Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/NMBwJqVYnrwi7lPhK-xV3AGZgrs.roa
File:                     NMBwJqVYnrwi7lPhK-xV3AGZgrs.roa (raw, json)
Hash identifier:          DB1lzj/1/vlfiI5mbL8CkZtKyTRU7o+OFiNG+aLSpU8=
Subject key identifier:   34:C0:70:26:A5:58:9E:BC:22:EE:53:E1:2B:EC:55:DC:01:99:82:BB
Certificate issuer:       /CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
Certificate serial:       018CC8DF6FA5172349ED41AA4ACB75BC2E56
Authority key identifier: 5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/NMBwJqVYnrwi7lPhK-xV3AGZgrs.roa
Signing time:             Tue 02 Jan 2024 06:32:15 +0000
ROA not before:           Tue 02 Jan 2024 06:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400039
IP address blocks:        185.143.242.0/24 maxlen: 24
                          185.200.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:6f:a5:17:23:49:ed:41:aa:4a:cb:75:bc:2e:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dde4b3b82f209b701ae340cf53b974078f16a9f
        Validity
            Not Before: Jan  2 06:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34c07026a5589ebc22ee53e12bec55dc019982bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:42:ee:d2:b2:5b:29:69:bc:40:f1:55:4a:8b:
                    71:d8:74:3e:65:9b:34:cc:38:dc:0c:04:80:52:02:
                    fd:08:04:56:15:f8:c7:ed:83:16:27:bb:22:01:d5:
                    f6:a4:dd:3a:57:a2:69:4d:8c:38:a3:71:69:ce:45:
                    91:1f:d1:fa:9b:12:84:a5:99:e7:0a:a0:c5:b4:e0:
                    34:df:9d:4d:a0:b8:45:08:16:2f:f2:b9:d6:31:c1:
                    52:6d:be:a8:5f:3d:2b:b0:bd:08:ba:7e:d6:e0:7f:
                    09:02:8f:45:d4:ff:fe:31:0d:13:54:de:cf:e3:65:
                    17:26:5e:b7:33:57:d8:9b:d6:70:6f:f0:ba:69:11:
                    97:21:89:53:24:01:c2:a6:a9:03:59:71:3a:f1:0f:
                    a0:88:c9:9f:a3:28:7d:00:f1:7f:2a:39:96:7a:1b:
                    a6:df:c0:05:bd:b3:27:8c:dc:17:08:e9:3b:d4:f6:
                    60:f2:23:9a:7b:5b:60:91:3c:34:69:b0:92:a5:fb:
                    bc:fc:b5:fc:e3:d4:dd:fc:06:5e:8a:59:cc:d9:86:
                    cd:a9:f8:6c:4e:a9:31:25:10:0c:01:a5:3e:0f:f6:
                    27:d8:0a:66:59:aa:4e:74:85:91:86:e1:2c:ef:46:
                    e6:52:3b:96:23:4a:b8:f1:67:8f:ee:e1:de:e7:6c:
                    20:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:C0:70:26:A5:58:9E:BC:22:EE:53:E1:2B:EC:55:DC:01:99:82:BB
            X509v3 Authority Key Identifier:
                keyid:5D:DE:4B:3B:82:F2:09:B7:01:AE:34:0C:F5:3B:97:40:78:F1:6A:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xd5LO4LyCbcBrjQM9TuXQHjxap8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/NMBwJqVYnrwi7lPhK-xV3AGZgrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/02bdf0-bf29-4dae-b19b-86a5518e2d52/1/Xd5LO4LyCbcBrjQM9TuXQHjxap8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.242.0/24
