Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/NuGhRYAi8rDkFPRRxAFFor1Dxsk.roa
File:                     NuGhRYAi8rDkFPRRxAFFor1Dxsk.roa (raw, json)
Hash identifier:          smpepN8sAdz0WvaBQGqb/sfPxCOqcAlIAmm8DVkgz5A=
Subject key identifier:   36:E1:A1:45:80:22:F2:B0:E4:14:F4:51:C4:01:45:A2:BD:43:C6:C9
Certificate issuer:       /CN=c2d21e804ab7713ad7877dde603aa7824b31983c
Certificate serial:       018CC86F8508B74DA73E9F1C6AA7C4231404
Authority key identifier: C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/NuGhRYAi8rDkFPRRxAFFor1Dxsk.roa
Signing time:             Tue 02 Jan 2024 04:30:00 +0000
ROA not before:           Tue 02 Jan 2024 04:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213167
IP address blocks:        45.132.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:85:08:b7:4d:a7:3e:9f:1c:6a:a7:c4:23:14:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d21e804ab7713ad7877dde603aa7824b31983c
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36e1a1458022f2b0e414f451c40145a2bd43c6c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a8:25:72:44:4e:1e:7d:82:ac:ab:d7:8b:9b:
                    72:84:f9:b5:0f:c9:87:87:9e:e4:bc:92:88:7c:ff:
                    0f:1e:63:63:df:ff:35:5c:59:f9:a0:d7:80:21:9a:
                    ee:cd:7d:ba:42:aa:8b:77:36:20:dd:47:d8:4c:50:
                    ed:f6:c2:13:14:3c:c4:d9:ea:09:ab:f2:79:26:b1:
                    dd:42:84:75:ea:6b:18:10:52:a3:f4:c2:87:79:45:
                    ec:fa:47:14:b7:b1:a8:fa:ab:77:22:4c:fc:54:91:
                    9b:b3:63:91:29:e8:0c:94:cc:3c:c6:4f:f0:64:32:
                    5f:56:5b:28:22:28:c5:c3:ef:ad:85:4d:41:b1:24:
                    26:0d:10:cd:31:12:3e:66:01:63:23:f5:0c:f7:45:
                    a0:d4:1a:cf:67:77:84:96:fb:31:72:a5:31:92:2d:
                    c2:ee:ce:19:f7:67:e4:7d:1f:39:7a:8b:47:90:4f:
                    50:e1:de:41:af:b4:ff:3a:6d:d7:90:ca:30:fd:e5:
                    c0:b9:59:19:16:15:7b:29:99:ca:10:f0:28:60:45:
                    4b:9e:c6:eb:31:e0:a4:fc:ee:75:44:4b:1b:b8:33:
                    86:8a:48:54:c0:10:b1:bd:8f:4c:f3:6d:9d:53:25:
                    c1:05:b6:6b:6c:54:50:c0:25:3d:9f:c7:84:8b:3c:
                    05:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:E1:A1:45:80:22:F2:B0:E4:14:F4:51:C4:01:45:A2:BD:43:C6:C9
            X509v3 Authority Key Identifier:
