Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/NTeC-NbINKuWXIN2JRj2jE73cMQ.roa
File:                     NTeC-NbINKuWXIN2JRj2jE73cMQ.roa (raw, json)
Hash identifier:          usN4QfuBj821Bx/aBMyN171iAsEpZjNXNiVf16Jr2OA=
Subject key identifier:   35:37:82:F8:D6:C8:34:AB:96:5C:83:76:25:18:F6:8C:4E:F7:70:C4
Certificate issuer:       /CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
Certificate serial:       01942068627134E02AB6976FF0A2D2A7DB95
Authority key identifier: C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/NTeC-NbINKuWXIN2JRj2jE73cMQ.roa
Signing time:             Wed 01 Jan 2025 05:48:19 +0000
ROA not before:           Wed 01 Jan 2025 05:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209155
IP address blocks:        185.16.231.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:62:71:34:e0:2a:b6:97:6f:f0:a2:d2:a7:db:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c61953c08980adc94f2fa3a3c1ba95c40d21e7d3
        Validity
            Not Before: Jan  1 05:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=353782f8d6c834ab965c83762518f68c4ef770c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:56:1f:63:4b:36:5c:4b:fd:e7:cd:e3:ec:98:
                    1e:61:9d:b8:8e:4d:dc:1a:ed:04:42:81:6d:f6:44:
                    6b:d6:e0:19:1c:3b:b5:25:8a:6b:37:bc:26:11:d9:
                    5e:8a:66:fb:a1:fc:cc:8e:f7:6f:dc:2f:d3:dd:e8:
                    f6:34:35:6f:f9:eb:e7:91:55:53:10:60:91:0f:da:
                    85:30:8a:69:89:36:82:4e:cd:cf:24:e3:53:6d:6e:
                    18:5c:fb:93:85:00:46:09:3e:46:1d:e7:18:cf:88:
                    4a:0e:2c:99:f9:2f:f2:f0:2f:cf:8c:91:8e:f4:8b:
                    af:5a:b1:44:fd:fe:d7:e1:09:70:46:ff:cb:6c:30:
                    98:a6:db:2c:1a:5d:c0:3e:88:9d:12:f4:b6:77:10:
                    60:63:66:9a:fc:a8:67:3f:48:6d:a6:b6:54:f4:d2:
                    99:4e:f4:20:34:29:62:2f:63:27:5c:24:fe:e4:d5:
                    d3:37:2e:74:d3:fa:c8:29:6b:51:73:4e:a6:fb:2b:
                    c6:78:96:66:51:43:90:93:69:2f:73:60:8b:f7:7f:
                    58:41:64:0a:90:e1:b6:8e:e2:58:6c:a4:b8:2c:fc:
                    75:97:51:f1:c5:9f:58:87:bc:cc:05:22:f8:7e:84:
                    dd:f8:ae:a1:9c:77:1e:7f:fa:86:fa:b8:59:27:76:
                    75:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:37:82:F8:D6:C8:34:AB:96:5C:83:76:25:18:F6:8C:4E:F7:70:C4
            X509v3 Authority Key Identifier:
