Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/37b627-b6b7-4179-8f36-57505b049c68/1/NKB75SgScMM_XXNvHFxveIWhFoY.roa
File:                     NKB75SgScMM_XXNvHFxveIWhFoY.roa (download)
Hash identifier:          uF0/9zfliXl8CQJax2lSAj3s4F+LNOMJ9D/bSM9BvkY=
Subject key identifier:   34:A0:7B:E5:28:12:70:C3:3F:5D:73:6F:1C:5C:6F:78:85:A1:16:86
Certificate issuer:       /CN=187cb647a4739142f9c05162c83a644fd085e994
Certificate serial:       01D02C
Authority key identifier: 18:7C:B6:47:A4:73:91:42:F9:C0:51:62:C8:3A:64:4F:D0:85:E9:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GHy2R6RzkUL5wFFiyDpkT9CF6ZQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/37b627-b6b7-4179-8f36-57505b049c68/1/NKB75SgScMM_XXNvHFxveIWhFoY.roa
ROA valid until:          Jul 01 00:00:00 2023 GMT
asID:                     1239
IP address blocks:
    1: 148.135.208.0/20 maxlen: 24
    2: 148.135.0.0/20 maxlen: 24
    3: 148.135.224.0/20 maxlen: 24
    4: 148.135.16.0/20 maxlen: 24
    5: 148.135.240.0/20 maxlen: 24
    6: 148.135.32.0/20 maxlen: 24
    7: 148.135.160.0/20 maxlen: 24
    8: 148.135.176.0/20 maxlen: 24
    9: 148.135.192.0/20 maxlen: 24
   10: 148.135.96.0/20 maxlen: 24
   11: 148.135.112.0/20 maxlen: 24
   12: 148.135.128.0/20 maxlen: 24
   13: 148.135.144.0/20 maxlen: 24
   14: 148.135.48.0/20 maxlen: 24
   15: 148.135.64.0/20 maxlen: 24
   16: 148.135.80.0/20 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 118828 (0x1d02c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=187cb647a4739142f9c05162c83a644fd085e994
        Validity
            Not Before: Jun 28 15:55:02 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=34a07be5281270c33f5d736f1c5c6f7885a11686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:dd:37:36:5e:60:67:03:c1:e4:6d:b5:78:40:
                    e0:47:76:5c:17:8e:59:23:76:0a:bf:d1:0d:8a:db:
                    5e:97:ba:46:eb:db:2e:bc:9c:24:72:a9:e7:96:ca:
                    98:8b:dd:1a:81:27:38:5a:c7:8e:32:74:cc:4e:6b:
                    41:9f:90:d6:d8:34:c0:88:a6:f4:bb:1c:a5:bf:6f:
                    0d:49:ff:f8:0a:69:8a:06:fc:d6:29:ac:15:bd:91:
                    06:e1:83:c3:72:b8:27:62:c2:55:66:1d:50:37:19:
                    a9:53:c1:72:bc:4d:ab:cc:66:71:1c:f6:6d:d5:af:
                    c6:4c:62:ee:55:db:e3:d3:42:a3:f4:2d:4f:19:73:
                    b5:76:e5:b2:3e:a4:0b:41:cd:70:c8:b4:b5:ae:6f:
                    4e:7c:97:d9:80:91:3a:7f:63:7d:50:30:62:7d:14:
                    0b:5c:1b:4b:33:0d:97:b1:9d:c6:2d:f9:9f:21:f4:
                    7a:81:12:eb:8a:b0:a3:17:23:9c:f9:b0:e9:db:f8:
                    ad:1b:24:b4:3d:e8:66:ab:e3:22:d5:24:a6:e7:8d:
                    e4:51:be:84:40:16:e0:39:82:0d:d7:27:bf:a8:2c:
                    59:ac:e4:a6:d2:c8:24:68:db:86:63:b6:28:0f:82:
                    d5:dd:43:6b:78:0c:29:e5:cb:25:01:c6:8d:ee:a4:
                    d7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                34:A0:7B:E5:28:12:70:C3:3F:5D:73:6F:1C:5C:6F:78:85:A1:16:86
            X509v3 Authority Key Identifier: 
