Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/NSR71S8trzHcjsobMkAm171NiKo.roa
File:                     NSR71S8trzHcjsobMkAm171NiKo.roa (raw, json)
Hash identifier:          2nxjeRLlqNyhwQS6Tg5gRd/NTHZq+rEg65Wl0fLJ7z4=
Subject key identifier:   35:24:7B:D5:2F:2D:AF:31:DC:8E:CA:1B:32:40:26:D7:BD:4D:88:AA
Certificate issuer:       /CN=95cae2c37c86630e61afdf8903fe174de8b945be
Certificate serial:       018CC2DB4D90A4FEBB091D6FF593E6007884
Authority key identifier: 95:CA:E2:C3:7C:86:63:0E:61:AF:DF:89:03:FE:17:4D:E8:B9:45:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lcriw3yGYw5hr9-JA_4XTei5Rb4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/NSR71S8trzHcjsobMkAm171NiKo.roa
Signing time:             Mon 01 Jan 2024 02:30:01 +0000
ROA not before:           Mon 01 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        37.46.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/lcriw3yGYw5hr9-JA_4XTei5Rb4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/lcriw3yGYw5hr9-JA_4XTei5Rb4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lcriw3yGYw5hr9-JA_4XTei5Rb4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 10:03:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:4d:90:a4:fe:bb:09:1d:6f:f5:93:e6:00:78:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95cae2c37c86630e61afdf8903fe174de8b945be
        Validity
            Not Before: Jan  1 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35247bd52f2daf31dc8eca1b324026d7bd4d88aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:96:b4:31:72:6c:7e:43:f7:9b:74:38:f5:c5:
                    eb:ee:ac:1e:af:27:11:17:9f:a7:a6:fa:3a:99:72:
                    96:a6:4e:e0:7c:b1:99:01:13:05:ff:86:4d:ed:b6:
                    50:79:ed:d6:89:39:38:5b:42:dd:bf:60:52:e2:5f:
                    fd:55:c4:70:1e:0c:86:69:4d:7c:ff:c2:9d:2a:bd:
                    28:d5:31:55:88:26:3a:f9:ec:39:5d:21:5e:58:c5:
                    b7:dd:f9:83:43:d1:8b:48:ad:67:07:bd:0a:fb:cf:
                    12:8d:c7:55:43:bc:31:12:41:28:81:3c:3f:03:c3:
                    1a:42:87:57:b0:6b:9a:7c:ba:48:73:cf:3b:95:20:
                    50:c4:54:b2:10:60:81:c2:11:43:1d:e5:ac:4f:ad:
                    a6:31:fe:58:e4:ce:b7:b8:28:09:22:f6:ee:ee:82:
                    3d:75:45:e3:9f:77:55:2e:51:95:ff:09:aa:dd:f6:
                    58:a2:3c:33:b8:fb:bb:17:21:74:03:d7:be:03:f5:
                    53:49:1c:f8:74:d0:85:7c:14:0a:dc:e4:25:5b:1b:
                    e2:0c:a1:4d:1a:c4:cb:40:80:ce:53:af:60:84:57:
                    e6:4a:4a:67:13:aa:ba:57:ce:b6:bd:6e:ed:d5:b0:
                    2e:4c:c4:6d:c6:df:4b:55:8a:a9:d0:97:3c:d7:64:
                    14:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:24:7B:D5:2F:2D:AF:31:DC:8E:CA:1B:32:40:26:D7:BD:4D:88:AA
            X509v3 Authority Key Identifier:
