Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/nUmPjXZY7vELeJbtwNRqt_OjKpk.roa
File:                     nUmPjXZY7vELeJbtwNRqt_OjKpk.roa (raw, json)
Hash identifier:          1QexfDPxmAJDlAV9Q3JgiUiVKvHUyV8BeupQEICCEAw=
Subject key identifier:   9D:49:8F:8D:76:58:EE:F1:0B:78:96:ED:C0:D4:6A:B7:F3:A3:2A:99
Certificate issuer:       /CN=cc1557b2c3adfbb25d37ea2a2dfd19b2d4ea510e
Certificate serial:       018CC2DB52BE91191BA21B1B3AD36856E510
Authority key identifier: CC:15:57:B2:C3:AD:FB:B2:5D:37:EA:2A:2D:FD:19:B2:D4:EA:51:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/nUmPjXZY7vELeJbtwNRqt_OjKpk.roa
Signing time:             Mon 01 Jan 2024 02:30:02 +0000
ROA not before:           Mon 01 Jan 2024 02:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        145.250.128.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:02:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:52:be:91:19:1b:a2:1b:1b:3a:d3:68:56:e5:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc1557b2c3adfbb25d37ea2a2dfd19b2d4ea510e
        Validity
            Not Before: Jan  1 02:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d498f8d7658eef10b7896edc0d46ab7f3a32a99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2c:cb:93:07:1f:9c:f9:49:c0:46:71:60:90:
                    3e:f8:6c:43:b1:a7:eb:fd:fb:69:57:86:65:76:ae:
                    af:24:f0:56:62:8b:06:92:29:f2:9c:60:44:16:2b:
                    21:b6:ea:01:37:56:c2:41:b6:65:0a:73:e1:d8:14:
                    82:f7:75:db:92:5a:51:1f:81:51:de:57:12:2b:88:
                    cb:4c:f2:6f:f0:f1:ab:6e:36:81:90:7d:87:04:6c:
                    0a:97:0b:09:ed:f7:91:af:c9:b5:74:74:fe:30:39:
                    09:ec:05:73:3a:28:a1:7d:f5:62:3f:48:c2:d5:64:
                    34:df:98:f3:e5:bc:d4:09:c7:ab:da:fc:ea:a3:36:
                    1a:65:a8:25:e8:e5:cb:e4:4a:af:ec:1b:6f:09:e6:
                    af:9f:06:72:97:43:b7:66:43:2e:cb:f9:bb:43:48:
                    58:db:d3:20:bf:9b:1d:65:4d:5f:3a:20:61:13:ae:
                    ba:0a:5e:2c:32:b1:04:a5:8d:96:bf:22:9e:bd:c2:
                    55:d4:53:1e:23:6c:4a:81:5f:55:95:50:bc:43:c9:
                    c9:b6:46:cf:b1:c2:dd:85:5e:c9:58:f4:e2:95:ed:
                    46:68:f4:09:61:bb:77:4a:49:48:93:20:7a:1d:15:
                    f0:1a:cf:29:b7:9f:09:46:d2:12:fc:53:ad:3e:f5:
                    12:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:49:8F:8D:76:58:EE:F1:0B:78:96:ED:C0:D4:6A:B7:F3:A3:2A:99
            X509v3 Authority Key Identifier:
