Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/f31982-cd8c-45f6-a302-3d75c4f489e7/1/NLY8wT2I2LW2oOD1tJw41TBF4Uc.roa
File:                     NLY8wT2I2LW2oOD1tJw41TBF4Uc.roa (raw, json)
Hash identifier:          pWggZCEGUtmz58x1z4DhxGEE04BuOpVqFc6gMK8dWwc=
Subject key identifier:   34:B6:3C:C1:3D:88:D8:B5:B6:A0:E0:F5:B4:9C:38:D5:30:45:E1:47
Certificate issuer:       /CN=03ec08ae6a9325285bdd4a4ade9c207d7fa10459
Certificate serial:       0192B41215B84A2EBDB447B6B8416F01162C
Authority key identifier: 03:EC:08:AE:6A:93:25:28:5B:DD:4A:4A:DE:9C:20:7D:7F:A1:04:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A-wIrmqTJShb3UpK3pwgfX-hBFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/f31982-cd8c-45f6-a302-3d75c4f489e7/1/NLY8wT2I2LW2oOD1tJw41TBF4Uc.roa
Signing time:             Tue 22 Oct 2024 11:52:17 +0000
ROA not before:           Tue 22 Oct 2024 11:52:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203235
IP address blocks:        185.141.140.0/22 maxlen: 24
                          2a07:24c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/f31982-cd8c-45f6-a302-3d75c4f489e7/1/A-wIrmqTJShb3UpK3pwgfX-hBFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/f31982-cd8c-45f6-a302-3d75c4f489e7/1/A-wIrmqTJShb3UpK3pwgfX-hBFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A-wIrmqTJShb3UpK3pwgfX-hBFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b4:12:15:b8:4a:2e:bd:b4:47:b6:b8:41:6f:01:16:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03ec08ae6a9325285bdd4a4ade9c207d7fa10459
        Validity
            Not Before: Oct 22 11:52:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34b63cc13d88d8b5b6a0e0f5b49c38d53045e147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:36:8f:cb:75:e8:16:d7:35:95:14:06:7e:18:
                    9c:c7:54:6b:a3:fd:a1:f0:83:a1:1a:84:9e:ce:3c:
                    25:e6:7c:42:69:b8:af:18:cd:4a:8b:22:ce:13:4e:
                    16:60:17:ef:2f:24:41:d9:25:c0:61:82:a9:bb:ad:
                    61:72:50:a6:8d:ce:3a:2f:60:eb:40:88:62:d5:e9:
                    75:e8:33:3b:c0:8a:a9:3e:c1:18:7e:c8:57:ce:4a:
                    81:16:80:35:94:5c:14:38:a0:18:2a:51:b3:05:08:
                    5e:b3:9b:b1:52:57:65:5a:65:20:13:aa:fa:0f:95:
                    1e:2b:27:61:93:10:73:74:53:1b:11:80:5b:bc:d2:
                    20:1b:8a:27:f8:ba:7d:4a:df:17:4a:ca:66:b0:93:
                    2d:28:b7:54:3f:55:d2:95:83:9d:41:be:ac:93:7e:
                    a2:5d:ab:e3:b3:ba:fa:ab:e7:ce:19:dd:32:02:dc:
                    3b:7c:3e:19:68:62:2b:f6:f6:c5:81:c0:16:27:66:
                    4e:38:b7:c4:c1:96:a1:d5:59:c7:f9:7f:4c:33:42:
                    ef:7e:bd:09:c9:bb:fc:84:e6:0b:45:2a:37:c2:ab:
                    47:55:7a:d5:9e:39:2b:c9:cc:e8:f6:9b:8d:28:5e:
                    eb:e5:64:43:23:e8:e6:4e:b5:5a:63:34:15:64:c5:
                    2f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B6:3C:C1:3D:88:D8:B5:B6:A0:E0:F5:B4:9C:38:D5:30:45:E1:47
            X509v3 Authority Key Identifier:
