Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NlX34pWvGVsY8UxpDnJH4bO7Mf0.roa
File:                     NlX34pWvGVsY8UxpDnJH4bO7Mf0.roa (raw, json)
Hash identifier:          T9Z/RcXyAd8Eoex7qwXgMp0UEhQAW2oAsQmb92i3Mb4=
Subject key identifier:   36:55:F7:E2:95:AF:19:5B:18:F1:4C:69:0E:72:47:E1:B3:BB:31:FD
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222020E766756FBF9670A59087D78F23
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NlX34pWvGVsY8UxpDnJH4bO7Mf0.roa
Signing time:             Wed 01 Jan 2025 13:48:38 +0000
ROA not before:           Wed 01 Jan 2025 13:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55410
IP address blocks:        45.156.159.0/24 maxlen: 24
                          185.112.64.0/22 maxlen: 24
                          185.255.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:20:e7:66:75:6f:bf:96:70:a5:90:87:d7:8f:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3655f7e295af195b18f14c690e7247e1b3bb31fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:80:32:ed:bc:30:2f:cf:f3:9a:1c:d0:b9:f1:
                    c3:8b:e1:f7:6f:18:69:2b:3e:8a:f0:78:f4:44:c2:
                    fb:ce:b6:95:e6:31:15:9b:64:cb:97:18:b1:3e:42:
                    89:e6:ec:68:2d:fe:f7:0c:fe:5b:1a:ad:a0:29:13:
                    ba:0a:ee:8b:d2:bf:5f:b4:82:56:8e:5f:64:ac:3b:
                    b4:5c:10:f3:4a:e3:0d:9c:f9:88:2d:90:4b:e0:48:
                    89:63:af:ad:45:ca:a9:23:93:d7:13:f5:b8:78:94:
                    2a:3b:ce:3f:a4:08:08:f9:6d:50:34:a6:28:f6:4a:
                    58:f2:37:a4:4d:9c:ec:a2:75:c1:8d:8b:1c:5f:a1:
                    8c:1a:97:cf:ff:5c:6d:8b:b5:02:45:f2:69:08:7c:
                    a8:a8:be:e2:4e:11:65:ad:6c:27:28:09:4f:8a:df:
                    d7:db:ca:2d:2f:76:b9:5e:20:82:55:2d:4c:4c:22:
                    bc:ef:04:af:58:19:0a:c8:76:e9:fd:b4:57:89:22:
                    60:fb:21:cb:8f:c9:a3:0d:91:70:e7:4a:58:43:87:
                    02:18:14:9d:03:fe:cb:49:63:86:73:d6:c1:85:2c:
                    a8:18:b5:a1:f1:13:20:2b:18:ef:40:a5:a3:27:37:
                    6d:4c:18:dc:bd:d0:e7:95:07:c2:e3:7e:af:91:a2:
                    02:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:55:F7:E2:95:AF:19:5B:18:F1:4C:69:0E:72:47:E1:B3:BB:31:FD
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NlX34pWvGVsY8UxpDnJH4bO7Mf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.159.0/24
                  185.112.64.0/22
                  185.255.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:7b:ad:30:61:34:59:f9:d8:7c:0c:00:05:6d:f1:54:67:05:
         af:f8:97:9c:f3:89:fa:23:97:e6:4f:44:37:82:ee:d4:de:11:
         40:96:13:4d:a6:3f:42:2c:f0:68:54:60:95:22:56:4b:d2:8b:
         cf:69:a8:6e:98:72:06:52:df:64:37:1c:08:5a:f4:00:b3:9f:
         51:e4:7d:ce:a1:e6:f3:a2:05:b3:5f:4c:5c:33:4e:f8:ce:1a:
         cc:10:49:17:7b:5f:d2:39:43:3f:67:14:d7:4e:ea:1c:4a:1d:
         64:b6:87:e8:40:31:97:16:6e:5b:48:1c:89:b7:8f:28:7f:01:
         fe:16:26:a9:40:d3:4d:09:9c:6b:12:12:ae:bc:46:6c:c0:2a:
         82:ab:02:04:20:68:8d:54:23:24:80:e1:b0:ce:47:5e:03:3d:
         ac:1c:ce:ca:06:ef:00:50:6a:c8:3a:1e:a9:80:2d:61:8a:27:
         b8:40:d9:da:44:81:df:da:2e:ca:09:aa:fd:46:a9:60:6e:3c:
         b1:8f:d0:d3:37:b7:bc:4f:36:8c:51:47:0e:26:99:88:80:21:
         b6:c7:71:67:eb:e4:88:42:2a:c6:02:4b:8b:52:4a:3f:20:eb:
         2e:9b:67:a7:c4:96:09:37:0d:08:84:ca:08:d9:26:15:b5:c4:
         9d:63:66:84
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiICDnZnVvv5ZwpZCH148jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjU1ZjdlMjk1YWYxOTViMThmMTRjNjkwZTcyNDdlMWIzYmIzMWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2IAy7bwwL8/zmhzQufHDi+H3bxhp
Kz6K8Hj0RML7zraV5jEVm2TLlxixPkKJ5uxoLf73DP5bGq2gKRO6Cu6L0r9ftIJW
jl9krDu0XBDzSuMNnPmILZBL4EiJY6+tRcqpI5PXE/W4eJQqO84/pAgI+W1QNKYo
9kpY8jekTZzsonXBjYscX6GMGpfP/1xti7UCRfJpCHyoqL7iThFlrWwnKAlPit/X
28otL3a5XiCCVS1MTCK87wSvWBkKyHbp/bRXiSJg+yHLj8mjDZFw50pYQ4cCGBSd
A/7LSWOGc9bBhSyoGLWh8RMgKxjvQKWjJzdtTBjcvdDnlQfC436vkaIC0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDZV9+KVrxlbGPFMaQ5yR+GzuzH9MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTmxYMzRwV3ZHVnNZOFV4cERuSkg0Yk83TWYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZyfAwQC
uXBAAwQCuf+oMA0GCSqGSIb3DQEBCwUAA4IBAQCXe60wYTRZ+dh8DAAFbfFUZwWv
+Jec84n6I5fmT0Q3gu7U3hFAlhNNpj9CLPBoVGCVIlZL0ovPaahumHIGUt9kNxwI
WvQAs59R5H3OoebzogWzX0xcM074zhrMEEkXe1/SOUM/ZxTXTuocSh1ktofoQDGX
Fm5bSByJt48ofwH+FiapQNNNCZxrEhKuvEZswCqCqwIEIGiNVCMkgOGwzkdeAz2s
HM7KBu8AUGrIOh6pgC1hiie4QNnaRIHf2i7KCar9Rqlgbjyxj9DTN7e8TzaMUUcO
JpmIgCG2x3Fn6+SIQirGAkuLUko/IOsum2enxJYJNw0IhMoI2SYVtcSdY2aE
-----END CERTIFICATE-----