Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/nacXLj4ipPsV_k1jJoeGgdJJTR0.roa
File:                     nacXLj4ipPsV_k1jJoeGgdJJTR0.roa (raw, json)
Hash identifier:          qiJywz77O2QkWdA3UBlJhojznuqFAOGHI3p6mqFybe0=
Subject key identifier:   9D:A7:17:2E:3E:22:A4:FB:15:FE:4D:63:26:87:86:81:D2:49:4D:1D
Certificate issuer:       /CN=3718b734349bf327d9453b96501e44b192e55142
Certificate serial:       0194228E2AECD2E749986551A0B94B6DA45F
Authority key identifier: 37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/nacXLj4ipPsV_k1jJoeGgdJJTR0.roa
Signing time:             Wed 01 Jan 2025 15:48:49 +0000
ROA not before:           Wed 01 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214143
IP address blocks:        45.132.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 03:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2a:ec:d2:e7:49:98:65:51:a0:b9:4b:6d:a4:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3718b734349bf327d9453b96501e44b192e55142
        Validity
            Not Before: Jan  1 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9da7172e3e22a4fb15fe4d6326878681d2494d1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:28:05:03:f8:65:06:3e:4a:03:7f:27:32:a4:
                    e6:39:b6:54:f7:62:90:f4:17:58:0d:8b:66:96:38:
                    f6:e6:c3:96:a1:75:2f:c1:3f:c3:0e:fc:a0:a0:93:
                    98:39:7c:07:6b:7b:40:f5:b8:1e:c2:98:14:18:00:
                    6a:b7:a0:f0:b3:00:bc:1d:d3:19:04:5a:73:01:83:
                    0c:d3:7b:2d:63:67:c0:32:d0:2d:7c:39:14:91:99:
                    90:41:73:cc:d3:8d:28:f5:15:60:f4:7c:b4:14:6e:
                    a7:27:20:60:05:4c:5b:4d:62:fc:ea:b5:95:54:eb:
                    0a:13:1f:7f:0e:c7:37:fe:2a:26:ec:3a:fa:76:23:
                    f2:22:6c:39:bb:e8:9e:e3:89:37:71:ae:98:19:cb:
                    1c:68:54:e2:a4:13:dd:df:b0:7b:6d:f4:be:df:5f:
                    66:58:53:91:0d:d9:8a:29:bd:ec:3f:77:cf:aa:7e:
                    8e:c3:57:f8:c1:bb:af:1a:58:84:9c:03:01:01:be:
                    73:4c:64:f9:e8:06:f7:0b:5b:a4:e7:7d:7e:2f:c6:
                    26:c5:97:d2:47:fc:65:e2:34:c9:32:cf:42:b5:eb:
                    c2:96:c5:5e:1a:67:cc:fd:ce:1d:87:05:86:60:aa:
                    8e:d2:c3:7e:08:74:a8:07:58:c5:4e:54:65:a5:c9:
                    45:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:A7:17:2E:3E:22:A4:FB:15:FE:4D:63:26:87:86:81:D2:49:4D:1D
            X509v3 Authority Key Identifier:
