Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/N_XvLJCvc_RXZWRJfWN_AMGm_bY.roa
File:                     N_XvLJCvc_RXZWRJfWN_AMGm_bY.roa (raw, json)
Hash identifier:          S3b2ZGz/A7kGIjV0vJEhE5ga7AOgm3fQOIBphjJKjeA=
Subject key identifier:   37:F5:EF:2C:90:AF:73:F4:57:65:64:49:7D:63:7F:00:C1:A6:FD:B6
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC5011DE1C9A7C805B7B5B75B10E50154
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/N_XvLJCvc_RXZWRJfWN_AMGm_bY.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197432
IP address blocks:        45.123.40.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 16:03:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1d:e1:c9:a7:c8:05:b7:b5:b7:5b:10:e5:01:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37f5ef2c90af73f4576564497d637f00c1a6fdb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ed:51:6d:26:ce:87:25:8b:e3:d6:5f:c9:2a:
                    b0:ac:f6:46:bb:28:95:38:94:32:11:02:23:3b:df:
                    ce:89:87:2e:56:0e:ba:6b:5b:cd:68:c4:49:08:8e:
                    0e:7a:aa:ba:b7:43:aa:a0:5a:01:e7:cc:3d:e2:7c:
                    be:2c:18:3f:ed:b8:60:59:a8:3e:2d:98:1c:9f:6e:
                    50:64:2a:8a:04:11:e2:22:3b:16:fd:e4:c4:ea:b2:
                    28:b2:c5:db:58:c0:a1:fe:a4:d5:9c:3f:7e:76:96:
                    b4:0c:ae:7b:a4:0c:b8:3c:e4:37:6a:14:40:09:83:
                    41:1e:ca:6b:f5:ae:49:06:a7:34:2a:56:ae:46:4c:
                    b3:ce:75:21:81:25:ae:7c:80:40:26:08:9e:f9:9d:
                    b8:3f:fc:d9:92:23:c8:f7:1c:eb:10:35:fb:81:c3:
                    f7:d1:ab:01:4f:cf:d0:85:08:a7:04:97:90:a8:9d:
                    4c:30:fa:d3:99:85:e6:d8:3e:c8:c4:49:f4:76:1c:
                    a1:d2:d2:3b:57:fd:39:f4:8e:c7:9a:81:87:c2:94:
                    4b:5a:d6:73:7b:12:c8:dc:96:15:03:65:9c:29:09:
                    d9:21:28:e5:0d:18:b0:b1:7d:aa:df:b7:52:78:67:
                    be:a7:02:88:49:dd:5d:48:b0:08:64:46:e4:41:45:
                    d2:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:F5:EF:2C:90:AF:73:F4:57:65:64:49:7D:63:7F:00:C1:A6:FD:B6
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/N_XvLJCvc_RXZWRJfWN_AMGm_bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.123.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:d6:61:45:18:65:5d:ac:b7:53:c8:76:0a:4a:00:bd:e4:f1:
         9c:39:5b:7e:05:e8:77:98:1a:f9:73:24:16:13:ad:3b:b3:69:
         31:b2:48:33:6f:68:d2:96:ef:9d:6e:77:d9:62:0d:c0:30:29:
         e9:f3:a2:d4:61:75:2d:3c:0b:f3:79:21:5a:0d:87:37:f3:92:
         94:5a:24:bf:d3:57:e4:7c:5a:f0:b6:8d:34:9f:c1:a1:9c:b4:
         8f:80:e9:a1:91:f3:e5:a2:07:bc:b8:5f:e3:dc:e6:1c:7e:cd:
         27:5b:6c:0d:6e:7e:86:52:ac:eb:5c:6d:31:ef:49:8b:04:5d:
         a2:bc:39:69:53:7d:e1:8e:04:b8:27:3a:1f:46:03:3a:cd:bc:
         bf:71:82:d5:d4:07:45:5b:62:10:cb:1e:3f:10:69:15:f6:68:
         94:fe:fd:2a:5f:76:ba:0d:79:01:8b:f5:57:f6:a6:ed:68:a2:
         47:30:a5:9f:c7:68:ea:b9:e0:5d:e4:00:34:8c:bf:e6:fc:8f:
         db:ea:dc:02:6d:1e:9a:71:49:f2:1a:92:0b:8f:c7:d0:ae:64:
         b7:48:c1:7c:5c:f5:39:4e:52:1d:70:f1:eb:8e:77:5d:3e:5d:
         49:01:47:f2:7c:52:ad:13:35:78:91:07:ba:4f:80:43:32:aa:
         86:c3:0e:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAR3hyafIBbe1t1sQ5QFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Y1ZWYyYzkwYWY3M2Y0NTc2NTY0NDk3ZDYzN2YwMGMxYTZmZGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhO1RbSbOhyWL49ZfySqwrPZGuyiV
OJQyEQIjO9/OiYcuVg66a1vNaMRJCI4Oeqq6t0OqoFoB58w94ny+LBg/7bhgWag+
LZgcn25QZCqKBBHiIjsW/eTE6rIossXbWMCh/qTVnD9+dpa0DK57pAy4POQ3ahRA
CYNBHspr9a5JBqc0KlauRkyzznUhgSWufIBAJgie+Z24P/zZkiPI9xzrEDX7gcP3
0asBT8/QhQinBJeQqJ1MMPrTmYXm2D7IxEn0dhyh0tI7V/059I7HmoGHwpRLWtZz
exLI3JYVA2WcKQnZISjlDRiwsX2q37dSeGe+pwKISd1dSLAIZEbkQUXSJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDf17yyQr3P0V2VkSX1jfwDBpv22MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTl9YdkxKQ3ZjX1JYWldSSmZXTl9BTUdtX2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXsoMA0G
CSqGSIb3DQEBCwUAA4IBAQCM1mFFGGVdrLdTyHYKSgC95PGcOVt+Beh3mBr5cyQW
E607s2kxskgzb2jSlu+dbnfZYg3AMCnp86LUYXUtPAvzeSFaDYc385KUWiS/01fk
fFrwto00n8GhnLSPgOmhkfPloge8uF/j3OYcfs0nW2wNbn6GUqzrXG0x70mLBF2i
vDlpU33hjgS4JzofRgM6zby/cYLV1AdFW2IQyx4/EGkV9miU/v0qX3a6DXkBi/VX
9qbtaKJHMKWfx2jqueBd5AA0jL/m/I/b6twCbR6acUnyGpILj8fQrmS3SMF8XPU5
TlIdcPHrjnddPl1JAUfyfFKtEzV4kQe6T4BDMqqGww7a
-----END CERTIFICATE-----