                  185.200.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:0d:91:b0:53:4b:a7:4c:1e:dd:4e:2b:5f:f7:94:51:71:a3:
         24:c7:5f:33:96:50:48:e9:d4:64:67:e3:df:41:9f:1d:71:f4:
         dd:5a:88:8f:42:49:32:02:59:2a:7c:2f:1b:d2:96:53:ee:91:
         fb:69:cd:41:78:40:de:2d:db:4f:f1:ef:75:98:57:73:d7:d8:
         08:50:a9:70:60:76:91:f6:06:5d:5c:46:a4:76:e5:86:d4:83:
         a7:7d:f9:2a:93:81:1e:f7:99:c3:27:25:44:d2:46:91:74:a5:
         fb:de:72:8c:9f:40:e7:e5:e3:9c:7e:00:dc:04:b8:fc:e1:a1:
         7c:82:3c:17:2d:3c:6f:c1:2b:bc:ca:e9:a9:48:37:ef:a7:d4:
         ed:d9:35:01:80:8b:c5:b0:75:01:ff:f2:da:04:1c:a0:65:00:
         76:e1:20:18:bc:05:f8:0b:14:ac:56:04:61:84:0a:d1:7e:3e:
         70:47:59:c0:4f:8c:6d:04:6e:7b:ea:4f:7b:1e:38:ab:3b:af:
         7d:b1:36:f7:fc:94:40:f1:6e:66:19:f8:92:2a:bf:1e:0e:c4:
         aa:3a:dd:06:8f:16:ee:cb:3d:e8:6f:83:75:16:b1:d7:1e:e2:
         c8:25:83:ed:22:3c:4d:d8:d1:8d:f8:70:a1:01:c3:38:53:48:
         c6:3c:26:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI32+lFyNJ7UGqSst1vC5WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZGU0YjNiODJmMjA5YjcwMWFlMzQwY2Y1M2I5NzQwNzhm
MTZhOWYwHhcNMjQwMTAyMDYzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGMwNzAyNmE1NTg5ZWJjMjJlZTUzZTEyYmVjNTVkYzAxOTk4MmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkLu0rJbKWm8QPFVSotx2HQ+ZZs0
zDjcDASAUgL9CARWFfjH7YMWJ7siAdX2pN06V6JpTYw4o3FpzkWRH9H6mxKEpZnn
CqDFtOA0351NoLhFCBYv8rnWMcFSbb6oXz0rsL0Iun7W4H8JAo9F1P/+MQ0TVN7P
42UXJl63M1fYm9Zwb/C6aRGXIYlTJAHCpqkDWXE68Q+giMmfoyh9APF/KjmWehum
38AFvbMnjNwXCOk71PZg8iOae1tgkTw0abCSpfu8/LX849Td/AZeilnM2YbNqfhs
TqkxJRAMAaU+D/Yn2ApmWapOdIWRhuEs70bmUjuWI0q48WeP7uHe52wgxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDTAcCalWJ68Iu5T4SvsVdwBmYK7MB8GA1UdIwQY
MBaAFF3eSzuC8gm3Aa40DPU7l0B48WqfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWIt
ODZhNTUxOGUyZDUyLzEvTk1Cd0pxVllucndpN2xQaEsteFYzQUdaZ3JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8wMmJkZjAtYmYyOS00ZGFlLWIxOWItODZhNTUxOGUyZDUy
LzEvWGQ1TE80THlDYmNCcmpRTTlUdVhRSGp4YXA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuY/yAwQA
ucj1MA0GCSqGSIb3DQEBCwUAA4IBAQCUDZGwU0unTB7dTitf95RRcaMkx18zllBI
6dRkZ+PfQZ8dcfTdWoiPQkkyAlkqfC8b0pZT7pH7ac1BeEDeLdtP8e91mFdz19gI
UKlwYHaR9gZdXEakduWG1IOnffkqk4Ee95nDJyVE0kaRdKX73nKMn0Dn5eOcfgDc
BLj84aF8gjwXLTxvwSu8yumpSDfvp9Tt2TUBgIvFsHUB//LaBBygZQB24SAYvAX4
CxSsVgRhhArRfj5wR1nAT4xtBG576k97HjirO699sTb3/JRA8W5mGfiSKr8eDsSq
Ot0Gjxbuyz3ob4N1FrHXHuLIJYPtIjxN2NGN+HChAcM4U0jGPCZn
-----END CERTIFICATE-----