Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/nmmGqRS_EEHan_A6VoKCvqqqPm0.roa
File:                     nmmGqRS_EEHan_A6VoKCvqqqPm0.roa (raw, json)
Hash identifier:          +n1xf8rFYHNw+AUdQGQLYGXSRsxXXkxwq7DH89BqnGw=
Subject key identifier:   9E:69:86:A9:14:BF:10:41:DA:9F:F0:3A:56:82:82:BE:AA:AA:3E:6D
Certificate issuer:       /CN=00e4f6a77368b7cecfe67220b436576b1e008aec
Certificate serial:       018E12FF9D71E02DC30E392532C9A540BB10
Authority key identifier: 00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/nmmGqRS_EEHan_A6VoKCvqqqPm0.roa
Signing time:             Wed 06 Mar 2024 09:02:05 +0000
ROA not before:           Wed 06 Mar 2024 09:02:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210366
IP address blocks:        185.12.213.0/24 maxlen: 24
                          185.12.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:12:ff:9d:71:e0:2d:c3:0e:39:25:32:c9:a5:40:bb:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00e4f6a77368b7cecfe67220b436576b1e008aec
        Validity
            Not Before: Mar  6 09:02:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9e6986a914bf1041da9ff03a568282beaaaa3e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c2:78:a3:b2:92:a6:90:28:99:34:79:37:d6:
                    5b:a4:ab:54:09:a9:3e:4f:7b:10:77:5c:25:51:bf:
                    2a:14:b7:bb:72:77:3f:65:af:9d:4b:ce:f3:9c:91:
                    42:13:d1:d5:82:e0:e7:1b:44:44:05:d0:76:ae:f4:
                    48:5a:9d:ab:1a:89:c3:82:20:69:bc:0e:41:de:e4:
                    b0:0b:15:88:91:ae:56:d5:e9:df:94:1e:10:2f:b3:
                    b2:e3:2a:9c:2b:3d:58:df:cc:3f:3e:3a:04:be:0b:
                    95:e5:25:08:0f:28:96:94:a6:5a:b7:5a:a2:f9:56:
                    68:5a:17:53:d3:43:cb:f6:5d:0b:16:7f:b8:61:04:
                    c1:78:e8:6b:39:b9:2a:ef:34:75:48:44:ec:aa:8f:
                    b9:0d:1f:09:19:2c:5f:77:8d:40:c3:bd:3f:d8:49:
                    2f:4a:f6:17:39:db:a5:b8:89:46:10:6b:e1:ae:a6:
                    1c:17:c3:ec:6a:4a:43:d3:08:61:36:2d:64:28:3e:
                    26:f7:67:f8:a9:88:37:d8:95:2d:bf:c5:5f:c4:aa:
                    29:2a:41:cc:66:cb:b5:f2:76:a7:07:3d:2f:ef:3d:
                    b1:1e:db:d6:25:ce:ad:a1:ad:ce:95:7e:c6:6e:6a:
                    cc:90:37:e1:8b:c8:5a:d1:72:a9:6c:06:3b:c2:db:
                    1c:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:69:86:A9:14:BF:10:41:DA:9F:F0:3A:56:82:82:BE:AA:AA:3E:6D
            X509v3 Authority Key Identifier:
                keyid:00:E4:F6:A7:73:68:B7:CE:CF:E6:72:20:B4:36:57:6B:1E:00:8A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOT2p3Not87P5nIgtDZXax4Aiuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/nmmGqRS_EEHan_A6VoKCvqqqPm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/652da9-afc4-4e20-82fc-b07d8416ae4a/1/AOT2p3Not87P5nIgtDZXax4Aiuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.213.0-185.12.214.255

