Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/NA1QW9wf3yOt69j2pcdrqlbho50.roa
File:                     NA1QW9wf3yOt69j2pcdrqlbho50.roa (raw, json)
Hash identifier:          HjARXMVaJtTPKAb9hXMDlz9j/jpfi+tlmdygS/3XzKw=
Subject key identifier:   34:0D:50:5B:DC:1F:DF:23:AD:EB:D8:F6:A5:C7:6B:AA:56:E1:A3:9D
Certificate issuer:       /CN=83b5b4913cc78e40803c00bec6b1a9dc48ff3684
Certificate serial:       0192013D9FBFA4FD2BB24E6C129F63404BAE
Authority key identifier: 83:B5:B4:91:3C:C7:8E:40:80:3C:00:BE:C6:B1:A9:DC:48:FF:36:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/NA1QW9wf3yOt69j2pcdrqlbho50.roa
Signing time:             Tue 17 Sep 2024 18:27:48 +0000
ROA not before:           Tue 17 Sep 2024 18:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        185.115.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:01:3d:9f:bf:a4:fd:2b:b2:4e:6c:12:9f:63:40:4b:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83b5b4913cc78e40803c00bec6b1a9dc48ff3684
        Validity
            Not Before: Sep 17 18:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=340d505bdc1fdf23adebd8f6a5c76baa56e1a39d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d1:04:49:59:82:a9:83:f0:37:d0:66:72:90:
                    6e:e9:79:c1:0b:66:6c:3b:a6:3e:f1:86:45:c7:7b:
                    05:a4:2c:ba:87:6c:b2:33:33:5b:5a:7a:37:3e:a9:
                    28:3c:38:04:fd:d9:92:df:87:bd:98:f4:7b:bd:41:
                    3a:33:49:06:e6:78:81:78:4c:c1:04:ca:bf:bb:3d:
                    04:53:bc:29:e7:38:02:19:f0:8e:51:f5:5f:f5:7d:
                    f0:01:e7:26:34:e0:b7:90:61:f9:c7:9c:26:be:d2:
                    eb:59:3f:b1:39:31:1d:1a:4f:d7:c8:bb:27:50:55:
                    b5:2c:8e:a0:86:e3:bf:8f:1e:ea:0f:80:13:75:27:
                    25:40:c7:43:19:55:e1:6c:a5:48:46:24:27:d1:f3:
                    53:19:ac:51:bc:ea:f1:f6:f6:0d:77:a3:c6:85:3a:
                    49:46:c8:52:0b:3d:16:ba:d2:81:ff:e4:d3:74:80:
                    81:11:25:88:1e:30:ad:f7:cc:82:57:84:a8:e6:64:
                    c4:fe:12:93:b2:34:99:b1:b5:53:fc:2f:0c:99:f2:
                    6a:1b:2e:d6:62:20:c6:11:ec:dc:65:c9:f8:3d:24:
                    38:4e:1a:a5:d3:74:0f:9b:a2:61:fb:ac:0b:bd:39:
                    75:46:41:9f:9e:95:7d:98:ed:39:20:d1:9a:b0:c7:
                    41:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:0D:50:5B:DC:1F:DF:23:AD:EB:D8:F6:A5:C7:6B:AA:56:E1:A3:9D
            X509v3 Authority Key Identifier:
                keyid:83:B5:B4:91:3C:C7:8E:40:80:3C:00:BE:C6:B1:A9:DC:48:FF:36:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/NA1QW9wf3yOt69j2pcdrqlbho50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/dc573d-a3db-41f9-8c3f-867965eb50ca/1/g7W0kTzHjkCAPAC-xrGp3Ej_NoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:17:1d:67:fd:b1:58:19:f5:68:4d:7f:b4:c0:97:1d:ac:69:
