Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/NrYJL5cRvwpZ3RyMAVGDFH01EXU.roa
File:                     NrYJL5cRvwpZ3RyMAVGDFH01EXU.roa (raw, json)
Hash identifier:          fOvkxo0aYuZ6vUK7661AO18BzMq/4cGFeP4MdjUl6rw=
Subject key identifier:   36:B6:09:2F:97:11:BF:0A:59:DD:1C:8C:01:51:83:14:7D:35:11:75
Certificate issuer:       /CN=64d864ae92bd7ceab5083bcc71101ef04676f8ac
Certificate serial:       01942521EED6C806F197906B99BAFE2C40E9
Authority key identifier: 64:D8:64:AE:92:BD:7C:EA:B5:08:3B:CC:71:10:1E:F0:46:76:F8:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/NrYJL5cRvwpZ3RyMAVGDFH01EXU.roa
Signing time:             Thu 02 Jan 2025 03:49:28 +0000
ROA not before:           Thu 02 Jan 2025 03:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212692
IP address blocks:        45.10.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ee:d6:c8:06:f1:97:90:6b:99:ba:fe:2c:40:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d864ae92bd7ceab5083bcc71101ef04676f8ac
        Validity
            Not Before: Jan  2 03:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36b6092f9711bf0a59dd1c8c015183147d351175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e2:f3:2a:e9:78:89:09:33:95:ce:24:62:f0:
                    8a:3e:2f:34:31:29:22:8a:5d:d9:82:c6:db:b3:05:
                    88:7c:81:b9:1e:41:7a:2d:e7:db:f7:a0:6d:b6:dc:
                    1e:bb:7a:a0:de:64:8f:7e:b8:61:4b:14:d3:32:f4:
                    3f:87:e3:d5:35:07:46:cd:96:f8:57:32:d3:cb:de:
                    92:ad:64:bc:ed:0a:50:c9:4b:a9:3e:67:87:77:b1:
                    a9:07:51:f3:1e:e5:f0:f7:a2:47:31:58:1d:f3:da:
                    06:d5:b4:a8:d4:d7:99:ec:d4:3d:a3:d6:68:ea:35:
                    26:8a:7a:a0:3c:31:32:9e:b6:a2:fb:4f:4e:20:e3:
                    8f:48:e5:f4:b3:35:78:af:a8:a0:f4:f3:95:ea:2a:
                    29:ca:c5:1b:8b:98:b1:91:95:3f:da:76:c6:a4:bf:
                    ae:5e:49:cf:cd:0c:fb:c6:04:2b:03:c8:28:41:0f:
                    10:bd:61:10:62:a7:5f:54:32:40:43:e7:41:0d:93:
                    21:76:e9:25:26:a6:75:c1:9a:62:3a:90:b5:a8:8b:
                    ba:3d:18:15:62:56:d8:ab:d9:c6:85:77:a0:f5:da:
                    55:6c:c1:7e:87:03:68:46:cc:ff:0b:4f:eb:ee:a0:
                    95:e8:40:05:70:7b:18:bc:ce:41:d9:a0:1f:cf:ae:
                    ba:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:B6:09:2F:97:11:BF:0A:59:DD:1C:8C:01:51:83:14:7D:35:11:75
            X509v3 Authority Key Identifier:
                keyid:64:D8:64:AE:92:BD:7C:EA:B5:08:3B:CC:71:10:1E:F0:46:76:F8:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/NrYJL5cRvwpZ3RyMAVGDFH01EXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/70b2c4-1d4a-4b91-b0d0-2c05cc922001/1/ZNhkrpK9fOq1CDvMcRAe8EZ2-Kw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:43:81:27:7c:c7:61:fb:a5:d6:a7:15:b9:01:39:8e:cb:cf:
         eb:0e:00:b9:24:1c:11:83:eb:6a:b6:19:ff:64:77:14:f4:4b:
         90:b9:9f:bf:e6:3e:29:e2:02:68:81:4c:bd:99:9f:7f:15:a5:
         44:d7:57:43:1b:de:35:d7:fe:7a:df:f0:72:b4:65:c5:be:72:
         5d:0a:a8:c6:9a:c1:3b:c9:b1:6f:63:f8:54:04:b9:e0:35:70:
         e2:58:cc:6e:6d:1a:88:be:47:5e:79:f5:7b:6e:6f:3f:72:f4:
         71:77:15:f1:5d:a2:58:d5:8e:90:85:a6:e9:4c:3b:0e:54:6b:
         c5:c8:18:26:5e:93:55:d6:84:95:33:19:d2:ae:8a:2d:57:1a:
         e4:af:cd:f6:ba:82:4a:c1:25:9d:3c:27:2a:0d:d0:1d:4f:64:
         e3:50:22:59:b8:6f:02:76:58:ed:f3:34:7a:96:b0:81:2b:8d:
         a3:9d:23:8b:ed:fa:4c:49:15:14:e3:f0:86:81:99:49:c9:37:
         f1:8a:08:c0:be:61:bc:1b:3d:c6:85:95:a1:28:0c:d1:8e:ef:
         65:26:ce:d6:9f:b2:14:bd:41:fb:a3:42:b3:e7:2b:69:87:66:
         ef:49:87:a2:eb:ca:88:14:0e:ff:f1:1d:26:e1:af:f7:ac:27:
         37:11:82:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIe7WyAbxl5Brmbr+LEDpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDg2NGFlOTJiZDdjZWFiNTA4M2JjYzcxMTAxZWYwNDY3
NmY4YWMwHhcNMjUwMTAyMDM0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmI2MDkyZjk3MTFiZjBhNTlkZDFjOGMwMTUxODMxNDdkMzUxMTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+LzKul4iQkzlc4kYvCKPi80MSki
il3ZgsbbswWIfIG5HkF6Lefb96Btttweu3qg3mSPfrhhSxTTMvQ/h+PVNQdGzZb4
VzLTy96SrWS87QpQyUupPmeHd7GpB1HzHuXw96JHMVgd89oG1bSo1NeZ7NQ9o9Zo
6jUminqgPDEynrai+09OIOOPSOX0szV4r6ig9POV6iopysUbi5ixkZU/2nbGpL+u
XknPzQz7xgQrA8goQQ8QvWEQYqdfVDJAQ+dBDZMhduklJqZ1wZpiOpC1qIu6PRgV
YlbYq9nGhXeg9dpVbMF+hwNoRsz/C0/r7qCV6EAFcHsYvM5B2aAfz666EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDa2CS+XEb8KWd0cjAFRgxR9NRF1MB8GA1UdIwQY
MBaAFGTYZK6SvXzqtQg7zHEQHvBGdvisMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5oa3JwSzlmT3ExQ0R2TWNSQWU4RVoyLUt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni83MGIyYzQtMWQ0YS00YjkxLWIwZDAt
MmMwNWNjOTIyMDAxLzEvTnJZSkw1Y1J2d3BaM1J5TUFWR0RGSDAxRVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni83MGIyYzQtMWQ0YS00YjkxLWIwZDAtMmMwNWNjOTIyMDAx
LzEvWk5oa3JwSzlmT3ExQ0R2TWNSQWU4RVoyLUt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQrKMA0G
CSqGSIb3DQEBCwUAA4IBAQCHQ4EnfMdh+6XWpxW5ATmOy8/rDgC5JBwRg+tqthn/
ZHcU9EuQuZ+/5j4p4gJogUy9mZ9/FaVE11dDG9411/563/BytGXFvnJdCqjGmsE7
ybFvY/hUBLngNXDiWMxubRqIvkdeefV7bm8/cvRxdxXxXaJY1Y6QhabpTDsOVGvF
yBgmXpNV1oSVMxnSrootVxrkr832uoJKwSWdPCcqDdAdT2TjUCJZuG8Cdljt8zR6
lrCBK42jnSOL7fpMSRUU4/CGgZlJyTfxigjAvmG8Gz3GhZWhKAzRju9lJs7Wn7IU
vUH7o0Kz5ytph2bvSYei68qIFA7/8R0m4a/3rCc3EYJe
-----END CERTIFICATE-----