                keyid:37:18:B7:34:34:9B:F3:27:D9:45:3B:96:50:1E:44:B1:92:E5:51:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/nacXLj4ipPsV_k1jJoeGgdJJTR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7bf8a8-e49c-406e-8eb7-c823cc8f3837/1/Nxi3NDSb8yfZRTuWUB5EsZLlUUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:56:84:08:71:ed:70:c5:e4:02:31:52:a5:c4:c3:b2:0b:67:
         03:0b:6a:58:a6:05:22:11:4d:0a:88:05:17:80:92:38:ad:0d:
         32:af:9b:f0:3b:6f:13:93:2e:a9:89:cf:81:6a:70:56:01:6e:
         0c:4a:ce:a3:d6:3a:f8:53:b4:15:70:b8:c5:f6:dd:f9:81:4e:
         ab:5a:f5:fa:b1:a7:fd:cf:ed:94:67:a4:03:71:b9:fb:5f:5e:
         fc:1f:55:39:69:db:ae:6c:75:91:35:58:3e:94:cc:4d:24:3b:
         4c:80:13:ba:79:4c:41:4d:39:38:f7:af:2b:ee:9b:29:9c:07:
         c5:23:7f:49:aa:1d:a6:25:66:cc:f2:03:0e:b5:d2:6a:38:03:
         cc:c0:0c:2d:16:28:39:71:18:46:c5:1a:13:b4:a1:34:14:2c:
         d3:69:36:f4:6b:5e:6a:26:bf:92:32:3d:bc:b7:65:2a:c4:84:
         a5:69:fa:c5:17:7e:52:7a:56:e6:96:df:f5:2e:65:4b:74:10:
         95:a0:c8:50:da:c1:c6:41:21:d1:52:be:ce:9b:89:81:09:85:
         c0:48:d2:82:0c:ef:e7:65:56:1f:d9:f0:ff:d2:be:de:83:f7:
         d6:3f:f2:58:f4:25:22:ca:4c:22:68:a0:60:59:bc:ab:0c:f9:
         d2:1e:01:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijirs0udJmGVRoLlLbaRfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MThiNzM0MzQ5YmYzMjdkOTQ1M2I5NjUwMWU0NGIxOTJl
NTUxNDIwHhcNMjUwMTAxMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGE3MTcyZTNlMjJhNGZiMTVmZTRkNjMyNjg3ODY4MWQyNDk0ZDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSgFA/hlBj5KA38nMqTmObZU92KQ
9BdYDYtmljj25sOWoXUvwT/DDvygoJOYOXwHa3tA9bgewpgUGABqt6DwswC8HdMZ
BFpzAYMM03stY2fAMtAtfDkUkZmQQXPM040o9RVg9Hy0FG6nJyBgBUxbTWL86rWV
VOsKEx9/Dsc3/iom7Dr6diPyImw5u+ie44k3ca6YGcscaFTipBPd37B7bfS+319m
WFORDdmKKb3sP3fPqn6Ow1f4wbuvGliEnAMBAb5zTGT56Ab3C1uk531+L8YmxZfS
R/xl4jTJMs9CtevClsVeGmfM/c4dhwWGYKqO0sN+CHSoB1jFTlRlpclFiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2nFy4+IqT7Ff5NYyaHhoHSSU0dMB8GA1UdIwQY
MBaAFDcYtzQ0m/Mn2UU7llAeRLGS5VFCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjct
YzgyM2NjOGYzODM3LzEvbmFjWExqNGlwUHNWX2sxakpvZUdnZEpKVFIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YmY4YTgtZTQ5Yy00MDZlLThlYjctYzgyM2NjOGYzODM3
LzEvTnhpM05EU2I4eWZaUlR1V1VCNUVzWkxsVVVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYQbMA0G
CSqGSIb3DQEBCwUAA4IBAQAtVoQIce1wxeQCMVKlxMOyC2cDC2pYpgUiEU0KiAUX
gJI4rQ0yr5vwO28Tky6pic+BanBWAW4MSs6j1jr4U7QVcLjF9t35gU6rWvX6saf9
z+2UZ6QDcbn7X178H1U5aduubHWRNVg+lMxNJDtMgBO6eUxBTTk4968r7pspnAfF
I39Jqh2mJWbM8gMOtdJqOAPMwAwtFig5cRhGxRoTtKE0FCzTaTb0a15qJr+SMj28
t2UqxISlafrFF35Selbmlt/1LmVLdBCVoMhQ2sHGQSHRUr7Om4mBCYXASNKCDO/n
ZVYf2fD/0r7eg/fWP/JY9CUiykwiaKBgWbyrDPnSHgGD
-----END CERTIFICATE-----