Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/NIJUR6bkQ3Td_80TWTRKa7tBLbQ.roa
File:                     NIJUR6bkQ3Td_80TWTRKa7tBLbQ.roa (raw, json)
Hash identifier:          CVRS4MKzQAgy3i6Iu4obw1TXlp1dXYCb13jXW0RPM8Y=
Subject key identifier:   34:82:54:47:A6:E4:43:74:DD:FF:CD:13:59:34:4A:6B:BB:41:2D:B4
Certificate issuer:       /CN=e5164534979e60a564701232b2e5200889542606
Certificate serial:       018CC3492D18C171E0154628B6E8896DCDB4
Authority key identifier: E5:16:45:34:97:9E:60:A5:64:70:12:32:B2:E5:20:08:89:54:26:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/NIJUR6bkQ3Td_80TWTRKa7tBLbQ.roa
Signing time:             Mon 01 Jan 2024 04:30:01 +0000
ROA not before:           Mon 01 Jan 2024 04:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41132
IP address blocks:        217.145.240.0/20 maxlen: 20
                          212.33.160.0/19 maxlen: 19
                          85.237.128.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:2d:18:c1:71:e0:15:46:28:b6:e8:89:6d:cd:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5164534979e60a564701232b2e5200889542606
        Validity
            Not Before: Jan  1 04:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34825447a6e44374ddffcd1359344a6bbb412db4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e1:61:ce:c8:2f:0f:0e:07:01:85:76:e3:e5:
                    6c:2b:ba:29:78:8f:e5:8f:43:04:7c:a2:f2:83:cd:
                    1c:f1:52:95:28:91:fc:79:40:a7:7c:d6:2f:8e:af:
                    7d:8c:77:46:95:46:ae:31:c1:76:94:c1:b0:01:60:
                    09:32:88:6d:49:12:59:6e:18:3e:0d:ab:4b:4f:5b:
                    71:5c:b2:61:72:67:4d:94:80:f0:76:17:35:c2:30:
                    ae:ca:36:30:af:d1:bb:6c:02:c9:da:fd:0d:5e:c0:
                    30:c5:3f:e0:14:91:f7:0d:23:d2:d1:27:58:a3:9e:
                    c7:ec:a7:47:98:5b:63:74:09:8a:9f:c6:9c:5c:28:
                    bf:33:41:70:12:e7:af:0d:06:2e:ef:9a:35:93:fa:
                    2f:fa:60:17:b0:4a:4e:09:2f:bf:0c:fd:c6:75:38:
                    02:c4:da:89:77:b5:b7:28:bb:10:76:5b:eb:a3:a2:
                    13:81:0f:58:22:36:c1:b2:2e:9a:b6:9c:a7:92:7d:
                    f9:af:8c:a5:98:58:cc:63:c9:68:cd:e2:37:8b:86:
                    83:90:82:58:e0:a4:19:0f:65:ff:af:51:16:c0:c2:
                    ed:70:d3:b4:51:43:e7:65:e9:ba:db:7d:c1:4e:1a:
                    62:69:ba:4f:5e:1c:0a:8e:80:ef:ff:93:94:96:a2:
                    0b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:82:54:47:A6:E4:43:74:DD:FF:CD:13:59:34:4A:6B:BB:41:2D:B4
            X509v3 Authority Key Identifier:
                keyid:E5:16:45:34:97:9E:60:A5:64:70:12:32:B2:E5:20:08:89:54:26:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5RZFNJeeYKVkcBIysuUgCIlUJgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/NIJUR6bkQ3Td_80TWTRKa7tBLbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/e77d7b-bc0f-4635-8101-d1eeb29c951b/1/5RZFNJeeYKVkcBIysuUgCIlUJgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.128.0/19
