Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/NOX1V_amwIST73Yw0AZjDpXHyOU.roa
File:                     NOX1V_amwIST73Yw0AZjDpXHyOU.roa (raw, json)
Hash identifier:          89ReqJNy3JAtZ7v/D4/zSWMyrnhlyg+1t+lvQikG8qQ=
Subject key identifier:   34:E5:F5:57:F6:A6:C0:84:93:EF:76:30:D0:06:63:0E:95:C7:C8:E5
Certificate issuer:       /CN=3c1f14d37fbdc87ae7c9c7b9153eaea5d4c5549b
Certificate serial:       0192E324EFF7A6ED60E61213B6F5356E86A2
Authority key identifier: 3C:1F:14:D3:7F:BD:C8:7A:E7:C9:C7:B9:15:3E:AE:A5:D4:C5:54:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/NOX1V_amwIST73Yw0AZjDpXHyOU.roa
Signing time:             Thu 31 Oct 2024 15:15:01 +0000
ROA not before:           Thu 31 Oct 2024 15:15:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215272
IP address blocks:        45.128.205.0/24 maxlen: 24
                          185.251.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e3:24:ef:f7:a6:ed:60:e6:12:13:b6:f5:35:6e:86:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c1f14d37fbdc87ae7c9c7b9153eaea5d4c5549b
        Validity
            Not Before: Oct 31 15:15:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34e5f557f6a6c08493ef7630d006630e95c7c8e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:60:c6:36:cf:55:af:b4:2d:5b:d5:d6:a6:42:
                    17:c7:be:23:6c:4a:e4:11:d7:e0:c1:f8:cc:72:73:
                    aa:fa:29:02:ce:9f:2e:d9:46:21:0c:91:45:be:dd:
                    86:9f:b0:10:7b:4e:f5:d1:8d:43:4d:dc:c2:5f:c4:
                    9c:8b:37:fa:61:7f:62:72:67:d4:58:e5:9c:4a:91:
                    29:83:2a:8e:73:4f:37:7d:76:07:e5:ba:e7:bc:9b:
                    0a:ec:30:6a:c1:6f:73:d2:8f:0b:4f:cb:52:a5:81:
                    f0:03:b3:5c:fe:ad:38:87:b6:a8:94:d1:fb:85:dd:
                    21:76:77:46:d8:9e:57:47:2c:62:c9:a0:ca:47:4e:
                    57:1c:7a:01:15:c4:6c:32:da:7c:67:11:cd:14:b1:
                    47:84:91:1a:73:2f:bd:3b:a6:51:f7:03:b3:e7:ba:
                    bc:bc:ba:c8:93:85:23:7a:c0:d0:eb:a5:f5:66:91:
                    f1:fd:65:bd:d2:8b:c7:22:27:ac:7e:70:c3:1c:f4:
                    c5:b3:f6:9c:b9:07:43:8d:49:89:9e:fe:49:1f:26:
                    87:3a:4f:ac:71:83:c9:4b:5f:3b:73:20:9d:d0:cc:
                    cb:c2:be:13:ab:70:37:a0:01:01:10:f3:8e:0f:5b:
                    05:34:a8:3a:ba:bd:3e:a9:cd:43:af:f4:58:bb:ad:
                    5f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E5:F5:57:F6:A6:C0:84:93:EF:76:30:D0:06:63:0E:95:C7:C8:E5
            X509v3 Authority Key Identifier:
                keyid:3C:1F:14:D3:7F:BD:C8:7A:E7:C9:C7:B9:15:3E:AE:A5:D4:C5:54:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/NOX1V_amwIST73Yw0AZjDpXHyOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.205.0/24
