Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/N-v_NdPZrcgYjvu-qzkdBO7YVmQ.roa
File:                     N-v_NdPZrcgYjvu-qzkdBO7YVmQ.roa (raw, json)
Hash identifier:          UdC/p/1QaYwUUIZo3puYrn3LG21oU0QXS0nHCiclHVI=
Subject key identifier:   37:EB:FF:35:D3:D9:AD:C8:18:8E:FB:BE:AB:39:1D:04:EE:D8:56:64
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB3461015B8BDF1C3E6C9203CB0236
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/N-v_NdPZrcgYjvu-qzkdBO7YVmQ.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204872
IP address blocks:        45.15.244.0/22 maxlen: 22
                          45.150.180.0/22 maxlen: 22
                          195.216.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:34:61:01:5b:8b:df:1c:3e:6c:92:03:cb:02:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37ebff35d3d9adc8188efbbeab391d04eed85664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e8:76:c5:49:74:71:f4:bc:c7:31:33:ff:37:
                    2a:f2:9e:33:0e:00:f8:97:96:84:41:45:66:34:fa:
                    8f:e7:03:5c:33:a8:f1:67:34:17:64:6d:24:e6:56:
                    58:01:d0:6a:8a:7f:dd:59:4e:9b:5b:5a:c9:f7:83:
                    67:b8:2a:6e:2d:3c:7f:5e:00:de:ae:f6:99:5b:01:
                    90:fa:4c:5e:43:32:1f:c9:4d:7f:63:1d:8b:4a:a6:
                    64:97:4a:6c:18:a5:a7:70:ee:49:c9:73:4e:51:16:
                    f2:ea:99:a7:c1:6e:93:b7:bd:b5:2b:ae:55:e2:65:
                    e6:69:1a:d0:1a:30:65:b0:e2:98:12:d8:2c:f7:d4:
                    bd:65:16:30:05:6b:22:ea:a4:13:d4:3e:b3:f4:e5:
                    60:6b:b1:84:3e:88:a5:85:c7:fd:63:ec:98:64:e8:
                    1c:38:bb:bb:9b:d8:90:e0:c2:76:d7:5a:64:d8:d2:
                    8c:1c:1a:c1:c0:d1:bc:5c:2e:90:e7:c9:68:c9:c1:
                    83:37:55:3b:7e:90:06:0b:a8:a1:09:6b:1e:ef:33:
                    0c:b2:76:61:ef:3d:25:e3:ad:b3:e2:b4:41:79:0e:
                    4e:36:49:63:b5:f9:87:5f:10:19:9a:92:36:ce:38:
                    45:f3:45:a9:57:f2:26:f0:9c:0a:d1:26:50:67:20:
                    3c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:EB:FF:35:D3:D9:AD:C8:18:8E:FB:BE:AB:39:1D:04:EE:D8:56:64
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/N-v_NdPZrcgYjvu-qzkdBO7YVmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.244.0/22
                  45.150.180.0/22
                  195.216.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:44:62:90:91:ce:40:76:ce:37:4e:0b:c5:f9:5a:42:0a:82:
         f3:26:9a:22:f8:ca:74:b0:fc:02:0f:99:a2:9d:80:11:b9:37:
         a6:c1:9e:c7:10:49:77:8d:52:c7:b3:43:a4:60:ed:54:64:f2:
         17:cf:5b:42:85:99:9a:e3:43:e6:2f:c3:d4:8e:de:98:e4:12:
         6f:11:52:ae:9b:4f:9d:cc:1f:df:f6:32:9a:8f:f5:a2:d4:d6:
         1f:b7:3b:58:a8:dd:d1:e2:be:5e:39:a3:71:9d:7f:23:4e:9f:
         7f:44:7c:db:ac:fd:c8:87:06:5c:e6:07:47:c3:bc:2d:49:9f:
         cb:20:37:f1:b9:40:54:c8:c4:3d:c4:8a:f7:fe:05:17:c6:e3:
         d1:b7:4e:38:a6:21:30:dc:2e:d8:27:e0:32:38:1a:bc:93:72:
         8c:d9:f7:84:89:5e:77:33:76:3b:e0:16:04:d4:c9:a8:23:83:
         fb:3c:78:53:5c:11:41:6c:f6:27:7d:66:c1:60:dd:42:64:22:
         c4:b0:e3:95:b5:a5:2e:ff:cf:1e:64:6d:e1:ac:ed:07:3a:60:
         ef:df:8d:ac:04:53:be:f5:09:5c:99:b7:40:d5:7d:12:fa:b1:
         5f:f0:5c:9d:51:14:61:d7:04:56:dd:a8:e0:64:be:83:3a:dc:
         a1:e1:84:b3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2zRhAVuL3xw+bJIDywI2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2ViZmYzNWQzZDlhZGM4MTg4ZWZiYmVhYjM5MWQwNGVlZDg1NjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOh2xUl0cfS8xzEz/zcq8p4zDgD4
l5aEQUVmNPqP5wNcM6jxZzQXZG0k5lZYAdBqin/dWU6bW1rJ94NnuCpuLTx/XgDe
rvaZWwGQ+kxeQzIfyU1/Yx2LSqZkl0psGKWncO5JyXNOURby6pmnwW6Tt721K65V
4mXmaRrQGjBlsOKYEtgs99S9ZRYwBWsi6qQT1D6z9OVga7GEPoilhcf9Y+yYZOgc
OLu7m9iQ4MJ211pk2NKMHBrBwNG8XC6Q58loycGDN1U7fpAGC6ihCWse7zMMsnZh
7z0l462z4rRBeQ5ONkljtfmHXxAZmpI2zjhF80WpV/Im8JwK0SZQZyA8nwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDfr/zXT2a3IGI77vqs5HQTu2FZkMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvTi12X05kUFpyY2dZanZ1LXF6a2RCTzdZVm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLQ/0AwQC
LZa0AwQCw9icMA0GCSqGSIb3DQEBCwUAA4IBAQArRGKQkc5Ads43TgvF+VpCCoLz
Jpoi+Mp0sPwCD5minYARuTemwZ7HEEl3jVLHs0OkYO1UZPIXz1tChZma40PmL8PU
jt6Y5BJvEVKum0+dzB/f9jKaj/Wi1NYftztYqN3R4r5eOaNxnX8jTp9/RHzbrP3I
hwZc5gdHw7wtSZ/LIDfxuUBUyMQ9xIr3/gUXxuPRt044piEw3C7YJ+AyOBq8k3KM
2feEiV53M3Y74BYE1MmoI4P7PHhTXBFBbPYnfWbBYN1CZCLEsOOVtaUu/88eZG3h
rO0HOmDv342sBFO+9QlcmbdA1X0S+rFf8FydURRh1wRW3ajgZL6DOtyh4YSz
-----END CERTIFICATE-----