                keyid:CC:15:57:B2:C3:AD:FB:B2:5D:37:EA:2A:2D:FD:19:B2:D4:EA:51:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zBVXssOt-7JdN-oqLf0ZstTqUQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/nUmPjXZY7vELeJbtwNRqt_OjKpk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e25ef5-67bf-463b-858b-a56dc50121dd/1/zBVXssOt-7JdN-oqLf0ZstTqUQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.250.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         1b:44:77:22:65:f1:fc:54:ea:ae:eb:31:0b:f2:ef:92:71:a1:
         12:64:9d:3f:83:64:f4:e6:e7:14:07:80:e6:63:7a:61:95:f8:
         e3:c9:4b:d8:da:26:13:fb:16:ab:1c:47:97:c2:26:9e:c4:df:
         48:4f:81:8e:8d:c2:ab:40:be:1d:a6:55:f9:63:fc:53:71:77:
         9c:a4:70:4e:ec:37:8c:6e:9d:fe:23:e4:6c:01:47:fa:9b:47:
         a7:e8:28:06:e1:6b:26:d3:5f:28:9d:dd:b8:05:1b:7c:79:42:
         71:25:c9:6d:48:9f:4d:5c:79:56:58:68:0b:6d:46:32:84:57:
         c6:e4:dc:1c:52:8c:fc:03:5d:f7:90:69:c2:4f:cd:31:02:27:
         74:d1:db:60:71:37:31:e0:cf:24:a3:75:be:86:9d:93:99:79:
         9e:2f:7c:34:38:e2:43:4c:5b:62:7d:9e:7e:05:11:ad:c6:50:
         5b:52:b9:96:33:f1:bf:8a:1c:9b:bc:a0:01:66:ca:65:42:27:
         6e:40:5b:fe:bb:23:7b:ef:d0:b0:c8:91:18:ab:41:0a:92:cf:
         30:16:90:7c:e2:d4:20:c4:b9:00:64:59:3b:74:9b:56:30:c9:
         ed:5b:5e:31:14:00:30:89:e6:db:15:91:29:dc:4d:0b:bb:c4:
         7c:c7:2b:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC21K+kRkbohsbOtNoVuUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMTU1N2IyYzNhZGZiYjI1ZDM3ZWEyYTJkZmQxOWIyZDRl
YTUxMGUwHhcNMjQwMTAxMDIzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQ5OGY4ZDc2NThlZWYxMGI3ODk2ZWRjMGQ0NmFiN2YzYTMyYTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSzLkwcfnPlJwEZxYJA++GxDsafr
/ftpV4Zldq6vJPBWYosGkinynGBEFishtuoBN1bCQbZlCnPh2BSC93XbklpRH4FR
3lcSK4jLTPJv8PGrbjaBkH2HBGwKlwsJ7feRr8m1dHT+MDkJ7AVzOiihffViP0jC
1WQ035jz5bzUCcer2vzqozYaZagl6OXL5Eqv7BtvCeavnwZyl0O3ZkMuy/m7Q0hY
29Mgv5sdZU1fOiBhE666Cl4sMrEEpY2WvyKevcJV1FMeI2xKgV9VlVC8Q8nJtkbP
scLdhV7JWPTile1GaPQJYbt3SklIkyB6HRXwGs8pt58JRtIS/FOtPvUS5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1Jj412WO7xC3iW7cDUarfzoyqZMB8GA1UdIwQY
MBaAFMwVV7LDrfuyXTfqKi39GbLU6lEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekJWWHNzT3QtN0pkTi1vcUxmMFpzdFRxVVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9lMjVlZjUtNjdiZi00NjNiLTg1OGIt
YTU2ZGM1MDEyMWRkLzEvblVtUGpYWlk3dkVMZUpidHdOUnF0X09qS3BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9lMjVlZjUtNjdiZi00NjNiLTg1OGItYTU2ZGM1MDEyMWRk
LzEvekJWWHNzT3QtN0pkTi1vcUxmMFpzdFRxVVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHkfqAMA0G
CSqGSIb3DQEBCwUAA4IBAQAbRHciZfH8VOqu6zEL8u+ScaESZJ0/g2T05ucUB4Dm
Y3phlfjjyUvY2iYT+xarHEeXwiaexN9IT4GOjcKrQL4dplX5Y/xTcXecpHBO7DeM
bp3+I+RsAUf6m0en6CgG4Wsm018ond24BRt8eUJxJcltSJ9NXHlWWGgLbUYyhFfG
5NwcUoz8A133kGnCT80xAid00dtgcTcx4M8ko3W+hp2TmXmeL3w0OOJDTFtifZ5+
BRGtxlBbUrmWM/G/ihybvKABZsplQiduQFv+uyN779CwyJEYq0EKks8wFpB84tQg
xLkAZFk7dJtWMMntW14xFAAwiebbFZEp3E0Lu8R8xyt5
-----END CERTIFICATE-----