                keyid:C6:19:53:C0:89:80:AD:C9:4F:2F:A3:A3:C1:BA:95:C4:0D:21:E7:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhlTwImArclPL6OjwbqVxA0h59M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/NTeC-NbINKuWXIN2JRj2jE73cMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e01285-660d-4cd2-ad1f-625245a00abf/1/xhlTwImArclPL6OjwbqVxA0h59M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.16.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:3c:a1:88:2a:38:21:38:86:0d:29:bb:e8:4a:15:5c:85:a6:
         03:3e:29:e0:5a:e9:cb:aa:c9:a7:63:99:64:ca:9b:ad:80:75:
         e9:5f:8f:41:a4:d9:80:55:5f:90:a1:0a:7b:dd:1a:f8:31:9c:
         81:ab:36:2f:3d:c3:d2:1a:3a:33:f2:6c:39:59:4f:c0:0f:5d:
         7d:12:90:a5:27:f9:02:5f:2a:92:81:df:6d:2f:f7:47:5e:f1:
         c3:74:24:a7:e9:e1:2a:60:98:40:c9:df:52:bb:52:30:b2:2a:
         65:8c:18:64:66:d2:80:89:0a:f8:bc:60:29:3d:16:d0:75:0e:
         27:6a:72:26:9e:19:17:e1:a9:da:98:53:99:75:9d:93:e9:d4:
         4c:3a:3e:c7:5c:db:60:d0:21:90:e7:fb:12:0c:92:e1:81:c7:
         d6:ad:37:9f:54:3e:1e:cd:cc:a7:53:ce:d9:ff:58:e7:84:f7:
         91:7b:c6:4b:2b:57:8d:45:f0:3f:29:c1:27:2b:3a:f9:a2:90:
         da:2f:57:ab:2e:34:c0:69:ce:56:20:f5:0d:28:3b:15:5c:53:
         21:75:a9:ac:21:18:92:e6:6f:40:89:65:48:c1:06:19:14:88:
         49:ed:62:18:fc:f0:0b:b8:34:dc:fb:46:1e:a2:6c:5a:c0:cf:
         de:9f:47:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGJxNOAqtpdv8KLSp9uVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTk1M2MwODk4MGFkYzk0ZjJmYTNhM2MxYmE5NWM0MGQy
MWU3ZDMwHhcNMjUwMTAxMDU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTM3ODJmOGQ2YzgzNGFiOTY1YzgzNzYyNTE4ZjY4YzRlZjc3MGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1YfY0s2XEv9583j7JgeYZ24jk3c
Gu0EQoFt9kRr1uAZHDu1JYprN7wmEdleimb7ofzMjvdv3C/T3ej2NDVv+evnkVVT
EGCRD9qFMIppiTaCTs3PJONTbW4YXPuThQBGCT5GHecYz4hKDiyZ+S/y8C/PjJGO
9IuvWrFE/f7X4QlwRv/LbDCYptssGl3APoidEvS2dxBgY2aa/KhnP0htprZU9NKZ
TvQgNCliL2MnXCT+5NXTNy500/rIKWtRc06m+yvGeJZmUUOQk2kvc2CL939YQWQK
kOG2juJYbKS4LPx1l1HxxZ9Yh7zMBSL4foTd+K6hnHcef/qG+rhZJ3Z1BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDU3gvjWyDSrllyDdiUY9oxO93DEMB8GA1UdIwQY
MBaAFMYZU8CJgK3JTy+jo8G6lcQNIefTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYt
NjI1MjQ1YTAwYWJmLzEvTlRlQy1OYklOS3VXWElOMkpSajJqRTczY01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lMDEyODUtNjYwZC00Y2QyLWFkMWYtNjI1MjQ1YTAwYWJm
LzEveGhsVHdJbUFyY2xQTDZPandicVZ4QTBoNTlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRDnMA0G
CSqGSIb3DQEBCwUAA4IBAQCWPKGIKjghOIYNKbvoShVchaYDPingWunLqsmnY5lk
yputgHXpX49BpNmAVV+QoQp73Rr4MZyBqzYvPcPSGjoz8mw5WU/AD119EpClJ/kC
XyqSgd9tL/dHXvHDdCSn6eEqYJhAyd9Su1IwsipljBhkZtKAiQr4vGApPRbQdQ4n
anImnhkX4anamFOZdZ2T6dRMOj7HXNtg0CGQ5/sSDJLhgcfWrTefVD4ezcynU87Z
/1jnhPeRe8ZLK1eNRfA/KcEnKzr5opDaL1erLjTAac5WIPUNKDsVXFMhdamsIRiS
5m9AiWVIwQYZFIhJ7WIY/PALuDTc+0YeomxawM/en0eE
-----END CERTIFICATE-----