Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/NuyoaDf7LWR4RjvzQyN435-pk5c.roa
File:                     NuyoaDf7LWR4RjvzQyN435-pk5c.roa (raw, json)
Hash identifier:          h0UQhpFn+H8tg3BnEre96g66aP3w+FxkS802gUKclAY=
Subject key identifier:   36:EC:A8:68:37:FB:2D:64:78:46:3B:F3:43:23:78:DF:9F:A9:93:97
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       019230336AA0BC4F2815434091492FDFCA33
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/NuyoaDf7LWR4RjvzQyN435-pk5c.roa
Signing time:             Thu 26 Sep 2024 21:18:48 +0000
ROA not before:           Thu 26 Sep 2024 21:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.95.226.0/24 maxlen: 24
                          45.149.7.0/24 maxlen: 24
                          212.81.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 19:54:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:30:33:6a:a0:bc:4f:28:15:43:40:91:49:2f:df:ca:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Sep 26 21:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36eca86837fb2d6478463bf3432378df9fa99397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d2:c8:7e:71:81:af:0f:8a:52:45:de:8f:bd:
                    51:79:e3:24:0c:94:02:20:dd:38:2e:43:38:43:63:
                    14:fe:91:1b:5c:fc:9f:d2:bb:ad:ee:3a:53:51:47:
                    ef:40:5b:79:77:4e:0a:8e:7e:b6:3d:4c:b9:5b:f9:
                    4f:84:5a:0a:72:c4:43:cd:a4:6f:0d:d0:e3:e7:40:
                    ae:c1:5c:5a:0b:fd:d6:c7:6f:5e:40:f9:64:0b:f9:
                    70:9d:ef:5e:9a:8e:2b:fc:b2:4e:37:40:f2:2f:ab:
                    e5:a4:4f:09:6e:1f:78:ea:5c:c5:35:9f:af:17:5f:
                    0a:6e:9b:93:cb:66:63:14:d9:05:92:be:b3:ee:1f:
                    8a:f0:bf:a5:25:3e:c3:3b:ab:24:43:de:de:21:92:
                    91:e8:17:b2:53:b5:a9:ab:1b:c9:a3:7b:73:79:65:
                    1c:26:34:e2:b1:58:7b:91:2e:a6:af:f9:e8:37:40:
                    b9:7f:2b:da:27:8b:06:be:06:54:01:fc:6b:63:28:
                    ef:a5:3d:9b:b0:b5:27:6a:fa:39:86:10:e0:67:40:
                    72:55:2b:82:88:a1:2c:06:42:11:8b:3f:a0:e3:b8:
                    e8:63:b6:9e:37:87:e2:30:73:16:90:4b:b6:c4:ab:
                    7b:86:f6:8e:b9:48:fe:44:f5:ad:72:c8:f6:1e:af:
                    1f:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:EC:A8:68:37:FB:2D:64:78:46:3B:F3:43:23:78:DF:9F:A9:93:97
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/NuyoaDf7LWR4RjvzQyN435-pk5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.226.0/24
                  45.149.7.0/24
                  212.81.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:7c:af:f2:8a:de:c8:af:10:f6:4e:a4:30:35:fb:20:2b:d7:
         c6:b2:c8:8b:51:c9:91:5b:a1:26:1a:14:6f:3b:19:da:c8:37:
         39:e2:aa:8c:9e:68:4c:0d:ab:a1:3f:0f:24:ab:6e:a7:db:73:
         d6:5d:7c:ba:e5:af:e9:f9:6d:2e:c1:81:de:ab:2b:c1:a1:fe:
         d9:db:eb:f0:1f:8d:ef:af:32:27:ea:24:30:39:ab:39:d3:fe:
         a5:75:cd:b5:89:cd:a9:04:33:12:79:64:ec:c5:24:7a:6f:60:
         5b:6d:e1:d5:f2:6a:53:67:1d:32:2c:6d:44:61:1c:ce:5d:ba:
         4d:ce:b7:9b:0a:f5:c1:0b:07:95:09:79:97:33:b7:df:e3:c1:
         3c:22:36:f7:d7:2b:82:2f:92:3b:8f:ca:0c:f2:af:df:9b:1c:
         16:b2:6a:9d:e5:44:7a:71:60:d7:e6:67:5b:11:b0:13:24:69:
         90:c2:97:94:14:b0:17:f1:99:76:19:67:c8:8e:6d:75:a4:cc:
         0a:ad:e1:bd:62:1f:30:9d:92:a7:96:e2:17:97:47:9a:98:12:
         4d:27:72:db:94:be:6e:3d:67:75:29:01:49:ca:65:54:8b:03:
         d3:73:ef:37:87:ca:9a:d2:04:b7:32:5f:92:c0:c9:61:c9:26:
         2d:30:a4:5a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZIwM2qgvE8oFUNAkUkv38ozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjQwOTI2MjExODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmVjYTg2ODM3ZmIyZDY0Nzg0NjNiZjM0MzIzNzhkZjlmYTk5Mzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdLIfnGBrw+KUkXej71ReeMkDJQC
IN04LkM4Q2MU/pEbXPyf0rut7jpTUUfvQFt5d04Kjn62PUy5W/lPhFoKcsRDzaRv
DdDj50CuwVxaC/3Wx29eQPlkC/lwne9emo4r/LJON0DyL6vlpE8Jbh946lzFNZ+v
F18KbpuTy2ZjFNkFkr6z7h+K8L+lJT7DO6skQ97eIZKR6BeyU7WpqxvJo3tzeWUc
JjTisVh7kS6mr/noN0C5fyvaJ4sGvgZUAfxrYyjvpT2bsLUnavo5hhDgZ0ByVSuC
iKEsBkIRiz+g47joY7aeN4fiMHMWkEu2xKt7hvaOuUj+RPWtcsj2Hq8fHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDbsqGg3+y1keEY780MjeN+fqZOXMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvTnV5b2FEZjdMV1I0Ump2elF5TjQzNS1wazVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALV/iAwQA
LZUHAwQA1FEtMA0GCSqGSIb3DQEBCwUAA4IBAQBRfK/yit7IrxD2TqQwNfsgK9fG
ssiLUcmRW6EmGhRvOxnayDc54qqMnmhMDauhPw8kq26n23PWXXy65a/p+W0uwYHe
qyvBof7Z2+vwH43vrzIn6iQwOas50/6ldc21ic2pBDMSeWTsxSR6b2BbbeHV8mpT
Zx0yLG1EYRzOXbpNzrebCvXBCweVCXmXM7ff48E8Ijb31yuCL5I7j8oM8q/fmxwW
smqd5UR6cWDX5mdbEbATJGmQwpeUFLAX8Zl2GWfIjm11pMwKreG9Yh8wnZKnluIX
l0eamBJNJ3LblL5uPWd1KQFJymVUiwPTc+83h8qa0gS3Ml+SwMlhySYtMKRa
-----END CERTIFICATE-----