         25:f1:ad:94:dd:a3:2b:47:8e:5c:93:41:79:b9:5a:be:94:fc:
         fa:e4:bf:cd:74:84:2f:0c:d0:cf:91:f5:e7:6c:91:11:0b:74:
         9c:c9:fa:fd:48:68:3e:58:ea:b9:8e:49:18:af:f5:8e:a0:2e:
         87:10:24:0d:f1:74:27:da:85:61:73:99:58:95:f2:19:10:f2:
         3d:cb:e0:6a:50:f5:29:6b:a6:00:db:d5:b1:80:98:31:8b:67:
         a3:34:44:40:99:93:2c:07:27:f1:52:23:c5:5e:8b:6e:41:a3:
         e3:fa:df:52:e1:e2:0f:c4:59:15:40:bc:14:54:81:b9:b3:1b:
         e0:4b:6c:4e:df:9b:01:82:c0:89:a8:c3:fd:7d:86:16:a9:47:
         a3:d8:10:96:d2:63:9e:d9:84:72:68:33:1f:fb:10:93:29:2d:
         9c:a5:cc:6b:52:2d:b6:f7:c5:ed:64:f3:60:a2:5a:d0:b6:97:
         bf:f5:ef:6f:08:8f:87:a9:6f:99:54:07:ee:6d:24:65:42:86:
         f4:d6:3d:ab:93:1e:06:36:a2:c4:21:70:4f:9d:43:b2:3f:11:
         0f:82:66:4c:38:a7:e4:7c:0a:8f:a7:21:1f:dc:96:f3:2e:8c:
         20:b2:74:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIBPZ+/pP0rsk5sEp9jQEuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzYjViNDkxM2NjNzhlNDA4MDNjMDBiZWM2YjFhOWRjNDhm
ZjM2ODQwHhcNMjQwOTE3MTgyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDBkNTA1YmRjMWZkZjIzYWRlYmQ4ZjZhNWM3NmJhYTU2ZTFhMzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9EESVmCqYPwN9BmcpBu6XnBC2Zs
O6Y+8YZFx3sFpCy6h2yyMzNbWno3PqkoPDgE/dmS34e9mPR7vUE6M0kG5niBeEzB
BMq/uz0EU7wp5zgCGfCOUfVf9X3wAecmNOC3kGH5x5wmvtLrWT+xOTEdGk/XyLsn
UFW1LI6ghuO/jx7qD4ATdSclQMdDGVXhbKVIRiQn0fNTGaxRvOrx9vYNd6PGhTpJ
RshSCz0WutKB/+TTdICBESWIHjCt98yCV4So5mTE/hKTsjSZsbVT/C8MmfJqGy7W
YiDGEezcZcn4PSQ4Thql03QPm6Jh+6wLvTl1RkGfnpV9mO05INGasMdBrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQNUFvcH98jrevY9qXHa6pW4aOdMB8GA1UdIwQY
MBaAFIO1tJE8x45AgDwAvsaxqdxI/zaEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzdXMGtUekhqa0NBUEFDLXhyR3AzRWpfTm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9kYzU3M2QtYTNkYi00MWY5LThjM2Yt
ODY3OTY1ZWI1MGNhLzEvTkExUVc5d2YzeU90NjlqMnBjZHJxbGJobzUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9kYzU3M2QtYTNkYi00MWY5LThjM2YtODY3OTY1ZWI1MGNh
LzEvZzdXMGtUekhqa0NBUEFDLXhyR3AzRWpfTm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOhMA0G
CSqGSIb3DQEBCwUAA4IBAQB6Fx1n/bFYGfVoTX+0wJcdrGkl8a2U3aMrR45ck0F5
uVq+lPz65L/NdIQvDNDPkfXnbJERC3Scyfr9SGg+WOq5jkkYr/WOoC6HECQN8XQn
2oVhc5lYlfIZEPI9y+BqUPUpa6YA29WxgJgxi2ejNERAmZMsByfxUiPFXotuQaPj
+t9S4eIPxFkVQLwUVIG5sxvgS2xO35sBgsCJqMP9fYYWqUej2BCW0mOe2YRyaDMf
+xCTKS2cpcxrUi2298XtZPNgolrQtpe/9e9vCI+HqW+ZVAfubSRlQob01j2rkx4G
NqLEIXBPnUOyPxEPgmZMOKfkfAqPpyEf3JbzLowgsnTy
-----END CERTIFICATE-----