    Signature Algorithm: sha256WithRSAEncryption
         c6:7f:36:8c:4d:3f:37:8a:7e:4d:36:9a:11:b4:70:a6:81:47:
         04:f3:c6:73:27:d5:a1:f8:72:d7:d8:e2:9c:72:43:b1:a6:8e:
         a8:22:be:3c:f7:fb:e0:0a:56:d9:29:eb:73:77:38:3e:2f:d8:
         6e:26:1e:cc:e1:6c:a0:ce:72:73:05:45:0a:5f:3b:18:cc:2a:
         52:3d:25:88:20:c7:86:90:24:65:22:d7:8a:4e:3b:e1:1c:1d:
         8f:a9:bb:0a:e1:10:da:b8:1b:1f:b5:f6:6b:31:e3:3a:ad:66:
         09:5e:00:f5:f9:6d:51:31:e6:49:1e:7f:11:c9:5c:77:cc:b5:
         c9:78:5b:2e:8d:99:50:5c:85:a6:a4:28:18:b0:01:ad:32:4c:
         97:2b:04:b7:45:b5:c9:82:2e:d6:09:34:93:17:df:ad:0d:f0:
         25:62:05:47:34:b4:d3:be:7e:3e:28:c6:1b:da:d9:59:94:ca:
         01:e6:f6:77:60:90:57:29:2a:7a:fd:16:f4:af:e1:ca:89:a1:
         6e:4b:39:cb:04:10:a0:69:bf:73:8b:36:27:cf:61:f2:5a:ba:
         43:aa:cf:ad:41:bf:86:8b:74:5a:fc:e3:44:1d:23:45:8b:a0:
         07:42:aa:f3:eb:cd:e3:37:2a:7f:54:83:30:c7:53:fe:e8:82:
         6c:b4:06:33
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY4S/51x4C3DDjklMsmlQLsQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTRmNmE3NzM2OGI3Y2VjZmU2NzIyMGI0MzY1NzZiMWUw
MDhhZWMwHhcNMjQwMzA2MDkwMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTY5ODZhOTE0YmYxMDQxZGE5ZmYwM2E1NjgyODJiZWFhYWEzZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8J4o7KSppAomTR5N9ZbpKtUCak+
T3sQd1wlUb8qFLe7cnc/Za+dS87znJFCE9HVguDnG0REBdB2rvRIWp2rGonDgiBp
vA5B3uSwCxWIka5W1enflB4QL7Oy4yqcKz1Y38w/PjoEvguV5SUIDyiWlKZat1qi
+VZoWhdT00PL9l0LFn+4YQTBeOhrObkq7zR1SETsqo+5DR8JGSxfd41Aw70/2Ekv
SvYXOduluIlGEGvhrqYcF8PsakpD0whhNi1kKD4m92f4qYg32JUtv8VfxKopKkHM
Zsu18nanBz0v7z2xHtvWJc6toa3OlX7GbmrMkDfhi8ha0XKpbAY7wtscCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJ5phqkUvxBB2p/wOlaCgr6qqj5tMB8GA1UdIwQY
MBaAFADk9qdzaLfOz+ZyILQ2V2seAIrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMt
YjA3ZDg0MTZhZTRhLzEvbm1tR3FSU19FRUhhbl9BNlZvS0N2cXFxUG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS82NTJkYTktYWZjNC00ZTIwLTgyZmMtYjA3ZDg0MTZhZTRh
LzEvQU9UMnAzTm90ODdQNW5JZ3REWlhheDRBaXV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5DNUD
BAC5DNYwDQYJKoZIhvcNAQELBQADggEBAMZ/NoxNPzeKfk02mhG0cKaBRwTzxnMn
1aH4ctfY4pxyQ7Gmjqgivjz3++AKVtkp63N3OD4v2G4mHszhbKDOcnMFRQpfOxjM
KlI9JYggx4aQJGUi14pOO+EcHY+puwrhENq4Gx+19msx4zqtZgleAPX5bVEx5kke
fxHJXHfMtcl4Wy6NmVBchaakKBiwAa0yTJcrBLdFtcmCLtYJNJMX360N8CViBUc0
tNO+fj4oxhva2VmUygHm9ndgkFcpKnr9FvSv4cqJoW5LOcsEEKBpv3OLNifPYfJa
ukOqz61Bv4aLdFr840QdI0WLoAdCqvPrzeM3Kn9UgzDHU/7ogmy0BjM=
-----END CERTIFICATE-----