Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/NqPglleMUwtYjtPPgWKBhGv0J0A.roa
File:                     NqPglleMUwtYjtPPgWKBhGv0J0A.roa (raw, json)
Hash identifier:          bc96Aln0ufgPi+6ht9qWlWj0k+707bA2jx+0QAcDr+0=
Subject key identifier:   36:A3:E0:96:57:8C:53:0B:58:8E:D3:CF:81:62:81:84:6B:F4:27:40
Certificate issuer:       /CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
Certificate serial:       018CC56EC5F8745EDFCFB4C67DAD2C081386
Authority key identifier: B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/NqPglleMUwtYjtPPgWKBhGv0J0A.roa
Signing time:             Mon 01 Jan 2024 14:30:20 +0000
ROA not before:           Mon 01 Jan 2024 14:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211439
IP address blocks:        45.85.92.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:c5:f8:74:5e:df:cf:b4:c6:7d:ad:2c:08:13:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b0d33432eca77c054e8fa8707248da4e47db0b
        Validity
            Not Before: Jan  1 14:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36a3e096578c530b588ed3cf816281846bf42740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9f:b6:df:d7:ac:f7:5c:49:bd:a4:aa:fb:8a:
                    1c:84:1d:8c:81:31:61:d1:23:fd:bd:5d:b4:cf:a7:
                    5d:7a:dc:1c:dd:b2:6c:a7:cb:4b:2d:ad:22:11:72:
                    df:7d:0f:7b:aa:5f:a1:80:fa:04:d6:16:3d:e8:c5:
                    cd:21:ad:55:66:8e:c8:e5:a4:00:7b:60:90:20:a0:
                    58:73:7d:a1:27:b2:8c:59:76:72:a4:8b:d9:59:77:
                    37:77:f9:20:1b:8b:5a:42:d5:0b:1a:3d:22:45:c4:
                    47:4c:c8:41:c4:97:54:78:a7:17:7c:fd:e7:a5:c5:
                    5a:01:b1:46:54:3f:36:ab:bb:bf:d3:b5:ce:1c:3b:
                    13:14:c1:bf:76:96:d9:ac:45:3d:5b:92:08:fe:99:
                    e4:34:d9:17:45:6c:9b:7e:2b:84:27:dc:cb:52:60:
                    b9:b4:84:26:4b:ae:f9:c0:4d:fb:b6:2a:f2:d5:84:
                    e0:ae:78:51:c8:fa:20:04:10:a8:11:af:96:92:1f:
                    55:dd:f3:e8:28:3e:11:56:f2:d6:cd:36:19:86:78:
                    1f:28:d7:21:27:57:f3:62:f9:ab:c7:21:f0:8b:4e:
                    07:75:0e:13:7a:05:f8:1b:5d:1a:26:ca:8c:08:69:
                    68:2f:ae:4b:1e:74:4c:ef:fc:f5:9d:d1:f8:6f:fa:
                    d4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A3:E0:96:57:8C:53:0B:58:8E:D3:CF:81:62:81:84:6B:F4:27:40
            X509v3 Authority Key Identifier:
                keyid:B9:B0:D3:34:32:EC:A7:7C:05:4E:8F:A8:70:72:48:DA:4E:47:DB:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubDTNDLsp3wFTo-ocHJI2k5H2ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/NqPglleMUwtYjtPPgWKBhGv0J0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b431ca-5275-42b5-8d54-d196f9291732/1/ubDTNDLsp3wFTo-ocHJI2k5H2ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:fd:bf:87:9f:0b:12:b3:2b:73:b2:55:f6:65:b3:de:b9:03:
         11:36:49:ba:00:c3:2e:b5:b2:4d:75:f0:64:ca:bb:76:e5:ee:
         f6:e9:fc:c0:c0:3d:5c:ee:18:62:18:df:24:30:44:b5:5f:64:
         cc:6a:e7:99:0d:4b:b7:46:00:52:3c:0d:89:d1:8c:fe:27:74:
         12:8e:1d:9b:45:9a:a0:e5:94:53:a3:c5:ef:11:f9:42:67:9a:
         91:8b:eb:78:1d:48:b2:fb:05:1e:df:80:62:fe:b8:60:b3:9e:
         73:cc:5a:02:38:c6:0a:19:c8:f8:fc:d5:6f:7f:2f:cb:4a:6a:
         73:a0:23:58:21:76:a5:20:1b:1b:e7:d9:97:15:05:cb:a8:b1:
         82:b0:8e:23:94:72:f3:66:46:25:43:7d:d4:33:28:53:1d:de:
         38:8c:bb:27:84:3b:f2:d0:ff:92:8c:df:88:fa:58:e3:6c:a7:
         f7:fe:fc:21:c6:f4:12:a0:f0:bf:73:3c:af:de:c0:f8:6b:90:
         58:f0:f2:58:ad:13:75:a4:5f:6e:74:88:ad:fe:e4:ac:15:9d:
         47:f7:7e:98:bc:46:92:f0:d2:03:ac:0c:fa:a4:b7:3d:32:ba:
         96:6c:83:54:76:84:19:6f:10:9f:dc:92:26:d7:1d:23:a9:99:
         5e:11:99:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbsX4dF7fz7TGfa0sCBOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5YjBkMzM0MzJlY2E3N2MwNTRlOGZhODcwNzI0OGRhNGU0
N2RiMGIwHhcNMjQwMTAxMTQzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmEzZTA5NjU3OGM1MzBiNTg4ZWQzY2Y4MTYyODE4NDZiZjQyNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp+239es91xJvaSq+4ochB2MgTFh
0SP9vV20z6ddetwc3bJsp8tLLa0iEXLffQ97ql+hgPoE1hY96MXNIa1VZo7I5aQA
e2CQIKBYc32hJ7KMWXZypIvZWXc3d/kgG4taQtULGj0iRcRHTMhBxJdUeKcXfP3n
pcVaAbFGVD82q7u/07XOHDsTFMG/dpbZrEU9W5II/pnkNNkXRWybfiuEJ9zLUmC5
tIQmS675wE37tiry1YTgrnhRyPogBBCoEa+Wkh9V3fPoKD4RVvLWzTYZhngfKNch
J1fzYvmrxyHwi04HdQ4TegX4G10aJsqMCGloL65LHnRM7/z1ndH4b/rUgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaj4JZXjFMLWI7Tz4FigYRr9CdAMB8GA1UdIwQY
MBaAFLmw0zQy7Kd8BU6PqHBySNpOR9sLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQt
ZDE5NmY5MjkxNzMyLzEvTnFQZ2xsZU1Vd3RZanRQUGdXS0JoR3YwSjBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iNDMxY2EtNTI3NS00MmI1LThkNTQtZDE5NmY5MjkxNzMy
LzEvdWJEVE5ETHNwM3dGVG8tb2NISkkyazVIMndzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVcMA0G
CSqGSIb3DQEBCwUAA4IBAQAV/b+HnwsSsytzslX2ZbPeuQMRNkm6AMMutbJNdfBk
yrt25e726fzAwD1c7hhiGN8kMES1X2TMaueZDUu3RgBSPA2J0Yz+J3QSjh2bRZqg
5ZRTo8XvEflCZ5qRi+t4HUiy+wUe34Bi/rhgs55zzFoCOMYKGcj4/NVvfy/LSmpz
oCNYIXalIBsb59mXFQXLqLGCsI4jlHLzZkYlQ33UMyhTHd44jLsnhDvy0P+SjN+I
+ljjbKf3/vwhxvQSoPC/czyv3sD4a5BY8PJYrRN1pF9udIit/uSsFZ1H936YvEaS
8NIDrAz6pLc9MrqWbINUdoQZbxCf3JIm1x0jqZleEZlY
-----END CERTIFICATE-----