Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/6e2ae2-9b3e-4eb8-83d4-c781324b7979/1/NBDtBOyYIeVZCgUyABYxXmjmDrw.roa
File:                     NBDtBOyYIeVZCgUyABYxXmjmDrw.roa (raw, json)
Hash identifier:          mXeCpveYcyiiqTsEUXAF0OZ5HjxPJzvn58nMryszeYs=
Subject key identifier:   34:10:ED:04:EC:98:21:E5:59:0A:05:32:00:16:31:5E:68:E6:0E:BC
Certificate issuer:       /CN=50055ebc3d1c52f17ae65ac292ebe09931009cf6
Certificate serial:       018CC8714DF7C3EAA833D48DF0182843883D
Authority key identifier: 50:05:5E:BC:3D:1C:52:F1:7A:E6:5A:C2:92:EB:E0:99:31:00:9C:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UAVevD0cUvF65lrCkuvgmTEAnPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/6e2ae2-9b3e-4eb8-83d4-c781324b7979/1/NBDtBOyYIeVZCgUyABYxXmjmDrw.roa
Signing time:             Tue 02 Jan 2024 04:31:57 +0000
ROA not before:           Tue 02 Jan 2024 04:31:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44270
IP address blocks:        45.158.232.0/22 maxlen: 22
                          2a0f:6c80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/6e2ae2-9b3e-4eb8-83d4-c781324b7979/1/UAVevD0cUvF65lrCkuvgmTEAnPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/6e2ae2-9b3e-4eb8-83d4-c781324b7979/1/UAVevD0cUvF65lrCkuvgmTEAnPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UAVevD0cUvF65lrCkuvgmTEAnPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:4d:f7:c3:ea:a8:33:d4:8d:f0:18:28:43:88:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50055ebc3d1c52f17ae65ac292ebe09931009cf6
        Validity
            Not Before: Jan  2 04:31:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3410ed04ec9821e5590a05320016315e68e60ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:92:d3:c3:89:b7:af:3a:32:c4:24:e3:52:43:
                    26:b4:d8:a1:e4:5c:fd:59:2f:7a:c4:4a:cc:54:df:
                    b0:81:cc:a3:99:eb:fe:e4:16:0c:19:57:92:1f:6d:
                    a8:d3:6b:e7:9f:34:80:ed:66:87:96:bc:12:e9:f7:
                    13:16:95:7f:23:d5:e5:d1:0b:aa:d0:e5:07:57:1d:
                    1a:36:26:72:9c:94:7e:1b:34:31:13:b0:67:70:1e:
                    b4:e0:ba:c4:95:86:84:a8:02:9d:93:36:b4:00:a2:
                    36:7f:1e:01:23:07:5c:e6:a3:3a:c9:d5:46:77:20:
                    fe:28:ec:a4:e3:3c:37:c9:57:0f:8f:a7:a2:22:d3:
                    0e:61:04:34:fc:46:88:99:52:1b:7c:1a:37:14:c6:
                    96:2e:8f:51:d5:bc:c5:70:c3:ab:0a:d3:33:16:85:
                    60:74:67:da:b2:f8:b4:8e:eb:80:40:a3:ab:00:1a:
                    53:08:3d:c7:6c:38:8a:bd:ce:1c:4a:52:6f:9b:49:
                    e5:3b:7e:eb:c4:7e:b4:49:76:bb:3d:ca:6d:ef:e1:
                    12:dd:96:19:e1:6f:08:f9:64:57:00:ec:47:20:9b:
                    78:c2:e9:97:f1:08:dc:ad:0a:d2:09:a4:46:bd:0c:
                    b5:f8:b2:25:a0:c7:35:c3:4c:48:2e:ba:04:1e:59:
                    0e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:10:ED:04:EC:98:21:E5:59:0A:05:32:00:16:31:5E:68:E6:0E:BC
            X509v3 Authority Key Identifier:
                keyid:50:05:5E:BC:3D:1C:52:F1:7A:E6:5A:C2:92:EB:E0:99:31:00:9C:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UAVevD0cUvF65lrCkuvgmTEAnPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/6e2ae2-9b3e-4eb8-83d4-c781324b7979/1/NBDtBOyYIeVZCgUyABYxXmjmDrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/6e2ae2-9b3e-4eb8-83d4-c781324b7979/1/UAVevD0cUvF65lrCkuvgmTEAnPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.232.0/22
                IPv6:
                  2a0f:6c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:8c:f6:73:6f:81:4b:3c:e9:5a:fe:7f:08:68:04:36:b4:20:
         b7:49:e4:65:1b:d5:f6:f0:7a:3d:fc:a9:6b:70:18:ad:07:d2:
         38:53:4e:52:23:0c:b4:0c:a8:56:1d:32:07:b8:46:e2:90:d0:
         9d:9d:f4:db:85:97:d4:51:5b:41:fb:d2:1e:9d:fc:ec:bd:1e:
         6b:25:bb:16:25:4f:38:a2:be:7b:2c:93:7c:9c:1f:d0:e0:d0:
         45:c7:56:8d:ba:87:1a:c3:74:0f:9c:d3:92:40:8b:dd:44:48:
         ff:f5:b5:84:94:a5:af:cb:74:c6:54:3c:cc:e8:e0:56:a2:82:
         e3:a5:73:48:f1:2d:84:c5:8e:fc:f2:0b:41:1e:20:fd:bd:3a:
         d3:ad:b1:55:d8:7b:18:f3:b7:37:ea:88:24:b6:8a:2e:59:a7:
         e3:fa:34:3d:12:30:39:2e:11:41:4c:a1:e8:a0:1e:af:2c:73:
         1b:2f:74:5d:25:be:a1:f3:b6:c7:0b:b0:83:52:2d:d8:47:01:
         ae:2d:b1:16:c6:c6:ac:05:c3:59:3f:62:78:01:eb:80:94:2c:
         b6:4a:71:8a:31:17:f0:e3:aa:ad:51:72:b4:83:12:00:ec:cf:
         20:bc:53:f6:dd:62:bb:a8:41:59:68:6d:09:4a:46:91:f2:d8:
         7b:29:79:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcU33w+qoM9SN8BgoQ4g9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMDU1ZWJjM2QxYzUyZjE3YWU2NWFjMjkyZWJlMDk5MzEw
MDljZjYwHhcNMjQwMTAyMDQzMTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDEwZWQwNGVjOTgyMWU1NTkwYTA1MzIwMDE2MzE1ZTY4ZTYwZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5LTw4m3rzoyxCTjUkMmtNih5Fz9
WS96xErMVN+wgcyjmev+5BYMGVeSH22o02vnnzSA7WaHlrwS6fcTFpV/I9Xl0Quq
0OUHVx0aNiZynJR+GzQxE7BncB604LrElYaEqAKdkza0AKI2fx4BIwdc5qM6ydVG
dyD+KOyk4zw3yVcPj6eiItMOYQQ0/EaImVIbfBo3FMaWLo9R1bzFcMOrCtMzFoVg
dGfasvi0juuAQKOrABpTCD3HbDiKvc4cSlJvm0nlO37rxH60SXa7Pcpt7+ES3ZYZ
4W8I+WRXAOxHIJt4wumX8QjcrQrSCaRGvQy1+LIloMc1w0xILroEHlkOhwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDQQ7QTsmCHlWQoFMgAWMV5o5g68MB8GA1UdIwQY
MBaAFFAFXrw9HFLxeuZawpLr4JkxAJz2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUFWZXZEMGNVdkY2NWxyQ2t1dmdtVEVBblBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni82ZTJhZTItOWIzZS00ZWI4LTgzZDQt
Yzc4MTMyNGI3OTc5LzEvTkJEdEJPeVlJZVZaQ2dVeUFCWXhYbWptRHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni82ZTJhZTItOWIzZS00ZWI4LTgzZDQtYzc4MTMyNGI3OTc5
LzEvVUFWZXZEMGNVdkY2NWxyQ2t1dmdtVEVBblBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ7oMA0E
AgACMAcDBQMqD2yAMA0GCSqGSIb3DQEBCwUAA4IBAQAEjPZzb4FLPOla/n8IaAQ2
tCC3SeRlG9X28Ho9/KlrcBitB9I4U05SIwy0DKhWHTIHuEbikNCdnfTbhZfUUVtB
+9IenfzsvR5rJbsWJU84or57LJN8nB/Q4NBFx1aNuocaw3QPnNOSQIvdREj/9bWE
lKWvy3TGVDzM6OBWooLjpXNI8S2ExY788gtBHiD9vTrTrbFV2HsY87c36ogktoou
Wafj+jQ9EjA5LhFBTKHooB6vLHMbL3RdJb6h87bHC7CDUi3YRwGuLbEWxsasBcNZ
P2J4AeuAlCy2SnGKMRfw46qtUXK0gxIA7M8gvFP23WK7qEFZaG0JSkaR8th7KXns
-----END CERTIFICATE-----