Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/NDiuqs_F6U9vhyoOyITvy1edxEE.roa
File:                     NDiuqs_F6U9vhyoOyITvy1edxEE.roa (raw, json)
Hash identifier:          JmO6c3RyiGwLx214FmPPWsfWGCX/kkf39Cg5s9Tt4H4=
Subject key identifier:   34:38:AE:AA:CF:C5:E9:4F:6F:87:2A:0E:C8:84:EF:CB:57:9D:C4:41
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       01958E9D04EC023267173DAB9B2A89E26C3B
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/NDiuqs_F6U9vhyoOyITvy1edxEE.roa
Signing time:             Thu 13 Mar 2025 08:26:49 +0000
ROA not before:           Thu 13 Mar 2025 08:26:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        45.130.77.0/24 maxlen: 24
                          45.130.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8e:9d:04:ec:02:32:67:17:3d:ab:9b:2a:89:e2:6c:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Mar 13 08:26:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3438aeaacfc5e94f6f872a0ec884efcb579dc441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3e:f3:55:6f:ed:de:b0:8e:5e:ae:6a:c9:74:
                    a5:27:91:dc:31:01:01:11:0b:2c:f3:2b:c0:7f:dd:
                    ce:2d:18:31:17:3b:05:a6:f5:97:2d:e5:ca:5e:6a:
                    c4:48:68:79:e8:91:7a:fc:e9:c0:4f:3e:fa:ef:9e:
                    6a:55:6e:75:a1:15:e4:a1:03:d2:3e:04:20:eb:f7:
                    32:03:ce:9d:b9:10:24:94:07:8d:25:04:7e:ac:6c:
                    54:be:fd:cc:9c:9d:ee:54:af:1a:5a:9a:ba:18:03:
                    f0:e3:ad:b2:9b:33:71:05:a1:0a:e8:4a:91:97:2e:
                    f7:b1:da:ae:ff:e9:83:ad:b7:39:3b:8a:08:9a:f9:
                    e8:74:a8:6d:fd:16:82:5e:b6:69:bd:71:cb:03:aa:
                    aa:81:8c:21:3e:62:a9:04:8f:f3:1b:f4:e8:ae:2a:
                    36:1a:e2:56:e8:fb:54:cc:71:3e:32:a0:81:01:75:
                    af:ad:e2:2b:71:1e:0b:dc:f9:a7:a4:9f:0a:bc:77:
                    85:14:f6:f5:63:19:5b:78:95:1b:b8:23:8e:45:ab:
                    ca:55:d3:99:d2:84:43:0f:10:75:81:c3:19:53:b1:
                    70:33:9f:eb:72:a7:f6:fd:ba:fe:60:17:be:11:17:
                    67:86:63:bd:06:0f:47:f8:68:cd:34:52:8e:bb:a6:
                    b6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:38:AE:AA:CF:C5:E9:4F:6F:87:2A:0E:C8:84:EF:CB:57:9D:C4:41
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/NDiuqs_F6U9vhyoOyITvy1edxEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.77.0-45.130.78.255

    Signature Algorithm: sha256WithRSAEncryption
         2d:8e:9f:72:29:8b:7c:15:3a:bd:47:53:da:7f:0f:b5:d5:24:
         77:67:b8:bc:d2:80:5f:27:10:f3:8d:11:03:01:f7:02:6f:03:
         61:21:36:cf:6a:1d:97:c8:40:c6:f8:1a:81:e6:57:f7:07:4c:
         7c:48:a3:11:87:66:50:b0:8f:52:69:d3:55:f9:05:4a:84:a5:
         df:c3:23:2d:16:f6:3a:1d:ed:b5:54:22:e3:fe:6c:4e:7e:27:
         bf:89:7e:aa:99:83:5d:b1:f0:66:95:61:63:da:b6:08:bb:c1:
         5f:dc:02:1c:18:b1:86:18:68:a7:4b:97:20:94:c5:94:49:57:
         43:6e:d6:3e:99:e0:d6:b6:c0:2b:b8:47:3b:36:74:67:76:f9:
         a1:7c:ed:d9:9c:03:ed:48:51:fe:df:27:07:7c:95:5a:0b:68:
         23:7c:b8:aa:6e:f3:dc:e6:97:3b:e1:86:94:59:1f:88:de:d3:
         cd:54:ab:60:b0:64:ff:01:23:8d:9b:d4:8a:b3:4a:29:fd:b5:
         22:bf:43:49:f1:1a:1c:b2:a6:8d:0a:76:4b:16:fa:fc:fe:ea:
         a7:c5:17:51:f5:26:20:df:0a:98:15:c3:f8:69:b2:2d:ac:99:
         7f:45:f3:96:78:a0:cb:94:3c:3f:3b:05:73:a9:ad:33:54:72:
         a3:b8:59:cf
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZWOnQTsAjJnFz2rmyqJ4mw7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjUwMzEzMDgyNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDM4YWVhYWNmYzVlOTRmNmY4NzJhMGVjODg0ZWZjYjU3OWRjNDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsz7zVW/t3rCOXq5qyXSlJ5HcMQEB
EQss8yvAf93OLRgxFzsFpvWXLeXKXmrESGh56JF6/OnATz76755qVW51oRXkoQPS
PgQg6/cyA86duRAklAeNJQR+rGxUvv3MnJ3uVK8aWpq6GAPw462ymzNxBaEK6EqR
ly73sdqu/+mDrbc5O4oImvnodKht/RaCXrZpvXHLA6qqgYwhPmKpBI/zG/Torio2
GuJW6PtUzHE+MqCBAXWvreIrcR4L3PmnpJ8KvHeFFPb1YxlbeJUbuCOORavKVdOZ
0oRDDxB1gcMZU7FwM5/rcqf2/br+YBe+ERdnhmO9Bg9H+GjNNFKOu6a24wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDQ4rqrPxelPb4cqDsiE78tXncRBMB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvTkRpdXFzX0Y2VTl2aHlvT3lJVHZ5MWVkeEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtgk0D
BAAtgk4wDQYJKoZIhvcNAQELBQADggEBAC2On3Ipi3wVOr1HU9p/D7XVJHdnuLzS
gF8nEPONEQMB9wJvA2EhNs9qHZfIQMb4GoHmV/cHTHxIoxGHZlCwj1Jp01X5BUqE
pd/DIy0W9jod7bVUIuP+bE5+J7+JfqqZg12x8GaVYWPatgi7wV/cAhwYsYYYaKdL
lyCUxZRJV0Nu1j6Z4Na2wCu4Rzs2dGd2+aF87dmcA+1IUf7fJwd8lVoLaCN8uKpu
89zmlzvhhpRZH4je081Uq2CwZP8BI42b1IqzSin9tSK/Q0nxGhyypo0KdksW+vz+
6qfFF1H1JiDfCpgVw/hpsi2smX9F85Z4oMuUPD87BXOprTNUcqO4Wc8=
-----END CERTIFICATE-----