                keyid:03:EC:08:AE:6A:93:25:28:5B:DD:4A:4A:DE:9C:20:7D:7F:A1:04:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A-wIrmqTJShb3UpK3pwgfX-hBFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f31982-cd8c-45f6-a302-3d75c4f489e7/1/NLY8wT2I2LW2oOD1tJw41TBF4Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/f31982-cd8c-45f6-a302-3d75c4f489e7/1/A-wIrmqTJShb3UpK3pwgfX-hBFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.140.0/22
                IPv6:
                  2a07:24c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:cf:65:2f:ed:79:10:e5:2a:97:34:b1:dc:b1:3f:ad:05:8a:
         f1:0c:c2:73:b7:c0:ab:37:78:74:39:5b:e9:fb:f1:0a:4e:43:
         c0:80:e7:77:f5:8c:19:dd:33:7e:ec:8e:dd:52:67:c3:21:c1:
         d8:80:b7:4f:14:4a:62:66:37:c4:86:16:d8:74:ae:6e:cd:65:
         09:37:ed:70:81:57:95:ad:34:ae:c1:bf:4f:b0:62:fb:4a:e8:
         6c:19:46:91:9a:94:6e:2c:b2:74:1b:65:31:11:13:df:7d:fd:
         c1:6a:01:42:ca:0e:96:98:7b:f8:58:e9:63:a5:cf:ef:33:f9:
         84:6d:d8:e5:70:d1:b8:61:4e:0c:80:05:bc:56:b4:ea:88:f5:
         50:83:bf:38:83:02:f4:e1:1f:76:6a:66:4c:94:1f:27:23:a1:
         b4:c6:4f:ae:41:0c:4c:50:43:16:26:05:83:e4:62:5a:89:ae:
         27:05:db:51:38:d9:bc:05:60:7b:19:42:c6:1e:62:56:05:02:
         5f:d2:3f:6e:8b:d8:7e:94:f6:43:f7:a6:93:e5:f9:08:1a:43:
         3d:30:08:34:db:7c:1f:99:ea:47:7f:d1:a2:63:ee:71:b6:7a:
         31:0e:fc:3e:fa:99:a5:93:ae:de:e2:d6:ac:3d:a4:88:64:59:
         79:8d:71:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZK0EhW4Si69tEe2uEFvARYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzZWMwOGFlNmE5MzI1Mjg1YmRkNGE0YWRlOWMyMDdkN2Zh
MTA0NTkwHhcNMjQxMDIyMTE1MjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGI2M2NjMTNkODhkOGI1YjZhMGUwZjViNDljMzhkNTMwNDVlMTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzaPy3XoFtc1lRQGfhicx1Rro/2h
8IOhGoSezjwl5nxCabivGM1KiyLOE04WYBfvLyRB2SXAYYKpu61hclCmjc46L2Dr
QIhi1el16DM7wIqpPsEYfshXzkqBFoA1lFwUOKAYKlGzBQhes5uxUldlWmUgE6r6
D5UeKydhkxBzdFMbEYBbvNIgG4on+Lp9St8XSspmsJMtKLdUP1XSlYOdQb6sk36i
Xavjs7r6q+fOGd0yAtw7fD4ZaGIr9vbFgcAWJ2ZOOLfEwZah1VnH+X9MM0Lvfr0J
ybv8hOYLRSo3wqtHVXrVnjkryczo9puNKF7r5WRDI+jmTrVaYzQVZMUvswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDS2PME9iNi1tqDg9bScONUwReFHMB8GA1UdIwQY
MBaAFAPsCK5qkyUoW91KSt6cIH1/oQRZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQS13SXJtcVRKU2hiM1VwSzNwd2dmWC1oQkZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9mMzE5ODItY2Q4Yy00NWY2LWEzMDIt
M2Q3NWM0ZjQ4OWU3LzEvTkxZOHdUMkkyTFcyb09EMXRKdzQxVEJGNFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9mMzE5ODItY2Q4Yy00NWY2LWEzMDItM2Q3NWM0ZjQ4OWU3
LzEvQS13SXJtcVRKU2hiM1VwSzNwd2dmWC1oQkZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY2MMA0E
AgACMAcDBQMqByTAMA0GCSqGSIb3DQEBCwUAA4IBAQAJz2Uv7XkQ5SqXNLHcsT+t
BYrxDMJzt8CrN3h0OVvp+/EKTkPAgOd39YwZ3TN+7I7dUmfDIcHYgLdPFEpiZjfE
hhbYdK5uzWUJN+1wgVeVrTSuwb9PsGL7SuhsGUaRmpRuLLJ0G2UxERPfff3BagFC
yg6WmHv4WOljpc/vM/mEbdjlcNG4YU4MgAW8VrTqiPVQg784gwL04R92amZMlB8n
I6G0xk+uQQxMUEMWJgWD5GJaia4nBdtRONm8BWB7GULGHmJWBQJf0j9ui9h+lPZD
96aT5fkIGkM9MAg023wfmepHf9GiY+5xtnoxDvw++pmlk67e4tasPaSIZFl5jXEu
-----END CERTIFICATE-----