Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/NXFShc88BbFcxDeg5al3n2TmxtM.roa
File:                     NXFShc88BbFcxDeg5al3n2TmxtM.roa (raw, json)
Hash identifier:          GmVbmzpj0M7WuDjB58nXfi7WXD+V68yOa3pig6dt4KU=
Subject key identifier:   35:71:52:85:CF:3C:05:B1:5C:C4:37:A0:E5:A9:77:9F:64:E6:C6:D3
Certificate issuer:       /CN=0e2e4fd219f5b77ce80cdfaf9e3a6441dec50042
Certificate serial:       018CC9BC83A4B9D235986D51CD526804801A
Authority key identifier: 0E:2E:4F:D2:19:F5:B7:7C:E8:0C:DF:AF:9E:3A:64:41:DE:C5:00:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/NXFShc88BbFcxDeg5al3n2TmxtM.roa
Signing time:             Tue 02 Jan 2024 10:33:44 +0000
ROA not before:           Tue 02 Jan 2024 10:33:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59676
IP address blocks:        95.215.175.0/24 maxlen: 24
                          2001:67c:2278::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 15:21:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:83:a4:b9:d2:35:98:6d:51:cd:52:68:04:80:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e2e4fd219f5b77ce80cdfaf9e3a6441dec50042
        Validity
            Not Before: Jan  2 10:33:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35715285cf3c05b15cc437a0e5a9779f64e6c6d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:11:46:42:a2:c7:45:85:b3:40:72:6c:6c:b3:
                    3d:e6:b4:91:5d:04:0a:d9:95:ab:d9:de:40:a6:dd:
                    8e:62:c6:a0:40:85:27:1c:72:9e:d1:a7:78:ca:00:
                    c3:5b:45:75:cd:fb:88:8a:f2:27:33:59:b6:cc:6f:
                    04:d5:0a:02:94:ce:45:66:d1:56:16:1e:3f:f1:f6:
                    5b:d3:4f:ab:28:18:ad:68:32:a5:56:f3:04:40:3b:
                    c2:40:3e:07:ba:cc:d2:9e:13:76:79:36:1b:8b:e9:
                    4d:eb:cc:fe:91:5f:61:e0:7f:ac:79:58:09:41:a2:
                    7b:f2:96:8f:6e:8a:a5:53:49:48:e7:7e:57:0f:60:
                    a8:b3:53:4d:2f:57:65:3f:45:bf:b0:7a:8b:5c:84:
                    dc:40:83:ea:6a:1e:ea:48:18:19:25:e8:96:04:1c:
                    f9:36:c4:03:3f:32:40:50:27:d8:57:72:79:0b:19:
                    49:32:90:2f:4f:59:ce:b2:a6:af:b8:bf:68:30:75:
                    20:13:4d:41:de:1f:e4:dd:67:77:b4:bd:43:0b:bd:
                    26:34:85:1a:99:d1:55:d0:0d:6f:7a:9f:11:be:fb:
                    68:76:ec:77:e6:09:96:99:bb:28:24:13:47:18:1c:
                    db:ab:10:ba:43:66:2c:41:d0:9d:cb:80:88:7a:f0:
                    ae:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:71:52:85:CF:3C:05:B1:5C:C4:37:A0:E5:A9:77:9F:64:E6:C6:D3
            X509v3 Authority Key Identifier:
                keyid:0E:2E:4F:D2:19:F5:B7:7C:E8:0C:DF:AF:9E:3A:64:41:DE:C5:00:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/NXFShc88BbFcxDeg5al3n2TmxtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.215.175.0/24