                keyid:95:CA:E2:C3:7C:86:63:0E:61:AF:DF:89:03:FE:17:4D:E8:B9:45:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lcriw3yGYw5hr9-JA_4XTei5Rb4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/NSR71S8trzHcjsobMkAm171NiKo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/82e6f5-82f2-45e7-844e-3514841f36ae/1/lcriw3yGYw5hr9-JA_4XTei5Rb4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:a9:94:80:78:d7:4d:e5:4b:ec:42:0d:5e:56:d2:fd:fd:32:
         d4:e5:7e:49:85:d1:5a:10:6f:90:d0:ae:ca:d1:8c:c2:16:f2:
         cf:23:ad:6a:80:7b:1b:0b:73:79:67:1c:8d:a8:c3:61:05:c0:
         29:bf:55:67:ff:06:92:73:51:4c:43:b7:67:bc:fe:17:f4:8d:
         20:e1:21:d9:39:59:61:61:4f:4b:ca:26:a4:3d:a9:1d:2a:1a:
         84:81:08:a0:d3:f5:8d:d3:8d:a4:da:5f:9e:b6:21:40:ea:8e:
         4a:6d:b2:2d:9a:36:7c:ee:60:3b:78:7c:9c:84:6d:64:a1:8d:
         61:f3:8a:22:52:6a:6e:a1:c1:24:b3:1b:86:5f:b1:70:d5:04:
         5f:72:4a:e0:37:1e:d6:30:5b:3b:18:73:de:1d:8d:8f:be:1a:
         80:38:ff:b6:6d:f5:9a:a1:86:1f:41:9f:fb:d7:58:b5:5c:ed:
         43:56:84:d7:24:ac:21:1f:e1:40:25:c4:52:ea:8b:aa:da:ac:
         9f:a3:c7:ef:cc:e0:c1:f7:17:30:68:31:0f:0e:3a:fd:4e:75:
         fd:55:59:b1:44:0a:fb:dd:48:f4:db:1e:08:64:d9:05:4b:19:
         0d:1f:e4:f5:eb:3f:7e:bc:8d:06:11:aa:da:dc:7f:c9:f2:d6:
         dc:a0:44:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC202QpP67CR1v9ZPmAHiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1Y2FlMmMzN2M4NjYzMGU2MWFmZGY4OTAzZmUxNzRkZThi
OTQ1YmUwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTI0N2JkNTJmMmRhZjMxZGM4ZWNhMWIzMjQwMjZkN2JkNGQ4OGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ja0MXJsfkP3m3Q49cXr7qwerycR
F5+npvo6mXKWpk7gfLGZARMF/4ZN7bZQee3WiTk4W0Ldv2BS4l/9VcRwHgyGaU18
/8KdKr0o1TFViCY6+ew5XSFeWMW33fmDQ9GLSK1nB70K+88SjcdVQ7wxEkEogTw/
A8MaQodXsGuafLpIc887lSBQxFSyEGCBwhFDHeWsT62mMf5Y5M63uCgJIvbu7oI9
dUXjn3dVLlGV/wmq3fZYojwzuPu7FyF0A9e+A/VTSRz4dNCFfBQK3OQlWxviDKFN
GsTLQIDOU69ghFfmSkpnE6q6V862vW7t1bAuTMRtxt9LVYqp0Jc812QUbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUke9UvLa8x3I7KGzJAJte9TYiqMB8GA1UdIwQY
MBaAFJXK4sN8hmMOYa/fiQP+F03ouUW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGNyaXczeUdZdzVocjktSkFfNFhUZWk1UmI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84MmU2ZjUtODJmMi00NWU3LTg0NGUt
MzUxNDg0MWYzNmFlLzEvTlNSNzFTOHRyekhjanNvYk1rQW0xNzFOaUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84MmU2ZjUtODJmMi00NWU3LTg0NGUtMzUxNDg0MWYzNmFl
LzEvbGNyaXczeUdZdzVocjktSkFfNFhUZWk1UmI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJS4LMA0G
CSqGSIb3DQEBCwUAA4IBAQCZqZSAeNdN5UvsQg1eVtL9/TLU5X5JhdFaEG+Q0K7K
0YzCFvLPI61qgHsbC3N5ZxyNqMNhBcApv1Vn/waSc1FMQ7dnvP4X9I0g4SHZOVlh
YU9LyiakPakdKhqEgQig0/WN042k2l+etiFA6o5KbbItmjZ87mA7eHychG1koY1h
84oiUmpuocEksxuGX7Fw1QRfckrgNx7WMFs7GHPeHY2PvhqAOP+2bfWaoYYfQZ/7
11i1XO1DVoTXJKwhH+FAJcRS6ouq2qyfo8fvzODB9xcwaDEPDjr9TnX9VVmxRAr7
3Uj02x4IZNkFSxkNH+T16z9+vI0GEara3H/J8tbcoESr
-----END CERTIFICATE-----