                  212.33.160.0/19
                  217.145.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         98:c9:46:bc:94:d2:77:ff:04:4b:58:ed:9d:7b:c9:0a:a0:f8:
         61:d1:c3:de:7f:a6:a9:56:3b:35:c5:c9:e3:0d:6d:5e:fb:3d:
         e3:6f:2a:08:a6:46:aa:b2:66:11:6c:b1:68:1c:df:39:d5:c1:
         95:47:bb:91:65:de:f1:c0:19:ce:3e:5c:81:8a:07:85:1f:d8:
         6a:cb:a9:04:26:93:dc:01:e7:55:e6:00:f2:75:29:6d:b1:af:
         23:23:3a:c0:9f:26:bf:18:9f:96:70:7b:a1:92:68:f9:64:bb:
         d3:5b:00:9f:3c:64:50:5a:7b:d0:a7:fd:5d:97:5b:76:fb:3f:
         d0:3f:6a:91:a3:dd:72:60:f4:cc:a6:f7:b8:92:3a:54:90:ac:
         be:22:1a:3b:cf:7e:bb:0c:cd:6a:5a:ee:2a:a3:0c:52:2d:0d:
         6c:07:51:98:bd:8e:4c:f8:f9:d3:97:27:99:0a:3b:24:a5:23:
         72:4d:6b:26:16:fc:46:4c:d3:31:f4:6a:8d:db:15:51:7a:20:
         2d:66:50:83:1a:09:e3:56:e9:68:90:4c:78:06:cc:4c:3b:a9:
         c8:d8:f0:1a:70:5d:7e:1d:c7:10:b2:c3:0f:81:6a:81:1b:b9:
         cc:54:33:27:d8:6a:02:c9:30:b0:cc:b3:ed:c9:27:cc:bb:4b:
         01:e2:76:50
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDSS0YwXHgFUYotuiJbc20MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MTY0NTM0OTc5ZTYwYTU2NDcwMTIzMmIyZTUyMDA4ODk1
NDI2MDYwHhcNMjQwMTAxMDQzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDgyNTQ0N2E2ZTQ0Mzc0ZGRmZmNkMTM1OTM0NGE2YmJiNDEyZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOFhzsgvDw4HAYV24+VsK7opeI/l
j0MEfKLyg80c8VKVKJH8eUCnfNYvjq99jHdGlUauMcF2lMGwAWAJMohtSRJZbhg+
DatLT1txXLJhcmdNlIDwdhc1wjCuyjYwr9G7bALJ2v0NXsAwxT/gFJH3DSPS0SdY
o57H7KdHmFtjdAmKn8acXCi/M0FwEuevDQYu75o1k/ov+mAXsEpOCS+/DP3GdTgC
xNqJd7W3KLsQdlvro6ITgQ9YIjbBsi6atpynkn35r4ylmFjMY8lozeI3i4aDkIJY
4KQZD2X/r1EWwMLtcNO0UUPnZem6233BThpiabpPXhwKjoDv/5OUlqILaQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDSCVEem5EN03f/NE1k0Smu7QS20MB8GA1UdIwQY
MBaAFOUWRTSXnmClZHASMrLlIAiJVCYGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVJaRk5KZWVZS1ZrY0JJeXN1VWdDSWxVSmdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lNzdkN2ItYmMwZi00NjM1LTgxMDEt
ZDFlZWIyOWM5NTFiLzEvTklKVVI2YmtRM1RkXzgwVFdUUkthN3RCTGJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lNzdkN2ItYmMwZi00NjM1LTgxMDEtZDFlZWIyOWM5NTFi
LzEvNVJaRk5KZWVZS1ZrY0JJeXN1VWdDSWxVSmdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFVe2AAwQF
1CGgAwQE2ZHwMA0GCSqGSIb3DQEBCwUAA4IBAQCYyUa8lNJ3/wRLWO2de8kKoPhh
0cPef6apVjs1xcnjDW1e+z3jbyoIpkaqsmYRbLFoHN851cGVR7uRZd7xwBnOPlyB
igeFH9hqy6kEJpPcAedV5gDydSltsa8jIzrAnya/GJ+WcHuhkmj5ZLvTWwCfPGRQ
WnvQp/1dl1t2+z/QP2qRo91yYPTMpve4kjpUkKy+Iho7z367DM1qWu4qowxSLQ1s
B1GYvY5M+PnTlyeZCjskpSNyTWsmFvxGTNMx9GqN2xVReiAtZlCDGgnjVulokEx4
BsxMO6nI2PAacF1+HccQssMPgWqBG7nMVDMn2GoCyTCwzLPtySfMu0sB4nZQ
-----END CERTIFICATE-----