Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/nbxUHEZP7nLPsSWUzZlv-6zoI8E.roa
File:                     nbxUHEZP7nLPsSWUzZlv-6zoI8E.roa (raw, json)
Hash identifier:          b2RlxLzrg3Jt5vsvNFiprNhu9Bg/P/h2jB1aLvcyUR4=
Subject key identifier:   9D:BC:54:1C:46:4F:EE:72:CF:B1:25:94:CD:99:6F:FB:AC:E8:23:C1
Certificate issuer:       /CN=8e3f1663996be1707611fdce1ddea8920dd398a3
Certificate serial:       01941FFAAB4C46566828CA45545C5390B233
Authority key identifier: 8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/nbxUHEZP7nLPsSWUzZlv-6zoI8E.roa
Signing time:             Wed 01 Jan 2025 03:48:29 +0000
ROA not before:           Wed 01 Jan 2025 03:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64286
IP address blocks:        45.139.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ab:4c:46:56:68:28:ca:45:54:5c:53:90:b2:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e3f1663996be1707611fdce1ddea8920dd398a3
        Validity
            Not Before: Jan  1 03:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9dbc541c464fee72cfb12594cd996ffbace823c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c6:c9:f5:81:d9:8c:73:d5:e5:64:f6:7c:1a:
                    c5:f8:47:c7:f7:4c:0f:bb:d4:55:7e:88:12:25:a5:
                    fe:61:3f:b4:45:af:6a:89:28:4e:cb:10:d0:6b:20:
                    48:7d:7f:90:91:c7:e6:83:80:96:ce:b3:d4:e2:b2:
                    e6:66:b7:5a:d2:c9:12:45:13:dd:ff:68:6f:34:95:
                    9d:f1:13:0f:b8:03:9e:95:c1:67:e1:73:57:2a:7b:
                    52:4a:c1:7c:f2:f0:21:5c:b5:3d:6a:38:17:21:db:
                    a6:27:cc:82:64:7d:4b:e9:40:3d:e7:a8:be:c6:9f:
                    6f:de:29:cb:8a:90:13:81:49:de:2e:25:16:e2:d8:
                    ea:55:a1:0f:48:e2:9f:7d:aa:01:5c:a9:85:c0:9d:
                    50:91:cb:08:b0:cb:0d:e9:dc:d9:16:bf:a7:22:32:
                    f9:60:36:76:06:b2:e3:42:54:52:ef:1d:7e:c5:81:
                    8b:97:b8:03:f1:7d:72:55:a2:bf:61:3a:71:bd:0a:
                    98:2f:19:e6:ac:55:f7:e6:5d:4f:11:2b:28:cf:f2:
                    54:2c:46:62:28:c5:6c:48:64:a1:73:6d:de:7c:25:
                    06:10:e4:a2:44:1d:0a:35:d0:b3:47:a1:15:0c:d7:
                    59:dc:54:83:7e:8a:fa:25:a8:13:b1:4a:7b:ac:ae:
                    50:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:BC:54:1C:46:4F:EE:72:CF:B1:25:94:CD:99:6F:FB:AC:E8:23:C1
            X509v3 Authority Key Identifier:
                keyid:8E:3F:16:63:99:6B:E1:70:76:11:FD:CE:1D:DE:A8:92:0D:D3:98:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jj8WY5lr4XB2Ef3OHd6okg3TmKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/nbxUHEZP7nLPsSWUzZlv-6zoI8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cd97cc-ce2b-4264-9e79-c8f9be7d19df/1/jj8WY5lr4XB2Ef3OHd6okg3TmKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e5:b5:5f:d8:1c:a2:05:25:1b:99:0b:83:d5:59:a3:39:72:a8:
         2d:1b:46:86:87:56:52:b0:1e:ba:46:26:d5:7b:61:31:94:9d:
         9c:f1:6d:d6:3b:93:86:16:47:e0:0a:f7:fe:23:82:da:29:36:
         95:d4:c9:e1:d4:77:f0:81:60:c3:cd:bf:97:59:fa:b5:04:46:
         ee:54:51:55:fe:f6:ae:dd:df:38:7a:1d:24:6a:b6:a2:54:b4:
         98:2c:a2:da:cf:c6:d6:c6:78:8c:bd:5b:d2:66:1b:da:62:59:
         39:20:73:98:ae:eb:eb:fe:c7:51:71:f9:57:af:79:32:53:be:
         bd:6f:de:3a:d5:88:ce:78:91:be:c6:a8:6e:5d:a6:c8:c6:27:
         a5:06:01:32:db:a4:22:48:dd:4c:56:b3:66:40:31:ca:8d:7d:
         5e:5f:e8:0d:ea:52:39:22:a0:77:f9:67:18:6b:e9:6b:77:f0:
         27:c3:7f:c2:e7:b0:bb:54:73:d2:39:23:18:8b:06:0b:48:67:
         15:3f:dc:8e:a6:f0:f4:37:b5:2e:bb:fa:f1:57:92:c7:a9:c3:
         07:0d:9a:43:32:33:d4:dc:4d:84:6a:52:e2:4d:90:cc:09:0d:
         ce:13:c2:3b:52:3c:2b:b9:b1:cd:45:ff:42:ae:ac:31:be:00:
         58:42:28:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+qtMRlZoKMpFVFxTkLIzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlM2YxNjYzOTk2YmUxNzA3NjExZmRjZTFkZGVhODkyMGRk
Mzk4YTMwHhcNMjUwMTAxMDM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGJjNTQxYzQ2NGZlZTcyY2ZiMTI1OTRjZDk5NmZmYmFjZTgyM2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8bJ9YHZjHPV5WT2fBrF+EfH90wP
u9RVfogSJaX+YT+0Ra9qiShOyxDQayBIfX+Qkcfmg4CWzrPU4rLmZrda0skSRRPd
/2hvNJWd8RMPuAOelcFn4XNXKntSSsF88vAhXLU9ajgXIdumJ8yCZH1L6UA956i+
xp9v3inLipATgUneLiUW4tjqVaEPSOKffaoBXKmFwJ1QkcsIsMsN6dzZFr+nIjL5
YDZ2BrLjQlRS7x1+xYGLl7gD8X1yVaK/YTpxvQqYLxnmrFX35l1PESsoz/JULEZi
KMVsSGShc23efCUGEOSiRB0KNdCzR6EVDNdZ3FSDfor6JagTsUp7rK5QGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ28VBxGT+5yz7EllM2Zb/us6CPBMB8GA1UdIwQY
MBaAFI4/FmOZa+FwdhH9zh3eqJIN05ijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzkt
YzhmOWJlN2QxOWRmLzEvbmJ4VUhFWlA3bkxQc1NXVXpabHYtNnpvSThFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jZDk3Y2MtY2UyYi00MjY0LTllNzktYzhmOWJlN2QxOWRm
LzEvamo4V1k1bHI0WEIyRWYzT0hkNm9rZzNUbUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYvSMA0G
CSqGSIb3DQEBCwUAA4IBAQDltV/YHKIFJRuZC4PVWaM5cqgtG0aGh1ZSsB66RibV
e2ExlJ2c8W3WO5OGFkfgCvf+I4LaKTaV1Mnh1HfwgWDDzb+XWfq1BEbuVFFV/vau
3d84eh0karaiVLSYLKLaz8bWxniMvVvSZhvaYlk5IHOYruvr/sdRcflXr3kyU769
b9461YjOeJG+xqhuXabIxielBgEy26QiSN1MVrNmQDHKjX1eX+gN6lI5IqB3+WcY
a+lrd/Anw3/C57C7VHPSOSMYiwYLSGcVP9yOpvD0N7Uuu/rxV5LHqcMHDZpDMjPU
3E2EalLiTZDMCQ3OE8I7UjwrubHNRf9CrqwxvgBYQihK
-----END CERTIFICATE-----