxMTktZmQ3OC00YjFhLWIxNmEtOTg3ZGE0MzkyMDU2
LzEvY1MtY3M4S1lzVkMtdDVDQU4yOTB2ZXJFT0t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRaDMA0G
CSqGSIb3DQEBCwUAA4IBAQALkKzPkls+5VGtlGnvui4XCdKRJt3VXz0CBe3osj45
unGev0QH3nuMyNVZqR6wLj5Zv+tHasnMw6qzGff+uy/VLANoVnXM4nh89jE0nhyU
kIHr13FxonbO4GIH8k60S7G5+LVKdWQVCVKUr0ofCDMBq85HocDNdbhhOvjHcp0e
i3SUOF5J9qmRwP6bXQkVGaJj0aHB4kIac0aDX5jkGx1uxC/B3Dx4TLVbsAJzOaGr
zrOP+FI/2kfRJOMR7nTDzS5MgX7SJYELeEXg/rEvk549mCvfO5RW5XfLE7Zvbcl/
q4m6p6A+6qOHagznu4QdXNRkNF6DaUO4h4bxLbrCuMkH
-----END CERTIFICATE-----