Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/NLaLYmyXDZD9NqintBf7Le8AkNI.roa
File:                     NLaLYmyXDZD9NqintBf7Le8AkNI.roa (raw, json)
Hash identifier:          KhBghvrV85xuFDJEMFHFtQONtITbsHTcDUEqgQHK7M8=
Subject key identifier:   34:B6:8B:62:6C:97:0D:90:FD:36:A8:A7:B4:17:FB:2D:EF:00:90:D2
Certificate issuer:       /CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
Certificate serial:       01905F33572AC726D8D3F85A04A2EAF18C35
Authority key identifier: 40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/NLaLYmyXDZD9NqintBf7Le8AkNI.roa
Signing time:             Fri 28 Jun 2024 14:15:18 +0000
ROA not before:           Fri 28 Jun 2024 14:15:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24961
IP address blocks:        92.60.64.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5f:33:57:2a:c7:26:d8:d3:f8:5a:04:a2:ea:f1:8c:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40dde71b41bffb1b516e07b0c61391bdf4d3bf11
        Validity
            Not Before: Jun 28 14:15:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34b68b626c970d90fd36a8a7b417fb2def0090d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:64:33:5f:14:b1:68:fa:83:96:ba:ff:bb:69:
                    b8:09:c9:08:2b:5c:a7:ae:74:5d:ed:a4:53:f7:4c:
                    b9:21:13:a0:e3:da:99:7b:c9:93:fc:ab:48:93:a5:
                    45:c4:2f:a6:53:da:2c:a4:6f:40:40:ec:64:5b:9e:
                    ea:6e:25:f9:82:2e:cf:9f:45:c1:92:10:c2:05:b9:
                    25:04:74:88:8c:34:f4:d2:b1:c8:ae:e7:ea:22:d1:
                    64:d4:a4:b0:14:41:22:d6:b1:02:c1:5f:1f:40:64:
                    2f:90:1d:f8:9c:01:d5:c5:fb:f7:80:77:aa:06:a3:
                    66:8b:f4:4c:2c:4d:5f:88:5e:bf:2c:43:78:b1:43:
                    fe:7e:bb:dd:cd:35:15:94:ed:4d:1f:6c:b5:55:a4:
                    cd:47:b0:8d:d6:da:42:bf:0c:a0:51:96:8a:64:21:
                    c0:51:b4:64:cb:e5:9a:34:f0:0f:87:fc:de:d4:59:
                    30:c4:7f:ff:02:67:75:e9:0f:63:53:af:97:f3:99:
                    16:c4:51:e0:d8:9f:39:ed:0b:af:48:02:55:72:0e:
                    35:3a:36:c7:c6:22:9a:3d:00:2b:7d:75:7f:0a:11:
                    89:b1:4a:a2:e1:64:cf:95:87:39:b4:4a:8c:df:04:
                    e6:42:fd:51:40:92:b7:cf:48:6a:ce:16:23:99:04:
                    57:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B6:8B:62:6C:97:0D:90:FD:36:A8:A7:B4:17:FB:2D:EF:00:90:D2
            X509v3 Authority Key Identifier:
                keyid:40:DD:E7:1B:41:BF:FB:1B:51:6E:07:B0:C6:13:91:BD:F4:D3:BF:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QN3nG0G_-xtRbgewxhORvfTTvxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/NLaLYmyXDZD9NqintBf7Le8AkNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/9562bf-92bc-46eb-9d16-2badce466853/1/QN3nG0G_-xtRbgewxhORvfTTvxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.64.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:25:1b:0f:99:21:5d:88:3d:88:f2:be:ef:46:36:7d:cd:38:
         fb:fb:b3:f4:d7:65:41:6d:1d:34:fa:11:18:7b:6e:28:f4:e8:
         b4:0e:81:87:ce:09:c9:d6:dd:b6:c0:40:32:fa:b9:83:6d:72:
         57:85:44:cb:c4:2e:11:dc:b3:52:36:88:c4:46:85:67:4d:3a:
         bd:f1:70:42:33:f4:f7:2e:ad:60:e4:1f:99:21:70:4c:ef:00:
         5a:d9:60:fa:8d:2d:92:ad:c4:03:57:a9:16:ff:7d:c1:4d:62:
         16:e0:46:77:b0:72:11:c2:a5:2f:b2:d6:19:b3:a0:d2:20:90:
         42:de:f6:54:68:2c:34:a5:c1:3c:3c:61:2a:03:ee:2b:7a:cc:
         38:1b:b3:1f:d2:ce:6a:76:f3:a3:59:4d:f8:33:1e:b7:fe:f6:
         da:fc:60:77:87:27:08:53:7f:64:0d:d4:d8:ad:b6:e4:5d:53:
         a9:ae:04:43:d0:35:67:c7:7a:84:6f:17:aa:c9:04:49:06:b4:
         de:e6:da:9b:2b:4a:29:97:74:b9:20:fc:cd:26:5c:ad:9a:2b:
         fc:f4:70:1e:20:9a:b5:5e:3e:c0:ae:2c:0f:7e:04:47:ad:89:
         dd:17:13:6b:0b:56:02:e9:b2:50:82:21:05:e7:8c:95:79:24:
         ed:48:db:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBfM1cqxybY0/haBKLq8Yw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZGRlNzFiNDFiZmZiMWI1MTZlMDdiMGM2MTM5MWJkZjRk
M2JmMTEwHhcNMjQwNjI4MTQxNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGI2OGI2MjZjOTcwZDkwZmQzNmE4YTdiNDE3ZmIyZGVmMDA5MGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA62QzXxSxaPqDlrr/u2m4CckIK1yn
rnRd7aRT90y5IROg49qZe8mT/KtIk6VFxC+mU9ospG9AQOxkW57qbiX5gi7Pn0XB
khDCBbklBHSIjDT00rHIrufqItFk1KSwFEEi1rECwV8fQGQvkB34nAHVxfv3gHeq
BqNmi/RMLE1fiF6/LEN4sUP+frvdzTUVlO1NH2y1VaTNR7CN1tpCvwygUZaKZCHA
UbRky+WaNPAPh/ze1FkwxH//Amd16Q9jU6+X85kWxFHg2J857QuvSAJVcg41OjbH
xiKaPQArfXV/ChGJsUqi4WTPlYc5tEqM3wTmQv1RQJK3z0hqzhYjmQRXoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDS2i2Jslw2Q/Taop7QX+y3vAJDSMB8GA1UdIwQY
MBaAFEDd5xtBv/sbUW4HsMYTkb30078RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYt
MmJhZGNlNDY2ODUzLzEvTkxhTFlteVhEWkQ5TnFpbnRCZjdMZThBa05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy85NTYyYmYtOTJiYy00NmViLTlkMTYtMmJhZGNlNDY2ODUz
LzEvUU4zbkcwR18teHRSYmdld3hoT1J2ZlRUdnhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXDxAMA0G
CSqGSIb3DQEBCwUAA4IBAQCGJRsPmSFdiD2I8r7vRjZ9zTj7+7P012VBbR00+hEY
e24o9Oi0DoGHzgnJ1t22wEAy+rmDbXJXhUTLxC4R3LNSNojERoVnTTq98XBCM/T3
Lq1g5B+ZIXBM7wBa2WD6jS2SrcQDV6kW/33BTWIW4EZ3sHIRwqUvstYZs6DSIJBC
3vZUaCw0pcE8PGEqA+4resw4G7Mf0s5qdvOjWU34Mx63/vba/GB3hycIU39kDdTY
rbbkXVOprgRD0DVnx3qEbxeqyQRJBrTe5tqbK0opl3S5IPzNJlytmiv89HAeIJq1
Xj7AriwPfgRHrYndFxNrC1YC6bJQgiEF54yVeSTtSNuB
-----END CERTIFICATE-----