                keyid:18:7C:B6:47:A4:73:91:42:F9:C0:51:62:C8:3A:64:4F:D0:85:E9:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GHy2R6RzkUL5wFFiyDpkT9CF6ZQ.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/37b627-b6b7-4179-8f36-57505b049c68/1/NKB75SgScMM_XXNvHFxveIWhFoY.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/37b627-b6b7-4179-8f36-57505b049c68/1/GHy2R6RzkUL5wFFiyDpkT9CF6ZQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9b:b5:03:4c:d2:78:25:9d:38:a6:8d:25:17:d2:ee:d8:58:8b:
         3b:ec:76:53:99:0c:bd:a6:a0:d4:ca:6b:dd:d6:56:b1:8a:cf:
         13:b9:c2:c8:10:01:96:a1:64:24:1c:10:a9:22:0f:bf:75:9a:
         22:5e:9b:0f:28:fb:84:29:b7:06:84:c0:d1:43:34:ca:9b:9c:
         87:15:d4:9f:27:b9:1f:14:0f:78:5c:1e:60:f7:d6:91:37:6d:
         8c:80:9a:7f:00:97:80:96:b6:bd:3b:dc:f8:ed:7e:09:59:a9:
         f5:e9:a4:12:9a:8a:fd:48:51:b3:86:4c:65:f1:27:bb:9d:a4:
         df:6e:55:c8:72:1f:19:15:93:e8:cb:5e:ed:c5:69:19:82:37:
         7a:d6:8e:e9:00:f8:35:65:50:97:ce:5c:21:07:68:9b:fc:d4:
         04:00:8e:d3:13:2f:68:da:36:bb:39:4b:38:89:88:63:99:33:
         16:7b:97:0d:a1:70:42:2b:64:ff:b2:b7:e5:e5:10:d5:f2:cc:
         59:1d:ff:d0:5a:d5:d9:c5:90:05:10:67:31:95:84:80:54:13:
         43:8c:4d:b0:a0:cf:45:01:c0:50:bc:84:81:cb:d4:27:83:a9:
         ac:e6:c3:9a:2f:5c:69:50:fb:3d:08:2b:d2:94:8a:16:94:af:
         d4:be:96:fe
-----BEGIN CERTIFICATE-----
MIIE7TCCA9WgAwIBAgIDAdAsMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDE4
N2NiNjQ3YTQ3MzkxNDJmOWMwNTE2MmM4M2E2NDRmZDA4NWU5OTQwHhcNMjIwNjI4
MTU1NTAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygzNGEwN2JlNTI4MTI3
MGMzM2Y1ZDczNmYxYzVjNmY3ODg1YTExNjg2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAr903Nl5gZwPB5G21eEDgR3ZcF45ZI3YKv9ENittel7pG69su
vJwkcqnnlsqYi90agSc4WseOMnTMTmtBn5DW2DTAiKb0uxylv28NSf/4CmmKBvzW
KawVvZEG4YPDcrgnYsJVZh1QNxmpU8FyvE2rzGZxHPZt1a/GTGLuVdvj00Kj9C1P
GXO1duWyPqQLQc1wyLS1rm9OfJfZgJE6f2N9UDBifRQLXBtLMw2XsZ3GLfmfIfR6
gRLrirCjFyOc+bDp2/itGyS0Pehmq+Mi1SSm543kUb6EQBbgOYIN1ye/qCxZrOSm
0sgkaNuGY7YoD4LV3UNreAwp5cslAcaN7qTXzwIDAQABo4ICCDCCAgQwHQYDVR0O
BBYEFDSge+UoEnDDP11zbxxcb3iFoRaGMB8GA1UdIwQYMBaAFBh8tkekc5FC+cBR
Ysg6ZE/QhemUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
R0h5MlI2UnprVUw1d0ZGaXlEcGtUOUNGNlpRLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC80MS8zN2I2MjctYjZiNy00MTc5LThmMzYtNTc1MDViMDQ5YzY4LzEv
TktCNzVTZ1NjTU1fWFhOdkhGeHZlSVdoRm9ZLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8z
N2I2MjctYjZiNy00MTc5LThmMzYtNTc1MDViMDQ5YzY4LzEvR0h5MlI2UnprVUw1
d0ZGaXlEcGtUOUNGNlpRLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4G
CCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAlIcwDQYJKoZIhvcNAQELBQADggEB
AJu1A0zSeCWdOKaNJRfS7thYizvsdlOZDL2moNTKa93WVrGKzxO5wsgQAZahZCQc
EKkiD791miJemw8o+4QptwaEwNFDNMqbnIcV1J8nuR8UD3hcHmD31pE3bYyAmn8A
l4CWtr073PjtfglZqfXppBKaiv1IUbOGTGXxJ7udpN9uVchyHxkVk+jLXu3FaRmC
N3rWjukA+DVlUJfOXCEHaJv81AQAjtMTL2jaNrs5SziJiGOZMxZ7lw2hcEIrZP+y
t+XlENXyzFkd/9Ba1dnFkAUQZzGVhIBUE0OMTbCgz0UBwFC8hIHL1CeDqazmw5ov
XGlQ+z0IK9KUihaUr9S+lv4=
-----END CERTIFICATE-----
Generated at Tue Dec 6 17:07:39 2022 by rpki-client.