Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/NC1Vx1GYTItdu88Pp_3eTaY7MsA.roa
File:                     NC1Vx1GYTItdu88Pp_3eTaY7MsA.roa (raw, json)
Hash identifier:          Xh6F7/sAs5w2WABrT9Lo26SH7InCummUGtcHwXoVpjU=
Subject key identifier:   34:2D:55:C7:51:98:4C:8B:5D:BB:CF:0F:A7:FD:DE:4D:A6:3B:32:C0
Certificate issuer:       /CN=b19f07669e58ec32b9d9132e2ca6d19c2e949360
Certificate serial:       018CC64A55D5136484274FBC94ABA6069329
Authority key identifier: B1:9F:07:66:9E:58:EC:32:B9:D9:13:2E:2C:A6:D1:9C:2E:94:93:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/NC1Vx1GYTItdu88Pp_3eTaY7MsA.roa
Signing time:             Mon 01 Jan 2024 18:30:09 +0000
ROA not before:           Mon 01 Jan 2024 18:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        185.141.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 10:03:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:55:d5:13:64:84:27:4f:bc:94:ab:a6:06:93:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b19f07669e58ec32b9d9132e2ca6d19c2e949360
        Validity
            Not Before: Jan  1 18:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=342d55c751984c8b5dbbcf0fa7fdde4da63b32c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b0:47:8e:27:e3:f9:11:dd:e7:b8:e5:4c:73:
                    f9:ce:c8:ed:fe:9f:7b:38:f4:a3:57:ba:7f:49:ac:
                    0e:10:8c:92:9d:4a:7e:e6:1b:97:07:a3:dc:b5:94:
                    98:11:d8:1e:8d:79:1d:57:b6:50:98:00:cf:65:f2:
                    b9:d6:72:2a:ee:c4:4b:18:9b:fe:e7:23:ef:97:76:
                    0c:87:ea:2e:16:b0:f1:a0:df:49:07:9f:ee:60:c1:
                    12:2f:8b:7b:d0:aa:1f:c2:96:85:21:a2:4d:ef:2c:
                    78:62:ad:7b:8e:88:0b:55:ac:83:6e:2c:d2:c7:3f:
                    93:63:3b:86:86:bc:3c:77:14:d4:9c:5b:46:b1:fd:
                    77:7c:a1:02:96:bf:1b:09:7f:ed:02:9b:4c:11:64:
                    1a:c6:f0:88:76:5f:63:fe:f4:56:57:8a:62:3f:c7:
                    89:4d:2c:24:17:15:cb:5f:02:a4:6b:49:7f:6f:56:
                    18:a9:27:09:3e:3b:65:47:ab:8a:34:02:3b:4a:5f:
                    27:db:3c:6f:5f:12:5d:a7:66:df:07:01:fa:71:32:
                    07:af:7c:94:94:a1:95:71:ae:1f:b5:af:59:51:46:
                    97:3b:3c:66:c1:8f:d7:b3:eb:53:b9:8f:26:80:fd:
                    36:63:63:d8:e7:16:70:7e:86:df:6a:37:9e:8d:51:
                    b5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:2D:55:C7:51:98:4C:8B:5D:BB:CF:0F:A7:FD:DE:4D:A6:3B:32:C0
            X509v3 Authority Key Identifier:
                keyid:B1:9F:07:66:9E:58:EC:32:B9:D9:13:2E:2C:A6:D1:9C:2E:94:93:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/NC1Vx1GYTItdu88Pp_3eTaY7MsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/626eef-12d0-47fa-b633-641dd4288c40/1/sZ8HZp5Y7DK52RMuLKbRnC6Uk2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:13:5e:78:47:3e:26:b5:74:0f:25:69:1e:71:75:73:4f:21:
         f2:bc:6b:0a:18:ea:81:fd:f8:f8:a9:42:11:89:c0:24:af:01:
         6c:95:7e:dc:0e:20:ca:e6:55:bb:fb:63:f3:bb:d5:e3:79:36:
         b9:f4:7e:0a:56:ff:ae:9c:dc:00:6a:a9:c1:97:b2:d6:56:0a:
         92:62:6e:35:6e:82:fe:2e:0a:ad:5b:62:2e:67:38:f1:e6:3d:
         e2:1d:ac:f8:3b:3c:65:e7:f9:83:00:e0:91:1e:f1:9c:58:f1:
         2a:d2:16:ff:2c:8e:2f:8f:d1:ec:4b:bd:c3:e1:c5:65:21:39:
         8b:02:ec:b1:ec:71:12:ce:74:ca:d3:f8:10:ad:0a:b5:40:98:
         94:54:ea:d3:bc:f0:f0:e6:69:2c:d5:38:96:ec:9e:a4:4b:a5:
         51:a3:5b:99:ec:90:ce:37:cb:05:58:08:ec:cb:cb:15:23:c8:
         6b:d7:f2:0f:f4:99:18:f5:87:e9:5d:29:17:d6:f2:81:4a:da:
         a0:a1:0f:8a:8b:3a:86:1d:6f:17:49:90:ef:2d:cc:3f:d6:74:
         17:a2:5a:93:06:1f:fd:a4:27:47:f5:b1:fa:c3:6a:ee:1a:f4:
         b4:4a:58:24:98:ec:23:f6:2a:92:b1:d7:f2:1e:f8:eb:a6:3c:
         a4:ed:8d:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSlXVE2SEJ0+8lKumBpMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOWYwNzY2OWU1OGVjMzJiOWQ5MTMyZTJjYTZkMTljMmU5
NDkzNjAwHhcNMjQwMTAxMTgzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDJkNTVjNzUxOTg0YzhiNWRiYmNmMGZhN2ZkZGU0ZGE2M2IzMmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbBHjifj+RHd57jlTHP5zsjt/p97
OPSjV7p/SawOEIySnUp+5huXB6PctZSYEdgejXkdV7ZQmADPZfK51nIq7sRLGJv+
5yPvl3YMh+ouFrDxoN9JB5/uYMESL4t70KofwpaFIaJN7yx4Yq17jogLVayDbizS
xz+TYzuGhrw8dxTUnFtGsf13fKEClr8bCX/tAptMEWQaxvCIdl9j/vRWV4piP8eJ
TSwkFxXLXwKka0l/b1YYqScJPjtlR6uKNAI7Sl8n2zxvXxJdp2bfBwH6cTIHr3yU
lKGVca4fta9ZUUaXOzxmwY/Xs+tTuY8mgP02Y2PY5xZwfobfajeejVG1FQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQtVcdRmEyLXbvPD6f93k2mOzLAMB8GA1UdIwQY
MBaAFLGfB2aeWOwyudkTLiym0ZwulJNgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1o4SFpwNVk3REs1MlJNdUxLYlJuQzZVazJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy82MjZlZWYtMTJkMC00N2ZhLWI2MzMt
NjQxZGQ0Mjg4YzQwLzEvTkMxVngxR1lUSXRkdTg4UHBfM2VUYVk3TXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy82MjZlZWYtMTJkMC00N2ZhLWI2MzMtNjQxZGQ0Mjg4YzQw
LzEvc1o4SFpwNVk3REs1MlJNdUxLYlJuQzZVazJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY38MA0G
CSqGSIb3DQEBCwUAA4IBAQBQE154Rz4mtXQPJWkecXVzTyHyvGsKGOqB/fj4qUIR
icAkrwFslX7cDiDK5lW7+2Pzu9XjeTa59H4KVv+unNwAaqnBl7LWVgqSYm41boL+
LgqtW2IuZzjx5j3iHaz4Ozxl5/mDAOCRHvGcWPEq0hb/LI4vj9HsS73D4cVlITmL
Auyx7HESznTK0/gQrQq1QJiUVOrTvPDw5mks1TiW7J6kS6VRo1uZ7JDON8sFWAjs
y8sVI8hr1/IP9JkY9YfpXSkX1vKBStqgoQ+KizqGHW8XSZDvLcw/1nQXolqTBh/9
pCdH9bH6w2ruGvS0SlgkmOwj9iqSsdfyHvjrpjyk7Y0C
-----END CERTIFICATE-----