Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/NanHEWkVUEVIFMXgkf7VjzJv3EI.roa
File:                     NanHEWkVUEVIFMXgkf7VjzJv3EI.roa (raw, json)
Hash identifier:          BpNAL/7v/9r0wilOFqCRlV3KJaojWEMjlLM2Wri0rMI=
Subject key identifier:   35:A9:C7:11:69:15:50:45:48:14:C5:E0:91:FE:D5:8F:32:6F:DC:42
Certificate issuer:       /CN=3b7ec9423bf90c81d22d94841c10357a54260379
Certificate serial:       018CC94E67CC01BDE6E8B4DEB494EA5DDC51
Authority key identifier: 3B:7E:C9:42:3B:F9:0C:81:D2:2D:94:84:1C:10:35:7A:54:26:03:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/NanHEWkVUEVIFMXgkf7VjzJv3EI.roa
Signing time:             Tue 02 Jan 2024 08:33:27 +0000
ROA not before:           Tue 02 Jan 2024 08:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        85.239.36.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:67:cc:01:bd:e6:e8:b4:de:b4:94:ea:5d:dc:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b7ec9423bf90c81d22d94841c10357a54260379
        Validity
            Not Before: Jan  2 08:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35a9c711691550454814c5e091fed58f326fdc42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:85:d3:fb:7a:83:73:de:d6:0a:e0:14:b6:85:
                    f2:5f:d3:5f:01:2a:c1:0e:e7:19:aa:1c:d7:3c:7d:
                    22:48:75:ad:c9:22:46:29:2a:ed:37:76:49:02:e7:
                    4f:ae:2e:1c:d7:05:ff:ae:19:07:78:f3:70:51:3e:
                    ec:0b:b8:90:7d:cb:83:a4:25:b9:80:c2:23:79:89:
                    92:32:0a:a4:7e:02:c5:d7:e8:57:2f:b4:21:3c:8b:
                    d4:52:61:c3:47:5a:17:40:6e:38:55:6b:22:37:d8:
                    87:24:0a:08:5e:ca:c4:5e:29:71:14:1f:1a:55:90:
                    93:cb:4c:01:3e:c6:64:25:77:1e:b8:58:2b:64:ab:
                    cd:61:a9:77:06:9f:1c:fd:ba:96:27:b1:7f:aa:2b:
                    f7:55:a6:ab:04:59:f6:be:25:53:e7:ea:d3:01:49:
                    d7:b6:95:76:ea:53:ab:b9:8e:1a:b8:a3:c2:b1:16:
                    87:35:38:bc:9a:62:ac:22:fe:1a:70:36:a1:58:19:
                    02:4f:83:e8:85:ae:48:b5:f0:f8:ca:12:8b:e4:c9:
                    f5:9a:7a:ca:99:1c:f5:0d:86:37:d4:c5:b7:fd:60:
                    b8:ee:43:bc:8d:f4:b8:9d:1c:4b:cd:f3:f0:28:b5:
                    2d:88:1c:28:19:63:2e:58:72:6f:e8:77:2b:1d:50:
                    77:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A9:C7:11:69:15:50:45:48:14:C5:E0:91:FE:D5:8F:32:6F:DC:42
            X509v3 Authority Key Identifier:
                keyid:3B:7E:C9:42:3B:F9:0C:81:D2:2D:94:84:1C:10:35:7A:54:26:03:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/NanHEWkVUEVIFMXgkf7VjzJv3EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:9d:ce:f9:b5:7c:9e:2d:65:11:d4:8a:d3:aa:41:a0:f2:07:
         04:34:bb:5f:22:46:e6:a3:03:80:49:2c:b3:64:6f:64:1d:b4:
         de:4c:bb:f1:dd:e2:76:0f:95:cb:1e:ad:5e:95:16:4e:19:51:
         6a:95:49:7c:2a:e0:50:8f:b4:0e:b2:18:94:89:4f:f8:33:74:
         53:4a:c6:66:35:04:67:d9:66:ec:5e:0d:b1:03:b3:1f:e1:b3:
         e7:e0:7d:73:f7:fb:6a:bb:69:38:5e:c6:a1:1f:5a:fd:68:7e:
         53:03:1c:ba:98:c4:06:ab:14:9b:89:cf:45:3f:57:75:64:e3:
         26:ca:27:a7:b8:dc:40:3b:44:04:3f:0f:64:7e:2e:e4:da:1f:
         a8:d8:44:05:50:4d:56:2a:76:70:40:fd:ed:d7:4a:47:25:30:
         51:d4:62:78:23:00:02:d6:37:73:0f:3e:8f:52:a1:f1:68:bd:
         1d:93:db:ab:74:22:cc:b6:a7:93:67:9c:71:2c:79:39:c3:64:
         8c:f0:fd:aa:76:f3:b4:9a:f5:3f:c5:ac:62:6d:5a:35:09:d2:
         3c:5d:fd:db:93:4b:56:e5:97:fd:ce:c9:d7:4f:3d:84:3a:d2:
         ba:47:53:70:86:f5:0c:99:4b:a0:9e:d9:4d:3a:f6:0f:72:d3:
         55:f5:0d:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmfMAb3m6LTetJTqXdxRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiN2VjOTQyM2JmOTBjODFkMjJkOTQ4NDFjMTAzNTdhNTQy
NjAzNzkwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWE5YzcxMTY5MTU1MDQ1NDgxNGM1ZTA5MWZlZDU4ZjMyNmZkYzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4XT+3qDc97WCuAUtoXyX9NfASrB
DucZqhzXPH0iSHWtySJGKSrtN3ZJAudPri4c1wX/rhkHePNwUT7sC7iQfcuDpCW5
gMIjeYmSMgqkfgLF1+hXL7QhPIvUUmHDR1oXQG44VWsiN9iHJAoIXsrEXilxFB8a
VZCTy0wBPsZkJXceuFgrZKvNYal3Bp8c/bqWJ7F/qiv3VaarBFn2viVT5+rTAUnX
tpV26lOruY4auKPCsRaHNTi8mmKsIv4acDahWBkCT4Poha5ItfD4yhKL5Mn1mnrK
mRz1DYY31MW3/WC47kO8jfS4nRxLzfPwKLUtiBwoGWMuWHJv6HcrHVB3QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWpxxFpFVBFSBTF4JH+1Y8yb9xCMB8GA1UdIwQY
MBaAFDt+yUI7+QyB0i2UhBwQNXpUJgN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzM3SlFqdjVESUhTTFpTRUhCQTFlbFFtQTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84ZWE0N2YtZWZmMy00NjI3LTk0ZWQt
MWQxMGYzYzcwYmI0LzEvTmFuSEVXa1ZVRVZJRk1YZ2tmN1Zqekp2M0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84ZWE0N2YtZWZmMy00NjI3LTk0ZWQtMWQxMGYzYzcwYmI0
LzEvTzM3SlFqdjVESUhTTFpTRUhCQTFlbFFtQTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe8kMA0G
CSqGSIb3DQEBCwUAA4IBAQCBnc75tXyeLWUR1IrTqkGg8gcENLtfIkbmowOASSyz
ZG9kHbTeTLvx3eJ2D5XLHq1elRZOGVFqlUl8KuBQj7QOshiUiU/4M3RTSsZmNQRn
2WbsXg2xA7Mf4bPn4H1z9/tqu2k4XsahH1r9aH5TAxy6mMQGqxSbic9FP1d1ZOMm
yienuNxAO0QEPw9kfi7k2h+o2EQFUE1WKnZwQP3t10pHJTBR1GJ4IwAC1jdzDz6P
UqHxaL0dk9urdCLMtqeTZ5xxLHk5w2SM8P2qdvO0mvU/xaxibVo1CdI8Xf3bk0tW
5Zf9zsnXTz2EOtK6R1NwhvUMmUugntlNOvYPctNV9Q0y
-----END CERTIFICATE-----