                keyid:C2:D2:1E:80:4A:B7:71:3A:D7:87:7D:DE:60:3A:A7:82:4B:31:98:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtIegEq3cTrXh33eYDqngksxmDw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/NuGhRYAi8rDkFPRRxAFFor1Dxsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/04b446-4ae1-4fe5-b646-59ae09edbeb9/1/wtIegEq3cTrXh33eYDqngksxmDw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:09:57:bf:12:27:a7:4f:69:cd:6a:4d:00:c2:ed:72:a3:8b:
         da:9a:84:af:b6:cd:68:09:6b:f5:e8:d5:a8:40:de:12:7c:5a:
         6a:fb:c3:cd:ee:17:c0:af:c3:3d:7a:1e:c8:72:99:f1:71:17:
         12:55:0d:6c:e8:20:97:cc:bb:cc:74:e7:83:d0:cc:d9:fb:71:
         6d:dc:5d:18:c5:eb:a2:61:fc:0d:3d:20:8d:05:b9:97:86:29:
         cb:4d:61:9e:0a:58:20:e6:d0:4e:b0:eb:58:d8:a8:2c:f3:f7:
         7b:bf:f7:14:1d:23:b0:f3:80:8a:f9:cc:44:bf:61:42:ca:aa:
         29:b8:5c:36:59:90:36:6f:b3:c4:28:fd:d9:46:aa:f9:cd:99:
         bc:62:a3:7a:4c:7f:b1:1d:05:1f:4b:b3:58:24:f4:c9:bc:33:
         b1:84:9f:02:7b:5c:e7:9e:75:79:07:ab:e2:5f:0c:96:d2:cc:
         f4:e9:e8:a8:a6:f2:6b:fb:fd:7d:56:46:14:64:6d:f3:19:74:
         48:12:db:2c:89:e5:df:b2:ac:16:32:a3:21:89:b2:f8:1f:41:
         f4:42:ef:4e:62:d3:9a:75:6c:25:9f:28:be:e5:a9:2a:35:bc:
         4d:f0:98:74:4f:45:10:9d:42:00:05:f2:b4:56:27:c9:2b:b9:
         db:0b:8b:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb4UIt02nPp8caqfEIxQEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDIxZTgwNGFiNzcxM2FkNzg3N2RkZTYwM2FhNzgyNGIz
MTk4M2MwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmUxYTE0NTgwMjJmMmIwZTQxNGY0NTFjNDAxNDVhMmJkNDNjNmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6glckROHn2CrKvXi5tyhPm1D8mH
h57kvJKIfP8PHmNj3/81XFn5oNeAIZruzX26QqqLdzYg3UfYTFDt9sITFDzE2eoJ
q/J5JrHdQoR16msYEFKj9MKHeUXs+kcUt7Go+qt3Ikz8VJGbs2ORKegMlMw8xk/w
ZDJfVlsoIijFw++thU1BsSQmDRDNMRI+ZgFjI/UM90Wg1BrPZ3eElvsxcqUxki3C
7s4Z92fkfR85eotHkE9Q4d5Br7T/Om3XkMow/eXAuVkZFhV7KZnKEPAoYEVLnsbr
MeCk/O51REsbuDOGikhUwBCxvY9M822dUyXBBbZrbFRQwCU9n8eEizwFAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDbhoUWAIvKw5BT0UcQBRaK9Q8bJMB8GA1UdIwQY
MBaAFMLSHoBKt3E614d93mA6p4JLMZg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYt
NTlhZTA5ZWRiZWI5LzEvTnVHaFJZQWk4ckRrRlBSUnhBRkZvcjFEeHNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wNGI0NDYtNGFlMS00ZmU1LWI2NDYtNTlhZTA5ZWRiZWI5
LzEvd3RJZWdFcTNjVHJYaDMzZVlEcW5na3N4bUR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYRyMA0G
CSqGSIb3DQEBCwUAA4IBAQBcCVe/EienT2nNak0Awu1yo4vamoSvts1oCWv16NWo
QN4SfFpq+8PN7hfAr8M9eh7IcpnxcRcSVQ1s6CCXzLvMdOeD0MzZ+3Ft3F0Yxeui
YfwNPSCNBbmXhinLTWGeClgg5tBOsOtY2Kgs8/d7v/cUHSOw84CK+cxEv2FCyqop
uFw2WZA2b7PEKP3ZRqr5zZm8YqN6TH+xHQUfS7NYJPTJvDOxhJ8Ce1znnnV5B6vi
XwyW0sz06eiopvJr+/19VkYUZG3zGXRIEtssieXfsqwWMqMhibL4H0H0Qu9OYtOa
dWwlnyi+5akqNbxN8Jh0T0UQnUIABfK0VifJK7nbC4sj
-----END CERTIFICATE-----