Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/682ece-ebe2-4a23-8ab5-36e64ac64542/1/NUME3F4fpbFpPHXxjqL2riACA_g.roa
File:                     NUME3F4fpbFpPHXxjqL2riACA_g.roa (raw, json)
Hash identifier:          Z+teIa+r/TFgEavQJJhMqBljQBI3IWDjmFWxiwAKUe0=
Subject key identifier:   35:43:04:DC:5E:1F:A5:B1:69:3C:75:F1:8E:A2:F6:AE:20:02:03:F8
Certificate issuer:       /CN=b334fc2b5b8227b6df3f21d1ad3a74b14ec0685a
Certificate serial:       018CC34954B9CAA1279CC3DE5258BA2CBBBF
Authority key identifier: B3:34:FC:2B:5B:82:27:B6:DF:3F:21:D1:AD:3A:74:B1:4E:C0:68:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/szT8K1uCJ7bfPyHRrTp0sU7AaFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/682ece-ebe2-4a23-8ab5-36e64ac64542/1/NUME3F4fpbFpPHXxjqL2riACA_g.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        45.159.224.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/682ece-ebe2-4a23-8ab5-36e64ac64542/1/szT8K1uCJ7bfPyHRrTp0sU7AaFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/682ece-ebe2-4a23-8ab5-36e64ac64542/1/szT8K1uCJ7bfPyHRrTp0sU7AaFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/szT8K1uCJ7bfPyHRrTp0sU7AaFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 10:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:54:b9:ca:a1:27:9c:c3:de:52:58:ba:2c:bb:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b334fc2b5b8227b6df3f21d1ad3a74b14ec0685a
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=354304dc5e1fa5b1693c75f18ea2f6ae200203f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3a:00:01:73:30:f3:cd:14:88:98:0d:c6:94:
                    7b:3b:e2:cb:b2:81:56:81:2c:8e:57:19:aa:b8:4a:
                    79:cf:30:a2:49:2d:77:66:ee:a8:bc:f4:37:30:d8:
                    73:45:a1:7d:73:87:40:ec:e7:60:64:ee:e0:51:ed:
                    b4:e8:87:46:bf:00:86:96:5b:bb:09:74:57:ae:34:
                    6f:7f:cf:79:bc:a2:06:74:d1:66:ad:cd:f3:b9:ee:
                    31:33:79:d2:e0:a5:97:7f:4c:9f:ad:d9:e3:39:fd:
                    d3:7d:b1:b1:34:5d:94:22:ac:d2:a1:54:f5:f0:c0:
                    5f:25:c2:3e:f0:d8:57:83:fc:53:b5:e0:57:7d:91:
                    7c:92:7a:50:88:7c:3f:18:0e:9c:00:57:e3:cb:1b:
                    c1:74:ad:3f:3a:9c:bf:a0:9f:4a:c2:4b:1c:c2:72:
                    ad:c6:e7:7d:f7:0d:f4:df:12:35:20:38:56:0f:c8:
                    24:08:02:68:7b:68:e6:00:5d:b0:11:94:44:80:ba:
                    53:48:5c:c4:da:02:0b:50:99:ef:cd:f8:1e:48:6e:
                    92:b1:cd:4e:e6:15:1d:cb:bb:9a:97:53:65:12:0d:
                    b4:67:bc:f6:53:5e:1b:63:8c:5a:7c:87:0f:e0:d6:
                    46:3d:9e:c8:71:07:fb:d6:c9:05:9d:cd:14:22:34:
                    f3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:43:04:DC:5E:1F:A5:B1:69:3C:75:F1:8E:A2:F6:AE:20:02:03:F8
            X509v3 Authority Key Identifier:
                keyid:B3:34:FC:2B:5B:82:27:B6:DF:3F:21:D1:AD:3A:74:B1:4E:C0:68:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/szT8K1uCJ7bfPyHRrTp0sU7AaFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/682ece-ebe2-4a23-8ab5-36e64ac64542/1/NUME3F4fpbFpPHXxjqL2riACA_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/682ece-ebe2-4a23-8ab5-36e64ac64542/1/szT8K1uCJ7bfPyHRrTp0sU7AaFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:d1:88:2d:94:02:de:6f:f7:4d:7d:5f:7d:05:df:3a:eb:24:
         f2:8e:35:a5:e5:65:0a:90:58:d0:70:f4:77:10:49:fc:bf:25:
         c5:87:25:e2:dd:5b:4b:67:d6:c6:37:54:78:3d:5b:57:cb:73:
         cf:ac:f8:bd:54:9d:4e:db:33:82:fc:a5:e6:e5:a1:33:b9:97:
         64:64:54:53:ac:54:e2:73:41:b3:b8:37:b7:7e:e1:09:a4:d2:
         e8:59:f9:e1:be:fa:aa:88:67:a6:31:1d:4c:d4:a8:63:d8:cf:
         ff:f4:64:e9:90:be:89:e6:61:ff:03:73:bd:c5:08:8a:58:d5:
         4a:76:a6:36:43:9b:17:47:49:ba:d3:93:2a:f8:fc:61:f2:3b:
         0e:5d:eb:1a:a3:bf:d5:12:82:eb:c6:8d:2c:02:57:db:91:49:
         d0:f3:aa:81:1a:a3:08:f3:d6:6b:f8:bf:53:b3:35:dd:5f:08:
         0b:cb:61:93:19:dc:af:20:75:0f:2d:40:8f:b6:28:6c:7b:05:
         dd:db:cd:23:1e:9d:28:62:ad:4e:11:cb:f4:6f:79:a5:c0:67:
         69:e8:98:39:63:bc:8a:02:33:0f:54:6c:0d:a1:50:14:3e:4b:
         0b:68:58:06:4a:d0:7f:9d:a0:a6:75:de:7a:fc:14:cc:3e:f7:
         9c:91:4b:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVS5yqEnnMPeUli6LLu/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMzRmYzJiNWI4MjI3YjZkZjNmMjFkMWFkM2E3NGIxNGVj
MDY4NWEwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQzMDRkYzVlMWZhNWIxNjkzYzc1ZjE4ZWEyZjZhZTIwMDIwM2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwToAAXMw880UiJgNxpR7O+LLsoFW
gSyOVxmquEp5zzCiSS13Zu6ovPQ3MNhzRaF9c4dA7OdgZO7gUe206IdGvwCGllu7
CXRXrjRvf895vKIGdNFmrc3zue4xM3nS4KWXf0yfrdnjOf3TfbGxNF2UIqzSoVT1
8MBfJcI+8NhXg/xTteBXfZF8knpQiHw/GA6cAFfjyxvBdK0/Opy/oJ9KwkscwnKt
xud99w303xI1IDhWD8gkCAJoe2jmAF2wEZREgLpTSFzE2gILUJnvzfgeSG6Ssc1O
5hUdy7ual1NlEg20Z7z2U14bY4xafIcP4NZGPZ7IcQf71skFnc0UIjTzJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVDBNxeH6WxaTx18Y6i9q4gAgP4MB8GA1UdIwQY
MBaAFLM0/Ctbgie23z8h0a06dLFOwGhaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3pUOEsxdUNKN2JmUHlIUnJUcDBzVTdBYUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82ODJlY2UtZWJlMi00YTIzLThhYjUt
MzZlNjRhYzY0NTQyLzEvTlVNRTNGNGZwYkZwUEhYeGpxTDJyaUFDQV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82ODJlY2UtZWJlMi00YTIzLThhYjUtMzZlNjRhYzY0NTQy
LzEvc3pUOEsxdUNKN2JmUHlIUnJUcDBzVTdBYUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ/gMA0G
CSqGSIb3DQEBCwUAA4IBAQAh0YgtlALeb/dNfV99Bd866yTyjjWl5WUKkFjQcPR3
EEn8vyXFhyXi3VtLZ9bGN1R4PVtXy3PPrPi9VJ1O2zOC/KXm5aEzuZdkZFRTrFTi
c0GzuDe3fuEJpNLoWfnhvvqqiGemMR1M1Khj2M//9GTpkL6J5mH/A3O9xQiKWNVK
dqY2Q5sXR0m605Mq+Pxh8jsOXesao7/VEoLrxo0sAlfbkUnQ86qBGqMI89Zr+L9T
szXdXwgLy2GTGdyvIHUPLUCPtihsewXd280jHp0oYq1OEcv0b3mlwGdp6Jg5Y7yK
AjMPVGwNoVAUPksLaFgGStB/naCmdd56/BTMPveckUuE
-----END CERTIFICATE-----