Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ntj5sNDQanwT74fzEPzEkCJZTVM.roa
File:                     Ntj5sNDQanwT74fzEPzEkCJZTVM.roa (raw, json)
Hash identifier:          S2HhHrkxkaPBlUmfaZQ1DWAysWFR3W2z83ATc8x+uA4=
Subject key identifier:   36:D8:F9:B0:D0:D0:6A:7C:13:EF:87:F3:10:FC:C4:90:22:59:4D:53
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018E9B3D3C16D17D272880275C6E1CC26E3E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ntj5sNDQanwT74fzEPzEkCJZTVM.roa
Signing time:             Mon 01 Apr 2024 19:57:45 +0000
ROA not before:           Mon 01 Apr 2024 19:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206286
IP address blocks:        45.141.24.0/24 maxlen: 24
                          45.144.225.0/24 maxlen: 24
                          178.239.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9b:3d:3c:16:d1:7d:27:28:80:27:5c:6e:1c:c2:6e:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Apr  1 19:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36d8f9b0d0d06a7c13ef87f310fcc49022594d53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c1:eb:64:aa:be:bc:a9:4a:13:4b:b5:d4:19:
                    52:86:c3:d3:14:87:a8:4b:49:0d:e8:cb:8a:42:8b:
                    28:e1:18:d8:43:ca:4f:cb:5f:93:87:04:09:b2:28:
                    af:fc:08:a7:88:65:90:69:d7:c2:83:cd:43:af:e2:
                    91:75:7a:a2:4f:2e:02:5e:92:50:33:e1:4d:80:85:
                    22:63:26:49:61:ff:b1:a4:16:1e:dd:8a:88:d6:af:
                    12:a4:a7:64:53:b2:c8:8f:ab:39:d0:c5:7d:8c:e7:
                    fc:4f:68:74:a1:0b:70:b6:a7:16:9e:d4:81:7b:c1:
                    2c:38:69:d5:45:b9:89:85:01:d9:df:f4:f7:12:c3:
                    fb:b5:9b:03:22:f0:86:9c:05:aa:e3:5a:e6:68:3b:
                    6a:ef:d7:72:01:39:04:26:32:83:b4:73:a9:bf:86:
                    b4:52:ef:5e:15:52:56:c4:49:69:28:e1:cf:43:3e:
                    40:09:02:77:2a:13:2c:93:51:a3:e5:b3:29:5f:e3:
                    e1:d0:d9:fc:09:1a:fa:5e:f3:1c:94:5c:eb:f7:e9:
                    de:4b:b4:d4:3e:0d:1f:8d:f5:f8:12:1d:4a:d1:41:
                    ff:b4:5b:a8:25:3d:38:7a:a6:b4:ea:fd:bb:72:f0:
                    c1:e1:af:ff:b2:8e:9b:fd:dd:4c:26:01:e8:b5:e4:
                    49:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:D8:F9:B0:D0:D0:6A:7C:13:EF:87:F3:10:FC:C4:90:22:59:4D:53
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ntj5sNDQanwT74fzEPzEkCJZTVM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.24.0/24
                  45.144.225.0/24
                  178.239.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:9d:88:74:bc:12:aa:5a:f4:cf:17:15:ee:6c:fa:3a:9d:1a:
         18:a3:cc:30:10:24:f0:26:0a:b3:c0:22:4e:6e:b0:60:a1:23:
         de:c4:ee:1f:86:93:18:ac:5e:fd:b2:91:0b:0c:1b:cf:77:5a:
         f3:48:82:2a:db:6d:ad:bb:de:3a:2a:1a:bc:c7:7a:42:86:3d:
         7a:50:92:81:50:ee:c0:21:74:94:9e:92:23:41:0b:f0:5b:6d:
         7c:01:e8:cc:89:b0:a2:8d:22:30:0c:e1:6b:a9:8a:39:4b:73:
         f0:e6:0c:65:02:a9:ff:9c:a8:29:5b:2d:57:b2:12:b0:8e:37:
         ec:dc:a5:e1:11:c3:95:21:fc:b0:3e:cd:d3:91:5f:19:3d:a7:
         4a:e6:86:ea:09:4b:ee:24:f0:b6:90:61:72:34:80:40:64:12:
         2f:d6:8f:44:09:10:6a:6f:08:c2:f2:38:81:0f:97:a8:5b:9b:
         9b:da:6f:c7:11:8f:78:75:03:83:50:c1:7e:a2:c8:29:4b:d5:
         cd:3f:f4:29:88:22:30:42:7a:dc:93:78:fa:1d:50:ca:c1:e6:
         9f:95:ff:b9:5d:95:c6:9a:26:33:72:42:d8:c2:80:7f:0b:87:
         97:8f:e5:6e:90:ed:bb:42:d4:89:c3:7a:0a:b4:04:d6:be:a5:
         62:f4:9c:28
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6bPTwW0X0nKIAnXG4cwm4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwNDAxMTk1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmQ4ZjliMGQwZDA2YTdjMTNlZjg3ZjMxMGZjYzQ5MDIyNTk0ZDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMHrZKq+vKlKE0u11BlShsPTFIeo
S0kN6MuKQoso4RjYQ8pPy1+ThwQJsiiv/AiniGWQadfCg81Dr+KRdXqiTy4CXpJQ
M+FNgIUiYyZJYf+xpBYe3YqI1q8SpKdkU7LIj6s50MV9jOf8T2h0oQtwtqcWntSB
e8EsOGnVRbmJhQHZ3/T3EsP7tZsDIvCGnAWq41rmaDtq79dyATkEJjKDtHOpv4a0
Uu9eFVJWxElpKOHPQz5ACQJ3KhMsk1Gj5bMpX+Ph0Nn8CRr6XvMclFzr9+neS7TU
Pg0fjfX4Eh1K0UH/tFuoJT04eqa06v27cvDB4a//so6b/d1MJgHoteRJ/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDbY+bDQ0Gp8E++H8xD8xJAiWU1TMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTnRqNXNORFFhbndUNzRmekVQekVrQ0paVFZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALY0YAwQA
LZDhAwQAsu/HMA0GCSqGSIb3DQEBCwUAA4IBAQANnYh0vBKqWvTPFxXubPo6nRoY
o8wwECTwJgqzwCJObrBgoSPexO4fhpMYrF79spELDBvPd1rzSIIq222tu946Khq8
x3pChj16UJKBUO7AIXSUnpIjQQvwW218AejMibCijSIwDOFrqYo5S3Pw5gxlAqn/
nKgpWy1XshKwjjfs3KXhEcOVIfywPs3TkV8ZPadK5obqCUvuJPC2kGFyNIBAZBIv
1o9ECRBqbwjC8jiBD5eoW5ub2m/HEY94dQODUMF+osgpS9XNP/QpiCIwQnrck3j6
HVDKweaflf+5XZXGmiYzckLYwoB/C4eXj+VukO27QtSJw3oKtATWvqVi9Jwo
-----END CERTIFICATE-----