Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1-nke-fez5zrZwhNSQ5KOwL1AbQ8.roa
File:                     1-nke-fez5zrZwhNSQ5KOwL1AbQ8.roa (raw, json)
Hash identifier:          3FvDtr6anC8P8oZykYNoHJF5fbrylCSBu4bEHVSDKAc=
Subject key identifier:   FA:79:1E:F9:F7:B3:E7:3A:D9:C2:13:52:43:92:8E:C0:BD:40:6D:0F
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       018CC5002FF3162BA41D2C22DA0406C2BFE2
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1-nke-fez5zrZwhNSQ5KOwL1AbQ8.roa
Signing time:             Mon 01 Jan 2024 12:29:32 +0000
ROA not before:           Mon 01 Jan 2024 12:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13213
IP address blocks:        45.150.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:2f:f3:16:2b:a4:1d:2c:22:da:04:06:c2:bf:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  1 12:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa791ef9f7b3e73ad9c2135243928ec0bd406d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e7:53:cb:6d:a3:0a:10:aa:7f:16:0b:bd:b0:
                    b9:d5:3d:a1:17:0c:21:78:55:c1:f5:59:82:6a:20:
                    3e:12:3e:03:ca:85:31:c7:34:a6:b2:48:e2:1a:e3:
                    fe:72:5e:1a:82:82:62:36:2a:f6:17:19:ce:38:77:
                    70:34:1d:5a:06:c0:83:00:67:24:43:3d:38:e3:39:
                    5d:79:d6:a3:e7:43:2a:a5:28:c3:fe:78:32:53:18:
                    ce:2f:a9:c3:9f:fd:49:36:cc:ed:11:7f:c3:38:14:
                    1d:6d:f1:45:47:0b:d1:f8:6e:ef:a7:e0:28:11:c5:
                    dc:2c:6a:a5:ec:63:f3:2f:ef:84:f1:02:2c:ed:70:
                    8e:c8:d4:21:01:2e:fa:1d:4c:3b:58:e9:b3:bf:22:
                    48:90:8b:44:e3:3e:09:1f:b8:17:41:bc:06:e7:30:
                    d0:01:94:90:3c:55:46:a9:9f:47:b0:1e:8b:6e:3a:
                    cb:bc:ec:a9:8f:a8:e5:19:79:58:ce:cf:57:ef:6f:
                    9d:46:44:bf:8b:50:23:10:48:1d:ac:09:27:ee:2c:
                    5d:81:f8:4e:99:a4:b4:66:a4:8e:39:fe:b3:90:16:
                    f8:09:f7:24:1b:1c:6b:d2:b1:ee:dd:37:d7:42:42:
                    56:67:fc:4b:67:ba:cf:36:c1:31:8e:0e:f9:06:ee:
                    11:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:79:1E:F9:F7:B3:E7:3A:D9:C2:13:52:43:92:8E:C0:BD:40:6D:0F
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1-nke-fez5zrZwhNSQ5KOwL1AbQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:b9:c2:06:19:b6:0a:77:79:66:45:3f:4a:e4:06:25:af:78:
         76:33:01:cb:4a:0b:82:26:d8:25:ab:e7:c3:35:fc:a5:2d:c0:
         f6:d3:ce:4a:47:db:aa:0e:36:ac:bf:fd:8b:35:de:b2:26:01:
         4f:c7:d6:f2:85:d8:f3:95:da:cc:1a:b2:8f:65:a3:1f:2d:cc:
         0f:0d:1e:19:a3:5d:ec:ed:a2:54:bd:55:4a:c0:51:c5:9a:b0:
         dc:05:3d:e6:5f:92:aa:d5:85:62:a0:e8:43:7a:2a:bc:ab:a5:
         c6:ee:49:0a:48:32:30:62:d7:4c:00:d3:3b:43:da:ed:da:c2:
         ca:5e:16:a0:c5:27:5e:1b:a8:f7:38:07:6e:9e:37:d0:e1:bf:
         1f:43:3b:ad:f3:d8:71:46:fa:79:7d:4e:db:63:ef:35:e1:a6:
         91:55:3d:5f:b8:c5:b1:5c:2c:31:60:2a:9a:46:9e:9b:8e:3b:
         13:85:b3:51:97:df:32:de:bd:94:72:88:56:ed:82:54:54:c1:
         27:db:e2:bf:db:3d:c9:16:10:04:77:ef:80:32:f0:d9:fb:f0:
         bc:ac:5d:03:8d:58:45:69:10:1d:e6:c7:9c:d0:ec:b4:a1:64:
         c8:86:fb:3c:5c:d7:a3:1a:b4:c4:4a:11:76:26:fa:c8:ba:b7:
         96:7a:87:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzFAC/zFiukHSwi2gQGwr/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjQwMTAxMTIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTc5MWVmOWY3YjNlNzNhZDljMjEzNTI0MzkyOGVjMGJkNDA2ZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApudTy22jChCqfxYLvbC51T2hFwwh
eFXB9VmCaiA+Ej4DyoUxxzSmskjiGuP+cl4agoJiNir2FxnOOHdwNB1aBsCDAGck
Qz044zldedaj50MqpSjD/ngyUxjOL6nDn/1JNsztEX/DOBQdbfFFRwvR+G7vp+Ao
EcXcLGql7GPzL++E8QIs7XCOyNQhAS76HUw7WOmzvyJIkItE4z4JH7gXQbwG5zDQ
AZSQPFVGqZ9HsB6LbjrLvOypj6jlGXlYzs9X72+dRkS/i1AjEEgdrAkn7ixdgfhO
maS0ZqSOOf6zkBb4CfckGxxr0rHu3TfXQkJWZ/xLZ7rPNsExjg75Bu4RFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPp5Hvn3s+c62cITUkOSjsC9QG0PMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMS1ua2UtZmV6NXpyWndoTlNRNUtPd0wxQWJROC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzUvNTE3Njk0LWM4YTEtNDU4Yi05Y2YyLTZjN2U1Njg1ODkw
Yy8xL0gwYzRPSnl6dVpqc1Q2YlVKeS1OMTVuN3hLay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC2WxDAN
BgkqhkiG9w0BAQsFAAOCAQEAL7nCBhm2Cnd5ZkU/SuQGJa94djMBy0oLgibYJavn
wzX8pS3A9tPOSkfbqg42rL/9izXesiYBT8fW8oXY85XazBqyj2WjHy3MDw0eGaNd
7O2iVL1VSsBRxZqw3AU95l+SqtWFYqDoQ3oqvKulxu5JCkgyMGLXTADTO0Pa7drC
yl4WoMUnXhuo9zgHbp430OG/H0M7rfPYcUb6eX1O22PvNeGmkVU9X7jFsVwsMWAq
mkaem447E4WzUZffMt69lHKIVu2CVFTBJ9viv9s9yRYQBHfvgDLw2fvwvKxdA41Y
RWkQHebHnNDstKFkyIb7PFzXoxq0xEoRdib6yLq3lnqHfw==
-----END CERTIFICATE-----