Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/NWMqukF9beeKKrKoOBPI-ZBnkfQ.roa
File:                     NWMqukF9beeKKrKoOBPI-ZBnkfQ.roa (raw, json)
Hash identifier:          nte69ho3sSUtW9zQl35fz4vSjWJN+npiqTYqk01RHsA=
Subject key identifier:   35:63:2A:BA:41:7D:6D:E7:8A:2A:B2:A8:38:13:C8:F9:90:67:91:F4
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       018CC94E2E07EBB981094468309F1FEA53DD
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/NWMqukF9beeKKrKoOBPI-ZBnkfQ.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8839
IP address blocks:        213.245.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2e:07:eb:b9:81:09:44:68:30:9f:1f:ea:53:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35632aba417d6de78a2ab2a83813c8f9906791f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4c:e3:db:8e:13:10:a1:1e:3a:1c:ac:c6:fb:
                    aa:68:bf:4e:7a:fe:91:e8:33:bd:e3:a4:c5:74:1a:
                    f7:a5:e2:c3:4f:12:23:61:a3:65:06:ab:ef:f6:41:
                    1a:bd:e7:2e:8d:6b:63:d5:09:c1:1b:d1:9e:2a:95:
                    66:f6:0c:bd:77:69:84:06:33:5c:ac:24:b0:0c:21:
                    da:df:3d:7e:57:77:59:31:db:ce:a9:9a:1f:da:7b:
                    89:a4:77:79:91:a1:c6:f5:ad:cd:26:70:4c:58:b4:
                    5c:6e:36:a4:dc:06:77:37:b9:09:4e:6f:ba:43:0a:
                    1c:fa:c8:8a:a8:4f:f9:fe:7f:f1:ae:8d:35:e7:91:
                    86:ea:b1:22:69:f4:b0:53:03:c6:2e:1f:d7:d9:8d:
                    b2:f7:02:d8:d4:48:69:5e:aa:d8:11:74:7e:ea:38:
                    6f:46:05:86:a4:fe:be:da:a1:d2:fe:d5:0a:b5:0b:
                    e4:b9:f4:db:17:f0:e6:06:8d:22:b7:b4:84:ec:b8:
                    b4:fd:8b:f1:51:7b:d9:f8:7b:69:4d:0e:1f:ef:8c:
                    42:ed:0d:fb:a6:cc:39:ce:3b:64:f6:ae:fa:8e:55:
                    51:fa:21:bf:51:5b:00:33:a4:ae:64:b1:86:9a:f9:
                    0e:f6:d7:59:02:ba:11:22:28:d8:da:ce:5e:fe:3d:
                    42:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:63:2A:BA:41:7D:6D:E7:8A:2A:B2:A8:38:13:C8:F9:90:67:91:F4
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/NWMqukF9beeKKrKoOBPI-ZBnkfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.245.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:90:b7:48:bd:0b:22:45:66:d5:59:c4:96:6b:d6:74:28:00:
         93:8f:3d:dc:36:7a:14:cd:b2:b9:76:26:4c:dd:0e:c1:4b:e7:
         3a:69:39:48:dc:90:d1:bc:6a:26:e0:51:e4:65:64:dd:98:7d:
         04:75:39:9f:c8:68:43:c3:7b:ee:9b:33:6b:15:e0:5e:e1:d4:
         96:3e:0e:e3:6e:bf:a6:2d:48:e1:95:88:ce:cc:33:ca:36:7b:
         22:59:ae:72:4b:1a:d2:0d:58:c9:f7:5a:17:27:ef:13:ad:5e:
         00:93:5c:1f:0c:67:13:af:35:37:f4:76:3e:a8:01:21:b1:6d:
         bd:16:52:94:bb:64:83:0b:f5:3a:a8:f3:4b:48:99:d5:e7:ef:
         26:33:db:b8:83:51:ed:90:d7:20:87:de:b7:1e:dc:24:e2:18:
         1c:d7:e7:2e:6e:a0:61:41:da:d6:b2:76:96:af:a9:57:4f:ad:
         3b:24:9b:19:73:78:34:86:e3:af:04:91:09:17:04:31:c8:9e:
         b6:6b:f5:fc:f8:92:7c:77:07:fd:da:d2:d1:a0:d6:56:94:d0:
         45:d1:25:18:c6:32:19:47:78:4c:0d:59:36:35:3e:49:f6:cb:
         76:c8:ac:dc:cb:2f:48:c4:cc:af:18:89:ea:99:9e:cd:31:58:
         d6:d0:17:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTi4H67mBCURoMJ8f6lPdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTYzMmFiYTQxN2Q2ZGU3OGEyYWIyYTgzODEzYzhmOTkwNjc5MWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0zj244TEKEeOhysxvuqaL9Oev6R
6DO946TFdBr3peLDTxIjYaNlBqvv9kEavecujWtj1QnBG9GeKpVm9gy9d2mEBjNc
rCSwDCHa3z1+V3dZMdvOqZof2nuJpHd5kaHG9a3NJnBMWLRcbjak3AZ3N7kJTm+6
Qwoc+siKqE/5/n/xro0155GG6rEiafSwUwPGLh/X2Y2y9wLY1EhpXqrYEXR+6jhv
RgWGpP6+2qHS/tUKtQvkufTbF/DmBo0it7SE7Li0/YvxUXvZ+HtpTQ4f74xC7Q37
psw5zjtk9q76jlVR+iG/UVsAM6SuZLGGmvkO9tdZAroRIijY2s5e/j1CTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVjKrpBfW3niiqyqDgTyPmQZ5H0MB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvTldNcXVrRjliZWVLS3JLb09CUEktWkJua2ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fUCMA0G
CSqGSIb3DQEBCwUAA4IBAQBRkLdIvQsiRWbVWcSWa9Z0KACTjz3cNnoUzbK5diZM
3Q7BS+c6aTlI3JDRvGom4FHkZWTdmH0EdTmfyGhDw3vumzNrFeBe4dSWPg7jbr+m
LUjhlYjOzDPKNnsiWa5ySxrSDVjJ91oXJ+8TrV4Ak1wfDGcTrzU39HY+qAEhsW29
FlKUu2SDC/U6qPNLSJnV5+8mM9u4g1HtkNcgh963Htwk4hgc1+cubqBhQdrWsnaW
r6lXT607JJsZc3g0huOvBJEJFwQxyJ62a/X8+JJ8dwf92tLRoNZWlNBF0SUYxjIZ
R3hMDVk2NT5J9st2yKzcyy9IxMyvGInqmZ7NMVjW0Bfy
-----END CERTIFICATE-----