                  185.251.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:be:78:a8:36:2c:87:e2:5e:70:5a:df:07:a1:ef:ac:8b:8c:
         53:33:b3:91:29:5a:e4:68:a9:57:aa:fc:3f:68:3c:15:7a:32:
         5f:9d:a5:57:f1:59:92:2e:68:20:17:a1:60:13:f7:43:39:34:
         b6:a9:f7:98:c6:77:72:dd:24:6e:32:15:e3:32:79:5a:bd:1c:
         f0:d5:07:2c:08:27:ee:aa:78:68:fd:01:e7:ab:59:76:b5:b3:
         46:b7:2e:a6:de:45:2d:f5:5c:07:1d:81:73:09:dc:f6:a1:6a:
         bb:bc:51:1a:b8:83:67:67:6b:1d:6e:b7:63:b2:67:8b:5a:19:
         ec:f5:72:71:db:6d:07:a2:5c:71:c5:ec:fc:5c:fd:c8:cb:c5:
         37:41:89:6e:a8:cf:7a:88:e6:ae:d4:4d:1d:51:a6:a7:7c:4e:
         dd:41:99:b5:8b:70:99:00:9f:aa:22:32:c0:ea:11:76:7a:30:
         cc:be:3e:b6:7e:ab:ea:ed:10:c0:bd:19:1b:c3:b1:64:c9:52:
         ca:95:ff:57:35:93:ee:a2:8b:1f:2b:40:94:91:5f:51:20:43:
         94:35:dc:1c:f7:64:da:b6:10:d6:16:44:66:27:dd:3e:2c:0b:
         48:3c:73:28:6e:22:2a:ce:a5:aa:2e:74:3b:8a:b9:56:11:45:
         c1:85:74:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLjJO/3pu1g5hITtvU1boaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMWYxNGQzN2ZiZGM4N2FlN2M5YzdiOTE1M2VhZWE1ZDRj
NTU0OWIwHhcNMjQxMDMxMTUxNTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGU1ZjU1N2Y2YTZjMDg0OTNlZjc2MzBkMDA2NjMwZTk1YzdjOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GDGNs9Vr7QtW9XWpkIXx74jbErk
EdfgwfjMcnOq+ikCzp8u2UYhDJFFvt2Gn7AQe0710Y1DTdzCX8Scizf6YX9icmfU
WOWcSpEpgyqOc083fXYH5brnvJsK7DBqwW9z0o8LT8tSpYHwA7Nc/q04h7aolNH7
hd0hdndG2J5XRyxiyaDKR05XHHoBFcRsMtp8ZxHNFLFHhJEacy+9O6ZR9wOz57q8
vLrIk4UjesDQ66X1ZpHx/WW90ovHIiesfnDDHPTFs/acuQdDjUmJnv5JHyaHOk+s
cYPJS187cyCd0MzLwr4Tq3A3oAEBEPOOD1sFNKg6ur0+qc1Dr/RYu61ffwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDTl9Vf2psCEk+92MNAGYw6Vx8jlMB8GA1UdIwQY
MBaAFDwfFNN/vch658nHuRU+rqXUxVSbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEI4VTAzLTl5SHJueWNlNUZUNnVwZFRGVkpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMWI3NGMtMTZhYy00ODMxLWI2YzUt
ZjFjNmJmMWU0YmE3LzEvTk9YMVZfYW13SVNUNzNZdzBBWmpEcFhIeU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMWI3NGMtMTZhYy00ODMxLWI2YzUtZjFjNmJmMWU0YmE3
LzEvUEI4VTAzLTl5SHJueWNlNUZUNnVwZFRGVkpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYDNAwQA
ufsmMA0GCSqGSIb3DQEBCwUAA4IBAQBuvnioNiyH4l5wWt8Hoe+si4xTM7ORKVrk
aKlXqvw/aDwVejJfnaVX8VmSLmggF6FgE/dDOTS2qfeYxndy3SRuMhXjMnlavRzw
1QcsCCfuqnho/QHnq1l2tbNGty6m3kUt9VwHHYFzCdz2oWq7vFEauINnZ2sdbrdj
smeLWhns9XJx220Holxxxez8XP3Iy8U3QYluqM96iOau1E0dUaanfE7dQZm1i3CZ
AJ+qIjLA6hF2ejDMvj62fqvq7RDAvRkbw7FkyVLKlf9XNZPuoosfK0CUkV9RIEOU
Ndwc92TathDWFkRmJ90+LAtIPHMobiIqzqWqLnQ7irlWEUXBhXSO
-----END CERTIFICATE-----