Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/8e4518-0dd0-4cbb-ba78-bb86d4ba02de/1/NNNXg75Aj6uLI1haMrYdjm0gQRE.roa
File:                     NNNXg75Aj6uLI1haMrYdjm0gQRE.roa (raw, json)
Hash identifier:          5/Z55oLnEQKaAsh3DDICld+9/ijJDPXWW1Kfr5Eyj2o=
Subject key identifier:   34:D3:57:83:BE:40:8F:AB:8B:23:58:5A:32:B6:1D:8E:6D:20:41:11
Certificate issuer:       /CN=4452633274b1d886a92757f65219c2e7546ecdf5
Certificate serial:       018CC6B8FEB24C3298EFEC099B6DE6476D54
Authority key identifier: 44:52:63:32:74:B1:D8:86:A9:27:57:F6:52:19:C2:E7:54:6E:CD:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFJjMnSx2IapJ1f2UhnC51RuzfU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/8e4518-0dd0-4cbb-ba78-bb86d4ba02de/1/NNNXg75Aj6uLI1haMrYdjm0gQRE.roa
Signing time:             Mon 01 Jan 2024 20:31:01 +0000
ROA not before:           Mon 01 Jan 2024 20:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48294
IP address blocks:        195.137.176.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/8e4518-0dd0-4cbb-ba78-bb86d4ba02de/1/RFJjMnSx2IapJ1f2UhnC51RuzfU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/8e4518-0dd0-4cbb-ba78-bb86d4ba02de/1/RFJjMnSx2IapJ1f2UhnC51RuzfU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFJjMnSx2IapJ1f2UhnC51RuzfU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:fe:b2:4c:32:98:ef:ec:09:9b:6d:e6:47:6d:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4452633274b1d886a92757f65219c2e7546ecdf5
        Validity
            Not Before: Jan  1 20:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34d35783be408fab8b23585a32b61d8e6d204111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ed:66:74:bd:39:de:a0:aa:fa:5f:16:d6:89:
                    23:f3:c7:4c:af:78:9e:c9:74:ae:35:25:2b:9f:f0:
                    a3:39:a2:ae:70:25:ac:61:f8:67:20:08:9d:5e:ed:
                    e6:da:ac:46:ff:94:b2:4a:49:24:79:16:38:fd:c4:
                    d1:60:ac:aa:d4:2d:d0:76:9a:12:28:65:76:71:a6:
                    8e:18:51:93:5a:f0:da:aa:1b:dc:77:22:23:4e:58:
                    2a:12:6f:64:21:cd:5d:58:b7:2d:43:0b:1b:56:cc:
                    95:01:8e:2c:97:b5:e7:72:5f:57:4b:d9:0c:91:de:
                    46:91:3d:32:eb:1c:12:1c:54:37:e5:49:bb:a5:2f:
                    77:e0:35:eb:08:3e:44:55:53:f7:cf:4c:eb:7a:1b:
                    74:35:66:39:a8:21:bd:c8:dc:82:e9:b9:5a:54:76:
                    0c:b2:c2:7f:a3:80:c5:a0:6c:bd:19:a6:11:fb:dc:
                    db:58:e1:4b:78:0f:45:4a:da:97:87:a3:07:bc:0b:
                    bc:8a:96:61:29:67:7b:5f:08:4c:f1:19:30:83:27:
                    3f:0a:1f:95:f0:ac:5a:59:1f:42:96:d2:ee:d8:a3:
                    fb:58:fe:1f:1c:4e:c2:f3:76:f6:11:e2:ca:a1:0d:
                    e8:85:ab:12:31:14:73:77:ed:15:94:a3:c4:1f:69:
                    b8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:D3:57:83:BE:40:8F:AB:8B:23:58:5A:32:B6:1D:8E:6D:20:41:11
            X509v3 Authority Key Identifier:
                keyid:44:52:63:32:74:B1:D8:86:A9:27:57:F6:52:19:C2:E7:54:6E:CD:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFJjMnSx2IapJ1f2UhnC51RuzfU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/8e4518-0dd0-4cbb-ba78-bb86d4ba02de/1/NNNXg75Aj6uLI1haMrYdjm0gQRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/8e4518-0dd0-4cbb-ba78-bb86d4ba02de/1/RFJjMnSx2IapJ1f2UhnC51RuzfU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.137.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:f3:63:b4:b9:3b:59:b6:bf:f8:f5:41:18:42:96:4d:ff:0b:
         bb:3c:95:99:3e:3d:6f:e2:d4:8d:c7:72:88:bc:6c:24:0f:b0:
         81:21:6b:77:b3:6e:91:4a:af:bd:99:4c:08:b3:04:77:0c:aa:
         0a:32:e6:1b:e0:1e:36:2c:a8:3e:f7:de:f1:01:60:01:fc:b1:
         33:d0:e6:9b:2b:a5:74:5e:96:f1:e5:2a:89:69:83:93:2a:5e:
         68:80:cc:09:80:e2:d0:45:d6:a6:95:51:b4:17:32:17:e8:6d:
         ce:62:a9:8e:62:13:62:ef:bf:d3:92:a0:ab:f2:05:ba:e9:2d:
         e2:76:80:5a:8b:d1:ec:88:d5:2d:75:c1:2f:2a:fb:3c:73:64:
         60:9d:ed:c0:0f:2c:7a:e3:9e:8d:fa:51:d0:63:e4:54:76:92:
         c2:de:2f:be:66:4e:d7:32:87:f9:21:4d:9f:57:6f:e2:b1:d3:
         71:fe:34:63:2c:eb:39:ff:b3:cb:59:de:28:c4:c6:31:2b:ec:
         65:1f:c0:7a:a8:6b:c3:37:93:24:19:58:ca:b7:eb:32:ff:98:
         eb:2c:9d:b3:17:31:1e:79:ad:4c:1b:1a:cf:cf:4f:5b:60:fc:
         d2:18:60:87:1c:3b:c7:d4:b0:a8:92:3b:ab:29:c3:c0:35:42:
         c9:09:38:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuP6yTDKY7+wJm23mR21UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTI2MzMyNzRiMWQ4ODZhOTI3NTdmNjUyMTljMmU3NTQ2
ZWNkZjUwHhcNMjQwMTAxMjAzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGQzNTc4M2JlNDA4ZmFiOGIyMzU4NWEzMmI2MWQ4ZTZkMjA0MTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhe1mdL053qCq+l8W1okj88dMr3ie
yXSuNSUrn/CjOaKucCWsYfhnIAidXu3m2qxG/5SySkkkeRY4/cTRYKyq1C3QdpoS
KGV2caaOGFGTWvDaqhvcdyIjTlgqEm9kIc1dWLctQwsbVsyVAY4sl7Xncl9XS9kM
kd5GkT0y6xwSHFQ35Um7pS934DXrCD5EVVP3z0zreht0NWY5qCG9yNyC6blaVHYM
ssJ/o4DFoGy9GaYR+9zbWOFLeA9FStqXh6MHvAu8ipZhKWd7XwhM8Rkwgyc/Ch+V
8KxaWR9CltLu2KP7WP4fHE7C83b2EeLKoQ3ohasSMRRzd+0VlKPEH2m4dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTTV4O+QI+riyNYWjK2HY5tIEERMB8GA1UdIwQY
MBaAFERSYzJ0sdiGqSdX9lIZwudUbs31MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZKak1uU3gySWFwSjFmMlVobkM1MVJ1emZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC84ZTQ1MTgtMGRkMC00Y2JiLWJhNzgt
YmI4NmQ0YmEwMmRlLzEvTk5OWGc3NUFqNnVMSTFoYU1yWWRqbTBnUVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC84ZTQ1MTgtMGRkMC00Y2JiLWJhNzgtYmI4NmQ0YmEwMmRl
LzEvUkZKak1uU3gySWFwSjFmMlVobkM1MVJ1emZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4mwMA0G
CSqGSIb3DQEBCwUAA4IBAQBR82O0uTtZtr/49UEYQpZN/wu7PJWZPj1v4tSNx3KI
vGwkD7CBIWt3s26RSq+9mUwIswR3DKoKMuYb4B42LKg+997xAWAB/LEz0OabK6V0
Xpbx5SqJaYOTKl5ogMwJgOLQRdamlVG0FzIX6G3OYqmOYhNi77/TkqCr8gW66S3i
doBai9HsiNUtdcEvKvs8c2Rgne3ADyx6456N+lHQY+RUdpLC3i++Zk7XMof5IU2f
V2/isdNx/jRjLOs5/7PLWd4oxMYxK+xlH8B6qGvDN5MkGVjKt+sy/5jrLJ2zFzEe
ea1MGxrPz09bYPzSGGCHHDvH1LCokjurKcPANULJCTg4
-----END CERTIFICATE-----