Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/NbMUDG4wpb2fmsKWuMW51LWhJvs.roa
File:                     NbMUDG4wpb2fmsKWuMW51LWhJvs.roa (raw, json)
Hash identifier:          avH6ISuzPnh7lgiTNbPGoYYAIHT+A2NXE1tcvneqi2Y=
Subject key identifier:   35:B3:14:0C:6E:30:A5:BD:9F:9A:C2:96:B8:C5:B9:D4:B5:A1:26:FB
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       018FEE65001ED5672EF641A849236E0E9ED0
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/NbMUDG4wpb2fmsKWuMW51LWhJvs.roa
Signing time:             Thu 06 Jun 2024 16:32:27 +0000
ROA not before:           Thu 06 Jun 2024 16:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202712
IP address blocks:        212.7.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ee:65:00:1e:d5:67:2e:f6:41:a8:49:23:6e:0e:9e:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jun  6 16:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35b3140c6e30a5bd9f9ac296b8c5b9d4b5a126fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2b:c1:30:6b:d0:30:0c:43:cd:c1:18:c7:37:
                    33:81:ce:fe:9d:21:b2:98:e5:8b:2e:e5:6b:95:b2:
                    fc:0b:df:41:9b:20:05:5c:5a:6f:ce:b3:c9:c8:00:
                    eb:dd:49:3f:35:df:be:5f:c3:84:22:2f:b6:5d:6e:
                    46:7a:e4:eb:08:76:b7:ea:36:35:f4:13:7a:99:96:
                    11:e0:a9:1b:3d:18:39:42:97:14:3c:7f:ba:5e:17:
                    ed:f1:59:43:d7:31:1a:b9:3c:15:e5:14:e9:b5:72:
                    5e:b0:4e:71:65:53:ae:99:17:a6:85:28:08:79:b8:
                    90:24:f1:bb:06:f3:65:21:ac:2e:69:be:e0:32:21:
                    95:03:19:fe:dc:8e:56:ec:5c:f8:bd:4b:14:07:3a:
                    b3:a0:ec:e6:d8:fe:64:ad:19:8d:d9:8b:56:7f:26:
                    ca:a6:39:18:15:9e:6d:c6:9b:d6:95:3f:77:26:13:
                    9b:86:54:4d:f7:48:2a:13:cd:0a:06:83:ce:04:68:
                    08:8c:32:50:ca:0e:13:b6:45:76:ea:e2:18:0a:22:
                    fe:d7:a8:b5:ff:d0:65:20:be:c8:ae:3e:35:4f:54:
                    a7:a9:c0:9d:58:f1:77:56:71:95:58:40:9f:ea:2a:
                    57:61:db:79:2f:84:1c:b0:f3:fa:a3:81:a9:f2:0c:
                    5b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:B3:14:0C:6E:30:A5:BD:9F:9A:C2:96:B8:C5:B9:D4:B5:A1:26:FB
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/NbMUDG4wpb2fmsKWuMW51LWhJvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.7.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b5:ec:7d:99:48:97:19:85:4f:01:da:7d:3e:13:16:a7:c0:
         2e:3a:6d:6b:2c:d8:53:c7:88:1f:4f:28:de:9a:6c:f3:e8:23:
         cf:d0:ba:26:00:28:21:f9:41:7b:b7:5b:2b:32:c4:13:0c:8a:
         32:76:fe:63:4d:30:63:58:1f:c0:8b:03:28:01:e6:03:e9:54:
         44:7d:5e:a9:95:d9:4a:1c:86:e7:ec:0f:c7:67:51:84:db:fd:
         ad:71:9e:54:f2:21:d2:b4:f2:8e:8a:3a:ba:c6:4b:2b:56:c7:
         2d:96:7a:20:0c:0e:8d:d2:f4:ce:9a:6c:6e:6d:00:cc:92:e9:
         ce:17:f5:39:a9:3c:39:12:f0:e1:a3:2a:3c:d3:69:94:4e:d8:
         2d:7e:03:62:bd:5e:ef:5d:0a:b1:3d:75:fd:4e:27:da:c5:0f:
         7f:b4:f2:29:fb:b5:2b:e1:3e:82:da:cc:66:a5:86:92:43:c5:
         8b:53:03:a7:c0:91:84:27:68:c3:77:1c:41:ff:22:c7:8c:19:
         aa:3c:8e:1e:6d:0e:9a:68:5e:60:00:ee:d7:5b:9a:af:60:2d:
         69:4c:83:dc:81:81:af:e8:bd:95:df:26:5d:53:c0:c8:de:67:
         06:bd:53:52:f8:5b:63:a5:b6:12:6b:f2:86:6c:b0:e7:8e:3c:
         31:5c:97:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/uZQAe1Wcu9kGoSSNuDp7QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjQwNjA2MTYzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWIzMTQwYzZlMzBhNWJkOWY5YWMyOTZiOGM1YjlkNGI1YTEyNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzivBMGvQMAxDzcEYxzczgc7+nSGy
mOWLLuVrlbL8C99BmyAFXFpvzrPJyADr3Uk/Nd++X8OEIi+2XW5GeuTrCHa36jY1
9BN6mZYR4KkbPRg5QpcUPH+6Xhft8VlD1zEauTwV5RTptXJesE5xZVOumRemhSgI
ebiQJPG7BvNlIawuab7gMiGVAxn+3I5W7Fz4vUsUBzqzoOzm2P5krRmN2YtWfybK
pjkYFZ5txpvWlT93JhObhlRN90gqE80KBoPOBGgIjDJQyg4TtkV26uIYCiL+16i1
/9BlIL7Irj41T1SnqcCdWPF3VnGVWECf6ipXYdt5L4QcsPP6o4Gp8gxbuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWzFAxuMKW9n5rClrjFudS1oSb7MB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvTmJNVURHNHdwYjJmbXNLV3VNVzUxTFdoSnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AfXMA0G
CSqGSIb3DQEBCwUAA4IBAQCFtex9mUiXGYVPAdp9PhMWp8AuOm1rLNhTx4gfTyje
mmzz6CPP0LomACgh+UF7t1srMsQTDIoydv5jTTBjWB/AiwMoAeYD6VREfV6pldlK
HIbn7A/HZ1GE2/2tcZ5U8iHStPKOijq6xksrVsctlnogDA6N0vTOmmxubQDMkunO
F/U5qTw5EvDhoyo802mUTtgtfgNivV7vXQqxPXX9TifaxQ9/tPIp+7Ur4T6C2sxm
pYaSQ8WLUwOnwJGEJ2jDdxxB/yLHjBmqPI4ebQ6aaF5gAO7XW5qvYC1pTIPcgYGv
6L2V3yZdU8DI3mcGvVNS+FtjpbYSa/KGbLDnjjwxXJd4
-----END CERTIFICATE-----