Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/NUMD0x30Lb-LPChC4onpJpuJMQo.roa
File:                     NUMD0x30Lb-LPChC4onpJpuJMQo.roa (raw, json)
Hash identifier:          TCkcJ2sgVwWtM6/oNaovAko9HHfB6R663k90JHsP0FE=
Subject key identifier:   35:43:03:D3:1D:F4:2D:BF:8B:3C:28:42:E2:89:E9:26:9B:89:31:0A
Certificate issuer:       /CN=3d16072ca0252fab50658d736ff2c60c1629dc76
Certificate serial:       0191FAF24B9166A0EFDEBFBA4EFA6D2327C5
Authority key identifier: 3D:16:07:2C:A0:25:2F:AB:50:65:8D:73:6F:F2:C6:0C:16:29:DC:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PRYHLKAlL6tQZY1zb_LGDBYp3HY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/NUMD0x30Lb-LPChC4onpJpuJMQo.roa
Signing time:             Mon 16 Sep 2024 13:07:48 +0000
ROA not before:           Mon 16 Sep 2024 13:07:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211611
IP address blocks:        45.86.220.0/24 maxlen: 24
                          91.244.247.0/24 maxlen: 24
                          146.19.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/PRYHLKAlL6tQZY1zb_LGDBYp3HY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/PRYHLKAlL6tQZY1zb_LGDBYp3HY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PRYHLKAlL6tQZY1zb_LGDBYp3HY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:fa:f2:4b:91:66:a0:ef:de:bf:ba:4e:fa:6d:23:27:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d16072ca0252fab50658d736ff2c60c1629dc76
        Validity
            Not Before: Sep 16 13:07:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=354303d31df42dbf8b3c2842e289e9269b89310a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bb:16:ef:00:29:71:fb:12:2d:10:70:9f:c8:
                    74:04:5b:fa:a0:56:09:c9:5b:2e:cc:aa:57:87:d0:
                    76:07:f8:f5:09:51:e4:4a:b7:8e:3a:db:4c:f3:54:
                    94:35:ab:38:37:27:06:70:dc:75:ee:b5:65:b4:47:
                    1e:e8:7c:5d:96:a0:a3:53:7c:36:37:24:8f:d8:ee:
                    d7:75:b4:fb:c0:31:76:67:a4:87:dc:24:d5:d6:d6:
                    3a:36:04:8b:e3:7d:35:e4:3b:6b:71:c6:20:ab:89:
                    53:a4:01:36:bd:4a:95:5a:04:03:1c:d8:d8:25:45:
                    e3:f7:5c:92:3f:b1:23:52:91:b8:17:43:e1:eb:2d:
                    d4:b3:15:2c:ca:0e:46:75:0d:d4:db:42:46:6b:73:
                    88:cf:a5:07:3e:e3:a3:a9:79:7e:56:d2:1c:8a:6a:
                    2c:e5:71:5f:a5:70:15:81:64:c4:3f:54:cf:63:ba:
                    f5:c7:aa:b9:f1:d2:97:93:f1:71:ea:36:6f:23:8a:
                    23:ee:8a:ca:ef:7d:66:ae:0a:7b:e8:3b:d1:91:66:
                    7c:ae:ee:e3:03:32:78:aa:c4:e6:ae:80:56:47:bc:
                    2b:66:4c:7e:3e:77:d3:99:55:e2:0b:33:88:43:5d:
                    98:b2:b2:77:b0:14:25:9b:49:78:fe:14:d7:b8:e4:
                    72:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:43:03:D3:1D:F4:2D:BF:8B:3C:28:42:E2:89:E9:26:9B:89:31:0A
            X509v3 Authority Key Identifier:
