Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/NSHEaaCBXTNz8CpvUtelrzzw0dw.roa
File:                     NSHEaaCBXTNz8CpvUtelrzzw0dw.roa (raw, json)
Hash identifier:          J3vuWkEa9l3hsKKpcMLH9LuIPxogUD1PlFZMGFFJidg=
Subject key identifier:   35:21:C4:69:A0:81:5D:33:73:F0:2A:6F:52:D7:A5:AF:3C:F0:D1:DC
Certificate issuer:       /CN=374f6f3e3cb973bac8a43f6c0b806b3d11c9adc3
Certificate serial:       018FFEAF3B00E799D4D0654F8DFDCE337A79
Authority key identifier: 37:4F:6F:3E:3C:B9:73:BA:C8:A4:3F:6C:0B:80:6B:3D:11:C9:AD:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/NSHEaaCBXTNz8CpvUtelrzzw0dw.roa
Signing time:             Sun 09 Jun 2024 20:27:27 +0000
ROA not before:           Sun 09 Jun 2024 20:27:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215671
IP address blocks:        5.22.200.0/24 maxlen: 24
                          5.22.201.0/24 maxlen: 24
                          2a06:bd40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fe:af:3b:00:e7:99:d4:d0:65:4f:8d:fd:ce:33:7a:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=374f6f3e3cb973bac8a43f6c0b806b3d11c9adc3
        Validity
            Not Before: Jun  9 20:27:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3521c469a0815d3373f02a6f52d7a5af3cf0d1dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c2:25:a9:a5:8d:8a:a5:bf:54:a3:e5:9d:38:
                    eb:5e:de:4b:39:2a:42:24:61:55:50:f3:7f:4f:42:
                    e3:a0:e8:fb:e2:31:9e:0b:36:04:47:82:a8:aa:aa:
                    50:59:d6:39:ef:f6:75:d1:e4:0e:e4:dc:d9:64:fd:
                    68:ac:e6:03:24:92:ab:ea:48:7d:8a:ba:32:10:06:
                    52:0e:77:94:eb:78:8d:40:28:cf:e3:37:c4:77:39:
                    39:7a:77:37:94:42:4e:b7:e7:e3:17:91:29:c3:b2:
                    c3:f8:85:d1:84:61:57:5c:b1:bd:0a:1a:ac:2c:4e:
                    b6:6b:bd:5a:27:f9:b4:1b:fd:23:50:c2:1e:ec:ff:
                    00:59:04:f9:6e:79:2b:57:b0:d4:97:7f:93:93:39:
                    24:24:fe:7b:03:8d:1e:c4:e9:ff:2d:43:aa:53:5b:
                    fd:3c:34:d7:36:7f:a4:92:57:9a:f9:cc:6e:f0:86:
                    9f:8c:68:95:27:e7:2c:50:45:29:65:27:2c:55:06:
                    32:bd:3c:a6:fe:b7:d6:e1:f7:79:ef:f7:44:45:d3:
                    95:67:f8:e4:d3:cc:06:06:31:29:ee:61:4a:87:df:
                    df:13:db:00:06:63:9e:ec:3b:7d:15:50:a5:02:f9:
                    61:1d:3b:46:1e:ae:a2:de:a2:51:da:fb:59:5f:64:
                    84:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:21:C4:69:A0:81:5D:33:73:F0:2A:6F:52:D7:A5:AF:3C:F0:D1:DC
            X509v3 Authority Key Identifier:
                keyid:37:4F:6F:3E:3C:B9:73:BA:C8:A4:3F:6C:0B:80:6B:3D:11:C9:AD:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N09vPjy5c7rIpD9sC4BrPRHJrcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/NSHEaaCBXTNz8CpvUtelrzzw0dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/8d1167-0c4d-488f-9a83-c0177dfda847/1/N09vPjy5c7rIpD9sC4BrPRHJrcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.200.0/23