                IPv6:
                  2001:67c:2278::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:e8:9b:4f:90:f6:bb:93:4b:64:b7:ca:2a:3f:81:d2:cf:e3:
         0e:95:0b:13:07:29:47:9c:57:de:92:e7:a6:87:09:72:81:83:
         02:27:29:ba:21:f5:d3:f6:b0:78:60:a2:dc:e5:f1:65:87:68:
         0d:aa:88:0e:56:32:48:29:44:6d:df:1c:cc:74:9d:cc:f0:3e:
         04:f8:ff:05:7e:e7:af:1e:c3:a0:16:bf:66:cd:20:2a:d3:e6:
         8b:2e:09:ca:56:00:23:a5:80:5f:75:5b:c1:da:9d:5a:f9:26:
         e4:f0:2c:e3:c4:15:5e:57:53:08:69:25:7e:98:25:ba:4a:5b:
         e0:6b:f9:f7:fa:2b:86:6e:94:4c:4c:89:c1:67:3f:a2:f0:77:
         6c:fc:01:7d:52:b6:e0:43:77:2d:c3:85:d6:cf:b2:e6:ed:34:
         e1:64:db:18:6d:7c:9f:a6:9a:6f:87:1e:85:97:b3:06:ab:f4:
         d0:8d:6d:74:82:04:92:b5:78:57:45:36:32:d3:93:89:f1:37:
         3e:36:69:51:b0:b9:fb:9d:d5:ac:af:30:1b:f4:21:51:5b:70:
         2a:ca:f2:b5:f8:63:a0:6b:1b:81:a7:97:c6:cc:37:59:bf:7a:
         1f:c7:2c:54:e8:ae:56:0a:8a:b0:29:98:29:be:22:60:07:c6:
         e1:e1:83:1b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvIOkudI1mG1RzVJoBIAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMmU0ZmQyMTlmNWI3N2NlODBjZGZhZjllM2E2NDQxZGVj
NTAwNDIwHhcNMjQwMTAyMTAzMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTcxNTI4NWNmM2MwNWIxNWNjNDM3YTBlNWE5Nzc5ZjY0ZTZjNmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hFGQqLHRYWzQHJsbLM95rSRXQQK
2ZWr2d5Apt2OYsagQIUnHHKe0ad4ygDDW0V1zfuIivInM1m2zG8E1QoClM5FZtFW
Fh4/8fZb00+rKBitaDKlVvMEQDvCQD4HuszSnhN2eTYbi+lN68z+kV9h4H+seVgJ
QaJ78paPboqlU0lI535XD2Cos1NNL1dlP0W/sHqLXITcQIPqah7qSBgZJeiWBBz5
NsQDPzJAUCfYV3J5CxlJMpAvT1nOsqavuL9oMHUgE01B3h/k3Wd3tL1DC70mNIUa
mdFV0A1vep8Rvvtodux35gmWmbsoJBNHGBzbqxC6Q2YsQdCdy4CIevCuNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDVxUoXPPAWxXMQ3oOWpd59k5sbTMB8GA1UdIwQY
MBaAFA4uT9IZ9bd86Azfr546ZEHexQBCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGk1UDBobjF0M3pvRE4tdm5qcGtRZDdGQUVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9lMTEyMjQtNjFjNy00Nzg2LTg2ZTkt
MjM4ZmVlNjkyNDMwLzEvTlhGU2hjODhCYkZjeERlZzVhbDNuMlRteHRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9lMTEyMjQtNjFjNy00Nzg2LTg2ZTktMjM4ZmVlNjkyNDMw
LzEvRGk1UDBobjF0M3pvRE4tdm5qcGtRZDdGQUVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAX9evMA8E
AgACMAkDBwAgAQZ8IngwDQYJKoZIhvcNAQELBQADggEBAC7om0+Q9ruTS2S3yio/
gdLP4w6VCxMHKUecV96S56aHCXKBgwInKboh9dP2sHhgotzl8WWHaA2qiA5WMkgp
RG3fHMx0nczwPgT4/wV+568ew6AWv2bNICrT5osuCcpWACOlgF91W8HanVr5JuTw
LOPEFV5XUwhpJX6YJbpKW+Br+ff6K4ZulExMicFnP6Lwd2z8AX1StuBDdy3DhdbP
subtNOFk2xhtfJ+mmm+HHoWXswar9NCNbXSCBJK1eFdFNjLTk4nxNz42aVGwufud
1ayvMBv0IVFbcCrK8rX4Y6BrG4Gnl8bMN1m/eh/HLFTorlYKirApmCm+ImAHxuHh
gxs=
-----END CERTIFICATE-----