                keyid:3D:16:07:2C:A0:25:2F:AB:50:65:8D:73:6F:F2:C6:0C:16:29:DC:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PRYHLKAlL6tQZY1zb_LGDBYp3HY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/NUMD0x30Lb-LPChC4onpJpuJMQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2fbf2c-542f-4c98-99db-a4e5de8ee716/1/PRYHLKAlL6tQZY1zb_LGDBYp3HY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.220.0/24
                  91.244.247.0/24
                  146.19.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:27:48:3c:81:e2:90:69:75:ce:b2:a6:7f:f2:e1:f1:9e:11:
         af:fd:cd:64:4b:ca:fe:8a:45:ed:29:ff:4e:48:5c:b8:1c:ad:
         47:8e:57:cb:fb:b4:8c:62:48:62:f5:2b:cb:07:37:8f:f1:18:
         53:af:b8:0e:56:62:d3:e6:62:5d:c5:64:50:0f:96:f9:05:6a:
         2f:1d:38:32:83:6b:e7:8f:4c:9f:fd:4b:8a:f9:12:60:12:f5:
         99:6f:57:08:2a:bb:ad:84:40:d7:84:d8:3c:fe:0f:39:0b:73:
         13:17:c8:28:b4:67:b5:02:9b:60:bf:11:0f:c8:1a:74:fb:92:
         98:4e:a8:d8:78:84:ec:97:c5:e6:4a:c4:bd:2d:da:94:28:63:
         87:fd:2c:b4:3d:2c:fd:02:76:87:c6:52:99:f9:50:4c:54:8e:
         5e:d3:8b:37:27:aa:bd:0c:20:e0:0b:00:54:b0:19:3e:93:51:
         3b:43:8f:46:50:bb:cc:07:61:ad:f2:02:75:93:e4:20:3d:d9:
         2a:1c:c7:ac:63:ac:33:9d:e7:e4:2d:06:4c:95:c6:88:b8:88:
         2a:fd:cf:e0:dc:8c:38:18:0b:36:8e:55:f0:b0:6d:75:15:f2:
         68:c7:78:62:d3:7c:a9:ad:90:ac:f1:fc:9b:ea:cf:84:f8:3c:
         88:3e:b4:82
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZH68kuRZqDv3r+6TvptIyfFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMTYwNzJjYTAyNTJmYWI1MDY1OGQ3MzZmZjJjNjBjMTYy
OWRjNzYwHhcNMjQwOTE2MTMwNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQzMDNkMzFkZjQyZGJmOGIzYzI4NDJlMjg5ZTkyNjliODkzMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbsW7wApcfsSLRBwn8h0BFv6oFYJ
yVsuzKpXh9B2B/j1CVHkSreOOttM81SUNas4NycGcNx17rVltEce6HxdlqCjU3w2
NySP2O7XdbT7wDF2Z6SH3CTV1tY6NgSL43015DtrccYgq4lTpAE2vUqVWgQDHNjY
JUXj91ySP7EjUpG4F0Ph6y3UsxUsyg5GdQ3U20JGa3OIz6UHPuOjqXl+VtIcimos
5XFfpXAVgWTEP1TPY7r1x6q58dKXk/Fx6jZvI4oj7orK731mrgp76DvRkWZ8ru7j
AzJ4qsTmroBWR7wrZkx+PnfTmVXiCzOIQ12YsrJ3sBQlm0l4/hTXuORyWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDVDA9Md9C2/izwoQuKJ6SabiTEKMB8GA1UdIwQY
MBaAFD0WByygJS+rUGWNc2/yxgwWKdx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFJZSExLQWxMNnRRWlkxemJfTEdEQllwM0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yZmJmMmMtNTQyZi00Yzk4LTk5ZGIt
YTRlNWRlOGVlNzE2LzEvTlVNRDB4MzBMYi1MUENoQzRvbnBKcHVKTVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yZmJmMmMtNTQyZi00Yzk4LTk5ZGItYTRlNWRlOGVlNzE2
LzEvUFJZSExLQWxMNnRRWlkxemJfTEdEQllwM0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVbcAwQA
W/T3AwQAkhOFMA0GCSqGSIb3DQEBCwUAA4IBAQBhJ0g8geKQaXXOsqZ/8uHxnhGv
/c1kS8r+ikXtKf9OSFy4HK1HjlfL+7SMYkhi9SvLBzeP8RhTr7gOVmLT5mJdxWRQ
D5b5BWovHTgyg2vnj0yf/UuK+RJgEvWZb1cIKruthEDXhNg8/g85C3MTF8gotGe1
AptgvxEPyBp0+5KYTqjYeITsl8XmSsS9LdqUKGOH/Sy0PSz9AnaHxlKZ+VBMVI5e
04s3J6q9DCDgCwBUsBk+k1E7Q49GULvMB2Gt8gJ1k+QgPdkqHMesY6wznefkLQZM
lcaIuIgq/c/g3Iw4GAs2jlXwsG11FfJox3hi03yprZCs8fyb6s+E+DyIPrSC
-----END CERTIFICATE-----