                IPv6:
                  2a06:bd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:14:aa:a9:50:24:29:26:f8:95:e6:21:84:9d:9f:63:68:47:
         9c:a0:68:b4:19:94:e0:09:7b:6b:e8:0f:1f:f0:b9:87:09:3b:
         db:b9:b6:ee:49:95:cc:8c:07:2b:2c:63:f9:b3:33:84:b2:de:
         63:77:c9:46:ac:df:6e:00:00:31:6b:6e:e3:1a:b0:88:21:41:
         a9:14:25:75:38:5b:76:e4:f5:17:ba:cd:d1:0e:d7:1d:92:fb:
         14:6f:7b:24:8f:33:fc:85:8a:e6:76:44:3f:93:19:08:24:ca:
         8e:a3:7e:9d:9b:27:b2:1d:32:4a:b1:b2:e6:49:c7:90:0e:52:
         42:60:9d:1e:46:f1:3a:41:38:7d:6d:85:a7:dc:0b:01:9b:54:
         70:c2:4b:2c:b6:78:bc:69:f0:5d:2e:69:dd:e9:0c:27:28:24:
         3b:13:ce:5b:c0:0a:17:f9:11:df:f1:4a:44:87:01:b8:56:b3:
         95:e6:cb:de:61:c7:fe:f2:c9:4a:f4:8d:bc:31:53:65:1e:3e:
         00:3b:03:f6:fb:9b:83:b0:ac:77:4f:cb:91:25:8c:dc:41:37:
         0a:a7:6c:cd:36:ba:fd:e2:25:dc:dd:bf:a0:29:eb:d2:c2:e1:
         ca:a9:1d:26:9a:60:1a:85:f5:5f:4f:18:0a:9c:e4:e0:6e:2e:
         97:91:31:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY/+rzsA55nU0GVPjf3OM3p5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NGY2ZjNlM2NiOTczYmFjOGE0M2Y2YzBiODA2YjNkMTFj
OWFkYzMwHhcNMjQwNjA5MjAyNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTIxYzQ2OWEwODE1ZDMzNzNmMDJhNmY1MmQ3YTVhZjNjZjBkMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsIlqaWNiqW/VKPlnTjrXt5LOSpC
JGFVUPN/T0LjoOj74jGeCzYER4KoqqpQWdY57/Z10eQO5NzZZP1orOYDJJKr6kh9
iroyEAZSDneU63iNQCjP4zfEdzk5enc3lEJOt+fjF5Epw7LD+IXRhGFXXLG9Chqs
LE62a71aJ/m0G/0jUMIe7P8AWQT5bnkrV7DUl3+TkzkkJP57A40exOn/LUOqU1v9
PDTXNn+kklea+cxu8IafjGiVJ+csUEUpZScsVQYyvTym/rfW4fd57/dERdOVZ/jk
08wGBjEp7mFKh9/fE9sABmOe7Dt9FVClAvlhHTtGHq6i3qJR2vtZX2SEFQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDUhxGmggV0zc/Aqb1LXpa888NHcMB8GA1UdIwQY
MBaAFDdPbz48uXO6yKQ/bAuAaz0Rya3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjA5dlBqeTVjN3JJcEQ5c0M0QnJQUkhKcmNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi84ZDExNjctMGM0ZC00ODhmLTlhODMt
YzAxNzdkZmRhODQ3LzEvTlNIRWFhQ0JYVE56OENwdlV0ZWxyenp3MGR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi84ZDExNjctMGM0ZC00ODhmLTlhODMtYzAxNzdkZmRhODQ3
LzEvTjA5dlBqeTVjN3JJcEQ5c0M0QnJQUkhKcmNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBBRbIMA0E
AgACMAcDBQMqBr1AMA0GCSqGSIb3DQEBCwUAA4IBAQAdFKqpUCQpJviV5iGEnZ9j
aEecoGi0GZTgCXtr6A8f8LmHCTvbubbuSZXMjAcrLGP5szOEst5jd8lGrN9uAAAx
a27jGrCIIUGpFCV1OFt25PUXus3RDtcdkvsUb3skjzP8hYrmdkQ/kxkIJMqOo36d
myeyHTJKsbLmSceQDlJCYJ0eRvE6QTh9bYWn3AsBm1Rwwksstni8afBdLmnd6Qwn
KCQ7E85bwAoX+RHf8UpEhwG4VrOV5sveYcf+8slK9I28MVNlHj4AOwP2+5uDsKx3
T8uRJYzcQTcKp2zNNrr94iXc3b+gKevSwuHKqR0mmmAahfVfTxgKnOTgbi6XkTFF
-----END CERTIFICATE-----