Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/NgRBstMdQgU-bowpiiu8v5AYiwU.roa
File:                     NgRBstMdQgU-bowpiiu8v5AYiwU.roa (raw, json)
Hash identifier:          24cPOwKLhzzkJPZAKnl+fjMLcyRGsTJxePxh9brzai0=
Subject key identifier:   36:04:41:B2:D3:1D:42:05:3E:6E:8C:29:8A:2B:BC:BF:90:18:8B:05
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       018E15CA9330B92735273328EE404AD0040B
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/NgRBstMdQgU-bowpiiu8v5AYiwU.roa
Signing time:             Wed 06 Mar 2024 22:03:01 +0000
ROA not before:           Wed 06 Mar 2024 22:03:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        45.135.139.0/24 maxlen: 24
                          88.218.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:15:ca:93:30:b9:27:35:27:33:28:ee:40:4a:d0:04:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: Mar  6 22:03:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=360441b2d31d42053e6e8c298a2bbcbf90188b05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:30:b6:ae:7c:53:0b:c1:cc:fe:de:3a:f9:5e:
                    c3:60:91:d5:36:a2:a8:78:33:ea:ba:10:a0:02:e4:
                    63:04:f7:a3:99:b8:74:3b:b9:0d:9d:a0:74:c1:ce:
                    4a:f5:97:22:d0:b8:8d:d0:22:f4:48:63:71:0d:9b:
                    ed:8c:a6:a1:5d:85:b4:86:41:39:95:a8:7f:52:8e:
                    83:01:04:a7:d8:07:dd:97:4d:d0:11:d3:c5:f0:e2:
                    9d:59:8e:3c:28:33:35:ca:27:d0:c0:50:35:c7:33:
                    65:b2:a9:e7:ea:e1:c2:e4:be:3f:ad:b2:7c:e2:af:
                    16:f4:16:b9:45:c8:f8:3b:17:92:fb:26:67:23:90:
                    1a:11:45:37:0a:ef:af:d8:8a:5b:f1:97:21:69:5b:
                    f6:09:61:3f:1d:ba:8c:11:15:83:a3:69:9f:fa:99:
                    a0:db:44:99:d1:cd:94:5c:4a:32:5a:63:eb:2c:e0:
                    df:cc:93:60:18:59:2b:4d:55:7c:ff:ed:57:14:20:
                    f8:01:9b:b0:2f:d1:32:cf:15:9c:6b:de:a7:ea:b7:
                    93:42:b3:c0:64:8d:21:c0:6e:7d:fd:47:6f:db:53:
                    95:d8:90:36:6d:a3:95:02:d0:0b:54:5a:fa:bc:41:
                    0a:93:1f:43:ab:15:08:04:b0:b5:2e:dd:2e:c8:49:
                    7f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:04:41:B2:D3:1D:42:05:3E:6E:8C:29:8A:2B:BC:BF:90:18:8B:05
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/NgRBstMdQgU-bowpiiu8v5AYiwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.139.0/24
                  88.218.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:1c:8a:58:be:2f:43:f3:73:0b:85:93:77:c5:a7:d4:6e:b5:
         ed:99:6b:8a:8d:03:33:55:6c:3b:52:01:52:e9:fe:00:10:19:
         58:2c:b7:91:80:56:b8:7f:d3:55:ae:63:a1:93:85:46:52:3e:
         78:89:0c:8d:2c:e5:a2:16:d6:35:83:a3:5d:3c:29:2e:3a:fe:
         b8:57:53:4c:86:a7:2d:31:e4:fe:19:7a:ca:7f:ac:cd:cc:ce:
         b1:44:17:d2:71:e7:b1:6c:f7:cf:63:ff:3a:1f:dd:5c:ff:49:
         7c:32:a2:00:9a:a1:62:82:23:a2:af:04:ce:55:fd:67:8d:d5:
         e8:c0:3e:8d:56:be:fa:a3:e0:97:cc:53:4d:b0:57:a5:e2:a0:
         b3:bc:4c:0a:e3:86:9f:81:7b:bb:09:bc:64:14:7c:8f:13:4c:
         d6:bb:f2:7a:1b:97:9f:04:b3:5d:cd:61:f1:b4:b5:fe:ce:ed:
         c7:7c:2b:c0:ea:00:4c:3e:4c:39:91:f9:24:19:db:bd:45:e2:
         ba:d8:65:91:b9:72:14:88:e3:2e:0e:a7:2a:8e:a0:c2:d2:c2:
         2d:15:18:74:e0:c9:83:2c:5b:d9:9b:42:5a:86:30:23:14:a9:
         c9:51:da:50:61:3e:cb:6a:0b:60:aa:16:dc:04:0f:88:cc:8f:
         4b:a2:e6:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4VypMwuSc1JzMo7kBK0AQLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjQwMzA2MjIwMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjA0NDFiMmQzMWQ0MjA1M2U2ZThjMjk4YTJiYmNiZjkwMTg4YjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jC2rnxTC8HM/t46+V7DYJHVNqKo
eDPquhCgAuRjBPejmbh0O7kNnaB0wc5K9Zci0LiN0CL0SGNxDZvtjKahXYW0hkE5
lah/Uo6DAQSn2Afdl03QEdPF8OKdWY48KDM1yifQwFA1xzNlsqnn6uHC5L4/rbJ8
4q8W9Ba5Rcj4OxeS+yZnI5AaEUU3Cu+v2Ipb8ZchaVv2CWE/HbqMERWDo2mf+pmg
20SZ0c2UXEoyWmPrLODfzJNgGFkrTVV8/+1XFCD4AZuwL9EyzxWca96n6reTQrPA
ZI0hwG59/Udv21OV2JA2baOVAtALVFr6vEEKkx9DqxUIBLC1Lt0uyEl/xwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDYEQbLTHUIFPm6MKYorvL+QGIsFMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEvTmdSQnN0TWRRZ1UtYm93cGlpdTh2NUFZaXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYeLAwQA
WNpoMA0GCSqGSIb3DQEBCwUAA4IBAQCmHIpYvi9D83MLhZN3xafUbrXtmWuKjQMz
VWw7UgFS6f4AEBlYLLeRgFa4f9NVrmOhk4VGUj54iQyNLOWiFtY1g6NdPCkuOv64
V1NMhqctMeT+GXrKf6zNzM6xRBfSceexbPfPY/86H91c/0l8MqIAmqFigiOirwTO
Vf1njdXowD6NVr76o+CXzFNNsFel4qCzvEwK44afgXu7CbxkFHyPE0zWu/J6G5ef
BLNdzWHxtLX+zu3HfCvA6gBMPkw5kfkkGdu9ReK62GWRuXIUiOMuDqcqjqDC0sIt
FRh04MmDLFvZm0JahjAjFKnJUdpQYT7LagtgqhbcBA+IzI9LouYm
-----END CERTIFICATE-----