Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NEixMtlCyV11J18hpugPv54aAl4.roa
File:                     NEixMtlCyV11J18hpugPv54aAl4.roa (raw, json)
Hash identifier:          YHp0bh9s0D7/2fWjYanc1WGpcV70n3Mfl07Nudwc2Vw=
Subject key identifier:   34:48:B1:32:D9:42:C9:5D:75:27:5F:21:A6:E8:0F:BF:9E:1A:02:5E
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC70694CA871069D848F91FBA26B3E
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NEixMtlCyV11J18hpugPv54aAl4.roa
Signing time:             Thu 02 Jan 2025 07:48:08 +0000
ROA not before:           Thu 02 Jan 2025 07:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31732
IP address blocks:        188.209.155.0/24 maxlen: 24
                          2001:16c0::/29 maxlen: 29
                          2001:16c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:70:69:4c:a8:71:06:9d:84:8f:91:fb:a2:6b:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3448b132d942c95d75275f21a6e80fbf9e1a025e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2f:7c:ee:56:90:45:d8:de:c1:63:e9:be:2b:
                    a6:62:1f:60:ec:93:a1:62:b3:a0:e2:38:81:cc:af:
                    f2:4e:81:b4:a2:63:37:cd:c7:83:37:2c:83:6c:01:
                    0f:da:af:f5:ca:65:ec:2d:cb:c0:0c:ae:16:8e:30:
                    76:df:19:b1:e7:51:c7:dd:ad:38:18:c6:61:2d:fa:
                    63:61:9f:d5:78:38:83:34:3b:47:37:cb:ff:38:d3:
                    93:5e:ab:e4:73:cb:62:81:ab:76:55:3c:eb:4a:95:
                    79:14:d9:fe:27:c3:c5:c0:4f:c4:4f:19:d0:f7:2c:
                    dd:4c:1a:9a:fa:5c:4c:d9:97:78:84:f2:8c:f3:cc:
                    6a:ed:54:7e:4d:21:1b:25:c4:d6:2c:77:ae:13:46:
                    ce:4d:35:6e:3b:55:b9:25:25:c8:74:45:bd:fd:b7:
                    3d:a5:8e:0a:ee:8c:a2:82:30:c7:77:a2:9f:e3:27:
                    22:bf:d0:46:bf:62:2c:ed:24:6a:06:a3:3b:55:6d:
                    f0:85:33:ed:d4:32:5c:61:f4:7d:4c:90:dd:b6:61:
                    24:9d:d9:0f:a8:0a:a4:c7:61:7f:be:15:20:37:52:
                    f9:48:df:22:e1:b5:f7:ad:12:3b:13:4c:67:f7:ed:
                    11:4c:1f:f4:37:5b:30:75:ea:88:72:f6:fd:74:6e:
                    d3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:48:B1:32:D9:42:C9:5D:75:27:5F:21:A6:E8:0F:BF:9E:1A:02:5E
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/NEixMtlCyV11J18hpugPv54aAl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.155.0/24
                IPv6:
                  2001:16c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         d4:81:88:a1:91:db:f4:dc:87:39:6d:b6:b4:84:ff:aa:76:4b:
         a4:65:c3:c4:6a:ef:b0:49:b3:55:52:13:f6:f7:31:ae:98:9b:
         06:19:9f:c7:43:da:0d:73:a7:c4:73:c6:d0:ca:6b:dc:85:4a:
         a3:a5:82:49:43:54:50:50:0e:e3:b3:26:da:cc:5e:42:b1:8d:
         d8:55:77:94:2c:c6:9e:7d:cf:36:dd:2c:48:24:20:d1:29:8e:
         ab:7d:41:b0:e4:68:88:f9:fc:29:ec:9f:48:a1:60:19:ae:9b:
         3e:7e:e8:39:ba:2e:56:fb:d8:58:36:0e:34:cb:3c:1b:ae:46:
         76:08:da:84:e6:67:ef:b6:ad:ce:c5:b6:8e:d5:08:6e:84:42:
         ff:0c:b3:65:6f:56:89:15:3f:99:78:70:1a:f7:62:5e:be:28:
         ee:63:e2:81:67:14:e6:2b:e4:00:aa:8c:c1:bc:51:f9:d0:c2:
         c2:1f:c1:ed:67:09:9d:fd:ca:b7:49:f8:d2:1e:d5:29:bc:0a:
         70:03:17:b3:82:95:a5:0f:df:88:70:79:b3:70:57:0a:b9:8c:
         c9:f2:f5:ce:aa:b7:70:9c:1b:a6:b5:32:6c:1f:8f:88:62:0c:
         3a:ee:b4:d2:16:0c:9e:3f:5c:77:79:39:31:9d:89:09:da:89:
         21:47:86:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/HBpTKhxBp2Ej5H7oms+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDQ4YjEzMmQ5NDJjOTVkNzUyNzVmMjFhNmU4MGZiZjllMWEwMjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi987laQRdjewWPpviumYh9g7JOh
YrOg4jiBzK/yToG0omM3zceDNyyDbAEP2q/1ymXsLcvADK4WjjB23xmx51HH3a04
GMZhLfpjYZ/VeDiDNDtHN8v/ONOTXqvkc8tigat2VTzrSpV5FNn+J8PFwE/ETxnQ
9yzdTBqa+lxM2Zd4hPKM88xq7VR+TSEbJcTWLHeuE0bOTTVuO1W5JSXIdEW9/bc9
pY4K7oyigjDHd6Kf4yciv9BGv2Is7SRqBqM7VW3whTPt1DJcYfR9TJDdtmEkndkP
qAqkx2F/vhUgN1L5SN8i4bX3rRI7E0xn9+0RTB/0N1swdeqIcvb9dG7TtQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDRIsTLZQslddSdfIaboD7+eGgJeMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvTkVpeE10bEN5VjExSjE4aHB1Z1B2NTRhQWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAvNGbMA0E
AgACMAcDBQMgARbAMA0GCSqGSIb3DQEBCwUAA4IBAQDUgYihkdv03Ic5bba0hP+q
dkukZcPEau+wSbNVUhP29zGumJsGGZ/HQ9oNc6fEc8bQymvchUqjpYJJQ1RQUA7j
sybazF5CsY3YVXeULMaefc823SxIJCDRKY6rfUGw5GiI+fwp7J9IoWAZrps+fug5
ui5W+9hYNg40yzwbrkZ2CNqE5mfvtq3OxbaO1QhuhEL/DLNlb1aJFT+ZeHAa92Je
vijuY+KBZxTmK+QAqozBvFH50MLCH8HtZwmd/cq3SfjSHtUpvApwAxezgpWlD9+I
cHmzcFcKuYzJ8vXOqrdwnBumtTJsH4+IYgw67rTSFgyeP1x3eTkxnYkJ2okhR4ZU
-----END CERTIFICATE-----