Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/feece0-3226-41d6-9461-edefbc24c822/1/Nk3cIPcD2EjeYB6s_cNLC53eAN8.roa
File:                     Nk3cIPcD2EjeYB6s_cNLC53eAN8.roa (raw, json)
Hash identifier:          wQTkkdx4JJuwMXI5iQjWwVmlViAtE12DqO9XIOBGyIk=
Subject key identifier:   36:4D:DC:20:F7:03:D8:48:DE:60:1E:AC:FD:C3:4B:0B:9D:DE:00:DF
Certificate issuer:       /CN=998674263fccd07f684e1e199302eeefe783fb3d
Certificate serial:       018CC500C0A114A1F5E7E3CF72C5C754347F
Authority key identifier: 99:86:74:26:3F:CC:D0:7F:68:4E:1E:19:93:02:EE:EF:E7:83:FB:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mYZ0Jj_M0H9oTh4ZkwLu7-eD-z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/feece0-3226-41d6-9461-edefbc24c822/1/Nk3cIPcD2EjeYB6s_cNLC53eAN8.roa
Signing time:             Mon 01 Jan 2024 12:30:10 +0000
ROA not before:           Mon 01 Jan 2024 12:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208429
IP address blocks:        45.137.164.0/22 maxlen: 22
                          2a0e:a440::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/feece0-3226-41d6-9461-edefbc24c822/1/mYZ0Jj_M0H9oTh4ZkwLu7-eD-z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/feece0-3226-41d6-9461-edefbc24c822/1/mYZ0Jj_M0H9oTh4ZkwLu7-eD-z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mYZ0Jj_M0H9oTh4ZkwLu7-eD-z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:c0:a1:14:a1:f5:e7:e3:cf:72:c5:c7:54:34:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=998674263fccd07f684e1e199302eeefe783fb3d
        Validity
            Not Before: Jan  1 12:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=364ddc20f703d848de601eacfdc34b0b9dde00df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a3:33:3c:6b:3c:fd:26:2a:38:5c:c6:67:8b:
                    eb:2c:08:96:fd:e8:1b:e0:d8:07:2d:37:f6:a9:bc:
                    03:34:a9:67:5b:53:86:cb:5b:d9:86:d1:8f:e3:f4:
                    68:74:1a:02:d3:3b:4c:9d:d2:2b:9f:6f:36:c8:7d:
                    0a:20:22:96:28:f0:65:ae:9e:9e:97:f1:67:3a:36:
                    43:19:6e:7c:2c:53:db:cb:cf:18:ce:a2:ee:2a:04:
                    0f:b4:41:6b:34:21:40:39:95:a4:00:f0:7b:13:f5:
                    f5:97:13:10:57:ca:c1:55:21:92:9d:6a:79:d7:a7:
                    a3:fa:9a:04:6f:86:34:af:4d:54:a8:da:f1:c7:cc:
                    9b:79:80:f3:35:60:02:a9:38:66:b6:f7:b5:19:c2:
                    06:b8:6a:ae:d1:ef:6e:2a:8e:43:b0:6a:c2:b0:2a:
                    a9:84:7c:61:70:dc:36:b6:e3:d0:58:98:09:95:f5:
                    50:50:93:c3:72:ba:9c:f6:1e:7b:df:1a:ab:c3:41:
                    a0:6b:a1:3f:7e:37:00:9e:15:bb:03:a0:dd:ce:fe:
                    85:1c:95:70:77:d1:a1:a5:1a:9a:ad:fd:21:cb:99:
                    e0:d3:df:eb:8c:7b:db:06:eb:6a:dd:a0:99:63:04:
                    77:c9:8f:8b:0a:ea:53:e5:fd:85:d9:4e:0f:6c:4c:
                    10:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:4D:DC:20:F7:03:D8:48:DE:60:1E:AC:FD:C3:4B:0B:9D:DE:00:DF
            X509v3 Authority Key Identifier:
                keyid:99:86:74:26:3F:CC:D0:7F:68:4E:1E:19:93:02:EE:EF:E7:83:FB:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mYZ0Jj_M0H9oTh4ZkwLu7-eD-z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/feece0-3226-41d6-9461-edefbc24c822/1/Nk3cIPcD2EjeYB6s_cNLC53eAN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/feece0-3226-41d6-9461-edefbc24c822/1/mYZ0Jj_M0H9oTh4ZkwLu7-eD-z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.164.0/22
                IPv6:
                  2a0e:a440::/29

    Signature Algorithm: sha256WithRSAEncryption
         cd:39:b0:fe:02:43:c2:c5:56:19:cd:0b:43:3a:d0:15:0e:4b:
         54:4d:32:ef:d3:de:4f:e9:f8:80:9b:c9:6b:7a:03:e8:0b:ae:
         95:f3:1e:c2:ef:37:7a:35:23:59:36:b2:f6:0f:de:8e:60:a5:
         11:62:50:b1:65:ab:13:4a:c3:99:c1:46:03:e3:8b:48:94:44:
         33:c0:cf:8f:35:09:b5:43:ce:ca:06:9b:01:8e:c0:80:5a:94:
         b9:0c:3a:a4:e0:59:f0:96:af:74:da:5e:c6:30:de:93:2a:5e:
         cc:b6:c6:39:44:0a:55:62:23:0b:b7:71:b0:47:80:2e:b5:2e:
         67:72:34:ca:a9:8f:bb:87:05:c9:2f:99:4e:f1:b5:68:c4:49:
         2f:7b:87:81:95:b1:bf:d9:22:f7:12:bb:fa:ca:a0:49:5a:c0:
         2f:2f:95:54:87:b6:ef:80:e6:dc:dd:13:86:0f:9d:28:e3:da:
         18:e8:60:93:3c:90:6a:b8:d3:b2:f6:17:8a:08:f6:c0:af:94:
         cf:fc:9f:87:19:7e:0f:9a:90:19:f1:04:16:35:f9:7d:c6:df:
         85:c2:e0:0f:8b:14:16:bb:76:5c:08:b3:63:42:05:27:5b:9e:
         a1:bd:4b:6c:75:a9:87:c9:43:07:3c:31:43:42:c9:68:8f:85:
         22:50:c6:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAMChFKH15+PPcsXHVDR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ODY3NDI2M2ZjY2QwN2Y2ODRlMWUxOTkzMDJlZWVmZTc4
M2ZiM2QwHhcNMjQwMTAxMTIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjRkZGMyMGY3MDNkODQ4ZGU2MDFlYWNmZGMzNGIwYjlkZGUwMGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06MzPGs8/SYqOFzGZ4vrLAiW/egb
4NgHLTf2qbwDNKlnW1OGy1vZhtGP4/RodBoC0ztMndIrn282yH0KICKWKPBlrp6e
l/FnOjZDGW58LFPby88YzqLuKgQPtEFrNCFAOZWkAPB7E/X1lxMQV8rBVSGSnWp5
16ej+poEb4Y0r01UqNrxx8ybeYDzNWACqThmtve1GcIGuGqu0e9uKo5DsGrCsCqp
hHxhcNw2tuPQWJgJlfVQUJPDcrqc9h573xqrw0Gga6E/fjcAnhW7A6Ddzv6FHJVw
d9GhpRqarf0hy5ng09/rjHvbButq3aCZYwR3yY+LCupT5f2F2U4PbEwQfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDZN3CD3A9hI3mAerP3DSwud3gDfMB8GA1UdIwQY
MBaAFJmGdCY/zNB/aE4eGZMC7u/ng/s9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVlaMEpqX00wSDlvVGg0Wmt3THU3LWVELXowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9mZWVjZTAtMzIyNi00MWQ2LTk0NjEt
ZWRlZmJjMjRjODIyLzEvTmszY0lQY0QyRWplWUI2c19jTkxDNTNlQU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9mZWVjZTAtMzIyNi00MWQ2LTk0NjEtZWRlZmJjMjRjODIy
LzEvbVlaMEpqX00wSDlvVGg0Wmt3THU3LWVELXowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYmkMA0E
AgACMAcDBQMqDqRAMA0GCSqGSIb3DQEBCwUAA4IBAQDNObD+AkPCxVYZzQtDOtAV
DktUTTLv095P6fiAm8lregPoC66V8x7C7zd6NSNZNrL2D96OYKURYlCxZasTSsOZ
wUYD44tIlEQzwM+PNQm1Q87KBpsBjsCAWpS5DDqk4Fnwlq902l7GMN6TKl7MtsY5
RApVYiMLt3GwR4AutS5ncjTKqY+7hwXJL5lO8bVoxEkve4eBlbG/2SL3Erv6yqBJ
WsAvL5VUh7bvgObc3ROGD50o49oY6GCTPJBquNOy9heKCPbAr5TP/J+HGX4PmpAZ
8QQWNfl9xt+FwuAPixQWu3ZcCLNjQgUnW56hvUtsdamHyUMHPDFDQsloj4UiUMbj
-----END CERTIFICATE-----