Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/NfAx8AXVD91-Lcpq-IJEMrpYon4.roa
File:                     NfAx8AXVD91-Lcpq-IJEMrpYon4.roa (raw, json)
Hash identifier:          PfLM8sC3X7QZXLOXD3U00buTmv3NgoXvA6ch+pPLZ5U=
Subject key identifier:   35:F0:31:F0:05:D5:0F:DD:7E:2D:CA:6A:F8:82:44:32:BA:58:A2:7E
Certificate issuer:       /CN=0265ad94e797135906b3e11a847c8eafd094e745
Certificate serial:       018CC9BCC43936732389FF2D346990D25076
Authority key identifier: 02:65:AD:94:E7:97:13:59:06:B3:E1:1A:84:7C:8E:AF:D0:94:E7:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AmWtlOeXE1kGs-EahHyOr9CU50U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/NfAx8AXVD91-Lcpq-IJEMrpYon4.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51985
IP address blocks:        185.45.172.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/AmWtlOeXE1kGs-EahHyOr9CU50U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/AmWtlOeXE1kGs-EahHyOr9CU50U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AmWtlOeXE1kGs-EahHyOr9CU50U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c4:39:36:73:23:89:ff:2d:34:69:90:d2:50:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0265ad94e797135906b3e11a847c8eafd094e745
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35f031f005d50fdd7e2dca6af8824432ba58a27e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a2:b3:fe:4f:cb:3a:fb:bc:15:07:01:c4:20:
                    0e:7b:05:c1:8c:20:f3:78:2e:5a:46:ac:2a:66:8b:
                    85:a3:39:7f:32:42:0b:48:3f:74:b4:0d:da:66:5f:
                    c1:d4:4f:47:3d:d0:10:3e:a5:20:c3:6c:5a:1c:72:
                    92:ff:ec:98:62:14:e3:f6:c3:75:70:4c:2b:8c:6a:
                    c0:2d:61:fb:ee:77:1a:09:33:f1:ad:9b:78:b0:d9:
                    b0:18:01:9d:80:78:d4:e8:82:9a:b5:44:19:88:53:
                    dc:59:d0:65:0c:09:26:3e:5e:2e:3b:5b:bf:9a:c9:
                    17:66:58:5b:50:02:d0:10:b6:1d:1d:74:4a:1d:da:
                    17:c1:56:1d:f0:6d:70:ba:f5:e4:7e:67:c1:36:5e:
                    5f:2f:23:b0:62:bd:58:23:14:78:c1:6f:7e:5f:41:
                    17:f6:52:e2:59:d7:a5:ad:df:50:fe:b6:94:7d:cf:
                    7b:66:ea:27:7b:4e:a1:cd:8d:10:07:dd:4a:79:b8:
                    86:a1:10:c4:9a:4a:ae:7f:1f:5a:6b:3a:49:cb:56:
                    a1:7d:eb:56:d9:2b:dc:43:3e:6f:76:51:2c:03:ca:
                    77:e0:89:35:53:43:e7:81:96:3b:d7:8f:5d:fa:91:
                    b4:ad:3e:7a:83:56:5a:ce:61:0c:5e:30:2a:fc:d7:
                    13:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:F0:31:F0:05:D5:0F:DD:7E:2D:CA:6A:F8:82:44:32:BA:58:A2:7E
            X509v3 Authority Key Identifier:
                keyid:02:65:AD:94:E7:97:13:59:06:B3:E1:1A:84:7C:8E:AF:D0:94:E7:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AmWtlOeXE1kGs-EahHyOr9CU50U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/NfAx8AXVD91-Lcpq-IJEMrpYon4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/cb28b6-2966-444a-8fbd-97fb900d668b/1/AmWtlOeXE1kGs-EahHyOr9CU50U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.45.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:76:11:54:aa:a3:f5:0d:24:90:4e:b9:9b:48:f8:ac:39:bb:
         54:81:f4:1e:76:cd:eb:6e:d5:c2:87:0e:93:ea:cf:f4:fe:c5:
         c9:56:b5:38:69:65:81:82:dc:d8:36:79:3a:86:29:b5:ba:1a:
         05:b6:32:05:05:de:81:d3:b1:70:a0:25:5f:08:56:3e:64:ee:
         89:cb:f6:a7:7b:eb:4a:e6:22:11:56:0b:8f:ff:7d:34:8f:60:
         a9:38:e9:6a:d7:dd:3f:60:0d:d1:f6:2d:42:32:7d:fd:d3:6a:
         8f:70:06:98:09:6e:f7:0d:40:22:ef:72:5d:ea:21:9a:15:49:
         98:ee:f7:73:07:b6:b9:64:57:c2:ae:83:e0:d8:b6:40:0b:25:
         45:a3:20:f3:f1:8f:95:0b:4a:44:ef:0c:54:19:08:9e:8b:d1:
         07:db:60:e5:04:c7:d3:89:11:ae:fb:49:b7:4f:d1:86:51:8a:
         fc:01:7b:8a:20:65:36:35:04:2a:34:f2:56:fe:a2:8f:2b:39:
         a6:d9:d5:76:df:2e:a6:a5:52:a4:75:cb:4a:5b:f7:16:8e:1a:
         cf:83:41:b1:71:93:50:22:8e:aa:a3:44:65:52:90:62:09:ee:
         f5:6e:f9:38:02:59:74:e2:3a:c8:ad:dd:d4:4b:6a:39:3a:ed:
         ae:f7:35:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvMQ5NnMjif8tNGmQ0lB2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyNjVhZDk0ZTc5NzEzNTkwNmIzZTExYTg0N2M4ZWFmZDA5
NGU3NDUwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWYwMzFmMDA1ZDUwZmRkN2UyZGNhNmFmODgyNDQzMmJhNThhMjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqKz/k/LOvu8FQcBxCAOewXBjCDz
eC5aRqwqZouFozl/MkILSD90tA3aZl/B1E9HPdAQPqUgw2xaHHKS/+yYYhTj9sN1
cEwrjGrALWH77ncaCTPxrZt4sNmwGAGdgHjU6IKatUQZiFPcWdBlDAkmPl4uO1u/
mskXZlhbUALQELYdHXRKHdoXwVYd8G1wuvXkfmfBNl5fLyOwYr1YIxR4wW9+X0EX
9lLiWdelrd9Q/raUfc97Zuone06hzY0QB91KebiGoRDEmkqufx9aazpJy1ahfetW
2SvcQz5vdlEsA8p34Ik1U0PngZY7149d+pG0rT56g1ZazmEMXjAq/NcT4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDXwMfAF1Q/dfi3KaviCRDK6WKJ+MB8GA1UdIwQY
MBaAFAJlrZTnlxNZBrPhGoR8jq/QlOdFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW1XdGxPZVhFMWtHcy1FYWhIeU9yOUNVNTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9jYjI4YjYtMjk2Ni00NDRhLThmYmQt
OTdmYjkwMGQ2NjhiLzEvTmZBeDhBWFZEOTEtTGNwcS1JSkVNcnBZb240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni9jYjI4YjYtMjk2Ni00NDRhLThmYmQtOTdmYjkwMGQ2Njhi
LzEvQW1XdGxPZVhFMWtHcy1FYWhIeU9yOUNVNTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS2sMA0G
CSqGSIb3DQEBCwUAA4IBAQBrdhFUqqP1DSSQTrmbSPisObtUgfQeds3rbtXChw6T
6s/0/sXJVrU4aWWBgtzYNnk6him1uhoFtjIFBd6B07FwoCVfCFY+ZO6Jy/ane+tK
5iIRVguP/300j2CpOOlq190/YA3R9i1CMn3902qPcAaYCW73DUAi73Jd6iGaFUmY
7vdzB7a5ZFfCroPg2LZACyVFoyDz8Y+VC0pE7wxUGQiei9EH22DlBMfTiRGu+0m3
T9GGUYr8AXuKIGU2NQQqNPJW/qKPKzmm2dV23y6mpVKkdctKW/cWjhrPg0GxcZNQ
Io6qo0RlUpBiCe71bvk4All04jrIrd3US2o5Ou2u9zXu
-----END CERTIFICATE-----