Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NH0mEZuDBa79MaPiH0ShPZCN9hU.roa
File:                     NH0mEZuDBa79MaPiH0ShPZCN9hU.roa (raw, json)
Hash identifier:          Tgix0ZlpIus1YCXg0f57j/ybPu9UFI1+aL2fKVZeyLE=
Subject key identifier:   34:7D:26:11:9B:83:05:AE:FD:31:A3:E2:1F:44:A1:3D:90:8D:F6:15
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0196E7E5AB0E270258C188CEE5DC3671E2B8
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NH0mEZuDBa79MaPiH0ShPZCN9hU.roa
Signing time:             Mon 19 May 2025 09:35:10 +0000
ROA not before:           Mon 19 May 2025 09:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        45.8.209.0/24 maxlen: 24
                          185.114.75.0/24 maxlen: 24
                          213.108.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 14:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:e5:ab:0e:27:02:58:c1:88:ce:e5:dc:36:71:e2:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: May 19 09:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=347d26119b8305aefd31a3e21f44a13d908df615
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d5:d5:a2:40:31:f4:35:c1:38:df:d3:af:43:
                    4c:4f:8c:24:30:22:ea:23:41:ec:ae:a4:8f:cd:ca:
                    b3:e6:0e:56:32:29:18:e4:17:2a:81:50:8d:fc:5a:
                    a3:f1:31:bf:31:e7:91:4a:a9:99:44:03:7b:4a:d0:
                    f8:96:78:9d:8f:01:62:52:78:fe:0b:09:79:5d:a1:
                    a7:87:05:11:83:66:be:7b:68:54:c5:34:53:20:6e:
                    ed:66:61:e1:65:32:b0:30:9c:54:d0:e6:f8:d2:aa:
                    fd:32:07:a3:ec:92:bd:83:2a:db:2c:5b:71:2d:50:
                    a7:8c:97:e9:9c:6c:5f:a8:bc:1d:7a:b9:ba:f0:23:
                    e0:6e:55:40:16:68:a1:38:76:36:e5:dc:f9:6a:99:
                    95:99:3c:db:3f:7a:7f:05:7d:02:6c:da:2f:f1:3a:
                    92:91:fb:c0:2c:28:38:02:48:78:44:d8:fc:c0:03:
                    19:42:e3:3a:f5:b2:ec:e7:dc:aa:10:c9:7e:50:39:
                    49:0c:4b:ef:0f:7f:b0:a7:47:e9:c9:78:e5:eb:48:
                    7e:c6:fa:83:03:fc:1c:20:ae:85:b9:b7:18:b9:90:
                    82:d8:25:e4:25:b8:9f:8a:80:81:29:1b:a7:bb:dc:
                    03:72:a8:94:6e:e8:92:4f:49:7d:80:eb:4a:21:82:
                    91:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:7D:26:11:9B:83:05:AE:FD:31:A3:E2:1F:44:A1:3D:90:8D:F6:15
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NH0mEZuDBa79MaPiH0ShPZCN9hU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.209.0/24
                  185.114.75.0/24
                  213.108.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:9a:a5:9a:57:6c:ed:36:b6:f5:d6:6c:0b:f4:ab:3e:4e:ed:
         47:53:46:59:f4:42:f5:2b:00:43:a7:d0:05:66:9e:4c:d2:6d:
         ee:4f:7f:9f:6e:9c:ce:b2:31:6f:6d:21:3e:cb:f9:88:68:cf:
         ee:da:8f:ee:6b:00:be:8d:7b:7d:79:25:0d:3f:c2:49:d8:0a:
         27:ba:df:b8:fb:c6:10:ae:a2:2c:93:08:cd:71:b3:72:c3:12:
         ca:f4:5a:43:43:49:d9:ee:38:68:9f:93:b6:be:8e:ee:10:3a:
         c4:c4:cc:69:a8:dd:15:29:29:3c:58:48:c2:78:85:71:9e:59:
         56:d9:86:80:da:00:ab:53:5c:98:0d:d6:d0:f7:72:8a:ab:d2:
         ce:d5:a5:cf:69:86:04:11:19:de:54:a3:9f:3f:f0:e5:fe:ef:
         d4:e5:0f:90:31:59:d0:11:b0:83:4e:d7:2c:b1:5e:fe:29:bf:
         8b:54:9d:f4:cc:3b:fc:aa:ba:92:38:db:d8:0a:19:af:c7:ff:
         af:6e:27:ad:29:49:7c:72:8f:a8:8a:dd:47:36:b3:06:d5:8e:
         d9:0e:f0:3d:e0:ae:52:b2:86:6c:d3:2b:19:7c:2f:0c:6f:9f:
         59:89:2f:a6:50:cd:c1:99:e3:26:3c:29:55:b3:fd:52:b3:b4:
         62:6b:37:e2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbn5asOJwJYwYjO5dw2ceK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNTE5MDkzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDdkMjYxMTliODMwNWFlZmQzMWEzZTIxZjQ0YTEzZDkwOGRmNjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitXVokAx9DXBON/Tr0NMT4wkMCLq
I0HsrqSPzcqz5g5WMikY5BcqgVCN/Fqj8TG/MeeRSqmZRAN7StD4lnidjwFiUnj+
Cwl5XaGnhwURg2a+e2hUxTRTIG7tZmHhZTKwMJxU0Ob40qr9Mgej7JK9gyrbLFtx
LVCnjJfpnGxfqLwderm68CPgblVAFmihOHY25dz5apmVmTzbP3p/BX0CbNov8TqS
kfvALCg4Akh4RNj8wAMZQuM69bLs59yqEMl+UDlJDEvvD3+wp0fpyXjl60h+xvqD
A/wcIK6FubcYuZCC2CXkJbifioCBKRunu9wDcqiUbuiST0l9gOtKIYKR3QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDR9JhGbgwWu/TGj4h9EoT2QjfYVMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTkgwbUVadURCYTc5TWFQaUgwU2hQWkNOOWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQjRAwQA
uXJLAwQA1WzEMA0GCSqGSIb3DQEBCwUAA4IBAQA4mqWaV2ztNrb11mwL9Ks+Tu1H
U0ZZ9EL1KwBDp9AFZp5M0m3uT3+fbpzOsjFvbSE+y/mIaM/u2o/uawC+jXt9eSUN
P8JJ2Aonut+4+8YQrqIskwjNcbNywxLK9FpDQ0nZ7jhon5O2vo7uEDrExMxpqN0V
KSk8WEjCeIVxnllW2YaA2gCrU1yYDdbQ93KKq9LO1aXPaYYEERneVKOfP/Dl/u/U
5Q+QMVnQEbCDTtcssV7+Kb+LVJ30zDv8qrqSONvYChmvx/+vbietKUl8co+oit1H
NrMG1Y7ZDvA94K5SsoZs0ysZfC8Mb59ZiS+mUM3BmeMmPClVs/1Ss7Riazfi
-----END CERTIFICATE-----