Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/Nkr_GlprDZw9lnWd52PmBmd7vrQ.roa
File:                     Nkr_GlprDZw9lnWd52PmBmd7vrQ.roa (raw, json)
Hash identifier:          9YHLm9DxE2hQJ58if++TORCN8vsnbZqNWmb+Zklfpt4=
Subject key identifier:   36:4A:FF:1A:5A:6B:0D:9C:3D:96:75:9D:E7:63:E6:06:67:7B:BE:B4
Certificate issuer:       /CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
Certificate serial:       019425FC277C09A4517AC11A86EF2D93CE83
Authority key identifier: 0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/Nkr_GlprDZw9lnWd52PmBmd7vrQ.roa
Signing time:             Thu 02 Jan 2025 07:47:49 +0000
ROA not before:           Thu 02 Jan 2025 07:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211462
IP address blocks:        185.207.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:27:7c:09:a4:51:7a:c1:1a:86:ef:2d:93:ce:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e91de17437a0025fd1ede10f710f17a3080b3ab
        Validity
            Not Before: Jan  2 07:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=364aff1a5a6b0d9c3d96759de763e606677bbeb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:78:20:d3:83:e1:3b:3b:34:86:cf:91:7d:03:
                    9e:a6:f3:e1:5a:f0:22:77:79:91:f2:1f:fb:32:25:
                    53:e3:a4:98:3f:76:c5:1d:57:cd:77:4f:38:70:d9:
                    c5:37:ff:b6:20:a1:69:17:6e:df:81:c8:70:15:37:
                    e4:ad:7c:cb:8b:71:13:75:30:f7:79:73:1c:fd:d0:
                    8b:09:8f:eb:a1:04:d6:23:4b:32:6a:f9:f4:c7:a4:
                    3d:df:2b:c0:68:63:fd:a7:a2:d1:ad:ed:2c:ba:07:
                    13:25:74:03:3a:d2:7c:7b:04:5c:f7:e1:1d:63:b9:
                    01:c6:08:4c:13:16:7e:8f:b1:39:af:41:8c:df:61:
                    47:23:dd:39:6a:5b:ee:67:a7:76:8d:46:e1:a6:6f:
                    a1:d8:4f:82:88:81:a3:78:94:94:c2:3b:a0:9b:65:
                    f8:9a:fa:03:a5:3c:51:a1:76:a8:6f:c4:a0:5a:48:
                    76:8b:62:23:cd:df:1d:f5:22:87:cb:d8:95:4b:ca:
                    5d:47:d4:f4:af:17:8e:dc:7a:1c:38:a8:ca:66:b9:
                    b2:eb:2e:fb:72:08:27:cd:da:d6:4e:a0:69:d7:98:
                    f2:4b:7c:ad:56:70:d1:01:10:b1:04:75:95:1a:ff:
                    ed:21:c7:5a:02:cc:fd:d1:92:84:64:ff:7d:29:7c:
                    7b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4A:FF:1A:5A:6B:0D:9C:3D:96:75:9D:E7:63:E6:06:67:7B:BE:B4
            X509v3 Authority Key Identifier:
                keyid:0E:91:DE:17:43:7A:00:25:FD:1E:DE:10:F7:10:F1:7A:30:80:B3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/Nkr_GlprDZw9lnWd52PmBmd7vrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/baef57-c484-4523-b14e-88ebbf99780b/1/DpHeF0N6ACX9Ht4Q9xDxejCAs6s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:3a:6d:dd:80:b3:8d:10:aa:64:78:25:e0:23:3e:94:dc:52:
         c5:d6:aa:8c:57:51:9b:31:88:b0:91:69:07:67:ce:30:a9:7a:
         6f:a6:b2:e4:db:97:1b:db:56:e5:2b:58:3f:5d:38:f3:0c:1c:
         a7:8a:82:47:91:9a:60:b8:cc:fb:ed:33:e1:ab:9b:44:31:1a:
         bd:51:3c:b5:51:da:ce:52:e4:95:89:14:d8:e3:28:f1:c6:a0:
         1b:92:a2:95:73:36:cf:78:f4:e8:2a:e2:84:db:44:90:50:97:
         4e:04:3e:3d:96:37:3e:ea:ef:da:f6:af:c2:b3:5f:32:68:e1:
         70:77:6c:37:dc:61:4a:77:6d:e5:6d:82:0f:6f:51:f8:72:c5:
         6f:09:ae:81:81:40:ce:48:24:c6:c7:55:cb:6f:dd:66:6e:42:
         da:79:91:7f:86:0f:9f:31:72:ae:3e:c1:0f:68:a0:e9:cd:46:
         5f:c3:9d:87:c9:ea:73:e7:db:66:b6:2d:92:de:1d:b1:57:11:
         d7:c6:32:c9:6a:67:f1:8d:b9:67:07:63:b6:63:19:41:07:57:
         38:ce:26:5c:e2:08:d3:3e:eb:d4:83:75:4e:82:34:e8:de:d4:
         40:07:4d:58:32:11:50:ec:78:6d:39:70:8b:59:33:27:25:b8:
         80:6d:b9:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Cd8CaRResEahu8tk86DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlOTFkZTE3NDM3YTAwMjVmZDFlZGUxMGY3MTBmMTdhMzA4
MGIzYWIwHhcNMjUwMTAyMDc0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjRhZmYxYTVhNmIwZDljM2Q5Njc1OWRlNzYzZTYwNjY3N2JiZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXgg04PhOzs0hs+RfQOepvPhWvAi
d3mR8h/7MiVT46SYP3bFHVfNd084cNnFN/+2IKFpF27fgchwFTfkrXzLi3ETdTD3
eXMc/dCLCY/roQTWI0syavn0x6Q93yvAaGP9p6LRre0sugcTJXQDOtJ8ewRc9+Ed
Y7kBxghMExZ+j7E5r0GM32FHI905alvuZ6d2jUbhpm+h2E+CiIGjeJSUwjugm2X4
mvoDpTxRoXaob8SgWkh2i2Ijzd8d9SKHy9iVS8pdR9T0rxeO3HocOKjKZrmy6y77
cggnzdrWTqBp15jyS3ytVnDRARCxBHWVGv/tIcdaAsz90ZKEZP99KXx7zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZK/xpaaw2cPZZ1nedj5gZne760MB8GA1UdIwQY
MBaAFA6R3hdDegAl/R7eEPcQ8XowgLOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUt
ODhlYmJmOTk3ODBiLzEvTmtyX0dscHJEWnc5bG5XZDUyUG1CbWQ3dnJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9iYWVmNTctYzQ4NC00NTIzLWIxNGUtODhlYmJmOTk3ODBi
LzEvRHBIZUYwTjZBQ1g5SHQ0UTl4RHhlakNBczZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc99MA0G
CSqGSIb3DQEBCwUAA4IBAQClOm3dgLONEKpkeCXgIz6U3FLF1qqMV1GbMYiwkWkH
Z84wqXpvprLk25cb21blK1g/XTjzDBynioJHkZpguMz77TPhq5tEMRq9UTy1UdrO
UuSViRTY4yjxxqAbkqKVczbPePToKuKE20SQUJdOBD49ljc+6u/a9q/Cs18yaOFw
d2w33GFKd23lbYIPb1H4csVvCa6BgUDOSCTGx1XLb91mbkLaeZF/hg+fMXKuPsEP
aKDpzUZfw52Hyepz59tmti2S3h2xVxHXxjLJamfxjblnB2O2YxlBB1c4ziZc4gjT
PuvUg3VOgjTo3tRAB01YMhFQ7HhtOXCLWTMnJbiAbblQ
-----END CERTIFICATE-----